/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* was successful.
*/
if (s->server) {
- /* TODO(OpenSSL1.2) revisit !sent case */
- if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) {
+ if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) {
/* Only store the hostname in the session if we accepted it. */
OPENSSL_free(s->session->ext.hostname);
s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
/* TLSv1.3 doesn't have warning alerts so we suppress this */
if (!SSL_IS_TLS13(s))
ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
+ s->servername_done = 0;
return 1;
case SSL_TLSEXT_ERR_NOACK:
static int init_ems(SSL *s, unsigned int context)
{
- s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
+ if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) {
+ s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
+ s->s3.flags |= TLS1_FLAGS_REQUIRED_EXTMS;
+ }
return 1;
}
static int final_ems(SSL *s, unsigned int context, int sent)
{
+ /*
+ * Check extended master secret extension is not dropped on
+ * renegotiation.
+ */
+ if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)
+ && (s->s3.flags & TLS1_FLAGS_REQUIRED_EXTMS)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
+ SSL_R_INCONSISTENT_EXTMS);
+ return 0;
+ }
if (!s->server && s->hit) {
/*
* Check extended master secret extension is consistent with
goto err;
}
- mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey,
- hashsize);
+ mackey = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx, "HMAC",
+ s->ctx->propq,
+ finishedkey,
+ hashsize);
if (mackey == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
ERR_R_INTERNAL_ERROR);
binderout = tmpbinder;
bindersize = hashsize;
- if (EVP_DigestSignInit(mctx, NULL, md, NULL, mackey) <= 0
+ if (EVP_DigestSignInit_with_libctx(mctx, NULL, EVP_MD_name(md),
+ s->ctx->libctx, s->ctx->propq,
+ mackey) <= 0
|| EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
|| EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
|| bindersize != hashsize) {