Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)
a context is optional. If the context should be omitted entirely then
B<use_context> should be set to 0. Otherwise it should be any other value. If
B<use_context> is 0 then the values of B<context> and B<contextlen> are ignored.
a context is optional. If the context should be omitted entirely then
B<use_context> should be set to 0. Otherwise it should be any other value. If
B<use_context> is 0 then the values of B<context> and B<contextlen> are ignored.
-Note that in TLSv1.2 and below a zero length context is treated differently to
+Note that in TLSv1.2 and below a zero length context is treated differently from
no context at all, and will result in different keying material being returned.
In TLSv1.3 a zero length context is that same as no context at all and will
result in the same keying material being returned.
no context at all, and will result in different keying material being returned.
In TLSv1.3 a zero length context is that same as no context at all and will
result in the same keying material being returned.
unsigned int hashsize;
int ret = 0;
unsigned int hashsize;
int ret = 0;
- if (ctx == NULL)
- goto err;
-
- if (!SSL_is_init_finished(s))
+ if (ctx == NULL || !SSL_is_init_finished(s))
goto err;
if (!use_context)
goto err;
if (!use_context)
*/
static int test_export_key_mat(int tst)
{
*/
static int test_export_key_mat(int tst)
{
- int testresult = 0, proto;
SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
const char label[] = "test label";
SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
const char label[] = "test label";
const unsigned char *emptycontext = NULL;
unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
const unsigned char *emptycontext = NULL;
unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
+ const int protocols[] = {
+ TLS1_VERSION,
+ TLS1_1_VERSION,
+ TLS1_2_VERSION,
+ TLS1_3_VERSION
+ };
#ifdef OPENSSL_NO_TLS1
if (tst == 0)
#ifdef OPENSSL_NO_TLS1
if (tst == 0)
&cctx, cert, privkey)))
goto end;
&cctx, cert, privkey)))
goto end;
- switch (tst) {
- case 0:
- proto = TLS1_VERSION;
- break;
-
- case 1:
- proto = TLS1_1_VERSION;
- break;
-
- case 2:
- proto = TLS1_2_VERSION;
- break;
-
- case 3:
- proto = TLS1_3_VERSION;
- break;
-
- default:
- goto end;
- }
- SSL_CTX_set_max_proto_version(cctx, proto);
- SSL_CTX_set_min_proto_version(cctx, proto);
+ OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
+ SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
+ SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
NULL))
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
NULL))