From e88c40af4572a422be5fcab732bd46c55df136f8 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 27 Jun 2017 16:32:40 +0100 Subject: [PATCH] Update the SSL_export_keying_material() documentation for TLSv1.3 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3782) --- doc/man3/SSL_export_keying_material.pod | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod index ccb99ec9a8..f2fba4746b 100644 --- a/doc/man3/SSL_export_keying_material.pod +++ b/doc/man3/SSL_export_keying_material.pod @@ -18,7 +18,8 @@ SSL_export_keying_material - obtain keying material for application use During the creation of a TLS or DTLS connection shared keying material is established between the two endpoints. The function SSL_export_keying_material() enables an application to use some of this keying material for its own purposes -in accordance with RFC5705. +in accordance with RFC5705 (for TLSv1.2 and below) or RFCXXXX (for TLSv1.3). +TODO(TLS1.3): Update the RFC number when the RFC is published. An application may need to securely establish the context within which this keying material will be used. For example this may include identifiers for the @@ -32,8 +33,10 @@ pointed to by B and should be B bytes long. Provision of a context is optional. If the context should be omitted entirely then B should be set to 0. Otherwise it should be any other value. If B is 0 then the values of B and B are ignored. -Note that a zero length context is treated differently to no context at all, and -will result in different keying material being returned. +Note that in TLSv1.2 and below a zero length context is treated differently to +no context at all, and will result in different keying material being returned. +In TLSv1.3 a zero length context is that same as no context at all and will +result in the same keying material being returned. An application specific label should be provided in the location pointed to by B