Google Git
Sign in
boringssl / boringssl.git / fc02b59b27e449467b91143449be8602417dc31b^! / . / ssl / handshake_server.c
commitfc02b59b27e449467b91143449be8602417dc31b[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Feb 17 16:26:01 2017 -0500
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Fri Feb 17 21:36:37 2017 +0000
tree0dced5f7b0e2d80f155534ffe93e1562be245081
parent45738dd496030f8d8e92387b7f0781ce23b8df17 [diff] [blame]
Move tmp.extended_master_secret to SSL_HANDSHAKE.

The two non-trivial changes are:

1. The public API now queries it out of the session. There is a long
   comment over the old field explaining why the state was separate, but
   this predates EMS being forbidden from changing across resumption. It
   is not possible for established_session and the socket to disagree on
   EMS.

2. Since SSL_HANDSHAKE gets reset on each handshake, the check that EMS
   does not change on renego looks different. I've reworked that function a
   bit, but it should have the same effect.

Change-Id: If72e5291f79681381cf4d8ceab267f76618b7c3d
Reviewed-on: https://boringssl-review.googlesource.com/13910
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index fdf78e4..51338e2 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c

@@ -933,8 +933,7 @@
   }
 
   if (session != NULL) {
-    if (session->extended_master_secret &&
-        !ssl->s3->tmp.extended_master_secret) {
+    if (session->extended_master_secret && !hs->extended_master_secret) {
       /* A ClientHello without EMS that attempts to resume a session with EMS
        * is fatal to the connection. */
       al = SSL_AD_HANDSHAKE_FAILURE;
@@ -945,8 +944,7 @@
     if (!ssl_session_is_resumable(hs, session) ||
         /* If the client offers the EMS extension, but the previous session
          * didn't use it, then negotiate a new session. */
-        ssl->s3->tmp.extended_master_secret !=
-            session->extended_master_secret) {
+        hs->extended_master_secret != session->extended_master_secret) {
       SSL_SESSION_free(session);
       session = NULL;
     }
@@ -1743,7 +1741,7 @@
   if (hs->new_session->master_key_length == 0) {
     goto err;
   }
-  hs->new_session->extended_master_secret = ssl->s3->tmp.extended_master_secret;
+  hs->new_session->extended_master_secret = hs->extended_master_secret;
 
   OPENSSL_cleanse(premaster_secret, premaster_secret_len);
   OPENSSL_free(premaster_secret);