diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index e188c9706..35b3a9001 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -535,6 +535,24 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ }; +/* + * Getter functions for fields in mbedtls_ssl_handshake_params which + * may be statically implied by the configuration and hence be omitted + * from the structure. + */ +#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) +static inline int mbedtls_ssl_hs_get_extended_ms( + mbedtls_ssl_handshake_params const *params ) +{ +#if !defined(MBEDTLS_SSL_EXTENDED_MS_ENFORCED) + return( params->extended_ms ); +#else + ((void) params); + return( MBEDTLS_SSL_EXTENDED_MS_ENABLED ); +#endif /* MBEDTLS_SSL_EXTENDED_MS_ENFORCED */ +} +#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ + typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; /* diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b01291841..023e0a86d 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2270,7 +2270,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, { unsigned char *p = buf; - if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + if( mbedtls_ssl_hs_get_extended_ms( ssl->handshake ) + == MBEDTLS_SSL_EXTENDED_MS_DISABLED || ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { *olen = 0; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5c8a08eb7..0864fc247 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1273,7 +1273,8 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, handshake->pmslen ); #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) + if( mbedtls_ssl_hs_get_extended_ms( handshake ) + == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) { unsigned char session_hash[48]; size_t hash_len;