Changes between 1.0.0a and 1.0.1 [xx XXX xxxx]
+ *) Add support for TLS key exporter as described in RFC5705.
+ [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
+
*) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
a few changes are required:
/* Pre-shared secret session resumption functions */
int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
+int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+ unsigned char *context, int context_len,
+ unsigned char *out, int olen);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
}
}
+int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+ unsigned char *context, int context_len,
+ unsigned char *out, int olen)
+ {
+ unsigned char *tmp;
+ int rv;
+
+ tmp = OPENSSL_malloc(olen);
+
+ if (!tmp)
+ return 0;
+
+ rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ label, label_len,
+ s->s3->client_random,SSL3_RANDOM_SIZE,
+ s->s3->server_random,SSL3_RANDOM_SIZE,
+ context, context_len, NULL, 0,
+ s->session->master_key, s->session->master_key_length,
+ out, tmp, olen);
+
+ OPENSSL_free(tmp);
+ return rv;
+ }
projects / oweals / openssl.git / commitdiff