diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-27 09:03:31 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-27 09:03:52 +0100 |
| commit | ae000562bb6e4f28e55dc007585fd2a0c3cabd7f (patch) | |
| tree | ac3ada8f9d3b7574e90d52f6a1f68d60d6165280 | |
| parent | 904c263dba50ab73290eca81c8623f4d3691011e (diff) | |
| download | gnutls-ae000562bb6e4f28e55dc007585fd2a0c3cabd7f.tar.gz | |
gnutls_prf: prevent usage under TLS1.3
Only allow its use when it is documented to have the same output
as gnutls_rfc5705() and in that case make it a wrapper to it.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/prf.c | 17 |
1 files changed, 12 insertions, 5 deletions
@@ -200,10 +200,6 @@ gnutls_prf_rfc5705(gnutls_session_t session, * and the provided data, seeded with the client and server random fields. * For the key expansion specified in RFC5705 see gnutls_prf_rfc5705(). * - * This function only works with the TLS versions prior to 1.3. In - * TLS 1.3, the use of PRF is replaced with HKDF (HMAC-based Key - * Derivation Function) based on the multi-stage key scheduling. - * * The @label variable usually contains a string denoting the purpose * for the generated data. The @server_random_first indicates whether * the client random field or the server random field should be first @@ -218,7 +214,9 @@ gnutls_prf_rfc5705(gnutls_session_t session, * The output is placed in @out, which must be pre-allocated. * * Note: This function produces identical output with gnutls_prf_rfc5705() - * when @server_random_first is set to 0 and @extra is %NULL. + * when @server_random_first is set to 0 and @extra is %NULL. Under TLS1.3 + * this function will only operate when these conditions are true, or otherwise + * return %GNUTLS_E_INVALID_REQUEST. * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ @@ -232,8 +230,17 @@ gnutls_prf(gnutls_session_t session, { int ret; uint8_t *seed; + const version_entry_st *vers = get_version(session); size_t seedsize = 2 * GNUTLS_RANDOM_SIZE + extra_size; + if (vers && vers->tls13_sem) { + if (extra == NULL && server_random_first == 0) + return gnutls_prf_rfc5705(session, label_size, label, + extra_size, extra, outsize, out); + else + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + } + seed = gnutls_malloc(seedsize); if (!seed) { gnutls_assert(); |