diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-05-25 17:12:49 -0400 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-05-28 16:05:01 +0100 |
| commit | 858618e7e037559b75b0bfca4d30440f9515b888 (patch) | |
| tree | 88e7816fd7353b59238fdf1c52ae37c6a352b7f1 /ssl | |
| parent | 9ef175148b7da12cb09f5e78f32bc6ab58d78b83 (diff) | |
Add new functions to extract {client,server}_random, master_key
Tor uses these values to implement a low-rent clone of RFC 5705 (which,
in our defense, we came up with before RFC 5705 existed). But now that
ssl_st is opaque, we need another way to get at them.
Includes documentation, with suitable warnings about not actually
using these functions.
Signed-off-by: Nick Mathewson <nickm@torproject.org>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_lib.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0b4b58e0f8..081f27a73e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2897,6 +2897,37 @@ long SSL_get_verify_result(const SSL *ssl) return (ssl->verify_result); } +int SSL_get_client_random(const SSL *ssl, unsigned char *out, int outlen) +{ + if (outlen < 0) + return sizeof(ssl->s3->client_random); + if (outlen > sizeof(ssl->s3->client_random)) + outlen = sizeof(ssl->s3->client_random); + memcpy(out, ssl->s3->client_random, outlen); + return (outlen); +} + +int SSL_get_server_random(const SSL *ssl, unsigned char *out, int outlen) +{ + if (outlen < 0) + return sizeof(ssl->s3->server_random); + if (outlen > sizeof(ssl->s3->server_random)) + outlen = sizeof(ssl->s3->server_random); + memcpy(out, ssl->s3->server_random, outlen); + return (outlen); +} + +int SSL_SESSION_get_master_key(const SSL_SESSION *session, + unsigned char *out, int outlen) +{ + if (outlen < 0) + return session->master_key_length; + if (outlen > session->master_key_length) + outlen = session->master_key_length; + memcpy(out, session->master_key, outlen); + return (outlen); +} + int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { |