Revert "Store randbytes for TLS 1.2 TLS-Exporter"

This reverts commit cb01dd1333f8083af469e9a0c59f316f1eb0cfe3. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
2025-06-26 23:14:07 +08:00 · 2024-10-23 17:24:03 +02:00 · 2024-10-23 17:24:03 +02:00 · c9f2c9adba
commit c9f2c9adba
parent dbe864569e
2 changed files with 4 additions and 4 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -1118,10 +1118,10 @@ struct mbedtls_ssl_transform {
    unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */

-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
    /* We need the Hello random bytes in order to re-derive keys from the
-     * Master Secret and other session info, see ssl_tls12_populate_transform().
-     * They are also needed for the TLS 1.2 TLS-Exporter. */
+     * Master Secret and other session info,
+     * see ssl_tls12_populate_transform() */
    unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN +
                            MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
    /*!< ServerHello.random+ClientHello.random */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -7746,7 +7746,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
    transform->tls_version = tls_version;

-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
    memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes));
 #endif