From 11d3235e2b5a1dc9f48c040b1f1b6bea86ffc745 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 4 Jun 2020 11:40:29 +0200
Subject: Do not allow dropping Extended Master Secret extension on
 renegotiaton

Abort renegotiation if server receives client hello with Extended Master
Secret extension dropped in comparison to the initial session.

Fixes #9754

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12045)
---
 include/openssl/ssl3.h | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'include')

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 664ad23..9fc6b3a 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -297,6 +297,9 @@ extern "C" {
 
 # define TLS1_FLAGS_STATELESS                    0x0800
 
+/* Set if extended master secret extension required on renegotiation */
+# define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
+
 # define SSL3_MT_HELLO_REQUEST                   0
 # define SSL3_MT_CLIENT_HELLO                    1
 # define SSL3_MT_SERVER_HELLO                    2
-- 
cgit v1.1