Merge remote-tracking branch 'origin/pr/2834' into development
* origin/pr/2834:
ssl: Remove key exporter bug workaround
ssl: Disallow modification of hello.random by export
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 458857f..655f59d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -970,7 +970,8 @@
* tls_prf and random bytes. Should replace f_export_keys */
int (*f_export_keys_ext)( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t,
- unsigned char[32], unsigned char[32], mbedtls_tls_prf_types );
+ const unsigned char[32], const unsigned char[32],
+ mbedtls_tls_prf_types );
void *p_export_keys; /*!< context for key export callback */
#endif
@@ -1925,8 +1926,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type );
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f4bca87..a7facb8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1427,9 +1427,8 @@
master, keyblk,
mac_key_len, keylen,
iv_copy_len,
- /* work around bug in exporter type */
- (unsigned char *) randbytes + 32,
- (unsigned char *) randbytes,
+ randbytes + 32,
+ randbytes,
tls_prf_get_type( tls_prf ) );
}
#endif
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 5e9ad3d..558fa28 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -526,8 +526,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
{
eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
@@ -553,8 +553,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
{
char nss_keylog_line[ 200 ];
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3683f3c..e27bbc6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -637,8 +637,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
{
eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
@@ -664,8 +664,8 @@
size_t maclen,
size_t keylen,
size_t ivlen,
- unsigned char client_random[32],
- unsigned char server_random[32],
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
{
char nss_keylog_line[ 200 ];