From 94f1fe6f6384a2ef379ef5b8cdc32a2fa01f8d13 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 31 Mar 2015 15:52:40 +0300 Subject: [PATCH] Remove master key extraction from tls_connection_get_keys() This is not needed anymore with the tls_connection_prf() being used to handle all key derivation needs. tls_connection_get_keys() is a bit misnamed for now, but it is only used to fetch the client and server random for Session-Id derivation. Signed-off-by: Jouni Malinen --- src/crypto/tls.h | 6 ++---- src/crypto/tls_openssl.c | 2 -- src/tls/tlsv1_client.c | 2 -- src/tls/tlsv1_server.c | 2 -- 4 files changed, 2 insertions(+), 10 deletions(-) diff --git a/src/crypto/tls.h b/src/crypto/tls.h index 9ae95a66c..97ed8c1ce 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -12,8 +12,6 @@ struct tls_connection; struct tls_keys { - const u8 *master_key; /* TLS master secret */ - size_t master_key_len; const u8 *client_random; size_t client_random_len; const u8 *server_random; @@ -308,10 +306,10 @@ int __must_check tls_connection_set_verify(void *tls_ctx, int verify_peer); /** - * tls_connection_get_keys - Get master key and random data from TLS connection + * tls_connection_get_keys - Get random data from TLS connection * @tls_ctx: TLS context data from tls_init() * @conn: Connection context data from tls_connection_init() - * @keys: Structure of key/random data (filled on success) + * @keys: Structure of client/server random data (filled on success) * Returns: 0 on success, -1 on failure */ int __must_check tls_connection_get_keys(void *tls_ctx, diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 8f9bea6a1..00e44799b 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2633,8 +2633,6 @@ int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, return -1; os_memset(keys, 0, sizeof(*keys)); - keys->master_key = ssl->session->master_key; - keys->master_key_len = ssl->session->master_key_length; keys->client_random = ssl->s3->client_random; keys->client_random_len = SSL3_RANDOM_SIZE; keys->server_random = ssl->s3->server_random; diff --git a/src/tls/tlsv1_client.c b/src/tls/tlsv1_client.c index facdd6591..533286c12 100644 --- a/src/tls/tlsv1_client.c +++ b/src/tls/tlsv1_client.c @@ -731,8 +731,6 @@ int tlsv1_client_get_keys(struct tlsv1_client *conn, struct tls_keys *keys) if (conn->state != SERVER_HELLO) { keys->server_random = conn->server_random; keys->server_random_len = TLS_RANDOM_LEN; - keys->master_key = conn->master_secret; - keys->master_key_len = TLS_MASTER_SECRET_LEN; } return 0; diff --git a/src/tls/tlsv1_server.c b/src/tls/tlsv1_server.c index 93ae4888d..4df756f7d 100644 --- a/src/tls/tlsv1_server.c +++ b/src/tls/tlsv1_server.c @@ -627,8 +627,6 @@ int tlsv1_server_get_keys(struct tlsv1_server *conn, struct tls_keys *keys) if (conn->state != SERVER_HELLO) { keys->server_random = conn->server_random; keys->server_random_len = TLS_RANDOM_LEN; - keys->master_key = conn->master_secret; - keys->master_key_len = TLS_MASTER_SECRET_LEN; } return 0;