Loading CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -198,6 +198,9 @@ security. [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)] *) Add TLS key material exporter from RFC 5705. [Eric Rescorla] *) Add DTLS-SRTP negotiation from RFC 5764. [Eric Rescorla] Loading apps/s_client.c +41 −0 Original line number Diff line number Diff line Loading @@ -206,6 +206,9 @@ static int c_status_req=0; static int c_msg=0; static int c_showcerts=0; static char *keymatexportlabel=NULL; static int keymatexportlen=20; static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); #ifndef OPENSSL_NO_TLSEXT Loading Loading @@ -360,6 +363,8 @@ static void sc_usage(void) #endif BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } #ifndef OPENSSL_NO_TLSEXT Loading Loading @@ -942,6 +947,17 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; srtp_profiles = *(++argv); } else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; keymatexportlabel= *(++argv); } else if (strcmp(*argv,"-keymatexportlen") == 0) { if (--argc < 1) goto bad; keymatexportlen=atoi(*(++argv)); if (keymatexportlen == 0) goto bad; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); Loading Loading @@ -1900,6 +1916,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; #endif unsigned char *exportedkeymat; if (full) { Loading Loading @@ -2045,6 +2062,30 @@ static void print_stuff(BIO *bio, SSL *s, int full) } SSL_SESSION_print(bio,SSL_get_session(s)); if (keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); exportedkeymat = OPENSSL_malloc(keymatexportlen); if (exportedkeymat != NULL) { i = SSL_export_keying_material(s, exportedkeymat, keymatexportlen, keymatexportlabel, strlen(keymatexportlabel), NULL, 0, 0); if (i != keymatexportlen) { BIO_printf(bio, " Error: return value %i\n", i); } else { BIO_printf(bio, " Keying material: "); for (i=0; i<keymatexportlen; i++) BIO_printf(bio, "%02X", exportedkeymat[i]); BIO_printf(bio, "\n"); } OPENSSL_free(exportedkeymat); } } BIO_printf(bio,"---\n"); if (peer != NULL) X509_free(peer); Loading apps/s_server.c +44 −0 Original line number Diff line number Diff line Loading @@ -297,6 +297,9 @@ static int no_resume_ephemeral = 0; static int s_msg=0; static int s_quiet=0; static char *keymatexportlabel=NULL; static int keymatexportlen=20; static int hack=0; #ifndef OPENSSL_NO_ENGINE static char *engine_id=NULL; Loading Loading @@ -548,6 +551,8 @@ static void sv_usage(void) # endif BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } static int local_argc=0; Loading Loading @@ -1332,6 +1337,17 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; srtp_profiles = *(++argv); } else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; keymatexportlabel= *(++argv); } else if (strcmp(*argv,"-keymatexportlen") == 0) { if (--argc < 1) goto bad; keymatexportlen=atoi(*(++argv)); if (keymatexportlen == 0) goto bad; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); Loading Loading @@ -2354,6 +2370,8 @@ static int init_ssl_connection(SSL *con) #ifndef OPENSSL_NO_KRB5 char *client_princ; #endif unsigned char *exportedkeymat; if ((i=SSL_accept(con)) <= 0) { Loading Loading @@ -2425,6 +2443,32 @@ static int init_ssl_connection(SSL *con) #endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); if (keymatexportlabel != NULL) { BIO_printf(bio_s_out, "Keying material exporter:\n"); BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen); exportedkeymat = OPENSSL_malloc(keymatexportlen); if (exportedkeymat != NULL) { i = SSL_export_keying_material(con, exportedkeymat, keymatexportlen, keymatexportlabel, strlen(keymatexportlabel), NULL, 0, 0); if (i != keymatexportlen) { BIO_printf(bio_s_out, " Error: return value %i\n", i); } else { BIO_printf(bio_s_out, " Keying material: "); for (i=0; i<keymatexportlen; i++) BIO_printf(bio_s_out, "%02X", exportedkeymat[i]); BIO_printf(bio_s_out, "\n"); } OPENSSL_free(exportedkeymat); } } return(1); } Loading ssl/d1_lib.c +1 −0 Original line number Diff line number Diff line Loading @@ -82,6 +82,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data={ TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, }; long dtls1_default_timeout(void) Loading ssl/s3_lib.c +3 −0 Original line number Diff line number Diff line Loading @@ -2904,6 +2904,9 @@ SSL3_ENC_METHOD SSLv3_enc_data={ SSL3_MD_CLIENT_FINISHED_CONST,4, SSL3_MD_SERVER_FINISHED_CONST,4, ssl3_alert_code, (int (*)(SSL *, unsigned char *, unsigned int, const char *, unsigned int, const unsigned char *, unsigned int, int use_context))ssl_undefined_function, }; long ssl3_default_timeout(void) Loading Loading
CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -198,6 +198,9 @@ security. [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)] *) Add TLS key material exporter from RFC 5705. [Eric Rescorla] *) Add DTLS-SRTP negotiation from RFC 5764. [Eric Rescorla] Loading
apps/s_client.c +41 −0 Original line number Diff line number Diff line Loading @@ -206,6 +206,9 @@ static int c_status_req=0; static int c_msg=0; static int c_showcerts=0; static char *keymatexportlabel=NULL; static int keymatexportlen=20; static void sc_usage(void); static void print_stuff(BIO *berr,SSL *con,int full); #ifndef OPENSSL_NO_TLSEXT Loading Loading @@ -360,6 +363,8 @@ static void sc_usage(void) #endif BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } #ifndef OPENSSL_NO_TLSEXT Loading Loading @@ -942,6 +947,17 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; srtp_profiles = *(++argv); } else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; keymatexportlabel= *(++argv); } else if (strcmp(*argv,"-keymatexportlen") == 0) { if (--argc < 1) goto bad; keymatexportlen=atoi(*(++argv)); if (keymatexportlen == 0) goto bad; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); Loading Loading @@ -1900,6 +1916,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; #endif unsigned char *exportedkeymat; if (full) { Loading Loading @@ -2045,6 +2062,30 @@ static void print_stuff(BIO *bio, SSL *s, int full) } SSL_SESSION_print(bio,SSL_get_session(s)); if (keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); exportedkeymat = OPENSSL_malloc(keymatexportlen); if (exportedkeymat != NULL) { i = SSL_export_keying_material(s, exportedkeymat, keymatexportlen, keymatexportlabel, strlen(keymatexportlabel), NULL, 0, 0); if (i != keymatexportlen) { BIO_printf(bio, " Error: return value %i\n", i); } else { BIO_printf(bio, " Keying material: "); for (i=0; i<keymatexportlen; i++) BIO_printf(bio, "%02X", exportedkeymat[i]); BIO_printf(bio, "\n"); } OPENSSL_free(exportedkeymat); } } BIO_printf(bio,"---\n"); if (peer != NULL) X509_free(peer); Loading
apps/s_server.c +44 −0 Original line number Diff line number Diff line Loading @@ -297,6 +297,9 @@ static int no_resume_ephemeral = 0; static int s_msg=0; static int s_quiet=0; static char *keymatexportlabel=NULL; static int keymatexportlen=20; static int hack=0; #ifndef OPENSSL_NO_ENGINE static char *engine_id=NULL; Loading Loading @@ -548,6 +551,8 @@ static void sv_usage(void) # endif BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } static int local_argc=0; Loading Loading @@ -1332,6 +1337,17 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; srtp_profiles = *(++argv); } else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; keymatexportlabel= *(++argv); } else if (strcmp(*argv,"-keymatexportlen") == 0) { if (--argc < 1) goto bad; keymatexportlen=atoi(*(++argv)); if (keymatexportlen == 0) goto bad; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); Loading Loading @@ -2354,6 +2370,8 @@ static int init_ssl_connection(SSL *con) #ifndef OPENSSL_NO_KRB5 char *client_princ; #endif unsigned char *exportedkeymat; if ((i=SSL_accept(con)) <= 0) { Loading Loading @@ -2425,6 +2443,32 @@ static int init_ssl_connection(SSL *con) #endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); if (keymatexportlabel != NULL) { BIO_printf(bio_s_out, "Keying material exporter:\n"); BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen); exportedkeymat = OPENSSL_malloc(keymatexportlen); if (exportedkeymat != NULL) { i = SSL_export_keying_material(con, exportedkeymat, keymatexportlen, keymatexportlabel, strlen(keymatexportlabel), NULL, 0, 0); if (i != keymatexportlen) { BIO_printf(bio_s_out, " Error: return value %i\n", i); } else { BIO_printf(bio_s_out, " Keying material: "); for (i=0; i<keymatexportlen; i++) BIO_printf(bio_s_out, "%02X", exportedkeymat[i]); BIO_printf(bio_s_out, "\n"); } OPENSSL_free(exportedkeymat); } } return(1); } Loading
ssl/d1_lib.c +1 −0 Original line number Diff line number Diff line Loading @@ -82,6 +82,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data={ TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE, TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE, tls1_alert_code, tls1_export_keying_material, }; long dtls1_default_timeout(void) Loading
ssl/s3_lib.c +3 −0 Original line number Diff line number Diff line Loading @@ -2904,6 +2904,9 @@ SSL3_ENC_METHOD SSLv3_enc_data={ SSL3_MD_CLIENT_FINISHED_CONST,4, SSL3_MD_SERVER_FINISHED_CONST,4, ssl3_alert_code, (int (*)(SSL *, unsigned char *, unsigned int, const char *, unsigned int, const unsigned char *, unsigned int, int use_context))ssl_undefined_function, }; long ssl3_default_timeout(void) Loading
