commit 7571292eaca1745f3ecda2374ba1e8163b58c3b5
author Adam Langley <agl@google.com> Fri Oct 10 16:23:43 2014 -0700
committer Adam Langley <agl@google.com> Fri Oct 24 21:19:44 2014 +0000
tree b1d31320bc47132e373b8ee8d0d277227ba8b0f9
parent 89abaea141b60061dacb6e03d58345d50ae23b81

Extended master secret support.

This change implements support for the extended master secret. See
https://tools.ietf.org/html/draft-ietf-tls-session-hash-01
https://secure-resumption.com/

Change-Id: Ifc7327763149ab0894b4f1d48cdc35e0f1093b93
Reviewed-on: https://boringssl-review.googlesource.com/1930
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>

ssl/ssl_asn1.c

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 358f20f..53dc996 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -117,6 +117,7 @@
  *                                  -- contents of SCT extension
  *     ocspResponse            [16] OCTET STRING OPTIONAL,
  *                                   -- stapled OCSP response from the server
+ *     extendedMasterSecret    [17] BOOLEAN OPTIONAL,
  * }
  *
  * Note: When the relevant features were #ifdef'd out, support for
@@ -151,6 +152,8 @@
     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 15;
 static const int kOCSPResponseTag =
     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 16;
+static const int kExtendedMasterSecretTag =
+    CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 17;
 
 int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp) {
   CBB cbb, session, child, child2;
@@ -321,6 +324,15 @@
     }
   }
 
+  if (in->extended_master_secret) {
+    if (!CBB_add_asn1(&session, &child, kExtendedMasterSecretTag) ||
+        !CBB_add_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
+        !CBB_add_u8(&child2, 0xff)) {
+      OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
+  }
+
   if (!CBB_finish(&cbb, &out, &len)) {
     OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);
     goto err;
@@ -399,7 +411,7 @@
   SSL_SESSION *ret = NULL;
   CBS cbs, session, cipher, session_id, master_key;
   CBS key_arg, peer, sid_ctx, peer_sha256, original_handshake_hash;
-  int has_key_arg, has_peer, has_peer_sha256;
+  int has_key_arg, has_peer, has_peer_sha256, extended_master_secret;
   uint64_t version, ssl_version;
   uint64_t session_time, timeout, verify_result, ticket_lifetime_hint;
 
@@ -464,6 +476,13 @@
           kOCSPResponseTag)) {
     goto err;
   }
+  if (!CBS_get_optional_asn1_bool(&session, &extended_master_secret,
+                                  kExtendedMasterSecretTag,
+                                  0 /* default to false */)) {
+    OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+    goto err;
+  }
+  ret->extended_master_secret = extended_master_secret;
 
   /* Ignore |version|. The structure version number is ignored. */