Save Hello random bytes for later use
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index c584370..11d66ee 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -642,6 +642,12 @@
z_stream ctx_deflate; /*!< compression context */
z_stream ctx_inflate; /*!< decompression context */
#endif
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ /* We need the Hello random bytes in order to re-derive keys from the
+ * Master Secret and other session info, see ssl_populate_transform() */
+ unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
};
/*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a978899..0720147 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1046,13 +1046,19 @@
(void) ssl;
#endif
- /* Copy info about negotiated version and extensions */
+ /*
+ * Some data just needs copying into the structure
+ */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
transform->encrypt_then_mac = encrypt_then_mac;
#endif
transform->minor_ver = minor_ver;
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) );
+#endif
+
/*
* Get various info structures
*/