yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-07-07 10:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create a new flag for enforcing the extended master secret

Browse source 
If the flag is enabled, drop the connection if peer doesn't support
extended master secret extension.
This commit is contained in:
Jarno Lamsa 2019-06-10 10:13:03 +03:00
parent 21d1c32b2b
commit 7a5e2bec75
2 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
include/mbedtls/ssl.h
View file

@ -1031,6 +1031,9 @@ struct mbedtls_ssl_config
#endif #endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned int extended_ms : 1; /*!< negotiate extended master secret? */ unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
unsigned int enforce_extended_master_secret : 1; /*!< enforce the usage
* of extended master
* secret */
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
unsigned int anti_replay : 1; /*!< detect and prevent replay? */ unsigned int anti_replay : 1; /*!< detect and prevent replay? */
@ -2820,6 +2823,21 @@ void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
* \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
*/ */
void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ); void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
/**
* \brief Enable or disable Extended Master Secret enforcing.
* (Default: MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED)
*
* \note This enforces the peer to use the Extended Master Secret
* extension, if the option is enabled and the peer doesn't
* support the extension, the connection is dropped.
*
* \param conf SSL configuration
* \param ems_enf MBEDTLS_SSL_EXTENDED_MS_ENFROCE_ENABLED or
* MBEDTLS_SSL_EXTENDED_MS_DISABLED
*/
void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf,
char ems_enf);
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_ARC4_C)

6
library/ssl_tls.c
View file

@ -8341,6 +8341,12 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems
{ {
conf->extended_ms = ems; conf->extended_ms = ems;
} }
void mbedtls_ssl_conf_extended_master_secret_enforce( mbedtls_ssl_config *conf,
char ems_enf);
{
conf->enforce_extended_master_secret = ems_enf;
}
#endif #endif
#if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_ARC4_C)