Updates following review of SSL_export_key_material() changes

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3782)
2024-11-27 05:21:51 +08:00 · 2017-06-28 17:18:27 +01:00 · 2017-06-28 17:18:27 +01:00 · a599574be1
commit a599574be1
parent e88c40af45
3 changed files with 12 additions and 28 deletions
--- a/doc/man3/SSL_export_keying_material.pod
+++ b/doc/man3/SSL_export_keying_material.pod
@ -33,7 +33,7 @@ pointed to by B<context> and should be B<contextlen> bytes long. Provision of
 a context is optional. If the context should be omitted entirely then
 B<use_context> should be set to 0. Otherwise it should be any other value. If
 B<use_context> is 0 then the values of B<context> and B<contextlen> are ignored.
-Note that in TLSv1.2 and below a zero length context is treated differently to
+Note that in TLSv1.2 and below a zero length context is treated differently from
 no context at all, and will result in different keying material being returned.
 In TLSv1.3 a zero length context is that same as no context at all and will
 result in the same keying material being returned.
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@ -611,10 +611,7 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    unsigned int hashsize;
    int ret = 0;

-    if (ctx == NULL)
-        goto err;
-
-    if (!SSL_is_init_finished(s))
+    if (ctx == NULL || !SSL_is_init_finished(s))
        goto err;

    if (!use_context)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@ -2493,7 +2493,7 @@ static int test_serverinfo(int tst)
 */
 static int test_export_key_mat(int tst)
 {
-    int testresult = 0, proto;
+    int testresult = 0;
    SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
    SSL *clientssl = NULL, *serverssl = NULL;
    const char label[] = "test label";
@ -2501,6 +2501,12 @@ static int test_export_key_mat(int tst)
    const unsigned char *emptycontext = NULL;
    unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
    unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
+    const int protocols[] = {
+        TLS1_VERSION,
+        TLS1_1_VERSION,
+        TLS1_2_VERSION,
+        TLS1_3_VERSION
+    };

 #ifdef OPENSSL_NO_TLS1
    if (tst == 0)
@ -2523,28 +2529,9 @@ static int test_export_key_mat(int tst)
                                       &cctx, cert, privkey)))
        goto end;

-    switch (tst) {
-    case 0:
-        proto = TLS1_VERSION;
-        break;
-
-    case 1:
-        proto = TLS1_1_VERSION;
-        break;
-
-    case 2:
-        proto = TLS1_2_VERSION;
-        break;
-
-    case 3:
-        proto = TLS1_3_VERSION;
-        break;
-
-    default:
-        goto end;
-    }
-    SSL_CTX_set_max_proto_version(cctx, proto);
-    SSL_CTX_set_min_proto_version(cctx, proto);
+    OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
+    SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
+    SSL_CTX_set_min_proto_version(cctx, protocols[tst]);

    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
                                      NULL))