/** * gnutls_session_key_update: * @session: is a #gnutls_session_t type. * @flags: zero of %GNUTLS_KU_PEER * * This function will update/refresh the session keys when the * TLS protocol is 1.3 or better. The peer is notified of the * update by sending a message, so this function should be * treated similarly to gnutls_record_send() --i.e., it may * return %GNUTLS_E_AGAIN or %GNUTLS_E_INTERRUPTED. * * When this flag %GNUTLS_KU_PEER is specified, this function * in addition to updating the local keys, will ask the peer to * refresh its keys too. * * If the negotiated version is not TLS 1.3 or better this * function will return %GNUTLS_E_INVALID_REQUEST. * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.6.3 **/ int gnutls_session_key_update(gnutls_session_t session, unsigned flags) { int ret; const version_entry_st *vers = get_version(session); if (!vers->tls13_sem) return GNUTLS_E_INVALID_REQUEST; ret = _gnutls13_send_key_update(session, AGAIN(STATE150), flags); STATE = STATE150; if (ret < 0) { gnutls_assert(); return ret; } STATE = STATE0; _gnutls_epoch_gc(session); /* it was completely sent, update the keys */ ret = update_keys(session, STAGE_UPD_OURS); if (ret < 0) return gnutls_assert_val(ret); return 0; }
void _gnutls_handshake_internal_state_clear (gnutls_session_t session) { _gnutls_handshake_internal_state_init (session); deinit_internal_params (session); _gnutls_epoch_gc(session); }
void _gnutls_handshake_internal_state_clear(gnutls_session_t session) { _gnutls_handshake_internal_state_init(session); deinit_internal_params(session); _gnutls_epoch_gc(session); session->internals.handshake_endtime = 0; session->internals.handshake_in_progress = 0; }
void _dtls_async_timer_delete (gnutls_session_t session) { if (session->internals.dtls.async_term != 0) { _gnutls_dtls_log ("DTLS[%p]: Deinitializing previous handshake state.\n", session); session->internals.dtls.async_term = 0; /* turn off "timer" */ _dtls_reset_hsk_state(session); _gnutls_handshake_io_buffer_clear (session); _gnutls_epoch_gc(session); } }
void _gnutls_handshake_internal_state_clear(gnutls_session_t session) { _gnutls_handshake_internal_state_init(session); deinit_internal_params(session); deinit_keys(session); _gnutls_epoch_gc(session); session->internals.handshake_endtime = 0; session->internals.handshake_in_progress = 0; session->internals.tfo.connect_addrlen = 0; session->internals.tfo.connect_only = 0; }
int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf) { int ret; time_t now = gnutls_time(0); if (buf->length != 1) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); if (unlikely(now - session->internals.last_key_update < KEY_UPDATES_PER_SEC)) { _gnutls_debug_log("reached maximum number of key updates per second (%d)\n", KEY_UPDATES_PER_SEC); return gnutls_assert_val(GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS); } session->internals.last_key_update = now; _gnutls_epoch_gc(session); _gnutls_handshake_log("HSK[%p]: received TLS 1.3 key update (%u)\n", session, (unsigned)buf->data[0]); switch(buf->data[0]) { case 0: /* peer updated its key, not requested our key update */ ret = update_keys(session, STAGE_UPD_PEERS); if (ret < 0) return gnutls_assert_val(ret); break; case 1: if (session->internals.hsk_flags & HSK_KEY_UPDATE_ASKED) { /* if we had asked a key update we shouldn't get this * reply */ return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); } /* peer updated its key, requested our key update */ ret = update_keys(session, STAGE_UPD_PEERS); if (ret < 0) return gnutls_assert_val(ret); /* we mark that a key update is schedule, and it * will be performed prior to sending the next application * message. */ if (session->internals.rsend_state == RECORD_SEND_NORMAL) session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_1; else if (session->internals.rsend_state == RECORD_SEND_CORKED) session->internals.rsend_state = RECORD_SEND_CORKED_TO_KU; else return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); break; default: return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); } session->internals.hsk_flags &= ~(unsigned)(HSK_KEY_UPDATE_ASKED); return 0; }