summaryrefslogtreecommitdiff
path: root/src/lib/libssl/t1_enc.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/t1_enc.c')
-rw-r--r--src/lib/libssl/t1_enc.c157
1 files changed, 75 insertions, 82 deletions
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index fb471b2f14..fc7a23fb4b 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -219,9 +219,8 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
219 /* calc the next A1 value */ 219 /* calc the next A1 value */
220 if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len)) 220 if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
221 goto err; 221 goto err;
222 } 222 } else {
223 else /* last one */ 223 /* last one */
224 {
225 if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) 224 if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
226 goto err; 225 goto err;
227 memcpy(out, A1, olen); 226 memcpy(out, A1, olen);
@@ -269,10 +268,10 @@ tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
269 goto err; 268 goto err;
270 269
271 } 270 }
272 if (!tls1_P_hash(md , S1, len + (slen&1), 271 if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
273 seed1, seed1_len, seed2, seed2_len, seed3, seed3_len, seed4, seed4_len, seed5, seed5_len, 272 seed1_len, seed2, seed2_len, seed3, seed3_len,
274 out2, olen)) 273 seed4, seed4_len, seed5, seed5_len, out2, olen))
275 goto err; 274 goto err;
276 S1 += len; 275 S1 += len;
277 for (i = 0; i < olen; i++) { 276 for (i = 0; i < olen; i++) {
278 out1[i] ^= out2[i]; 277 out1[i] ^= out2[i];
@@ -288,13 +287,14 @@ static int
288tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num) 287tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
289{ 288{
290 int ret; 289 int ret;
290
291 ret = tls1_PRF(ssl_get_algorithm2(s), 291 ret = tls1_PRF(ssl_get_algorithm2(s),
292 TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, 292 TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
293 s->s3->server_random, SSL3_RANDOM_SIZE, 293 s->s3->server_random, SSL3_RANDOM_SIZE,
294 s->s3->client_random, SSL3_RANDOM_SIZE, 294 s->s3->client_random, SSL3_RANDOM_SIZE,
295 NULL, 0, NULL, 0, 295 NULL, 0, NULL, 0,
296 s->session->master_key, s->session->master_key_length, 296 s->session->master_key, s->session->master_key_length,
297 km, tmp, num); 297 km, tmp, num);
298#ifdef KSSL_DEBUG 298#ifdef KSSL_DEBUG
299 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", 299 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
300 s->session->master_key_length); 300 s->session->master_key_length);
@@ -369,9 +369,10 @@ tls1_change_cipher_state(SSL *s, int which)
369 reuse_dd = 1; 369 reuse_dd = 1;
370 else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL) 370 else if ((s->enc_read_ctx = malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
371 goto err; 371 goto err;
372 else 372 else {
373 /* make sure it's intialized in case we exit later with an error */ 373 /* make sure it's intialized in case we exit later with an error */
374 EVP_CIPHER_CTX_init(s->enc_read_ctx); 374 EVP_CIPHER_CTX_init(s->enc_read_ctx);
375 }
375 dd = s->enc_read_ctx; 376 dd = s->enc_read_ctx;
376 mac_ctx = ssl_replace_hash(&s->read_hash, NULL); 377 mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
377#ifndef OPENSSL_NO_COMP 378#ifndef OPENSSL_NO_COMP
@@ -386,8 +387,7 @@ tls1_change_cipher_state(SSL *s, int which)
386 goto err2; 387 goto err2;
387 } 388 }
388 if (s->s3->rrec.comp == NULL) 389 if (s->s3->rrec.comp == NULL)
389 s->s3->rrec.comp = (unsigned char *) 390 s->s3->rrec.comp = malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
390 malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
391 if (s->s3->rrec.comp == NULL) 391 if (s->s3->rrec.comp == NULL)
392 goto err; 392 goto err;
393 } 393 }
@@ -438,11 +438,11 @@ tls1_change_cipher_state(SSL *s, int which)
438 EVP_CIPHER_CTX_cleanup(dd); 438 EVP_CIPHER_CTX_cleanup(dd);
439 439
440 p = s->s3->tmp.key_block; 440 p = s->s3->tmp.key_block;
441 i=*mac_secret_size = s->s3->tmp.new_mac_secret_size; 441 i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
442 442
443 cl = EVP_CIPHER_key_length(c); 443 cl = EVP_CIPHER_key_length(c);
444 j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? 444 j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
445 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; 445 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
446 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ 446 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
447 /* If GCM mode only part of IV comes from PRF */ 447 /* If GCM mode only part of IV comes from PRF */
448 if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) 448 if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
@@ -480,7 +480,7 @@ tls1_change_cipher_state(SSL *s, int which)
480 480
481 memcpy(mac_secret, ms, i); 481 memcpy(mac_secret, ms, i);
482 482
483 if (!(EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER)) { 483 if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
484 mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, 484 mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
485 mac_secret, *mac_secret_size); 485 mac_secret, *mac_secret_size);
486 EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key); 486 EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key);
@@ -495,22 +495,22 @@ tls1_change_cipher_state(SSL *s, int which)
495 * same value since only the correct one will be used :-). 495 * same value since only the correct one will be used :-).
496 */ 496 */
497 if (!tls1_PRF(ssl_get_algorithm2(s), 497 if (!tls1_PRF(ssl_get_algorithm2(s),
498 exp_label, exp_label_len, 498 exp_label, exp_label_len,
499 s->s3->client_random, SSL3_RANDOM_SIZE, 499 s->s3->client_random, SSL3_RANDOM_SIZE,
500 s->s3->server_random, SSL3_RANDOM_SIZE, 500 s->s3->server_random, SSL3_RANDOM_SIZE,
501 NULL, 0, NULL, 0, 501 NULL, 0, NULL, 0,
502 key, j, tmp1, tmp2, EVP_CIPHER_key_length(c))) 502 key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
503 goto err2; 503 goto err2;
504 key = tmp1; 504 key = tmp1;
505 505
506 if (k > 0) { 506 if (k > 0) {
507 if (!tls1_PRF(ssl_get_algorithm2(s), 507 if (!tls1_PRF(ssl_get_algorithm2(s),
508 TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE, 508 TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
509 s->s3->client_random, SSL3_RANDOM_SIZE, 509 s->s3->client_random, SSL3_RANDOM_SIZE,
510 s->s3->server_random, SSL3_RANDOM_SIZE, 510 s->s3->server_random, SSL3_RANDOM_SIZE,
511 NULL, 0, NULL, 0, 511 NULL, 0, NULL, 0,
512 empty, 0, iv1, iv2, k*2)) 512 empty, 0, iv1, iv2, k*2))
513 goto err2; 513 goto err2;
514 if (client_write) 514 if (client_write)
515 iv = iv1; 515 iv = iv1;
516 else 516 else
@@ -537,9 +537,9 @@ tls1_change_cipher_state(SSL *s, int which)
537 EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE)); 537 EVP_CipherInit_ex(dd, c, NULL, key, iv,(which & SSL3_CC_WRITE));
538 538
539 /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ 539 /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
540 if ((EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) 540 if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
541 EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, 541 EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
542 *mac_secret_size, mac_secret); 542 *mac_secret_size, mac_secret);
543 543
544#ifdef TLS_DEBUG 544#ifdef TLS_DEBUG
545 printf("which = %04X\nkey=", which); 545 printf("which = %04X\nkey=", which);
@@ -588,7 +588,7 @@ tls1_setup_key_block(SSL *s)
588 s->s3->tmp.new_mac_pkey_type = mac_type; 588 s->s3->tmp.new_mac_pkey_type = mac_type;
589 s->s3->tmp.new_mac_secret_size = mac_secret_size; 589 s->s3->tmp.new_mac_secret_size = mac_secret_size;
590 num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c); 590 num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
591 num*=2; 591 num *= 2;
592 592
593 ssl3_cleanup_key_block(s); 593 ssl3_cleanup_key_block(s);
594 594
@@ -620,8 +620,8 @@ tls1_setup_key_block(SSL *s)
620 { int z; for (z = 0; z<num; z++) printf("%02X%c", p1[z],((z+1)%16)?' ':'\n'); } 620 { int z; for (z = 0; z<num; z++) printf("%02X%c", p1[z],((z+1)%16)?' ':'\n'); }
621#endif 621#endif
622 622
623 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) 623 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
624 && s->method->version <= TLS1_VERSION) { 624 s->method->version <= TLS1_VERSION) {
625 /* enable vulnerability countermeasure for CBC ciphers with 625 /* enable vulnerability countermeasure for CBC ciphers with
626 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) 626 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
627 */ 627 */
@@ -678,8 +678,8 @@ tls1_enc(SSL *s, int send)
678 int ivlen; 678 int ivlen;
679 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 679 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
680 /* For TLSv1.1 and later explicit IV */ 680 /* For TLSv1.1 and later explicit IV */
681 if (s->version >= TLS1_1_VERSION 681 if (s->version >= TLS1_1_VERSION &&
682 && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) 682 EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
683 ivlen = EVP_CIPHER_iv_length(enc); 683 ivlen = EVP_CIPHER_iv_length(enc);
684 else 684 else
685 ivlen = 0; 685 ivlen = 0;
@@ -720,7 +720,7 @@ tls1_enc(SSL *s, int send)
720 l = rec->length; 720 l = rec->length;
721 bs = EVP_CIPHER_block_size(ds->cipher); 721 bs = EVP_CIPHER_block_size(ds->cipher);
722 722
723 if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) { 723 if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
724 unsigned char buf[13], *seq; 724 unsigned char buf[13], *seq;
725 725
726 seq = send ? s->s3->write_sequence : s->s3->read_sequence; 726 seq = send ? s->s3->write_sequence : s->s3->read_sequence;
@@ -733,14 +733,10 @@ tls1_enc(SSL *s, int send)
733 memcpy(buf, dtlsseq, 8); 733 memcpy(buf, dtlsseq, 8);
734 } else { 734 } else {
735 memcpy(buf, seq, 8); 735 memcpy(buf, seq, 8);
736 for (i = 7; 736 for (i = 7; i >= 0; i--) { /* increment */
737 i >= 0;
738 i--) /* increment */
739 {
740 ++seq[i]; 737 ++seq[i];
741 if (seq[i] != 0) 738 if (seq[i] != 0)
742 break; 739 break;
743
744 } 740 }
745 } 741 }
746 742
@@ -748,7 +744,7 @@ tls1_enc(SSL *s, int send)
748 buf[9] = (unsigned char)(s->version >> 8); 744 buf[9] = (unsigned char)(s->version >> 8);
749 buf[10] = (unsigned char)(s->version); 745 buf[10] = (unsigned char)(s->version);
750 buf[11] = rec->length >> 8; 746 buf[11] = rec->length >> 8;
751 buf[12] = rec->length&0xff; 747 buf[12] = rec->length & 0xff;
752 pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf); 748 pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf);
753 if (send) { 749 if (send) {
754 l += pad; 750 l += pad;
@@ -795,10 +791,9 @@ tls1_enc(SSL *s, int send)
795 } 791 }
796 792
797 i = EVP_Cipher(ds, rec->data, rec->input, l); 793 i = EVP_Cipher(ds, rec->data, rec->input, l);
798 if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER) 794 if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER) ?
799 ?(i < 0) 795 (i < 0) : (i == 0))
800 :(i == 0)) 796 return -1; /* AEAD can fail to verify MAC */
801 return -1; /* AEAD can fail to verify MAC */
802 if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) { 797 if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
803 rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; 798 rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
804 rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN; 799 rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
@@ -837,7 +832,8 @@ tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
837 return 0; 832 return 0;
838 833
839 for (i = 0; i < SSL_MAX_DIGEST; i++) { 834 for (i = 0; i < SSL_MAX_DIGEST; i++) {
840 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) { 835 if (s->s3->handshake_dgst[i] &&
836 EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
841 d = s->s3->handshake_dgst[i]; 837 d = s->s3->handshake_dgst[i];
842 break; 838 break;
843 } 839 }
@@ -879,24 +875,25 @@ tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
879 if (mask & ssl_get_algorithm2(s)) { 875 if (mask & ssl_get_algorithm2(s)) {
880 int hashsize = EVP_MD_size(md); 876 int hashsize = EVP_MD_size(md);
881 EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; 877 EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
882 if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q - buf))) { 878 if (!hdgst || hashsize < 0 ||
879 hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
883 /* internal error: 'buf' is too small for this cipersuite! */ 880 /* internal error: 'buf' is too small for this cipersuite! */
884 err = 1; 881 err = 1;
885 } else { 882 } else {
886 if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || 883 if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
887 !EVP_DigestFinal_ex(&ctx, q, &i) || 884 !EVP_DigestFinal_ex(&ctx, q, &i) ||
888 (i != (unsigned int)hashsize)) 885 (i != (unsigned int)hashsize))
889 err = 1; 886 err = 1;
890 q += hashsize; 887 q += hashsize;
891 } 888 }
892 } 889 }
893 } 890 }
894 891
895 if (!tls1_PRF(ssl_get_algorithm2(s), 892 if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf,(int)(q - buf),
896 str, slen, buf,(int)(q - buf), NULL, 0, NULL, 0, NULL, 0, 893 NULL, 0, NULL, 0, NULL, 0,
897 s->session->master_key, s->session->master_key_length, 894 s->session->master_key, s->session->master_key_length,
898 out, buf2, sizeof buf2)) 895 out, buf2, sizeof buf2))
899 err = 1; 896 err = 1;
900 EVP_MD_CTX_cleanup(&ctx); 897 EVP_MD_CTX_cleanup(&ctx);
901 898
902 if (err) 899 if (err)
@@ -945,7 +942,7 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
945 unsigned char dtlsseq[8], *p = dtlsseq; 942 unsigned char dtlsseq[8], *p = dtlsseq;
946 943
947 s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p); 944 s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
948 memcpy (p, &seq[2], 6); 945 memcpy(p, &seq[2], 6);
949 946
950 memcpy(header, dtlsseq, 8); 947 memcpy(header, dtlsseq, 8);
951 } else 948 } else
@@ -961,21 +958,18 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
961 header[11] = (rec->length) >> 8; 958 header[11] = (rec->length) >> 8;
962 header[12] = (rec->length)&0xff; 959 header[12] = (rec->length)&0xff;
963 960
964 if (!send && 961 if (!send && EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
965 EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && 962 ssl3_cbc_record_digest_supported(mac_ctx)) {
966 ssl3_cbc_record_digest_supported(mac_ctx)) {
967 /* This is a CBC-encrypted record. We must avoid leaking any 963 /* This is a CBC-encrypted record. We must avoid leaking any
968 * timing-side channel information about how many blocks of 964 * timing-side channel information about how many blocks of
969 * data we are hashing because that gives an attacker a 965 * data we are hashing because that gives an attacker a
970 * timing-oracle. */ 966 * timing-oracle. */
971 ssl3_cbc_digest_record( 967 ssl3_cbc_digest_record(mac_ctx,
972 mac_ctx, 968 md, &md_size, header, rec->input,
973 md, &md_size, 969 rec->length + md_size, orig_len,
974 header, rec->input, 970 ssl->s3->read_mac_secret,
975 rec->length + md_size, orig_len, 971 ssl->s3->read_mac_secret_size,
976 ssl->s3->read_mac_secret, 972 0 /* not SSLv3 */);
977 ssl->s3->read_mac_secret_size,
978 0 /* not SSLv3 */);
979 } else { 973 } else {
980 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); 974 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
981 EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length); 975 EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
@@ -1001,7 +995,6 @@ tls1_mac(SSL *ssl, unsigned char *md, int send)
1001 ++seq[i]; 995 ++seq[i];
1002 if (seq[i] != 0) 996 if (seq[i] != 0)
1003 break; 997 break;
1004
1005 } 998 }
1006 } 999 }
1007 1000
@@ -1115,20 +1108,20 @@ tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1115 * comparisons won't have buffer overflow 1108 * comparisons won't have buffer overflow
1116 */ 1109 */
1117 if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST, 1110 if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
1118 TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1; 1111 TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
1112 goto err1;
1119 if (memcmp(val, TLS_MD_SERVER_FINISH_CONST, 1113 if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
1120 TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1; 1114 TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
1115 goto err1;
1121 if (memcmp(val, TLS_MD_MASTER_SECRET_CONST, 1116 if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
1122 TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1; 1117 TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
1118 goto err1;
1123 if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST, 1119 if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
1124 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1; 1120 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
1121 goto err1;
1125 1122
1126 rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, 1123 rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
1127 val, vallen, 1124 val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1128 NULL, 0,
1129 NULL, 0,
1130 NULL, 0,
1131 NULL, 0,
1132 s->session->master_key, s->session->master_key_length, 1125 s->session->master_key, s->session->master_key_length,
1133 out, buff, olen); 1126 out, buff, olen);
1134 1127
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 17:31:08 +0000