ef93cf994d
Also some small TLS protocol fixes/changes: Disallow dropping Extended Master Secret extension on renegotiation Return alert from s_server if ALPN protocol does not match
45 lines
1.7 KiB
Diff
45 lines
1.7 KiB
Diff
diff -up openssl-1.1.1g/include/openssl/ssl3.h.reneg-no-extms openssl-1.1.1g/include/openssl/ssl3.h
|
|
--- openssl-1.1.1g/include/openssl/ssl3.h.reneg-no-extms 2020-04-21 14:22:39.000000000 +0200
|
|
+++ openssl-1.1.1g/include/openssl/ssl3.h 2020-06-05 15:20:22.090682776 +0200
|
|
@@ -292,6 +292,9 @@ extern "C" {
|
|
|
|
# define TLS1_FLAGS_STATELESS 0x0800
|
|
|
|
+/* Set if extended master secret extension required on renegotiation */
|
|
+# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000
|
|
+
|
|
# define SSL3_MT_HELLO_REQUEST 0
|
|
# define SSL3_MT_CLIENT_HELLO 1
|
|
# define SSL3_MT_SERVER_HELLO 2
|
|
diff -up openssl-1.1.1g/ssl/statem/extensions.c.reneg-no-extms openssl-1.1.1g/ssl/statem/extensions.c
|
|
--- openssl-1.1.1g/ssl/statem/extensions.c.reneg-no-extms 2020-04-21 14:22:39.000000000 +0200
|
|
+++ openssl-1.1.1g/ssl/statem/extensions.c 2020-06-05 15:22:19.677653437 +0200
|
|
@@ -1168,14 +1168,26 @@ static int init_etm(SSL *s, unsigned int
|
|
|
|
static int init_ems(SSL *s, unsigned int context)
|
|
{
|
|
- if (!s->server)
|
|
+ if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
|
|
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
|
|
+ s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS;
|
|
+ }
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int final_ems(SSL *s, unsigned int context, int sent)
|
|
{
|
|
+ /*
|
|
+ * Check extended master secret extension is not dropped on
|
|
+ * renegotiation.
|
|
+ */
|
|
+ if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
|
|
+ && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) {
|
|
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
|
|
+ SSL_R_INCONSISTENT_EXTMS);
|
|
+ return 0;
|
|
+ }
|
|
if (!s->server && s->hit) {
|
|
/*
|
|
* Check extended master secret extension is consistent with
|