mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
crypto/tls: implement Extended Master Secret
All OpenSSL tests now test operation with EMS. To test a handshake *without* EMS we need to pass -Options=-ExtendedMasterSecret which is only available in OpenSSL 3.1, which breaks a number of other tests. Updates #43922 Change-Id: Ib9ac79a1d03fab6bfba5fe9cd66689cff661cda7 Reviewed-on: https://go-review.googlesource.com/c/go/+/497376 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Damien Neil <dneil@google.com>
This commit is contained in:
Filippo Valsorda
Gopher Robot
parent
1143de0f03
commit
d154b73cf1
120 changed files with 9366 additions and 9243 deletions
|
|
@ -72,6 +72,7 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) {
|
|||
vers: clientHelloVersion,
|
||||
compressionMethods: []uint8{compressionNone},
|
||||
random: make([]byte, 32),
|
||||
extendedMasterSecret: true,
|
||||
ocspStapling: true,
|
||||
scts: true,
|
||||
serverName: hostnameInSNI(config.ServerName),
|
||||
|
|
@ -645,6 +646,19 @@ func (hs *clientHandshakeState) doFullHandshake() error {
|
|||
}
|
||||
}
|
||||
|
||||
if hs.serverHello.extendedMasterSecret {
|
||||
c.extMasterSecret = true
|
||||
hs.masterSecret = extMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret,
|
||||
hs.finishedHash.Sum())
|
||||
} else {
|
||||
hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret,
|
||||
hs.hello.random, hs.serverHello.random)
|
||||
}
|
||||
if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.hello.random, hs.masterSecret); err != nil {
|
||||
c.sendAlert(alertInternalError)
|
||||
return errors.New("tls: failed to write to key log: " + err.Error())
|
||||
}
|
||||
|
||||
if chainToSend != nil && len(chainToSend.Certificate) > 0 {
|
||||
certVerify := &certificateVerifyMsg{}
|
||||
|
||||
|
|
@ -692,12 +706,6 @@ func (hs *clientHandshakeState) doFullHandshake() error {
|
|||
}
|
||||
}
|
||||
|
||||
hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.hello.random, hs.serverHello.random)
|
||||
if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.hello.random, hs.masterSecret); err != nil {
|
||||
c.sendAlert(alertInternalError)
|
||||
return errors.New("tls: failed to write to key log: " + err.Error())
|
||||
}
|
||||
|
||||
hs.finishedHash.discardHandshakeBuffer()
|
||||
|
||||
return nil
|
||||
|
|
@ -784,8 +792,15 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) {
|
|||
return false, errors.New("tls: server resumed a session with a different cipher suite")
|
||||
}
|
||||
|
||||
// RFC 7627, Section 5.3
|
||||
if hs.session.extMasterSecret != hs.serverHello.extendedMasterSecret {
|
||||
c.sendAlert(alertHandshakeFailure)
|
||||
return false, errors.New("tls: server resumed a session with a different EMS extension")
|
||||
}
|
||||
|
||||
// Restore master secret and certificates from previous state
|
||||
hs.masterSecret = hs.session.secret
|
||||
c.extMasterSecret = hs.session.extMasterSecret
|
||||
c.peerCertificates = hs.session.peerCertificates
|
||||
c.activeCertHandles = hs.c.activeCertHandles
|
||||
c.verifiedChains = hs.session.verifiedChains
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue