diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2020-06-04 11:40:29 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-06-09 14:11:19 +0200 |
commit | 11d3235e2b5a1dc9f48c040b1f1b6bea86ffc745 (patch) | |
tree | 30a7c0f99180ec1712fc5d59e698646448389082 /ssl/statem | |
parent | 7646610b6a2c53ae50ed453c88291c23630e7850 (diff) |
Do not allow dropping Extended Master Secret extension on renegotiaton
Abort renegotiation if server receives client hello with Extended Master
Secret extension dropped in comparison to the initial session.
Fixes #9754
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12045)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/extensions.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 3c023486da..9086348618 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1169,13 +1169,26 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) { + s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + s->s3.flags |= TLS1_FLAGS_REQUIRED_EXTMS; + } return 1; } static int final_ems(SSL *s, unsigned int context, int sent) { + /* + * Check extended master secret extension is not dropped on + * renegotiation. + */ + if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) + && (s->s3.flags & TLS1_FLAGS_REQUIRED_EXTMS)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, + SSL_R_INCONSISTENT_EXTMS); + return 0; + } if (!s->server && s->hit) { /* * Check extended master secret extension is consistent with |