diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2010-07-18 17:39:46 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2010-07-18 17:39:46 +0000 |
| commit | 53e7985c8d22cbde9f1b89dab5d78192671448ec (patch) | |
| tree | 53501895e6d081c19804637b4781c4e908bd2b8e | |
| parent | 9102342795152852468fe0a597e5ae63c6fdb178 (diff) | |
| download | openssl-53e7985c8d22cbde9f1b89dab5d78192671448ec.tar.gz | |
PR: 1830
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson
Support for RFC5705 key extractor.
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | ssl/ssl.h | 4 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 23 |
3 files changed, 30 insertions, 0 deletions
@@ -4,6 +4,9 @@ Changes between 1.0.0a and 1.0.1 [xx XXX xxxx] + *) Add support for TLS key exporter as described in RFC5705. + [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson] + *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only a few changes are required: @@ -1812,6 +1812,10 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, /* Pre-shared secret session resumption functions */ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); +int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, + unsigned char *context, int context_len, + unsigned char *out, int olen); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 5446bb250d..3614b8a30e 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1071,3 +1071,26 @@ int tls1_alert_code(int code) } } +int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, + unsigned char *context, int context_len, + unsigned char *out, int olen) + { + unsigned char *tmp; + int rv; + + tmp = OPENSSL_malloc(olen); + + if (!tmp) + return 0; + + rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + label, label_len, + s->s3->client_random,SSL3_RANDOM_SIZE, + s->s3->server_random,SSL3_RANDOM_SIZE, + context, context_len, NULL, 0, + s->session->master_key, s->session->master_key_length, + out, tmp, olen); + + OPENSSL_free(tmp); + return rv; + } |