diff options
Diffstat (limited to 'lib/ext/pre_shared_key.c')
-rw-r--r-- | lib/ext/pre_shared_key.c | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c index 10e5d0a2e3..8338550389 100644 --- a/lib/ext/pre_shared_key.c +++ b/lib/ext/pre_shared_key.c @@ -398,7 +398,7 @@ static int server_recv_params(gnutls_session_t session, memcpy(identity_str, psk.identity.data, psk.identity.size); identity_str[psk.identity.size] = 0; - ret = _gnutls_psk_pwd_find_entry(session, identity_str, &key); + ret = _gnutls_psk_pwd_find_entry(session, pskcred, identity_str, &key); if (ret < 0) return gnutls_assert_val(ret); @@ -487,13 +487,6 @@ static int server_recv_params(gnutls_session_t session, goto fail; } - if (session->internals.hsk_flags & HSK_PSK_KE_MODE_DHE_PSK) - _gnutls_handshake_log("EXT[%p]: Selected DHE-PSK mode\n", session); - else { - reset_cand_groups(session); - _gnutls_handshake_log("EXT[%p]: Selected PSK mode\n", session); - } - /* save the username in psk_auth_info to make it available * using gnutls_psk_server_get_username() */ if (psk_kind == PSK) { @@ -589,10 +582,11 @@ static int _gnutls_psk_send_params(gnutls_session_t session, if (!session->internals.session_ticket_enable && !session->internals.priorities->have_psk) return 0; - if (session->internals.hsk_flags & HSK_PSK_KE_MODES_RECEIVED) - return server_send_params(session, extdata); - else + /* No overlapping key exchange modes */ + if (session->internals.psk_ke_modes_size == 0) return 0; + + return server_send_params(session, extdata); } } @@ -625,12 +619,12 @@ static int _gnutls_psk_recv_params(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION); } } else { - if (session->internals.hsk_flags & HSK_PSK_KE_MODES_RECEIVED) { - if (session->internals.hsk_flags & HSK_PSK_KE_MODE_INVALID) { - /* We received a "psk_ke_modes" extension, but with a value we don't support */ - return 0; - } + if (session->internals.hsk_flags & HSK_PSK_KE_MODE_INVALID) { + /* We received a "psk_ke_modes" extension, but with a value we don't support */ + return 0; + } + if (session->internals.psk_ke_modes_size > 0) { pskcred = (gnutls_psk_server_credentials_t) _gnutls_get_cred(session, GNUTLS_CRD_PSK); |