From 1ab322bb514b5a4dbc1a33293e5bbde503665065 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Jun 2019 14:50:54 +0100 Subject: [PATCH] Remove extended_ms field from HS param if ExtendedMS enforced --- include/mbedtls/ssl_internal.h | 3 ++- library/ssl_cli.c | 2 ++ library/ssl_srv.c | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 35b3a9001..c9253bf9d 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -517,7 +517,8 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_SSL_SESSION_TICKETS) int new_session_ticket; /*!< use NewSessionTicket? */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) +#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ + !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED) int extended_ms; /*!< use Extended Master Secret? */ #endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 257a517f4..17611d6fc 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2097,7 +2097,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) { if( extended_ms_seen ) { +#if !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED) ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; +#endif /* !MBEDTLS_SSL_EXTENDED_MS_ENFORCED */ } else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) == MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 023e0a86d..ecde1b0b5 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2042,7 +2042,9 @@ read_record_header: { if( extended_ms_seen ) { +#if !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED) ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; +#endif /* !MBEDTLS_SSL_EXTENDED_MS_ENFORCED */ } else if( mbedtls_ssl_conf_get_ems_enforced( ssl->conf ) == MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED )