crypto/tls: implement Extended Master Secret

All OpenSSL tests now test operation with EMS. To test a handshake
*without* EMS we need to pass -Options=-ExtendedMasterSecret which is
only available in OpenSSL 3.1, which breaks a number of other tests.

Updates #43922

Change-Id: Ib9ac79a1d03fab6bfba5fe9cd66689cff661cda7
Reviewed-on: https://go-review.googlesource.com/c/go/+/497376
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
This commit is contained in:
Filippo Valsorda 2023-05-24 01:55:45 +02:00 committed by Gopher Robot
parent 1143de0f03
commit d154b73cf1
120 changed files with 9366 additions and 9243 deletions

View file

@ -174,6 +174,9 @@ func (*clientHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value {
m.secureRenegotiationSupported = true
m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
}
if rand.Intn(10) > 5 {
m.extendedMasterSecret = true
}
for i := 0; i < rand.Intn(5); i++ {
m.supportedVersions = append(m.supportedVersions, uint16(rand.Intn(0xffff)+1))
}
@ -236,6 +239,9 @@ func (*serverHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value {
m.secureRenegotiationSupported = true
m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
}
if rand.Intn(10) > 5 {
m.extendedMasterSecret = true
}
if rand.Intn(10) > 5 {
m.supportedVersion = uint16(rand.Intn(0xffff) + 1)
}
@ -353,6 +359,9 @@ func (*SessionState) Generate(rand *rand.Rand, size int) reflect.Value {
if rand.Intn(10) > 5 {
s.EarlyData = true
}
if rand.Intn(10) > 5 {
s.extMasterSecret = true
}
if s.isClient || rand.Intn(10) > 5 {
if rand.Intn(10) > 5 {
s.peerCertificates = sessionTestCerts