git.ipfire.org Git - thirdparty/gnutls.git/commit

author	Daiki Ueno <ueno@gnu.org>
	Fri, 18 Jul 2025 22:08:24 +0000 (07:08 +0900)
committer	Daiki Ueno <ueno@gnu.org>
	Fri, 1 Aug 2025 00:07:58 +0000 (09:07 +0900)
commit	1d830baac2f8a08a40b13e9eecfcc64ad032e7b5
tree	087460b2a3eacf57a9c17db64f0892390da1ab73	tree \| snapshot
parent	30c264b661d49d135ef342426c6c4cd853209c06	commit \| diff

key_update: rework the rekeying logic

While RFC 8446 4.6.3 says that the sender of a KeyUpdate message
should only update its sending key, the previous implementation
updated both the sending and receiving keys, preventing that any
application data interleaved being decrypted.

This splits the key update logic into 2 phases: when sending a
KeyUpdate, only update the sending key, and when receiving a
KeyUpdate, only update the receiving key. In both cases, KeyUpdate
messages are encrypted/decrypted with the old keys.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

lib/gnutls_int.h		diff \| blob \| blame \| history
lib/tls13/key_update.c		diff \| blob \| blame \| history