Add extms support to master key generation. Update master secret calculation to support extended master secret. TLS 1.2 client authentication adds a complication because we need to cache the handshake messages. This is simpllified however because the point at which the handshake hashes are calculated for extended master secret is identical to that required for TLS 1.2 client authentication (immediately after client key exchange which is also immediately before certificate verify). Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>

commit: 0cfb0e75b9dbf1a605c47e1b79c76d43a1f8344d [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Fri Jan 23 02:49:16 2015 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Tue Feb 03 14:50:07 2015 +0000
tree: cc9908361d4c930687b29e0457d46ea73a48e7de
parent: ddc06b35565d9f2888e8d946ee7ae292bc902afd [diff] [blame]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index a90c9f9..5e2b543 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -3150,7 +3150,15 @@
             }
             s2n(u, p);
             n = u + 4;
-            if (!ssl3_digest_cached_records(s))
+            /*
+             * For extended master secret we've already digested cached
+             * records.
+             */
+            if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
+                BIO_free(s->s3->handshake_buffer);
+                s->s3->handshake_buffer = NULL;
+                s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
+            } else if (!ssl3_digest_cached_records(s))
                 goto err;
         } else
 #ifndef OPENSSL_NO_RSA
commit	0cfb0e75b9dbf1a605c47e1b79c76d43a1f8344d	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Fri Jan 23 02:49:16 2015 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Tue Feb 03 14:50:07 2015 +0000
tree	cc9908361d4c930687b29e0457d46ea73a48e7de
parent	ddc06b35565d9f2888e8d946ee7ae292bc902afd [diff] [blame]