diff options
| author | David Benjamin <davidben@chromium.org> | 2015-04-03 18:02:24 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-04-06 23:47:54 +0300 |
| commit | cfd248b7f6be0a3a8a21d96b21a61203ce24d1c8 (patch) | |
| tree | 15cdf7f1ed51ed96354ae21b1cdedeab4c6b35f3 /include/openssl/tls1.h | |
| parent | c565ebbebcae8acb80d8079797d89a65feb4c17a (diff) | |
Clean up SSL_export_keying_material implementation.
Fix up the variable names. Also avoid the messy logic of checking whether the
label and context collide with the normal key expansion ones in the face of
adverserial inputs. Make that the caller's responsibility, just as it's already
the caller's responsibility to ensure that different calls don't overlap. (The
label should be a constant string in an IANA registry anyway.)
Change-Id: I062fadb7b6a18fa946b883be660ea9b3f0f6277c
Reviewed-on: https://boringssl-review.googlesource.com/4216
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include/openssl/tls1.h')
| -rw-r--r-- | include/openssl/tls1.h | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 9d89a712..361e37a0 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -298,16 +298,16 @@ extern "C" { OPENSSL_EXPORT const char *SSL_get_servername(const SSL *s, const int type); OPENSSL_EXPORT int SSL_get_servername_type(const SSL *s); -/* SSL_export_keying_material exports a value derived from the master secret, - * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + +/* SSL_export_keying_material exports a value derived from the master secret, as + * specified in RFC 5705. It writes |out_len| bytes to |out| given a label and * optional context. (Since a zero length context is allowed, the |use_context| * flag controls whether a context is included.) * - * It returns 1 on success and zero otherwise. */ -OPENSSL_EXPORT int SSL_export_keying_material(SSL *s, uint8_t *out, size_t olen, - const char *label, size_t llen, - const uint8_t *p, size_t plen, - int use_context); + * It returns one on success and zero otherwise. */ +OPENSSL_EXPORT int SSL_export_keying_material( + SSL *s, uint8_t *out, size_t out_len, const char *label, size_t label_len, + const uint8_t *context, size_t context_len, int use_context); OPENSSL_EXPORT int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, uint8_t *rsig, |