psk: mark psk_ke_modes as invalid when ignored

TLS1.3 handles the receiving of pre-shared keys extension as
invalid when the psk_ke_modes extension is not received as well.
As such, when we ignore the psk_ke_modes for some reason (e.g.,
no credentials) we need to indicate that it was received. We
use the invalid mode flag for that reason, allowing the handshake
to fail later for the right reason (e.g., no credentials error rather
than illegal extension).

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/ext/psk_ke_modes.c b/lib/ext/psk_ke_modes.c
index afcbcb8ce1b78d132fae4e319dc0ebc65daa6173..872fec9fa33ade89729b4007d950a72f9feeb6c3 100644 (file)
--- a/lib/ext/psk_ke_modes.c
+++ b/lib/ext/psk_ke_modes.c
@@ -112,12 +112,19 @@ psk_ke_modes_recv_params(gnutls_session_t session,
        if (session->security_parameters.entity == GNUTLS_CLIENT)
                return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION);
 
-       if (!vers || !vers->tls13_sem)
-               return 0;
+       /* we set hsk_flags to HSK_PSK_KE_MODE_INVALID on failure to ensure that
+        * when we parse the pre-shared key extension we detect PSK_KE_MODES as
+        * received. */
+       if (!vers || !vers->tls13_sem) {
+               session->internals.hsk_flags |= HSK_PSK_KE_MODE_INVALID;
+               return gnutls_assert_val(0);
+       }
 
        cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred(session, GNUTLS_CRD_PSK);
-       if (cred == NULL)
-               return 0;
+       if (cred == NULL) {
+               session->internals.hsk_flags |= HSK_PSK_KE_MODE_INVALID;
+               return gnutls_assert_val(0);
+       }
 
        DECR_LEN(len, 1);
        ke_modes_len = *(data++);