tls13 handshake: allow certificate messages after handshake

This allows post-handshake authentication even when PSK
is negotiated.

Resolves #489

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

4 files changed, 19 insertions, 6 deletions

diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c
index 90bd366854..b9a54df355 100644
--- a/lib/tls13/certificate.c
+++ b/lib/tls13/certificate.c
@@ -38,7 +38,8 @@ int _gnutls13_recv_certificate(gnutls_session_t session)
 	gnutls_buffer_st buf;
 	unsigned optional = 0;
 
-	if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+	if (!session->internals.initial_negotiation_completed &&
+	    session->internals.hsk_flags & HSK_PSK_SELECTED)
 		return 0;
 
 	if (session->security_parameters.entity == GNUTLS_SERVER) {
@@ -201,8 +202,10 @@ int _gnutls13_send_certificate(gnutls_session_t session, unsigned again)
 	gnutls_certificate_credentials_t cred;
 
 	if (again == 0) {
-		if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+		if (!session->internals.initial_negotiation_completed &&
+		    session->internals.hsk_flags & HSK_PSK_SELECTED)
 			return 0;
+
 		if (session->security_parameters.entity == GNUTLS_SERVER &&
 		    session->internals.resumed)
 			return 0;
diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c
index 09fb56d0bd..a7ec0e2fd9 100644
--- a/lib/tls13/certificate_request.c
+++ b/lib/tls13/certificate_request.c
@@ -192,7 +192,8 @@ int _gnutls13_recv_certificate_request(gnutls_session_t session)
 	int ret;
 	gnutls_buffer_st buf;
 
-	if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+	if (!session->internals.initial_negotiation_completed &&
+	    session->internals.hsk_flags & HSK_PSK_SELECTED)
 		return 0;
 
 	if (unlikely(session->security_parameters.entity != GNUTLS_CLIENT))
@@ -254,7 +255,8 @@ int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again)
 	if (again == 0) {
 		unsigned char rnd[12];
 
-		if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+		if (!session->internals.initial_negotiation_completed &&
+		    session->internals.hsk_flags & HSK_PSK_SELECTED)
 			return 0;
 
 		if (session->internals.send_cert_req == 0)
diff --git a/lib/tls13/certificate_verify.c b/lib/tls13/certificate_verify.c
index f1dbabab05..96076e4e46 100644
--- a/lib/tls13/certificate_verify.c
+++ b/lib/tls13/certificate_verify.c
@@ -154,8 +154,10 @@ int _gnutls13_send_certificate_verify(gnutls_session_t session, unsigned again)
 	bool server = 0;
 
 	if (again == 0) {
-		if (session->internals.hsk_flags & HSK_PSK_SELECTED)
+		if (!session->internals.initial_negotiation_completed &&
+		    session->internals.hsk_flags & HSK_PSK_SELECTED)
 			return 0;
+
 		if (session->security_parameters.entity == GNUTLS_SERVER &&
 		    session->internals.resumed)
 			return 0;
diff --git a/lib/tls13/post_handshake.c b/lib/tls13/post_handshake.c
index b12c0ba221..ddab66f9a3 100644
--- a/lib/tls13/post_handshake.c
+++ b/lib/tls13/post_handshake.c
@@ -225,7 +225,13 @@ int _gnutls13_reauth_server(gnutls_session_t session)
  *
  * Prior to calling this function in server side, the function
  * gnutls_certificate_server_set_request() must be called setting expectations
- * for the received certificate (request or require).
+ * for the received certificate (request or require). If none are set
+ * this function will return with %GNUTLS_E_INVALID_REQUEST.
+ *
+ * Note that post handshake authentication is available irrespective
+ * of the initial negotiation type (PSK or certificate). In all cases
+ * however, certificate credentials must be set to the session prior
+ * to calling this function.
  *
  * Returns: %GNUTLS_E_SUCCESS on a successful authentication, otherwise a negative error code.
  **/