Fix exporter.

2 files changed, 17 insertions, 7 deletions

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 1809946fca..2b57b1f909 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2019,9 +2019,10 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 /* Pre-shared secret session resumption functions */
 int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 
-int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
-                           unsigned char *context, int context_len,
-                           unsigned char *out, int olen);
+int SSL_tls1_key_exporter(SSL *s,
+			  const unsigned char *label, int label_len,
+			  const unsigned char *context, int context_len,
+			  unsigned char *out, int olen);
 
 void SSL_set_debug(SSL *s, int debug);
 int SSL_cache_hit(SSL *s);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 53341eeb34..b4aa67ee90 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1250,23 +1250,32 @@ int tls1_alert_code(int code)
 		}
 	}
 
-int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
-                           unsigned char *context, int context_len,
-                           unsigned char *out, int olen)
+int SSL_tls1_key_exporter(SSL *s,
+			  const unsigned char *label, int label_len,
+			  const unsigned char *context, int context_len,
+			  unsigned char *out, int olen)
 	{
 	unsigned char *tmp;
 	int rv;
+	unsigned char context_len_16[2];
+
+	if (context_len > 0xffff)
+		return 0;
 
 	tmp = OPENSSL_malloc(olen);
 
 	if (!tmp)
 		return 0;
+
+	context_len_16[0] = context_len >> 8;
+	context_len_16[1] = context_len;
 	
 	rv = tls1_PRF(ssl_get_algorithm2(s),
 			 label, label_len,
 			 s->s3->client_random,SSL3_RANDOM_SIZE,
 			 s->s3->server_random,SSL3_RANDOM_SIZE,
-			 context, context_len, NULL, 0,
+			 context_len_16, sizeof(context_len_16),
+			 context, context_len,
 			 s->session->master_key, s->session->master_key_length,
 			 out, tmp, olen);