summaryrefslogtreecommitdiff
path: root/lib/ext/pre_shared_key.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ext/pre_shared_key.c')
-rw-r--r--lib/ext/pre_shared_key.c46
1 files changed, 29 insertions, 17 deletions
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index f3bd9c5973..35ec94fe4a 100644
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -469,10 +469,11 @@ static int server_recv_params(gnutls_session_t session,
const mac_entry_st *prf;
gnutls_datum_t full_client_hello;
uint8_t binder_value[MAX_HASH_SIZE];
- int psk_index;
+ uint16_t psk_index, i;
gnutls_datum_t binder_recvd = { NULL, 0 };
gnutls_datum_t key = {NULL, 0};
psk_ext_parser_st psk_parser;
+ psk_ext_iter_st psk_iter;
struct psk_st psk;
psk_auth_info_t info;
tls13_ticket_t ticket_data;
@@ -481,12 +482,22 @@ static int server_recv_params(gnutls_session_t session,
ret = _gnutls13_psk_ext_parser_init(&psk_parser, data, len);
if (ret < 0) {
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) /* No PSKs advertised by client */
+ /* No PSKs advertised by client */
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
return 0;
return gnutls_assert_val(ret);
}
- while ((psk_index = _gnutls13_psk_ext_parser_next_psk(&psk_parser, &psk)) >= 0) {
+ _gnutls13_psk_ext_iter_init(&psk_iter, &psk_parser);
+ for (psk_index = 0; ; psk_index++) {
+ ret = _gnutls13_psk_ext_iter_next_identity(&psk_iter, &psk);
+ if (ret < 0) {
+ /* We couldn't find any usable PSK */
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return 0;
+ return gnutls_assert_val(ret);
+ }
+
/* This will unpack the session ticket if it is well
* formed and has the expected name */
if (!(session->internals.flags & GNUTLS_NO_TICKETS) &&
@@ -498,17 +509,20 @@ static int server_recv_params(gnutls_session_t session,
/* Check whether ticket is stale or not */
ticket_age = psk.ob_ticket_age - ticket_data.age_add;
if (ticket_age < 0) {
+ gnutls_assert();
tls13_ticket_deinit(&ticket_data);
continue;
}
if ((unsigned int) (ticket_age / 1000) > ticket_data.lifetime) {
+ gnutls_assert();
tls13_ticket_deinit(&ticket_data);
continue;
}
ret = compute_psk_from_ticket(&ticket_data, &key);
if (ret < 0) {
+ gnutls_assert();
tls13_ticket_deinit(&ticket_data);
continue;
}
@@ -539,14 +553,16 @@ static int server_recv_params(gnutls_session_t session,
}
}
- if (psk_index < 0)
- return 0;
-
- ret = _gnutls13_psk_ext_parser_find_binder(&psk_parser, psk_index,
- &binder_recvd);
- if (ret < 0) {
- gnutls_assert();
- goto fail;
+ _gnutls13_psk_ext_iter_init(&psk_iter, &psk_parser);
+ for (i = 0; i <= psk_index; i++) {
+ ret = _gnutls13_psk_ext_iter_next_binder(&psk_iter, &binder_recvd);
+ if (ret < 0) {
+ gnutls_assert();
+ /* We couldn't extract binder */
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto fail;
+ }
}
/* Get full ClientHello */
@@ -557,7 +573,7 @@ static int server_recv_params(gnutls_session_t session,
}
/* Compute the binder value for this PSK */
- ret = compute_psk_binder(session, prf, psk_parser.binder_len+2, 0, 0,
+ ret = compute_psk_binder(session, prf, psk_parser.binders_len+2, 0, 0,
&key, &full_client_hello, resuming,
binder_value);
if (ret < 0) {
@@ -582,11 +598,7 @@ static int server_recv_params(gnutls_session_t session,
/* save the username in psk_auth_info to make it available
* using gnutls_psk_server_get_username() */
if (!resuming) {
- if (psk.identity.size >= sizeof(info->username)) {
- gnutls_assert();
- ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
- goto fail;
- }
+ assert(psk.identity.size < sizeof(info->username));
ret = _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1);
if (ret < 0) {
View Lorry Controller Status