[gnutls-devel] GnuTLS | update tlsfuzzer scripts to latest version (!774)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Oct 16 14:49:53 CEST 2018
Nikos Mavrogiannopoulos commented on a discussion on lib/handshake.c:
> - /* if we are resuming then the KX seen doesn't match the original */
> + /* sanity check:
> + * we see TLS1.3 negotiated but no key share was sent */
> + if (ver->tls13_sem) {
> + if (unlikely(!(session->internals.hsk_flags & HSK_PSK_KE_MODE_PSK) &&
> + !(session->internals.hsk_flags & HSK_KEY_SHARE_RECEIVED))) {
> + return gnutls_assert_val(GNUTLS_E_MISSING_EXTENSION);
> + }
> +
> + /* Under TLS1.3 this returns a KX which matches the negotiated
> + * groups from the key shares; if we are resuming then the KX seen
> + * here doesn't match the original session. */
> if (session->internals.resumed == RESUME_FALSE)
> kx = gnutls_kx_get(session);
> + else
> + kx = 0;
Makes sense; updated.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/774#note_109169986
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181016/edec099a/attachment-0001.html>
More information about the Gnutls-devel
mailing list