Branch: Tag:

2015-01-10

2015-01-10 11:55:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Support multiple concurrent pending keys.

In TLS 1.3 multiple keys will be in use in a short span of time.
This change reduces the risk of overwriting not yet used keys
due to timing issues.

45:   Session session;   Context context;    - State pending_read_state; - State pending_write_state; + array(State) pending_read_state = ({}); + array(State) pending_write_state = ({});      /* State variables */   
132:      Packet change_cipher_packet()   { -  expect_change_cipher = 1; +  expect_change_cipher++;    return Packet(version, PACKET_change_cipher_spec, "\001");   }   
537:    }    string res = current_write_state->encrypt_packet(packet, context)->send();    if (packet->content_type == PACKET_change_cipher_spec) { -  current_write_state = pending_write_state; +  if (sizeof(pending_write_state)) { +  current_write_state = pending_write_state[0]; +  pending_write_state = pending_write_state[1..]; +  } else { +  error("Invalid Change Cipher Spec.\n"); +  }    if (version >= PROTOCOL_TLS_1_3) {    // The change cipher state packet is not sent on the wire in TLS 1.3.    return to_write();
652:    }    else    { -  current_read_state = pending_read_state; -  expect_change_cipher = 0; +  if (sizeof(pending_read_state)) { +  SSL3_DEBUG_MSG("%O: Changing read state.\n", this); +  current_read_state = pending_read_state[0]; +  pending_read_state = pending_read_state[1..]; +  } else { +  error("No new read state pending!\n"); +  } +  expect_change_cipher--;    return 0;    }   }