PR: 1830
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson Support for RFC5705 key extractor.
This commit is contained in:
Dr. Stephen Henson
parent
b9e7793dd7
commit
f96ccf36ff
25
CHANGES
25
CHANGES
@ -71,16 +71,6 @@
|
|||||||
multi-process servers.
|
multi-process servers.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
|
||||||
*) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
|
|
||||||
a few changes are required:
|
|
||||||
|
|
||||||
Add SSL_OP_NO_TLSv1_1 flag.
|
|
||||||
Add TLSv1_1 methods.
|
|
||||||
Update version checking logic to handle version 1.1.
|
|
||||||
Add explicit IV handling (ported from DTLS code).
|
|
||||||
Add command line options to s_client/s_server.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) Experiemental password based recipient info support for CMS library:
|
*) Experiemental password based recipient info support for CMS library:
|
||||||
implementing RFC3211.
|
implementing RFC3211.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
@ -104,6 +94,21 @@
|
|||||||
whose return value is often ignored.
|
whose return value is often ignored.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
|
||||||
|
Changes between 1.0.0 and 1.0.1 [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) Add support for TLS key exporter as described in RFC5705.
|
||||||
|
[Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
|
||||||
|
|
||||||
|
*) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
|
||||||
|
a few changes are required:
|
||||||
|
|
||||||
|
Add SSL_OP_NO_TLSv1_1 flag.
|
||||||
|
Add TLSv1_1 methods.
|
||||||
|
Update version checking logic to handle version 1.1.
|
||||||
|
Add explicit IV handling (ported from DTLS code).
|
||||||
|
Add command line options to s_client/s_server.
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
Changes between 1.0.0 and 1.0.0a [xx XXX xxxx]
|
Changes between 1.0.0 and 1.0.0a [xx XXX xxxx]
|
||||||
|
|
||||||
*) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
|
*) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
|
||||||
|
|||||||
@ -1812,6 +1812,10 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
|
|||||||
/* Pre-shared secret session resumption functions */
|
/* Pre-shared secret session resumption functions */
|
||||||
int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
|
int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
|
||||||
|
|
||||||
|
int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
|
||||||
|
unsigned char *context, int context_len,
|
||||||
|
unsigned char *out, int olen);
|
||||||
|
|
||||||
/* BEGIN ERROR CODES */
|
/* BEGIN ERROR CODES */
|
||||||
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||||
* made after this point may be overwritten when the script is next run.
|
* made after this point may be overwritten when the script is next run.
|
||||||
|
|||||||
23
ssl/t1_enc.c
23
ssl/t1_enc.c
@ -1071,3 +1071,26 @@ int tls1_alert_code(int code)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
|
||||||
|
unsigned char *context, int context_len,
|
||||||
|
unsigned char *out, int olen)
|
||||||
|
{
|
||||||
|
unsigned char *tmp;
|
||||||
|
int rv;
|
||||||
|
|
||||||
|
tmp = OPENSSL_malloc(olen);
|
||||||
|
|
||||||
|
if (!tmp)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
|
||||||
|
label, label_len,
|
||||||
|
s->s3->client_random,SSL3_RANDOM_SIZE,
|
||||||
|
s->s3->server_random,SSL3_RANDOM_SIZE,
|
||||||
|
context, context_len, NULL, 0,
|
||||||
|
s->session->master_key, s->session->master_key_length,
|
||||||
|
out, tmp, olen);
|
||||||
|
|
||||||
|
OPENSSL_free(tmp);
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user