[gnutls-devel] GnuTLS | Fix non-empty session id (TLS13_APPENDIX_D4) (!1350)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Nov 19 12:02:17 CET 2020

Daiki Ueno commented on a discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_450750553

>  #ifdef TLS13_APPENDIX_D4
>  		if (max_ver->tls13_sem &&
> -		    session->security_parameters.session_id_size == 0) {
> +		    session->internals.resumed_security_parameters.session_id_size == 0) {
>  			/* Under TLS1.3 we generate a random session ID to make
>  			 * the TLS1.3 session look like a resumed TLS1.2 session */
> -			ret = _gnutls_generate_session_id(session->security_parameters.
> +			ret = _gnutls_generate_session_id(session->internals.resumed_security_parameters.

Thanks for the update. The `prf` test covers the [TLS exporters](https://tools.ietf.org/html/rfc8446#section-7.5), which is a mechanism to allow applications to use keying material derived from the TLS session; that means the keying material is calculated over the exchanged handshake messages. As we are now sending non-empty session ID, the values embedded in the test needs to be updated (you can run the test locally and paste the new value there).

The other test also assumes an empty session ID and needs an update something like [tlsext-decoding.c.diff](/uploads/cf5703c72899fdc439bac48bc938786e/tlsext-decoding.c.diff).

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350#note_450750553
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20201119/ae8f8d85/attachment.html>

More information about the Gnutls-devel mailing list