Rearrange ExtendedMasterSecret parsing logic

`mbedtls_ssl_handshake_params::extended_ms` holds the state of the
ExtendedMasterSecret extension in the current handshake. Initially
set to 'disabled' for both client and server,
- the client sets it to 'enabled' as soon as it finds the ExtendedMS
  extension in the `ServerHello` and it has advertised that extension
  in its ClientHello,
- the server sets it to 'enabled' as soon as it finds the ExtendedMS
  extension in the `ClientHello` and is willing to advertise is in its
  `ServerHello`.

This commit slightly restructures this logic in prepraration for the
removal of `mbedtls_ssl_handshake_params::extended_ms` in case both
the use and the enforcement of the ExtendedMasterSecret extension have
been fixed at compile-time. Namely, in this case there is no need for
the `extended_ms` field in the handshake structure, as the ExtendedMS
must be in use if the handshake progresses beyond the Hello stage.

Paving the way for the removal of mbedtls_ssl_handshake_params::extended_ms
this commit introduces a temporary variable tracking the presence of the
ExtendedMS extension in the ClientHello/ServerHello messages, leaving
the derivation of `extended_ms` (and potential failure) to the end of
the parsing routine.
This commit is contained in:
Hanno Becker 2019-06-11 14:39:38 +01:00
parent aabbb582eb
commit 03b64fa6c1
2 changed files with 31 additions and 23 deletions

View file

@ -1341,9 +1341,6 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
} }
((void) buf); ((void) buf);
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
@ -1603,6 +1600,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
#endif #endif
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
int renegotiation_info_seen = 0; int renegotiation_info_seen = 0;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
int extended_ms_seen = 0;
#endif #endif
int handshake_failure = 0; int handshake_failure = 0;
const mbedtls_ssl_ciphersuite_t *suite_info; const mbedtls_ssl_ciphersuite_t *suite_info;
@ -1984,6 +1984,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
{ {
return( ret ); return( ret );
} }
extended_ms_seen = 1;
break; break;
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
@ -2092,14 +2093,19 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
*/ */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( mbedtls_ssl_conf_get_ems( ssl->conf ) == if( mbedtls_ssl_conf_get_ems( ssl->conf ) ==
MBEDTLS_SSL_EXTENDED_MS_ENABLED && MBEDTLS_SSL_EXTENDED_MS_ENABLED )
mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED &&
ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED)
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master " if( extended_ms_seen )
{
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
}
else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master "
"secret, while it is enforced") ); "secret, while it is enforced") );
handshake_failure = 1; handshake_failure = 1;
}
} }
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */

View file

@ -567,13 +567,6 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
((void) buf); ((void) buf);
if( mbedtls_ssl_conf_get_ems( ssl->conf ) ==
MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
}
return( 0 ); return( 0 );
} }
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
@ -1266,6 +1259,9 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
unsigned char *buf, *p, *ext; unsigned char *buf, *p, *ext;
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
int renegotiation_info_seen = 0; int renegotiation_info_seen = 0;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
int extended_ms_seen = 0;
#endif #endif
int handshake_failure = 0; int handshake_failure = 0;
const int *ciphersuites; const int *ciphersuites;
@ -1894,6 +1890,7 @@ read_record_header:
ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ); ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
extended_ms_seen = 1;
break; break;
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
@ -2041,14 +2038,19 @@ read_record_header:
*/ */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( mbedtls_ssl_conf_get_ems( ssl->conf ) == if( mbedtls_ssl_conf_get_ems( ssl->conf ) ==
MBEDTLS_SSL_EXTENDED_MS_ENABLED && MBEDTLS_SSL_EXTENDED_MS_ENABLED )
mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED &&
ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED)
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master " if( extended_ms_seen )
"secret, while it is enforced") ); {
handshake_failure = 1; ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
}
else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) ==
MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Peer not offering extended master "
"secret, while it is enforced") );
handshake_failure = 1;
}
} }
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */