projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SSL export fixes (from Adam Langley) [original from 1.0.1]
[openssl.git]
/
ssl
/
t1_enc.c
diff --git
a/ssl/t1_enc.c
b/ssl/t1_enc.c
index 5c1074e245e7407160b3ed82db4b2ee04adacf69..f32393c56b0c6954b4f47a7f5dcf50c4fa5e4882 100644
(file)
--- a/
ssl/t1_enc.c
+++ b/
ssl/t1_enc.c
@@
-1119,16
+1119,17
@@
int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
return(SSL3_MASTER_SECRET_SIZE);
}
return(SSL3_MASTER_SECRET_SIZE);
}
-int tls1_export_keying_material(SSL *s, unsigned char *out,
unsigned int olen,
- const char *label, unsigned int llen, const unsigned char *context,
-
unsigned in
t contextlen, int use_context)
+int tls1_export_keying_material(SSL *s, unsigned char *out,
size_t olen,
+ const char *label, size_t llen, const unsigned char *context,
+
size_
t contextlen, int use_context)
{
unsigned char *buff;
unsigned char *val = NULL;
{
unsigned char *buff;
unsigned char *val = NULL;
- unsigned int vallen, currentvalpos, rv;
+ size_t vallen, currentvalpos;
+ int rv;
#ifdef KSSL_DEBUG
#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material(%p,
%p,%d, %s,%d, %p,%d)\n", s, out,olen, label,llen, p,
plen);
+ printf ("tls1_export_keying_material(%p,
%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p,
plen);
#endif /* KSSL_DEBUG */
buff = OPENSSL_malloc(olen);
#endif /* KSSL_DEBUG */
buff = OPENSSL_malloc(olen);
@@
-1140,10
+1141,10
@@
int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen,
* does not create a prohibited label.
*/
vallen = llen + SSL3_RANDOM_SIZE * 2;
* does not create a prohibited label.
*/
vallen = llen + SSL3_RANDOM_SIZE * 2;
- if (use_context)
-
{
-
vallen +=
2 + contextlen;
-
}
+ if (use_context)
+ {
+
vallen +=
2 + contextlen;
+ }
val = OPENSSL_malloc(vallen);
if (val == NULL) goto err2;
val = OPENSSL_malloc(vallen);
if (val == NULL) goto err2;
@@
-1155,17
+1156,17
@@
int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen,
memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
currentvalpos += SSL3_RANDOM_SIZE;
memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
currentvalpos += SSL3_RANDOM_SIZE;
-
if (use_context)
-
{
-
val[currentvalpos] = (contextlen <<
8) & 0xff;
-
currentvalpos++;
-
val[currentvalpos] = contextlen & 0xff;
-
currentvalpos++;
- if ((contextlen > 0) || (context != NULL))
-
{
-
memcpy(val + currentvalpos, context, contextlen);
-
}
-
}
+ if (use_context)
+ {
+
val[currentvalpos] = (contextlen >>
8) & 0xff;
+ currentvalpos++;
+ val[currentvalpos] = contextlen & 0xff;
+ currentvalpos++;
+ if ((contextlen > 0) || (context != NULL))
+ {
+ memcpy(val + currentvalpos, context, contextlen);
+ }
+ }
/* disallow prohibited labels
* note that SSL3_RANDOM_SIZE > max(prohibited label len) =
/* disallow prohibited labels
* note that SSL3_RANDOM_SIZE > max(prohibited label len) =
@@
-1181,19
+1182,18
@@
int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen,
if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
- val, vallen,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- s->session->master_key,s->session->master_key_length,
- out,buff,olen);
+
rv =
tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+
val, vallen,
+
NULL, 0,
+
NULL, 0,
+
NULL, 0,
+
NULL, 0,
+
s->session->master_key,s->session->master_key_length,
+
out,buff,olen);
#ifdef KSSL_DEBUG
printf ("tls1_export_keying_material() complete\n");
#endif /* KSSL_DEBUG */
#ifdef KSSL_DEBUG
printf ("tls1_export_keying_material() complete\n");
#endif /* KSSL_DEBUG */
- rv = olen;
goto ret;
err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
goto ret;
err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);