This patch adds the TLS key material extractor described in http://
http://www.ietf.org/internet-drafts/...tractor-03.txt.


--- ssl/t1_enc.c~ 2008-09-13 20:25:36.000000000 +0200
+++ ssl/t1_enc.c 2008-11-06 14:58:57.000000000 +0100
@@ -862,3 +862,24 @@
}
}

+void SSL_tls1_key_extractor(SSL *s, unsigned char *label, int
label_len,
+ unsigned char
*context, int context_len,
+ unsigned char
*out, int olen)
+ {
+ unsigned char buf[label_len + 2 * SSL3_RANDOM_SIZE +
context_len];
+ unsigned char tmp[olen], *p;
+ int n;
+
+ p = buf;
+ memcpy(p, label, label_len);
+ p += label_len;
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+ memcpy(p, context, context_len);
+
+ tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,sizeof(buf),
+ s->session->master_key,s->session-
>master_key_length,

+ out, tmp,olen);
+ }


--- ssl/ssl.h~ 2008-08-13 21:44:44.000000000 +0200
+++ ssl/ssl.h 2008-11-06 14:57:05.000000000 +0100
@@ -1632,6 +1632,10 @@
int SSL_COMP_add_compression_method(int id,void *cm);
#endif

+void SSL_tls1_key_extractor(SSL *s, unsigned char *label, int
label_len,
+ unsigned char
*context, int context_len,
+ unsigned char
*out, int olen);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl.
Any changes
* made after this point may be overwritten when the script is next
run.



__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org