diff options
Diffstat (limited to 'lib/tls13/key_update.c')
-rw-r--r-- | lib/tls13/key_update.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/lib/tls13/key_update.c b/lib/tls13/key_update.c index acfda41290..e366093887 100644 --- a/lib/tls13/key_update.c +++ b/lib/tls13/key_update.c @@ -38,13 +38,15 @@ * because KTLS most likely doesn't support key update. */ #define SET_KTLS_KEYS(session, interface)\ -{\ - if(_gnutls_ktls_set_keys(session, interface) < 0) {\ +if(_gnutls_ktls_set_keys(session, interface) < 0) {\ session->internals.ktls_enabled = 0;\ - _gnutls_audit_log(session, \ - "disabling KTLS: couldn't update keys\n");\ - }\ -} + session->internals.invalid_connection = true;\ + _gnutls_audit_log(session,\ + "disabling KTLS: couldn't update keys\n");\ + _gnutls_audit_log(session,\ + "invalidating session: No ktls fallback mechanism\n");\ + ret = GNUTLS_E_INTERNAL_ERROR;\ +}\ static int update_keys(gnutls_session_t session, hs_stage_t stage) { @@ -64,6 +66,9 @@ static int update_keys(gnutls_session_t session, hs_stage_t stage) * write keys */ if (session->internals.recv_state == RECV_STATE_EARLY_START) { ret = _tls13_write_connection_state_init(session, stage); + if (ret < 0) + return gnutls_assert_val(ret); + if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) SET_KTLS_KEYS(session, GNUTLS_KTLS_SEND) } else { |