From d135da51922dc756ab42643099de96728891f1d4 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 18 Jul 2010 16:52:47 +0000 Subject: [PATCH] Fix warnings (From HEAD, original patch by Ben). --- CHANGES | 25 +++++++++++++++---------- ssl/ssl.h | 4 ++++ ssl/t1_enc.c | 23 +++++++++++++++++++++++ 3 files changed, 42 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 17ddf7f021..6b5e116c3a 100644 --- a/CHANGES +++ b/CHANGES @@ -71,16 +71,6 @@ multi-process servers. [Steve Henson] - *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only - a few changes are required: - - Add SSL_OP_NO_TLSv1_1 flag. - Add TLSv1_1 methods. - Update version checking logic to handle version 1.1. - Add explicit IV handling (ported from DTLS code). - Add command line options to s_client/s_server. - [Steve Henson] - *) Experiemental password based recipient info support for CMS library: implementing RFC3211. [Steve Henson] @@ -104,6 +94,21 @@ whose return value is often ignored. [Steve Henson] + Changes between 1.0.0 and 1.0.1 [xx XXX xxxx] + + *) Add support for TLS key exporter as described in RFC5705. + [Robin Seggelmann , Steve Henson] + + *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only + a few changes are required: + + Add SSL_OP_NO_TLSv1_1 flag. + Add TLSv1_1 methods. + Update version checking logic to handle version 1.1. + Add explicit IV handling (ported from DTLS code). + Add command line options to s_client/s_server. + [Steve Henson] + Changes between 1.0.0 and 1.0.0a [xx XXX xxxx] *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover diff --git a/ssl/ssl.h b/ssl/ssl.h index 761c6f3c1f..e6244b0011 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1812,6 +1812,10 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, /* Pre-shared secret session resumption functions */ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); +int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, + unsigned char *context, int context_len, + unsigned char *out, int olen); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 5446bb250d..3614b8a30e 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1071,3 +1071,26 @@ int tls1_alert_code(int code) } } +int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, + unsigned char *context, int context_len, + unsigned char *out, int olen) + { + unsigned char *tmp; + int rv; + + tmp = OPENSSL_malloc(olen); + + if (!tmp) + return 0; + + rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2, + label, label_len, + s->s3->client_random,SSL3_RANDOM_SIZE, + s->s3->server_random,SSL3_RANDOM_SIZE, + context, context_len, NULL, 0, + s->session->master_key, s->session->master_key_length, + out, tmp, olen); + + OPENSSL_free(tmp); + return rv; + } -- 2.40.0