diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-19 14:52:03 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:36 +0100 |
commit | d98473341430849984ff7354cee811e1d9b7842c (patch) | |
tree | 2eb355a8ec13eeba0feb2585366bc4b2c001423a /lib/handshake-tls13.c | |
parent | 507fa1d35b3c6713745d9cd2e079eb2d8931466c (diff) | |
download | gnutls-d98473341430849984ff7354cee811e1d9b7842c.tar.gz |
handshake: added TLS1.3 passive key update
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/handshake-tls13.c')
-rw-r--r-- | lib/handshake-tls13.c | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c index 9a36bacc40..dee7d65f40 100644 --- a/lib/handshake-tls13.c +++ b/lib/handshake-tls13.c @@ -53,6 +53,7 @@ #include "tls13/certificate_verify.h" #include "tls13/certificate.h" #include "tls13/finished.h" +#include "tls13/key_update.h" #include "tls13/session_ticket.h" static int generate_hs_traffic_keys(gnutls_session_t session); @@ -326,29 +327,36 @@ _gnutls13_recv_async_handshake(gnutls_session_t session, gnutls_buffer_st *buf) return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } - if (session->security_parameters.entity == GNUTLS_CLIENT) { - ret = _gnutls_buffer_pop_prefix8(buf, &type, 0); - if (ret < 0) - return gnutls_assert_val(ret); + /* The following messages are expected asynchronously after + * the handshake process is complete */ + if (unlikely(session->internals.handshake_in_progress)) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); - ret = _gnutls_buffer_pop_prefix24(buf, &length, 1); - if (ret < 0) - return gnutls_assert_val(ret); + ret = _gnutls_buffer_pop_prefix8(buf, &type, 0); + if (ret < 0) + return gnutls_assert_val(ret); - switch(type) { - case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: - ret = _gnutls13_recv_session_ticket(session, buf); - if (ret < 0) - return gnutls_assert_val(ret); - break; - default: - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET; - } + ret = _gnutls_buffer_pop_prefix24(buf, &length, 1); + if (ret < 0) + return gnutls_assert_val(ret); - } else { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET; + switch(type) { + case GNUTLS_HANDSHAKE_KEY_UPDATE: + ret = _gnutls13_recv_key_update(session, buf); + if (ret < 0) + return gnutls_assert_val(ret); + break; + case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: + if (session->security_parameters.entity != GNUTLS_CLIENT) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + + ret = _gnutls13_recv_session_ticket(session, buf); + if (ret < 0) + return gnutls_assert_val(ret); + break; + default: + gnutls_assert(); + return GNUTLS_E_UNEXPECTED_PACKET; } return 0; |