Fix exporter.
authorBen Laurie <ben@openssl.org>
Fri, 2 Dec 2011 16:49:32 +0000 (16:49 +0000)
committerBen Laurie <ben@openssl.org>
Fri, 2 Dec 2011 16:49:32 +0000 (16:49 +0000)
ssl/ssl.h
ssl/t1_enc.c

index 1809946..2b57b1f 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2019,9 +2019,10 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 /* Pre-shared secret session resumption functions */
 int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 
-int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
-                           unsigned char *context, int context_len,
-                           unsigned char *out, int olen);
+int SSL_tls1_key_exporter(SSL *s,
+                         const unsigned char *label, int label_len,
+                         const unsigned char *context, int context_len,
+                         unsigned char *out, int olen);
 
 void SSL_set_debug(SSL *s, int debug);
 int SSL_cache_hit(SSL *s);
index 53341ee..b4aa67e 100644 (file)
@@ -1250,23 +1250,32 @@ int tls1_alert_code(int code)
                }
        }
 
-int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
-                           unsigned char *context, int context_len,
-                           unsigned char *out, int olen)
+int SSL_tls1_key_exporter(SSL *s,
+                         const unsigned char *label, int label_len,
+                         const unsigned char *context, int context_len,
+                         unsigned char *out, int olen)
        {
        unsigned char *tmp;
        int rv;
+       unsigned char context_len_16[2];
+
+       if (context_len > 0xffff)
+               return 0;
 
        tmp = OPENSSL_malloc(olen);
 
        if (!tmp)
                return 0;
+
+       context_len_16[0] = context_len >> 8;
+       context_len_16[1] = context_len;
        
        rv = tls1_PRF(ssl_get_algorithm2(s),
                         label, label_len,
                         s->s3->client_random,SSL3_RANDOM_SIZE,
                         s->s3->server_random,SSL3_RANDOM_SIZE,
-                        context, context_len, NULL, 0,
+                        context_len_16, sizeof(context_len_16),
+                        context, context_len,
                         s->session->master_key, s->session->master_key_length,
                         out, tmp, olen);