PR: 1830

     multi-process servers.

     [Steve Henson]

  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only

     a few changes are required:

       Add SSL_OP_NO_TLSv1_1 flag.

       Add TLSv1_1 methods.

       Update version checking logic to handle version 1.1.

       Add explicit IV handling (ported from DTLS code).

       Add command line options to s_client/s_server.

     [Steve Henson]

  *) Experiemental password based recipient info support for CMS library:

     implementing RFC3211.

     [Steve Henson]

     whose return value is often ignored. 

     [Steve Henson]

 Changes between 1.0.0 and 1.0.1  [xx XXX xxxx]

  *) Add support for TLS key exporter as described in RFC5705.

     [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]

  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only

     a few changes are required:

       Add SSL_OP_NO_TLSv1_1 flag.

       Add TLSv1_1 methods.

       Update version checking logic to handle version 1.1.

       Add explicit IV handling (ported from DTLS code).

       Add command line options to s_client/s_server.

     [Steve Henson]

 Changes between 1.0.0 and 1.0.0a  [xx XXX xxxx]

  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 

/* Pre-shared secret session resumption functions */

int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);

int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,

                           unsigned char *context, int context_len,

                           unsigned char *out, int olen);

/* BEGIN ERROR CODES */

/* The following lines are auto generated by the script mkerr.pl. Any changes

 * made after this point may be overwritten when the script is next run.

		}

	}

int SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,

                           unsigned char *context, int context_len,

                           unsigned char *out, int olen)

	{

	unsigned char *tmp;

	int rv;

	tmp = OPENSSL_malloc(olen);

	if (!tmp)

		return 0;

	rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,

			 label, label_len,

			 s->s3->client_random,SSL3_RANDOM_SIZE,

			 s->s3->server_random,SSL3_RANDOM_SIZE,

			 context, context_len, NULL, 0,

			 s->session->master_key, s->session->master_key_length,

			 out, tmp, olen);

	OPENSSL_free(tmp);

	return rv;

	}