diff options
author | Todd Short <tshort@akamai.com> | 2017-07-10 13:28:35 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-02-15 10:11:18 +0000 |
commit | 088dfa133561d7613b9391a56ddbce58f32c934a (patch) | |
tree | 46ebb1770ded52fd84e2202d80cac0ea9121b49f /ssl | |
parent | 9fc8f18f59f4a4c853466dca64a23b8af681bf1c (diff) | |
download | openssl-088dfa133561d7613b9391a56ddbce58f32c934a.zip openssl-088dfa133561d7613b9391a56ddbce58f32c934a.tar.gz openssl-088dfa133561d7613b9391a56ddbce58f32c934a.tar.bz2 |
Add option to disable Extended Master Secret
Add SSL_OP64_NO_EXTENDED_MASTER_SECRET, that can be set on either
an SSL or an SSL_CTX. When processing a ClientHello, if this flag
is set, do not indicate that the EMS TLS extension was received in
either the ssl3 object or the SSL_SESSION. Retain most of the
sanity checks between the previous and current session during
session resumption, but weaken the check when the current SSL
object is configured to not use EMS.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3910)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_conf.c | 3 | ||||
-rw-r--r-- | ssl/statem/extensions.c | 3 | ||||
-rw-r--r-- | ssl/statem/extensions_clnt.c | 5 | ||||
-rw-r--r-- | ssl/statem/extensions_srvr.c | 3 |
4 files changed, 11 insertions, 3 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 6d4c69d..f0bec36 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -380,7 +380,8 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT), - SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY) + SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY), + SSL_FLAG_TBL_INV("ExtendedMasterSecret", SSL_OP_NO_EXTENDED_MASTER_SECRET) }; if (value == NULL) return -3; diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 773309a..60d4da0 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1169,8 +1169,7 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - if (!s->server) - s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; return 1; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 6e133e0..f01e9ee 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -494,6 +494,9 @@ EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { + if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) + return EXT_RETURN_NOT_SENT; + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EMS, @@ -1743,6 +1746,8 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { + if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) + return 1; s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; if (!s->hit) s->session->flags |= SSL_SESS_FLAG_EXTMS; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 6545f57..73ceadc 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -989,6 +989,9 @@ int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } + if (s->options & SSL_OP_NO_EXTENDED_MASTER_SECRET) + return 1; + s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; return 1; |