From cf28009839be2bc5f9ed2de1f68180d71c64a3a1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 14 May 2019 20:19:13 +0300 Subject: [PATCH] Add function to retrieve the tls_prf type Add `tls_prf_get_type()` static function that returns the `mbedtls_tls_prf_types` according to the used `tls_prf` function. --- library/ssl_tls.c | 55 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 17 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index df106a530..0f05276f0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -751,6 +751,43 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ +#if defined(MBEDTLS_SSL_EXPORT_KEYS) +static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) +{ +#if defined(MBEDTLS_SSL_PROTO_SSL3) + if( tls_prf == ssl3_prf ) + { + returnn( MBEDTLS_SSL_TLS_PRF_SSL3 ); + } + else +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) + if( tls_prf == tls1_prf ) + { + return( MBEDTLS_SSL_TLS_PRF_TLS1 ); + } + else +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SHA512_C) + if( tls_prf == tls_prf_sha384 ) + { + return( MBEDTLS_SSL_TLS_PRF_SHA384 ); + } + else +#endif +#if defined(MBEDTLS_SHA256_C) + if( tls_prf == tls_prf_sha256 ) + { + return( MBEDTLS_SSL_TLS_PRF_SHA256 ); + } + else +#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + return( MBEDTLS_SSL_TLS_PRF_NONE ); +} +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ + int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, const char *label, @@ -811,10 +848,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * "The master secret is always exactly 48 bytes in length." */ size_t const master_secret_len = 48; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - mbedtls_tls_prf_types tls_prf_type = MBEDTLS_SSL_TLS_PRF_NONE; -#endif - #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) unsigned char session_hash[48]; #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ @@ -856,9 +889,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = ssl3_prf; handshake->calc_verify = ssl_calc_verify_ssl; handshake->calc_finished = ssl_calc_finished_ssl; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - tls_prf_type = MBEDTLS_SSL_TLS_PRF_SSL3; -#endif } else #endif @@ -868,9 +898,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = tls1_prf; handshake->calc_verify = ssl_calc_verify_tls; handshake->calc_finished = ssl_calc_finished_tls; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - tls_prf_type = MBEDTLS_SSL_TLS_PRF_TLS1; -#endif } else #endif @@ -882,9 +909,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = tls_prf_sha384; handshake->calc_verify = ssl_calc_verify_tls_sha384; handshake->calc_finished = ssl_calc_finished_tls_sha384; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - tls_prf_type = MBEDTLS_SSL_TLS_PRF_SHA384; -#endif } else #endif @@ -894,9 +918,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = tls_prf_sha256; handshake->calc_verify = ssl_calc_verify_tls_sha256; handshake->calc_finished = ssl_calc_finished_tls_sha256; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - tls_prf_type = MBEDTLS_SSL_TLS_PRF_SHA256; -#endif } else #endif @@ -1327,7 +1348,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) iv_copy_len, handshake->randbytes + 32, handshake->randbytes, - tls_prf_type); + tls_prf_get_type( handshake->tls_prf ) ); } #endif