[gnutls-devel] GnuTLS | tls1.3: server returns early on handshake when no cert is provided by client (!711)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Aug 2 18:24:47 CEST 2018
Daiki Ueno started a new discussion on lib/handshake-tls13.c:
> IMED_RET("send finished", ret, 0);
> /* fall through */
> case STATE107:
> + /* At this point our sending keys should be the app keys
> + * see 4.4.4 at draft-ietf-tls-tls13-28 */
> + ret =
> + generate_ap_traffic_keys(session);
> + IMED_RET("generate app keys", ret, 0);
> +
> + /* If the session is unauthenticated, try to optimize the handshake by
> + * sending the session ticket early. */
> + if (!(session->internals.hsk_flags & (HSK_CRT_REQ_SENT|HSK_PSK_SELECTED))) {
> + STATE = STATE107;
I am a bit confused with the use of STATE here; in the surrounding code it is used like this:
```c
case STATEXXX:
ret = do_something(session, AGAIN(STATEXXX));
STATE = STATEXXX;
IMED_RET("something", ret, 0);
/* fallthrough */
```
If I understand correctly, this pattern is to allow callers to re-enter if any of the function returns EAGAIN. However, here, `generate_ap_traffic_keys()` is not reentrant, because it overwrites temp_secret. Wouldn't that be a problem?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_92158495
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180802/8dfc6630/attachment-0001.html>
More information about the Gnutls-devel
mailing list