From 85b33ee42e7cfcf9f63cbb347d9f5d5c65a8a87e Mon Sep 17 00:00:00 2001
From: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Date: Fri, 18 Oct 2024 16:19:39 +0200
Subject: [PATCH] Store randbytes for TLS 1.2 TLS-Exporter

Previously, if MBEDTLS_SSL_CONTEXT_SERIALIZATION is not defined,
randbytes are not stored after the handshake is done, but they are
needed for TLS-Exporter in TLS 1.2.

This commit also saves randbytes if MBEDTLS_SSL_PROTO_TLS1_2 is defined.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
---
 library/ssl_misc.h | 6 +++---
 library/ssl_tls.c  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 29254958f..7b56accac 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1166,10 +1166,10 @@ struct mbedtls_ssl_transform {
     unsigned char out_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
     /* We need the Hello random bytes in order to re-derive keys from the
-     * Master Secret and other session info,
-     * see ssl_tls12_populate_transform() */
+     * Master Secret and other session info, see ssl_tls12_populate_transform().
+     * They are also needed for the TLS 1.2 TLS-Exporter. */
     unsigned char randbytes[MBEDTLS_SERVER_HELLO_RANDOM_LEN +
                             MBEDTLS_CLIENT_HELLO_RANDOM_LEN];
     /*!< ServerHello.random+ClientHello.random */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6af502e77..67c60661a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8669,7 +8669,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM */
     transform->tls_version = tls_version;
 
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
     memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes));
 #endif