From 63d813d258352177a251cc9e1bbd7438bbe68c83 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 12 Sep 2019 10:09:57 +0100 Subject: [PATCH 1/2] ssl: Disallow modification of hello.random by export Make client_random and server_random const in mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged from modifying the client/server hello. Update examples and tests use const for hello.random as well, to ensure that the export callbacks are of the proper type. Fixes #2759 --- include/mbedtls/ssl.h | 7 ++++--- programs/ssl/ssl_client2.c | 8 ++++---- programs/ssl/ssl_server2.c | 8 ++++---- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 458857f6c..655f59d32 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -970,7 +970,8 @@ struct mbedtls_ssl_config * tls_prf and random bytes. Should replace f_export_keys */ int (*f_export_keys_ext)( void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t, - unsigned char[32], unsigned char[32], mbedtls_tls_prf_types ); + const unsigned char[32], const unsigned char[32], + mbedtls_tls_prf_types ); void *p_export_keys; /*!< context for key export callback */ #endif @@ -1925,8 +1926,8 @@ typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen, - unsigned char client_random[32], - unsigned char server_random[32], + const unsigned char client_random[32], + const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type ); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5e9ad3df8..558fa2821 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -526,8 +526,8 @@ static int eap_tls_key_derivation ( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen, - unsigned char client_random[32], - unsigned char server_random[32], + const unsigned char client_random[32], + const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type ) { eap_tls_keys *keys = (eap_tls_keys *)p_expkey; @@ -553,8 +553,8 @@ static int nss_keylog_export( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen, - unsigned char client_random[32], - unsigned char server_random[32], + const unsigned char client_random[32], + const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type ) { char nss_keylog_line[ 200 ]; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3683f3cf6..e27bbc678 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -637,8 +637,8 @@ static int eap_tls_key_derivation ( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen, - unsigned char client_random[32], - unsigned char server_random[32], + const unsigned char client_random[32], + const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type ) { eap_tls_keys *keys = (eap_tls_keys *)p_expkey; @@ -664,8 +664,8 @@ static int nss_keylog_export( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen, - unsigned char client_random[32], - unsigned char server_random[32], + const unsigned char client_random[32], + const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type ) { char nss_keylog_line[ 200 ]; From fa63645ec8efbf728c802b863c3022616cde49d6 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 12 Sep 2019 10:47:37 +0100 Subject: [PATCH 2/2] ssl: Remove key exporter bug workaround It is no longer necessary to cast the randbytes to non-const when exporting keys. --- library/ssl_tls.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f4bca87d2..a7facb81a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1427,9 +1427,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, master, keyblk, mac_key_len, keylen, iv_copy_len, - /* work around bug in exporter type */ - (unsigned char *) randbytes + 32, - (unsigned char *) randbytes, + randbytes + 32, + randbytes, tls_prf_get_type( tls_prf ) ); } #endif