Extended master secret extension support.

Add and retrieve extended master secret extension, setting the flag SSL_SESS_FLAG_EXTMS appropriately. Note: this just sets the flag and doesn't include the changes to master secret generation. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-23 02:45:13 +00:00 · 2015-01-23 02:45:13 +00:00 · ddc06b3556
commit ddc06b3556
parent c660ec63a8
4 changed files with 26 additions and 1 deletions
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@ -244,6 +244,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                   X509_verify_cert_error_string(x->verify_result)) <= 0)
        goto err;

+    if (BIO_printf(bp, "    Extended master secret: %s\n",
+                   x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0)
+        goto err;
+
    return (1);
 err:
    return (0);
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -1445,6 +1445,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
    s2n(TLSEXT_TYPE_encrypt_then_mac, ret);
    s2n(0, ret);
 # endif
+    s2n(TLSEXT_TYPE_extended_master_secret, ret);
+    s2n(0, ret);

    /*
     * Add padding to workaround bugs in F5 terminators. See
@ -1682,6 +1684,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
        }
    }
 # endif
+    if (!s->hit && s->session->flags & SSL_SESS_FLAG_EXTMS) {
+        s2n(TLSEXT_TYPE_extended_master_secret, ret);
+        s2n(0, ret);
+    }

    if (s->s3->alpn_selected) {
        const unsigned char *selected = s->s3->alpn_selected;
@ -2300,6 +2306,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
        else if (type == TLSEXT_TYPE_encrypt_then_mac)
            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
 # endif
+        else if (type == TLSEXT_TYPE_extended_master_secret) {
+            if (!s->hit)
+                s->session->flags |= SSL_SESS_FLAG_EXTMS;
+        }
        /*
         * If this ClientHello extension was unhandled and this is a
         * nonresumed connection, check whether the extension is a custom
@ -2594,6 +2604,10 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
                s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
        }
 # endif
+        else if (type == TLSEXT_TYPE_extended_master_secret) {
+            if (!s->hit)
+                s->session->flags |= SSL_SESS_FLAG_EXTMS;
+        }
        /*
         * If this extension type was not otherwise handled, but matches a
         * custom_cli_ext_record, then send it to the c callback
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@ -363,7 +363,8 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
    {TLSEXT_TYPE_session_ticket, "session_ticket"},
    {TLSEXT_TYPE_renegotiate, "renegotiate"},
    {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
-    {TLSEXT_TYPE_padding, "padding"}
+    {TLSEXT_TYPE_padding, "padding"},
+    {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}
 };

 static ssl_trace_tbl ssl_curve_tbl[] = {
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@ -250,6 +250,12 @@ extern "C" {
 * http://www.ietf.org/id/draft-ietf-tls-encrypt-then-mac-02.txt
 */
 # define TLSEXT_TYPE_encrypt_then_mac    22
+/*
+ * Extended master secret extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * https://tools.ietf.org/id/draft-ietf-tls-session-hash-03.txt
+ */
+# define TLSEXT_TYPE_extended_master_secret      23

 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35