in src/ngx_tcp_lurk_module.c [833:879]
int ngx_tcp_lurk_tls1_prf_v2(long digest_mask,
const void *seed1, size_t seed1_len,
const void *seed2, size_t seed2_len,
const void *seed3, size_t seed3_len,
const void *seed4, size_t seed4_len,
const void *seed5, size_t seed5_len,
const unsigned char *sec, size_t slen,
unsigned char *out, size_t olen, ngx_log_t *log)
{
const EVP_MD *md = NULL;
EVP_PKEY_CTX *pctx = NULL;
int ret = 0;
long m;
ssl_get_handshake_digest(digest_mask, &m, &md);
if (md == NULL) {
/* Should never happen */
ngx_log_error(NGX_LOG_ERR, log, 0,
"[tcp lurk] ssl_get_handshake_digest failed");
return 0;
}
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0
|| EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) <= 0
|| EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, (int)slen) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, (int)seed1_len) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, (int)seed2_len) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, (int)seed3_len) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, (int)seed4_len) <= 0)
goto err;
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, (int)seed5_len) <= 0)
goto err;
if (EVP_PKEY_derive(pctx, out, &olen) <= 0)
goto err;
ret = 1;
err:
EVP_PKEY_CTX_free(pctx);
return ret;
}