Remove master key extraction from tls_connection_get_keys()
This is not needed anymore with the tls_connection_prf() being used to handle all key derivation needs. tls_connection_get_keys() is a bit misnamed for now, but it is only used to fetch the client and server random for Session-Id derivation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
fa0e715100
commit
94f1fe6f63
4 changed files with 2 additions and 10 deletions
|
|
@ -12,8 +12,6 @@
|
||||||
struct tls_connection;
|
struct tls_connection;
|
||||||
|
|
||||||
struct tls_keys {
|
struct tls_keys {
|
||||||
const u8 *master_key; /* TLS master secret */
|
|
||||||
size_t master_key_len;
|
|
||||||
const u8 *client_random;
|
const u8 *client_random;
|
||||||
size_t client_random_len;
|
size_t client_random_len;
|
||||||
const u8 *server_random;
|
const u8 *server_random;
|
||||||
|
|
@ -308,10 +306,10 @@ int __must_check tls_connection_set_verify(void *tls_ctx,
|
||||||
int verify_peer);
|
int verify_peer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* tls_connection_get_keys - Get master key and random data from TLS connection
|
* tls_connection_get_keys - Get random data from TLS connection
|
||||||
* @tls_ctx: TLS context data from tls_init()
|
* @tls_ctx: TLS context data from tls_init()
|
||||||
* @conn: Connection context data from tls_connection_init()
|
* @conn: Connection context data from tls_connection_init()
|
||||||
* @keys: Structure of key/random data (filled on success)
|
* @keys: Structure of client/server random data (filled on success)
|
||||||
* Returns: 0 on success, -1 on failure
|
* Returns: 0 on success, -1 on failure
|
||||||
*/
|
*/
|
||||||
int __must_check tls_connection_get_keys(void *tls_ctx,
|
int __must_check tls_connection_get_keys(void *tls_ctx,
|
||||||
|
|
|
||||||
|
|
@ -2633,8 +2633,6 @@ int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn,
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
os_memset(keys, 0, sizeof(*keys));
|
os_memset(keys, 0, sizeof(*keys));
|
||||||
keys->master_key = ssl->session->master_key;
|
|
||||||
keys->master_key_len = ssl->session->master_key_length;
|
|
||||||
keys->client_random = ssl->s3->client_random;
|
keys->client_random = ssl->s3->client_random;
|
||||||
keys->client_random_len = SSL3_RANDOM_SIZE;
|
keys->client_random_len = SSL3_RANDOM_SIZE;
|
||||||
keys->server_random = ssl->s3->server_random;
|
keys->server_random = ssl->s3->server_random;
|
||||||
|
|
|
||||||
|
|
@ -731,8 +731,6 @@ int tlsv1_client_get_keys(struct tlsv1_client *conn, struct tls_keys *keys)
|
||||||
if (conn->state != SERVER_HELLO) {
|
if (conn->state != SERVER_HELLO) {
|
||||||
keys->server_random = conn->server_random;
|
keys->server_random = conn->server_random;
|
||||||
keys->server_random_len = TLS_RANDOM_LEN;
|
keys->server_random_len = TLS_RANDOM_LEN;
|
||||||
keys->master_key = conn->master_secret;
|
|
||||||
keys->master_key_len = TLS_MASTER_SECRET_LEN;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
|
|
@ -627,8 +627,6 @@ int tlsv1_server_get_keys(struct tlsv1_server *conn, struct tls_keys *keys)
|
||||||
if (conn->state != SERVER_HELLO) {
|
if (conn->state != SERVER_HELLO) {
|
||||||
keys->server_random = conn->server_random;
|
keys->server_random = conn->server_random;
|
||||||
keys->server_random_len = TLS_RANDOM_LEN;
|
keys->server_random_len = TLS_RANDOM_LEN;
|
||||||
keys->master_key = conn->master_secret;
|
|
||||||
keys->master_key_len = TLS_MASTER_SECRET_LEN;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue