[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Re: [pkcs11] Groups - TLS 1.2 mechanisms uploaded
Re: RFC 5705 TLS keying material exporter The issue of "no context value" vs. "zero-length context value" needs to be addressed. This is an unfortunate bug in RFC 5705. The bug is probably insignificant in practice, and this working group can certainly choose to NOT support a zero-length context value, but that decision should be noted in the PKCS #11 specification. Here are the function prototypes of the OpenSSL and NSS functions for RFC 5705 TLS keying material exporter, both of which chose to allow a zero-length context value. The OpenSSL function has a "use_context" boolean argument: /* SSL_export_keying_material exports a value derived from the master secret, * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and * optional context. (Since a zero length context is allowed, the |use_context| * flag controls whether a context is included.) * * It returns 1 on success and zero otherwise. */ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context); The NSS function has a "hasContext" boolean argument: /* Export keying material according to RFC 5705. ** fd must correspond to a TLS 1.0 or higher socket and out must ** already be allocated. If hasContext is false, it uses the no-context ** construction from the RFC and ignores the context and contextLen ** arguments. */ SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd, const char *label, unsigned int labelLen, PRBool hasContext, const unsigned char *context, unsigned int contextLen, unsigned char *out, unsigned int outLen); Wan-Teh Chang
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]