Commit 74b4b494 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

SSL export fixes (from Adam Langley) [original from 1.0.1]

parent de2b5b74

ssl/s3_lib.c

+2 −2
Original line number Diff line number Diff line
@@ -2904,8 +2904,8 @@ SSL3_ENC_METHOD SSLv3_enc_data={ 
	SSL3_MD_CLIENT_FINISHED_CONST,4,

	SSL3_MD_SERVER_FINISHED_CONST,4,

	ssl3_alert_code,

	(int (*)(SSL *, unsigned char *, unsigned int, const char *,

		 unsigned int, const unsigned char *, unsigned int,

	(int (*)(SSL *, unsigned char *, size_t, const char *,

		 size_t, const unsigned char *, size_t,

		 int use_context))ssl_undefined_function,

	};

ssl/ssl_lib.c

+6 −5
Original line number Diff line number Diff line
@@ -178,8 +178,8 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ 
	NULL,	/* server_finished_label */

	0,	/* server_finished_label_len */

	(int (*)(int))ssl_undefined_function,

	(int (*)(SSL *, unsigned char *, unsigned int, const char *,

		 unsigned int, const unsigned char *, unsigned int,

	(int (*)(SSL *, unsigned char *, size_t, const char *,

		 size_t, const unsigned char *, size_t,

		 int use_context)) ssl_undefined_function,

	};
@@ -1632,8 +1632,9 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned 
# endif

#endif



int SSL_export_keying_material(SSL *s, unsigned char *out, int olen, 

        char *label, int llen, unsigned char *p, int plen, int use_context)

int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,

	const char *label, size_t llen, const unsigned char *p, size_t plen,

	int use_context)

	{

	if (s->version < TLS1_VERSION)

		return -1;

ssl/ssl_locl.h

+8 −8
Original line number Diff line number Diff line
@@ -571,9 +571,9 @@ typedef struct ssl3_enc_method 
	const char *server_finished_label;

	int server_finished_label_len;

	int (*alert_value)(int);

        int (*export_keying_material)(SSL *, unsigned char *, unsigned int,

				      const char *, unsigned int,

				      const unsigned char *, unsigned int,

	int (*export_keying_material)(SSL *, unsigned char *, size_t,

				      const char *, size_t,

				      const unsigned char *, size_t,

 				      int use_context);

 	} SSL3_ENC_METHOD;
@@ -1068,9 +1068,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); 
int tls1_mac(SSL *ssl, unsigned char *md, int snd);

int tls1_generate_master_secret(SSL *s, unsigned char *out,

	unsigned char *p, int len);

int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, 

	const char *label, unsigned int llen, const unsigned char *p, 

        unsigned int plen, int use_context);

int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,

	const char *label, size_t llen,

	const unsigned char *p, size_t plen, int use_context);

int tls1_alert_code(int code);

int ssl3_alert_code(int code);

int ssl_ok(SSL *s);

ssl/t1_enc.c

+29 −29
Original line number Diff line number Diff line
@@ -1119,13 +1119,14 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, 
	return(SSL3_MASTER_SECRET_SIZE);

	}



int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, 

         const char *label, unsigned int llen, const unsigned char *context, 

         unsigned int contextlen, int use_context)

int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,

	 const char *label, size_t llen, const unsigned char *context,

	 size_t contextlen, int use_context)

	{

	unsigned char *buff;

	unsigned char *val = NULL;

	unsigned int vallen, currentvalpos, rv;

	size_t vallen, currentvalpos;

	int rv;



#ifdef KSSL_DEBUG

	printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
@@ -1157,7 +1158,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, 


	if (use_context)

		{

                val[currentvalpos] = (contextlen << 8) & 0xff;

		val[currentvalpos] = (contextlen >> 8) & 0xff;

		currentvalpos++;

		val[currentvalpos] = contextlen & 0xff;

		currentvalpos++;
@@ -1181,7 +1182,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, 
	if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,

		 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;



	tls1_PRF(s->s3->tmp.new_cipher->algorithm2,

	rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,

		      val, vallen,

		      NULL, 0,

		      NULL, 0,
@@ -1193,7 +1194,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, 
#ifdef KSSL_DEBUG

	printf ("tls1_export_keying_material() complete\n");

#endif	/* KSSL_DEBUG */

	rv = olen;

	goto ret;

err1:

	SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);

ssl/tls1.h

+10 −2
Original line number Diff line number Diff line
@@ -265,8 +265,16 @@ extern "C" { 


const char *SSL_get_servername(const SSL *s, const int type);

int SSL_get_servername_type(const SSL *s);

int SSL_export_keying_material(SSL *s, unsigned char *out, int olen, 

        char *label, int llen, unsigned char *p, int plen, int use_context);

/* SSL_export_keying_material exports a value derived from the master secret,

 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and

 * optional context. (Since a zero length context is allowed, the |use_context|

 * flag controls whether a context is included.)

 *

 * It returns 1 on success and zero otherwise.

 */

int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,

	const char *label, size_t llen, const unsigned char *p, size_t plen,

	int use_context);



#define SSL_set_tlsext_host_name(s,name) \

SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)