Add a boolean |had_context| argument to the TLS ExportKeyingMaterial

net/third_party/nss/ssl/sslinfo.c

Index: net/third_party/nss/ssl/sslinfo.c
===================================================================
--- net/third_party/nss/ssl/sslinfo.c	(revision 125777)
+++ net/third_party/nss/ssl/sslinfo.c	(working copy)
@@ -317,18 +317,12 @@
     return PR_FALSE;
 }
 
-/* Export keying material according to RFC 5705.
-** fd must correspond to a TLS 1.0 or higher socket, out must
-** be already allocated.
-*/
 SECStatus
 SSL_ExportKeyingMaterial(PRFileDesc *fd,
-			 const char *label,
-			 unsigned int labelLen,
-			 const unsigned char *context,
-			 unsigned int contextLen,
-			 unsigned char *out,
-			 unsigned int outLen)
+                         const char *label, unsigned int labelLen,
+                         PRBool hasContext,
+                         const unsigned char *context, unsigned int contextLen,
+                         unsigned char *out, unsigned int outLen)
 {
     sslSocket *ss;
     unsigned char *val = NULL;
@@ -347,25 +341,33 @@
 	return SECFailure;
     }
 
+    /* construct PRF arguments */
     valLen = SSL3_RANDOM_LENGTH * 2;
-    if (contextLen > 0)
+    if (hasContext) {
 	valLen += 2 /* uint16 length */ + contextLen;
+    }
     val = PORT_Alloc(valLen);
-    if (val == NULL)
+    if (!val) {
 	return SECFailure;
+    }
     i = 0;
     PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
     i += SSL3_RANDOM_LENGTH;
     PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
     i += SSL3_RANDOM_LENGTH;
-    if (contextLen > 0) {
+    if (hasContext) {
 	val[i++] = contextLen >> 8;
 	val[i++] = contextLen;
-	PORT_Memcpy(val + i, context, contextLen);
-	i += contextLen;
+	if (contextLen > 0) {

[agl, 2012/03/12 15:22:21]

(very minor): I think that this if is superfluous, but you might feel that it
aids readability.

+	    PORT_Memcpy(val + i, context, contextLen);
+	    i += contextLen;
+	}
     }
     PORT_Assert(i == valLen);
 
+    /* Allow TLS keying material to be exported sooner, when the master
+     * secret is available and we have sent ChangeCipherSpec.
+     */
     ssl_GetSpecReadLock(ss);
     if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
 	PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);