From 9853dbb8f3e8921500e3d8bed0a1f9aca79258ec Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 27 Nov 2017 11:04:59 +0100 Subject: gnutls_prf_raw: fail under TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos --- lib/prf.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/prf.c b/lib/prf.c index 9cef09b0f6..a249924351 100644 --- a/lib/prf.c +++ b/lib/prf.c @@ -47,10 +47,6 @@ * Apply the TLS Pseudo-Random-Function (PRF) on the master secret * and the provided data. * - * This function only works with the TLS versions prior to 1.3. In - * TLS 1.3, the use of PRF is replaced with HKDF (HMAC-based Key - * Derivation Function) based on the multi-stage key scheduling. - * * The @label variable usually contains a string denoting the purpose * for the generated data. The @seed usually contains data such as the * client and server random, perhaps together with some additional @@ -65,6 +61,11 @@ * client and server random fields directly, and is recommended if you * want to generate pseudo random data unique for each session. * + * Note: This function will only operate under TLS versions prior to 1.3. + * In TLS1.3 the use of PRF is replaced with HKDF and the generic + * exporters like gnutls_prf_rfc5705() should be used instead. Under + * TLS1.3 this function returns %GNUTLS_E_INVALID_REQUEST. + * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int @@ -75,6 +76,10 @@ gnutls_prf_raw(gnutls_session_t session, char *out) { int ret; + const version_entry_st *vers = get_version(session); + + if (vers && vers->tls13_sem) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ret = _gnutls_prf_raw(session->security_parameters.prf->id, GNUTLS_MASTER_SIZE, session->security_parameters.master_secret, -- cgit v1.2.1