Add |SSL_key_update|.
This function allows a client to send a TLS 1.3 KeyUpdate message.
Change-Id: I69935253795a79d65a8c85b652378bf04b7058e2
Reviewed-on: https://boringssl-review.googlesource.com/c/33706
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index ceeba89..a3c25f3 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -1135,6 +1135,37 @@
return ret;
}
+int SSL_key_update(SSL *ssl, int request_type) {
+ ssl_reset_error_state(ssl);
+
+ if (ssl->do_handshake == NULL) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNINITIALIZED);
+ return 0;
+ }
+
+ if (ssl->ctx->quic_method != nullptr) {
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+
+ if (!ssl->s3->initial_handshake_complete) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_HANDSHAKE_NOT_COMPLETE);
+ return 0;
+ }
+
+ if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
+ return 0;
+ }
+
+ if (!ssl->s3->key_update_pending &&
+ !tls13_add_key_update(ssl, request_type)) {
+ return 0;
+ }
+
+ return 1;
+}
+
int SSL_shutdown(SSL *ssl) {
ssl_reset_error_state(ssl);
