net: allow SSL secrets to be exported sooner.

net/third_party/nss/ssl/sslinfo.c

Index: net/third_party/nss/ssl/sslinfo.c
diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
index 9a58b4d3b9174443c01b2845c49b2ddfbb54e43d..cf870c790067d909650f16e003294bcaf5c40e60 100644
--- a/net/third_party/nss/ssl/sslinfo.c
+++ b/net/third_party/nss/ssl/sslinfo.c
@@ -39,7 +39,6 @@
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
-#include "pk11func.h"
 
 static const char *
 ssl_GetCompressionMethodName(SSLCompressionMethod compression)
@@ -318,12 +317,14 @@ SSL_IsExportCipherSuite(PRUint16 cipherSuite)
     return PR_FALSE;
 }
 
-/* Export keying material according to draft-ietf-tls-extractor-06.
+/* Export keying material according to RFC 5705.
 ** fd must correspond to a TLS 1.0 or higher socket, out must
 ** be already allocated.
 */
 SECStatus
-SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
+SSL_ExportKeyingMaterial(PRFileDesc *fd,
+			 const char *label,
+			 unsigned int labelLen,
 			 const unsigned char *context,
 			 unsigned int contextLen,
 			 unsigned char *out,
@@ -346,11 +347,6 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
 	return SECFailure;
     }
 
-    if (ss->ssl3.hs.ws != idle_handshake) {
-	PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
-	return SECFailure;
-    }
-
     valLen = SSL3_RANDOM_LENGTH * 2;
     if (contextLen > 0)
 	valLen += 2 /* uint16 length */ + contextLen;
@@ -371,11 +367,16 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label,
     PORT_Assert(i == valLen);
 
     ssl_GetSpecReadLock(ss);
-    rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.crSpec, label, strlen(label), val, valLen, out, outLen);
+    if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
+	PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
+	rv = SECFailure;
+    } else {
+	rv = ssl3_TLSPRFWithMasterSecret(ss->ssl3.cwSpec, label, labelLen, val,
+					 valLen, out, outLen);
+    }
     ssl_ReleaseSpecReadLock(ss);
 
-    if (val != NULL)
-	PORT_ZFree(val, valLen);
+    PORT_ZFree(val, valLen);
     return rv;
 }