mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
crypto/tls: implement Extended Master Secret
All OpenSSL tests now test operation with EMS. To test a handshake *without* EMS we need to pass -Options=-ExtendedMasterSecret which is only available in OpenSSL 3.1, which breaks a number of other tests. Updates #43922 Change-Id: Ib9ac79a1d03fab6bfba5fe9cd66689cff661cda7 Reviewed-on: https://go-review.googlesource.com/c/go/+/497376 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Damien Neil <dneil@google.com>
This commit is contained in:
Filippo Valsorda
Gopher Robot
parent
1143de0f03
commit
d154b73cf1
120 changed files with 9366 additions and 9243 deletions
|
|
@ -214,6 +214,7 @@ func (hs *serverHandshakeState) processClientHello() error {
|
|||
return errors.New("tls: initial handshake had non-empty renegotiation extension")
|
||||
}
|
||||
|
||||
hs.hello.extendedMasterSecret = hs.clientHello.extendedMasterSecret
|
||||
hs.hello.secureRenegotiationSupported = hs.clientHello.secureRenegotiationSupported
|
||||
hs.hello.compressionMethod = compressionNone
|
||||
if len(hs.clientHello.serverName) > 0 {
|
||||
|
|
@ -471,6 +472,17 @@ func (hs *serverHandshakeState) checkForResumption() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// RFC 7627, Section 5.3
|
||||
if !sessionState.extMasterSecret && hs.clientHello.extendedMasterSecret {
|
||||
return nil
|
||||
}
|
||||
if sessionState.extMasterSecret && !hs.clientHello.extendedMasterSecret {
|
||||
// Aborting is somewhat harsh, but it's a MUST and it would indicate a
|
||||
// weird downgrade in client capabilities.
|
||||
return errors.New("tls: session supported extended_master_secret but client does not")
|
||||
}
|
||||
|
||||
c.extMasterSecret = sessionState.extMasterSecret
|
||||
hs.sessionState = sessionState
|
||||
hs.suite = suite
|
||||
c.didResume = true
|
||||
|
|
@ -647,7 +659,14 @@ func (hs *serverHandshakeState) doFullHandshake() error {
|
|||
c.sendAlert(alertHandshakeFailure)
|
||||
return err
|
||||
}
|
||||
hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.clientHello.random, hs.hello.random)
|
||||
if hs.hello.extendedMasterSecret {
|
||||
c.extMasterSecret = true
|
||||
hs.masterSecret = extMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret,
|
||||
hs.finishedHash.Sum())
|
||||
} else {
|
||||
hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret,
|
||||
hs.clientHello.random, hs.hello.random)
|
||||
}
|
||||
if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.clientHello.random, hs.masterSecret); err != nil {
|
||||
c.sendAlert(alertInternalError)
|
||||
return err
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue