[gnutls-devel] GnuTLS | tls1.3: server returns early on handshake when no cert is provided by client (!711)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Aug 3 16:08:13 CEST 2018

Nikos Mavrogiannopoulos commented on a discussion on lib/handshake-tls13.c:

> +	_gnutls_write_uint24(session->security_parameters.prf->output_size, finished+1);
> +
> +	ret = _gnutls_buffer_append_data(&session->internals.handshake_hash_buffer, finished,
> +					 TLS_HANDSHAKE_HEADER_SIZE+session->security_parameters.prf->output_size);
> +	if (ret < 0)
> +		return gnutls_assert_val(ret);
> +
> +	ret = _tls13_derive_secret(session, RMS_MASTER_LABEL, sizeof(RMS_MASTER_LABEL)-1,
> +				   session->internals.handshake_hash_buffer.data,
> +				   session->internals.handshake_hash_buffer.length,
> +				   session->key.proto.tls13.temp_secret,
> +				   session->key.proto.tls13.ap_rms);
> +	if (ret < 0)
> +		return gnutls_assert_val(ret);
> +
> +	session->internals.handshake_hash_buffer.length = spos;

it looks nice functionally but I don't think it is a good idea to set the value of `session->internals.handshake_hash_buffer_client_finished_len` prior to the finished message being received. Indeed on that particular function we are predicting what it will be to calculate rms, but should we set its value for anyone else to use? grepping through the code it seems that in no other case this value is being used, so it is a kind of philosophical question which approach is better. I prefer the current one because I find it nicer to contain the side effects of this prediction, but I'd be happy to discuss that.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/711#note_92364795
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180803/5c026f01/attachment.html>

More information about the Gnutls-devel mailing list