From 305103b65f5b476daa0e84539128550de552281d Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 13 Nov 2014 10:18:03 +0100
Subject: Added priority string %NO_SESSION_HASH to prevent advertising the
 extended master secret extension

---
 lib/ext/ext_master_secret.c | 8 +++++---
 lib/gnutls_int.h            | 2 ++
 lib/gnutls_priority.c       | 4 ++++
 lib/priority_options.gperf  | 1 +
 4 files changed, 12 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c
index 16cd33f60d..ed2f9b25c5 100644
--- a/lib/ext/ext_master_secret.c
+++ b/lib/ext/ext_master_secret.c
@@ -58,7 +58,8 @@ _gnutls_ext_master_secret_recv_params(gnutls_session_t session,
 {
 	ssize_t data_size = _data_size;
 
-	if (session->internals.try_ext_master_secret == 0) {
+	if (session->internals.try_ext_master_secret == 0 ||
+	    session->internals.priorities.no_ext_master_secret != 0) {
 		return 0;
 	}
 
@@ -87,8 +88,9 @@ static int
 _gnutls_ext_master_secret_send_params(gnutls_session_t session,
 			       gnutls_buffer_st * extdata)
 {
-	if (session->internals.try_ext_master_secret == 0) {
-	     return 0;
+	if (session->internals.try_ext_master_secret == 0 ||
+	    session->internals.priorities.no_ext_master_secret != 0) {
+	    return 0;
 	}
 
 	/* this function sends the client extension data */
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 43f58d51a0..a0a8591278 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -659,6 +659,7 @@ struct gnutls_priority_st {
 
 	/* to disable record padding */
 	bool no_extensions;
+	bool no_ext_master_secret;
 	bool allow_large_records;
 	unsigned int max_empty_records;
 	unsigned int dumbfw;
@@ -688,6 +689,7 @@ struct gnutls_priority_st {
 #define ENABLE_COMPAT(x) \
               (x)->allow_large_records = 1; \
               (x)->no_etm = 1; \
+              (x)->no_ext_master_secret = 1; \
               (x)->allow_wrong_pms = 1; \
               (x)->dumbfw = 1
 
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 6eebe8444d..310d010372 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -837,6 +837,10 @@ static void enable_no_extensions(gnutls_priority_t c)
 {
 	c->no_extensions = 1;
 }
+static void enable_no_ext_master_secret(gnutls_priority_t c)
+{
+	c->no_ext_master_secret = 1;
+}
 static void enable_no_etm(gnutls_priority_t c)
 {
 	c->no_etm = 1;
diff --git a/lib/priority_options.gperf b/lib/priority_options.gperf
index 1d529813fa..e55b29271f 100644
--- a/lib/priority_options.gperf
+++ b/lib/priority_options.gperf
@@ -11,6 +11,7 @@ DUMBFW, enable_dumbfw
 NO_EXTENSIONS, enable_no_extensions
 NO_TICKETS, enable_no_tickets
 NO_ETM, enable_no_etm
+NO_SESSION_HASH, enable_no_ext_master_secret
 STATELESS_COMPRESSION, enable_stateless_compression
 VERIFY_ALLOW_SIGN_RSA_MD5, enable_verify_allow_rsa_md5
 VERIFY_DISABLE_CRL_CHECKS, disable_crl_checks
-- 
cgit v1.2.1