diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-07 17:10:48 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-07 17:10:48 +0000 |
| commit | 4429cbf8692369d4ad643996b2f386e329014e10 (patch) | |
| tree | 8e50f675ebc2c0ad96d4ebc1926af7d1d35d4658 /lib/libssl | |
| parent | d3884b9cbe1add3675ef6369bc0c65c8aac16df2 (diff) | |
Move the export label initialisation into the export handling code, since
this is the only place where these variables are used.
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/t1_enc.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index ba4d244dc2e..3e90b78468b 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -465,14 +465,10 @@ tls1_change_cipher_state(SSL *s, int which) mac_secret = client_write_mac_secret; key = client_write_key; iv = client_write_iv; - exp_label = TLS_MD_CLIENT_WRITE_KEY_CONST; - exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; } else { mac_secret = server_write_mac_secret; key = server_write_key; iv = server_write_iv; - exp_label = TLS_MD_SERVER_WRITE_KEY_CONST; - exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; } if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) { @@ -496,9 +492,18 @@ tls1_change_cipher_state(SSL *s, int which) } if (is_export) { - /* In here I set both the read and write key/iv to the - * same value since only the correct one will be used :-). + /* + * Both the read and write key/iv are set to the same value + * since only the correct one will be used :-). */ + if (use_client_keys) { + exp_label = TLS_MD_CLIENT_WRITE_KEY_CONST; + exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; + } else { + exp_label = TLS_MD_SERVER_WRITE_KEY_CONST; + exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; + } + if (!tls1_PRF(ssl_get_algorithm2(s), exp_label, exp_label_len, s->s3->client_random, SSL3_RANDOM_SIZE, |