abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-29 19:56:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix KeyUpdate bug

Browse Source
This commit is contained in:
Zhi Guan
2026-05-27 16:26:00 +08:00
parent 83b95e8d7b
commit dbc529f547
4 changed files with 45 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/gmssl/tls.h
View File

@@ -803,6 +803,7 @@ typedef struct {
// KeyUpdate
int key_update;
size_t key_update_seq_num_limit;
size_t key_update_data_size_limit;
@@ -896,7 +897,11 @@ int tls_ctx_add_certificate_list_and_key(TLS_CTX *ctx, const char *chainfile,
const uint8_t *entity_signed_certificate_timestamp_list, size_t entity_signed_certificate_timestamp_list_len, // optional
const char *keyfile, const char *keypass);
int tls_ctx_set_key_update_seq_num_limit(TLS_CTX *ctx, size_t max_seq_num);
// KeyUpdate
#define TLS13_DEFAULT_KEY_UPDATE_SEQ_NUM_LIMIT (1 << 20)
int tls13_ctx_enable_key_update(TLS_CTX *ctx, int enable);
int tls13_ctx_set_key_update_seq_num_limit(TLS_CTX *ctx, size_t max_seq_num);

32
src/tls13.c
View File

@@ -1058,7 +1058,8 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s
}
// check if KeyUpdate
if (GETU64(seq_num) >= conn->ctx->key_update_seq_num_limit) {
if (conn->ctx->key_update
&& GETU64(seq_num) >= conn->ctx->key_update_seq_num_limit) {
if (!conn->key_update) {
conn->key_update = 1;
request_update = 1;
@@ -1289,7 +1290,7 @@ int tls13_do_recv(TLS_CONNECT *conn)
seq_num = GETU64(conn->client_seq_num);
if (seq_num > 2 && update_requested) {
if (seq_num > 2 && update_requested && conn->ctx->key_update) {
conn->key_update = 1;
}
@@ -1303,7 +1304,7 @@ int tls13_do_recv(TLS_CONNECT *conn)
seq_num = GETU64(conn->server_seq_num);
if (seq_num > 2 && update_requested) {
if (seq_num > 2 && update_requested && conn->ctx->key_update) {
fprintf(stderr, "server prepare key_update\n");
conn->key_update = 1;
}
@@ -3465,6 +3466,31 @@ int tls13_key_update_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t
return 1;
}
int tls13_ctx_enable_key_update(TLS_CTX *ctx, int enable)
{
if (!ctx) {
error_print();
return -1;
}
ctx->key_update = enable ? 1 : 0;
ctx->key_update_seq_num_limit = TLS13_DEFAULT_KEY_UPDATE_SEQ_NUM_LIMIT;
return 1;
}
int tls13_ctx_set_key_update_seq_num_limit(TLS_CTX *ctx, size_t max_seq_num)
{
if (!ctx || !max_seq_num) {
error_print();
return -1;
}
if (!ctx->key_update) {
error_print();
return -1;
}
ctx->key_update_seq_num_limit = max_seq_num;
return 1;
}
// ChangeCipherSpec
int tls13_ctx_enable_change_cipher_spec(TLS_CTX *ctx, int enable)

6
tools/tls13_client.c
View File

@@ -408,7 +408,11 @@ bad:
// KeyUpdate
if (key_update_seq_num > 0) {
if (tls_ctx_set_key_update_seq_num_limit(&ctx, key_update_seq_num) != 1) {
if (tls13_ctx_enable_key_update(&ctx, 1) != 1) {
error_print();
goto end;
}
if (tls13_ctx_set_key_update_seq_num_limit(&ctx, key_update_seq_num) != 1) {
error_print();
goto end;
}

6
tools/tls13_server.c
View File

@@ -418,7 +418,11 @@ bad:
// KeyUpdate
if (key_update_seq_num > 0) {
if (tls_ctx_set_key_update_seq_num_limit(&ctx, key_update_seq_num) != 1) {
if (tls13_ctx_enable_key_update(&ctx, 1) != 1) {
error_print();
goto end;
}
if (tls13_ctx_set_key_update_seq_num_limit(&ctx, key_update_seq_num) != 1) {
error_print();
goto end;
}