oops, revert wrong patch..

diff --git a/CHANGES b/CHANGES
index 6b5e116c3a579b030b595a7d5966c996eea63d37..17ddf7f021bc6f77c978da1a6366eeac03d48720 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -71,6 +71,16 @@
      multi-process servers.
      [Steve Henson]
 
+  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+     a few changes are required:
+
+       Add SSL_OP_NO_TLSv1_1 flag.
+       Add TLSv1_1 methods.
+       Update version checking logic to handle version 1.1.
+       Add explicit IV handling (ported from DTLS code).
+       Add command line options to s_client/s_server.
+     [Steve Henson]
+
   *) Experiemental password based recipient info support for CMS library:
      implementing RFC3211.
      [Steve Henson]
@@ -94,21 +104,6 @@
      whose return value is often ignored. 
      [Steve Henson]
   
- Changes between 1.0.0 and 1.0.1  [xx XXX xxxx]
-
-  *) Add support for TLS key exporter as described in RFC5705.
-     [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
-
-  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
-     a few changes are required:
-
-       Add SSL_OP_NO_TLSv1_1 flag.
-       Add TLSv1_1 methods.
-       Update version checking logic to handle version 1.1.
-       Add explicit IV handling (ported from DTLS code).
-       Add command line options to s_client/s_server.
-     [Steve Henson]
-
  Changes between 1.0.0 and 1.0.0a  [xx XXX xxxx]
   
   *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 

diff --git a/ssl/ssl.h b/ssl/ssl.h
index e6244b0011dc33c4a5dfbca200bc7466cbc43016..761c6f3c1fa13bcf2ca038da136246c7fe895ff3 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1812,10 +1812,6 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 /* Pre-shared secret session resumption functions */
 int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 
-int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
-                           unsigned char *context, int context_len,
-                           unsigned char *out, int olen);
-
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 3614b8a30ec78f856c60fb6d6358be1e1fdaab4d..5446bb250dd66308d36f8ae2f3e19b1ed00b7fb8 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1071,26 +1071,3 @@ int tls1_alert_code(int code)
                }
        }
 
-int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
-                           unsigned char *context, int context_len,
-                           unsigned char *out, int olen)
-       {
-       unsigned char *tmp;
-       int rv;
-
-       tmp = OPENSSL_malloc(olen);
-
-       if (!tmp)
-               return 0;
-       
-       rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-                        label, label_len,
-                        s->s3->client_random,SSL3_RANDOM_SIZE,
-                        s->s3->server_random,SSL3_RANDOM_SIZE,
-                        context, context_len, NULL, 0,
-                        s->session->master_key, s->session->master_key_length,
-                        out, tmp, olen);
-
-       OPENSSL_free(tmp);
-       return rv;
-       }