return(SSL3_MASTER_SECRET_SIZE);
}
-int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen,
- const char *label, unsigned int llen, const unsigned char *context,
- unsigned int contextlen, int use_context)
+int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+ const char *label, size_t llen, const unsigned char *context,
+ size_t contextlen, int use_context)
{
unsigned char *buff;
- unsigned char *val;
- unsigned int vallen, currentvalpos, rv;
+ unsigned char *val = NULL;
+ size_t vallen, currentvalpos;
+ int rv;
#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material(%p, %p,%d, %s,%d, %p,%d)\n", s, out,olen, label,llen, p,plen);
+ printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
#endif /* KSSL_DEBUG */
buff = OPENSSL_malloc(olen);
* does not create a prohibited label.
*/
vallen = llen + SSL3_RANDOM_SIZE * 2;
- if (use_context)
- {
- vallen += 2 + contextlen;
- }
+ if (use_context)
+ {
+ vallen += 2 + contextlen;
+ }
val = OPENSSL_malloc(vallen);
if (val == NULL) goto err2;
memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
currentvalpos += SSL3_RANDOM_SIZE;
- if (use_context)
- {
- val[currentvalpos] = (contextlen << 8) & 0xff;
- currentvalpos++;
- val[currentvalpos] = contextlen & 0xff;
- currentvalpos++;
- if ((contextlen > 0) || (context != NULL))
- {
- memcpy(val + currentvalpos, context, contextlen);
- }
- }
+ if (use_context)
+ {
+ val[currentvalpos] = (contextlen >> 8) & 0xff;
+ currentvalpos++;
+ val[currentvalpos] = contextlen & 0xff;
+ currentvalpos++;
+ if ((contextlen > 0) || (context != NULL))
+ {
+ memcpy(val + currentvalpos, context, contextlen);
+ }
+ }
/* disallow prohibited labels
* note that SSL3_RANDOM_SIZE > max(prohibited label len) =
* 15, so size of val > max(prohibited label len) = 15 and the
* comparisons won't have buffer overflow
*/
- if (bcmp(val, TLS_MD_CLIENT_FINISH_CONST,
+ if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1;
- if (bcmp(val, TLS_MD_SERVER_FINISH_CONST,
+ if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1;
- if (bcmp(val, TLS_MD_MASTER_SECRET_CONST,
+ if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1;
- if (bcmp(val, TLS_MD_KEY_EXPANSION_CONST,
+ if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
- tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
- val, vallen,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- s->session->master_key,s->session->master_key_length,
- out,buff,olen);
+ rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ val, vallen,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ NULL, 0,
+ s->session->master_key,s->session->master_key_length,
+ out,buff,olen);
#ifdef KSSL_DEBUG
printf ("tls1_export_keying_material() complete\n");
#endif /* KSSL_DEBUG */
- rv = olen;
goto ret;
err1:
SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
-#ifndef OPENSSL_NO_SRP
- case SSL_AD_MISSING_SRP_USERNAME:return(TLS1_AD_MISSING_SRP_USERNAME);
-#endif
#if 0 /* not appropriate for TLS, not used for DTLS */
case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
(DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
default: return(-1);
}
}
-
-int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
- unsigned char *context, int context_len,
- unsigned char *out, int olen)
- {
- unsigned char *tmp;
- int rv;
-
- tmp = OPENSSL_malloc(olen);
-
- if (!tmp)
- return 0;
-
- rv = tls1_PRF(ssl_get_algorithm2(s),
- label, label_len,
- s->s3->client_random,SSL3_RANDOM_SIZE,
- s->s3->server_random,SSL3_RANDOM_SIZE,
- context, context_len, NULL, 0,
- s->session->master_key, s->session->master_key_length,
- out, tmp, olen);
-
- OPENSSL_free(tmp);
- return rv;
- }