68 lines
2.2 KiB
Diff
68 lines
2.2 KiB
Diff
From 4b7097025305b219694dd8b04f84155cd12fb71d Mon Sep 17 00:00:00 2001
|
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
|
Date: Thu, 4 Jun 2020 11:40:29 +0200
|
|
Subject: [PATCH 018/147] Do not allow dropping Extended Master Secret
|
|
extension on renegotiaton
|
|
|
|
Abort renegotiation if server receives client hello with Extended Master
|
|
Secret extension dropped in comparison to the initial session.
|
|
|
|
Fixes #9754
|
|
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/12099)
|
|
---
|
|
include/openssl/ssl3.h | 3 +++
|
|
ssl/statem/extensions.c | 14 +++++++++++++-
|
|
2 files changed, 16 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
|
|
index 8d01fcc..407db0b 100644
|
|
--- a/include/openssl/ssl3.h
|
|
+++ b/include/openssl/ssl3.h
|
|
@@ -292,6 +292,9 @@ extern "C" {
|
|
|
|
# define TLS1_FLAGS_STATELESS 0x0800
|
|
|
|
+/* Set if extended master secret extension required on renegotiation */
|
|
+# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000
|
|
+
|
|
# define SSL3_MT_HELLO_REQUEST 0
|
|
# define SSL3_MT_CLIENT_HELLO 1
|
|
# define SSL3_MT_SERVER_HELLO 2
|
|
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
|
|
index 4ef8b41..c785ab7 100644
|
|
--- a/ssl/statem/extensions.c
|
|
+++ b/ssl/statem/extensions.c
|
|
@@ -1168,14 +1168,26 @@ static int init_etm(SSL *s, unsigned int context)
|
|
|
|
static int init_ems(SSL *s, unsigned int context)
|
|
{
|
|
- if (!s->server)
|
|
+ if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
|
|
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
|
|
+ s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS;
|
|
+ }
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int final_ems(SSL *s, unsigned int context, int sent)
|
|
{
|
|
+ /*
|
|
+ * Check extended master secret extension is not dropped on
|
|
+ * renegotiation.
|
|
+ */
|
|
+ if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
|
|
+ && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) {
|
|
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
|
|
+ SSL_R_INCONSISTENT_EXTMS);
|
|
+ return 0;
|
|
+ }
|
|
if (!s->server && s->hit) {
|
|
/*
|
|
* Check extended master secret extension is consistent with
|
|
--
|
|
1.8.3.1
|
|
|