commit 63d813d258352177a251cc9e1bbd7438bbe68c83
author Jaeden Amero <jaeden.amero@arm.com> Thu Sep 12 10:09:57 2019 +0100
committer Jaeden Amero <jaeden.amero@arm.com> Thu Sep 12 15:18:25 2019 +0100
tree 213d5f5c397c76fcc3f4fa7c04db0a05f009a46c
parent 37600837d3baad90ad96de38b0c7d9309b283729

ssl: Disallow modification of hello.random by export

Make client_random and server_random const in
mbedtls_ssl_export_keys_ext_t, so that the key exporter is discouraged
from modifying the client/server hello.

Update examples and tests use const for hello.random as well, to ensure
that the export callbacks are of the proper type.

Fixes #2759

programs/ssl/ssl_server2.c

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3683f3c..e27bbc6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -637,8 +637,8 @@
                                     size_t maclen,
                                     size_t keylen,
                                     size_t ivlen,
-                                    unsigned char client_random[32],
-                                    unsigned char server_random[32],
+                                    const unsigned char client_random[32],
+                                    const unsigned char server_random[32],
                                     mbedtls_tls_prf_types tls_prf_type )
 {
     eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
@@ -664,8 +664,8 @@
                               size_t maclen,
                               size_t keylen,
                               size_t ivlen,
-                              unsigned char client_random[32],
-                              unsigned char server_random[32],
+                              const unsigned char client_random[32],
+                              const unsigned char server_random[32],
                               mbedtls_tls_prf_types tls_prf_type )
 {
     char nss_keylog_line[ 200 ];