From 53e7985c8d22cbde9f1b89dab5d78192671448ec Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 18 Jul 2010 17:39:46 +0000 Subject: [PATCH] PR: 1830 Submitted By: Robin Seggelmann , Steve Henson Support for RFC5705 key extractor. --- CHANGES | 3 +++ ssl/ssl.h | 4 ++++ ssl/t1_enc.c | 23 +++++++++++++++++++++++ 3 files changed, 30 insertions(+) diff --git a/CHANGES b/CHANGES index ccf35e4af9..17f83c4750 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 1.0.0a and 1.0.1 [xx XXX xxxx] + *) Add support for TLS key exporter as described in RFC5705. + [Robin Seggelmann , Steve Henson] + *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only a few changes are required: diff --git a/ssl/ssl.h b/ssl/ssl.h index 761c6f3c1f..e6244b0011 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1812,6 +1812,10 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, /* Pre-shared secret session resumption functions */ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); +int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, + unsigned char *context, int context_len, + unsigned char *out, int olen); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 5446bb250d..3614b8a30e 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1071,3 +1071,26 @@ int tls1_alert_code(int code) } } +int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, + unsigned char *context, int context_len, + unsigned char *out, int olen) + { + unsigned char *tmp; + int rv; + + tmp = OPENSSL_malloc(olen); + + if (!tmp) + return 0; + + rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + label, label_len, + s->s3->client_random,SSL3_RANDOM_SIZE, + s->s3->server_random,SSL3_RANDOM_SIZE, + context, context_len, NULL, 0, + s->session->master_key, s->session->master_key_length, + out, tmp, olen); + + OPENSSL_free(tmp); + return rv; + } -- 2.25.1