nsresult TransportLayerDtls::ExportKeyingMaterial(const std::string& label,
bool use_context,
const std::string& context,
unsigned char *out,
unsigned int outlen) {
CheckThread();
if (state_ != TS_OPEN) {
MOZ_ASSERT(false, "Transport must be open for ExportKeyingMaterial");
return NS_ERROR_NOT_AVAILABLE;
}
SECStatus rv = SSL_ExportKeyingMaterial(ssl_fd_,
label.c_str(),
label.size(),
use_context,
reinterpret_cast<const unsigned char *>(
context.c_str()),
context.size(),
out,
outlen);
if (rv != SECSuccess) {
MOZ_MTLOG(ML_ERROR, "Couldn't export SSL keying material");
return NS_ERROR_FAILURE;
}
return NS_OK;
}
int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
const char *label, int server_random_first,
u8 *out, size_t out_len) {
if (conn == NULL || server_random_first) {
wpa_printf(MSG_INFO, "NSS: Unsupported PRF request "
"(server_random_first=%d)",
server_random_first);
return -1;
}
if (SSL_ExportKeyingMaterial(conn->fd, label, NULL, 0, out, out_len) !=
SECSuccess) {
wpa_printf(MSG_INFO, "NSS: Failed to use TLS extractor "
"(label='%s' out_len=%d", label, (int) out_len);
return -1;
}
return 0;
}
nsresult TransportLayerDtls::ExportKeyingMaterial(const std::string& label,
bool use_context,
const std::string& context,
unsigned char *out,
unsigned int outlen) {
CheckThread();
SECStatus rv = SSL_ExportKeyingMaterial(ssl_fd_,
label.c_str(),
label.size(),
use_context,
reinterpret_cast<const unsigned char *>(
context.c_str()),
context.size(),
out,
outlen);
if (rv != SECSuccess) {
MOZ_MTLOG(PR_LOG_ERROR, "Couldn't export SSL keying material");
return NS_ERROR_FAILURE;
}
return NS_OK;
}
