ssl: Disallow modification of hello.random by export
Make client_random and server_random const in mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged from modifying the client/server hello. Update examples and tests use const for hello.random as well, to ensure that the export callbacks are of the proper type. Fixes #2759
This commit is contained in:
parent
37600837d3
commit
63d813d258
3 changed files with 12 additions and 11 deletions
|
@ -970,7 +970,8 @@ struct mbedtls_ssl_config
|
|||
* tls_prf and random bytes. Should replace f_export_keys */
|
||||
int (*f_export_keys_ext)( void *, const unsigned char *,
|
||||
const unsigned char *, size_t, size_t, size_t,
|
||||
unsigned char[32], unsigned char[32], mbedtls_tls_prf_types );
|
||||
const unsigned char[32], const unsigned char[32],
|
||||
mbedtls_tls_prf_types );
|
||||
void *p_export_keys; /*!< context for key export callback */
|
||||
#endif
|
||||
|
||||
|
@ -1925,8 +1926,8 @@ typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey,
|
|||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
unsigned char client_random[32],
|
||||
unsigned char server_random[32],
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type );
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
|
||||
|
|
|
@ -526,8 +526,8 @@ static int eap_tls_key_derivation ( void *p_expkey,
|
|||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
unsigned char client_random[32],
|
||||
unsigned char server_random[32],
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type )
|
||||
{
|
||||
eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
|
||||
|
@ -553,8 +553,8 @@ static int nss_keylog_export( void *p_expkey,
|
|||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
unsigned char client_random[32],
|
||||
unsigned char server_random[32],
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type )
|
||||
{
|
||||
char nss_keylog_line[ 200 ];
|
||||
|
|
|
@ -637,8 +637,8 @@ static int eap_tls_key_derivation ( void *p_expkey,
|
|||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
unsigned char client_random[32],
|
||||
unsigned char server_random[32],
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type )
|
||||
{
|
||||
eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
|
||||
|
@ -664,8 +664,8 @@ static int nss_keylog_export( void *p_expkey,
|
|||
size_t maclen,
|
||||
size_t keylen,
|
||||
size_t ivlen,
|
||||
unsigned char client_random[32],
|
||||
unsigned char server_random[32],
|
||||
const unsigned char client_random[32],
|
||||
const unsigned char server_random[32],
|
||||
mbedtls_tls_prf_types tls_prf_type )
|
||||
{
|
||||
char nss_keylog_line[ 200 ];
|
||||
|
|
Loading…
Reference in a new issue