Add negotiation of Extended Master Secret

(But not the actual thing yet.)
2025-07-29 11:41:15 +03:00 · 2014-10-20 18:40:56 +02:00
parent 178f9d6e19
commit 367381fddd
8 changed files with 264 additions and 0 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -209,6 +209,9 @@
 #define SSL_IS_NOT_FALLBACK             0
 #define SSL_IS_FALLBACK                 1

+#define SSL_EXTENDED_MS_DISABLED        0
+#define SSL_EXTENDED_MS_ENABLED         1
+
 #define SSL_COMPRESS_NULL               0
 #define SSL_COMPRESS_DEFLATE            1

@ -406,6 +409,8 @@

 #define TLS_EXT_ALPN                        16

+#define TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
+
 #define TLS_EXT_SESSION_TICKET              35

 #define TLS_EXT_RENEGOTIATION_INFO      0xFF01
@ -657,6 +662,9 @@ struct _ssl_handshake_params
 #if defined(POLARSSL_SSL_SESSION_TICKETS)
    int new_session_ticket;             /*!< use NewSessionTicket?    */
 #endif /* POLARSSL_SSL_SESSION_TICKETS */
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+    int extended_ms;                    /*!< use Extended Master Secret? */
+#endif
 };

 #if defined(POLARSSL_SSL_SESSION_TICKETS)
@ -705,6 +713,9 @@ struct _ssl_context
 #if defined(POLARSSL_SSL_FALLBACK_SCSV) && defined(POLARSSL_SSL_CLI_C)
    char fallback;              /*!< flag for fallback connections    */
 #endif
+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+    char extended_ms;           /*!< flag for extended master secret  */
+#endif

    /*
     * Callbacks (RNG, debug, I/O, verification)
@ -1414,6 +1425,21 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor );
 void ssl_set_fallback( ssl_context *ssl, char fallback );
 #endif /* POLARSSL_SSL_FALLBACK_SCSV && POLARSSL_SSL_CLI_C */

+#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
+/**
+ * \brief           Enable or disable Extended Master Secret negotiation.
+ *                  (Default: SSL_EXTENDED_MS_ENABLED)
+ *
+ * \note            This should always be enabled, it is a security fix to the
+ *                  protocol, and should not cause any interoperability issue
+ *                  (used only if the peer supports it too).
+ *
+ * \param ssl       SSL context
+ * \param ems       SSL_EXTENDED_MS_ENABLED or SSL_EXTENDED_MS_DISABLED
+ */
+void ssl_set_extended_master_secret( ssl_context *ssl, char ems );
+#endif /* POLARSSL_SSL_EXTENDED_MASTER_SECRET */
+
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
 /**
 * \brief          Set the maximum fragment length to emit and/or negotiate