cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/pr/2834' into development

Browse Source 
* origin/pr/2834:
  ssl: Remove key exporter bug workaround
  ssl: Disallow modification of hello.random by export
This commit is contained in:
Jaeden Amero 2019-09-13 16:52:14 +01:00
commit 46d61b1e95
4 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/mbedtls/ssl.h
View File

@ -970,7 +970,8 @@ struct mbedtls_ssl_config
* tls_prf and random bytes. Should replace f_export_keys */ * tls_prf and random bytes. Should replace f_export_keys */
int (*f_export_keys_ext)( void *, const unsigned char *, int (*f_export_keys_ext)( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t, const unsigned char *, size_t, size_t, size_t,
unsigned char[32], unsigned char[32], mbedtls_tls_prf_types ); const unsigned char[32], const unsigned char[32],
mbedtls_tls_prf_types );
void *p_export_keys; /*!< context for key export callback */ void *p_export_keys; /*!< context for key export callback */
#endif #endif
@ -1925,8 +1926,8 @@ typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey,
size_t maclen, size_t maclen,
size_t keylen, size_t keylen,
size_t ivlen, size_t ivlen,
unsigned char client_random[32], const unsigned char client_random[32],
unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type ); mbedtls_tls_prf_types tls_prf_type );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */

5
library/ssl_tls.c
View File

@ -1427,9 +1427,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
master, keyblk, master, keyblk,
mac_key_len, keylen, mac_key_len, keylen,
iv_copy_len, iv_copy_len,
/* work around bug in exporter type */ randbytes + 32,
(unsigned char *) randbytes + 32, randbytes,
(unsigned char *) randbytes,
tls_prf_get_type( tls_prf ) ); tls_prf_get_type( tls_prf ) );
} }
#endif #endif

8
programs/ssl/ssl_client2.c
View File

@ -526,8 +526,8 @@ static int eap_tls_key_derivation ( void *p_expkey,
size_t maclen, size_t maclen,
size_t keylen, size_t keylen,
size_t ivlen, size_t ivlen,
unsigned char client_random[32], const unsigned char client_random[32],
unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type ) mbedtls_tls_prf_types tls_prf_type )
{ {
eap_tls_keys *keys = (eap_tls_keys *)p_expkey; eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
@ -553,8 +553,8 @@ static int nss_keylog_export( void *p_expkey,
size_t maclen, size_t maclen,
size_t keylen, size_t keylen,
size_t ivlen, size_t ivlen,
unsigned char client_random[32], const unsigned char client_random[32],
unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type ) mbedtls_tls_prf_types tls_prf_type )
{ {
char nss_keylog_line[ 200 ]; char nss_keylog_line[ 200 ];

8
programs/ssl/ssl_server2.c
View File

@ -637,8 +637,8 @@ static int eap_tls_key_derivation ( void *p_expkey,
size_t maclen, size_t maclen,
size_t keylen, size_t keylen,
size_t ivlen, size_t ivlen,
unsigned char client_random[32], const unsigned char client_random[32],
unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type ) mbedtls_tls_prf_types tls_prf_type )
{ {
eap_tls_keys *keys = (eap_tls_keys *)p_expkey; eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
@ -664,8 +664,8 @@ static int nss_keylog_export( void *p_expkey,
size_t maclen, size_t maclen,
size_t keylen, size_t keylen,
size_t ivlen, size_t ivlen,
unsigned char client_random[32], const unsigned char client_random[32],
unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type ) mbedtls_tls_prf_types tls_prf_type )
{ {
char nss_keylog_line[ 200 ]; char nss_keylog_line[ 200 ];