Here is an up to date version of the patch for OpenSSL 1.0.1, adding the TLS Key Exporter, as described in RFC 5705.
--- ssl/ssl.h 6 Jan 2010 17:37:38 -0000 1.221.2.24
+++ ssl/ssl.h 17 Jun 2010 12:25:35 -0000
@@ -1806,6 +1806,10 @@
/* Pre-shared secret session resumption functions */
int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn
tls_session_secret_cb, void *arg);
+void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+ unsigned char *context, int context_len,
+ unsigned char *out, int olen);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
--- ssl/t1_enc.c 15 Jun 2010 17:25:15 -0000 1.57.2.3
+++ ssl/t1_enc.c 17 Jun 2010 12:25:35 -0000
@@ -1043,3 +1043,17 @@
}
}
+void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+ unsigned char *context, int context_len,
+ unsigned char *out, int olen)
+ {
+ unsigned char tmp[olen];
+
+ tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ label, label_len,
+ s->s3->client_random,SSL3_RANDOM_SIZE,
+ s->s3->server_random,SSL3_RANDOM_SIZE,
+ context, context_len, NULL, 0,
+ s->session->master_key, s->session->master_key_length,
+ out, tmp, olen);
+ }
tls-exporter.patch
Description: Binary data
