PR: 1830

Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson

Support for RFC5705 key extractor.

2 files changed, 27 insertions, 0 deletions

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 761c6f3c1f..e6244b0011 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1812,6 +1812,10 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 /* Pre-shared secret session resumption functions */
 int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 
+int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+                           unsigned char *context, int context_len,
+                           unsigned char *out, int olen);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5446bb250d..3614b8a30e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1071,3 +1071,26 @@ int tls1_alert_code(int code)
 		}
 	}
 
+int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+                           unsigned char *context, int context_len,
+                           unsigned char *out, int olen)
+	{
+	unsigned char *tmp;
+	int rv;
+
+	tmp = OPENSSL_malloc(olen);
+
+	if (!tmp)
+		return 0;
+	
+	rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+			 label, label_len,
+			 s->s3->client_random,SSL3_RANDOM_SIZE,
+			 s->s3->server_random,SSL3_RANDOM_SIZE,
+			 context, context_len, NULL, 0,
+			 s->session->master_key, s->session->master_key_length,
+			 out, tmp, olen);
+
+	OPENSSL_free(tmp);
+	return rv;
+	}