summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2010-07-18 17:43:18 +0000
committerDr. Stephen Henson <steve@openssl.org>2010-07-18 17:43:18 +0000
commitf96ccf36ffa4ac9941c4f00eda2e970be6b2e5da (patch)
tree5998caa0907237e136a81ab7670023d9e6682a4e
parentb9e7793dd7fb5449407bbf888b8633c590ec38c6 (diff)
PR: 1830
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson Support for RFC5705 key extractor.
Diffstat
-rw-r--r--CHANGES25
-rw-r--r--ssl/ssl.h4
-rw-r--r--ssl/t1_enc.c23
3 files changed, 42 insertions, 10 deletions
diff --git a/CHANGES b/CHANGES
index 17ddf7f021..6b5e116c3a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -71,16 +71,6 @@
multi-process servers.
[Steve Henson]
- *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
- a few changes are required:
-
- Add SSL_OP_NO_TLSv1_1 flag.
- Add TLSv1_1 methods.
- Update version checking logic to handle version 1.1.
- Add explicit IV handling (ported from DTLS code).
- Add command line options to s_client/s_server.
- [Steve Henson]
-
*) Experiemental password based recipient info support for CMS library:
implementing RFC3211.
[Steve Henson]
@@ -104,6 +94,21 @@
whose return value is often ignored.
[Steve Henson]
+ Changes between 1.0.0 and 1.0.1 [xx XXX xxxx]
+
+ *) Add support for TLS key exporter as described in RFC5705.
+ [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
+
+ *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+ a few changes are required:
+
+ Add SSL_OP_NO_TLSv1_1 flag.
+ Add TLSv1_1 methods.
+ Update version checking logic to handle version 1.1.
+ Add explicit IV handling (ported from DTLS code).
+ Add command line options to s_client/s_server.
+ [Steve Henson]
+
Changes between 1.0.0 and 1.0.0a [xx XXX xxxx]
*) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 761c6f3c1f..e6244b0011 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1812,6 +1812,10 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
/* Pre-shared secret session resumption functions */
int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
+int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+ unsigned char *context, int context_len,
+ unsigned char *out, int olen);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5446bb250d..3614b8a30e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1071,3 +1071,26 @@ int tls1_alert_code(int code)
}
}
+int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+ unsigned char *context, int context_len,
+ unsigned char *out, int olen)
+ {
+ unsigned char *tmp;
+ int rv;
+
+ tmp = OPENSSL_malloc(olen);
+
+ if (!tmp)
+ return 0;
+
+ rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ label, label_len,
+ s->s3->client_random,SSL3_RANDOM_SIZE,
+ s->s3->server_random,SSL3_RANDOM_SIZE,
+ context, context_len, NULL, 0,
+ s->session->master_key, s->session->master_key_length,
+ out, tmp, olen);
+
+ OPENSSL_free(tmp);
+ return rv;
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-13 19:25:15 +0000