TLS 1.3: implement anti-replay measure using ClientHello recording

This implements ClientHello recording outlined in section 8.2 of RFC 8446. Signed-off-by: Daiki Ueno <dueno@redhat.com>
author: Daiki Ueno <dueno@redhat.com> 2018-10-19 17:52:48 +0200
committer: Daiki Ueno <dueno@redhat.com> 2018-11-12 14:08:45 +0100
commit: 79f2f1cf5b91491be5f0e3486c416594ec522b25 (patch)
tree: eec06e9a96e5c64449e3469c477fc1d332953d12 /lib/ext/early_data.c
parent: 8ada9c280c9044644dfad1f234e3da32f0df86a0 (diff)
download: gnutls-79f2f1cf5b91491be5f0e3486c416594ec522b25.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/ext/early_data.c b/lib/ext/early_data.c
index 729a528bd7..a58e473ae1 100644
--- a/lib/ext/early_data.c
+++ b/lib/ext/early_data.c
@@ -59,10 +59,13 @@ early_data_recv_params(gnutls_session_t session,
 		return gnutls_assert_val(0);
 
 	if (session->security_parameters.entity == GNUTLS_SERVER) {
+		/* The flag may be cleared by pre_shared_key
+		 * extension, when replay is detected. */
 		if ((session->internals.flags & GNUTLS_ENABLE_EARLY_DATA) &&
 		    /* Refuse early data when this is a second CH after HRR */
 		    !(session->internals.hsk_flags & HSK_HRR_SENT))
 			session->internals.hsk_flags |= HSK_EARLY_DATA_ACCEPTED;
+
 		session->internals.hsk_flags |= HSK_EARLY_DATA_IN_FLIGHT;
 	} else {
 		if (_gnutls_ext_get_msg(session) == GNUTLS_EXT_FLAG_EE)
author	Daiki Ueno <dueno@redhat.com>	2018-10-19 17:52:48 +0200
committer	Daiki Ueno <dueno@redhat.com>	2018-11-12 14:08:45 +0100
commit	79f2f1cf5b91491be5f0e3486c416594ec522b25 (patch)
tree	eec06e9a96e5c64449e3469c477fc1d332953d12 /lib/ext/early_data.c
parent	8ada9c280c9044644dfad1f234e3da32f0df86a0 (diff)
download	gnutls-79f2f1cf5b91491be5f0e3486c416594ec522b25.tar.gz