diff options
| author |   jsing <jsing@openbsd.org> | 2020-11-16 18:55:15 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-11-16 18:55:15 +0000 |
| commit | 607bf31452c63b312701c91e417c4d2b8e14ba0c (patch) | |
| tree | 27d40968907ad9fec7249e33b14c80c3b07ffee1 /lib/libssl/tls13_internal.h | |
| parent | Prevent exit status from being clobbered on thread exit. (diff) | |
| download | wireguard-openbsd-607bf31452c63b312701c91e417c4d2b8e14ba0c.tar.xz wireguard-openbsd-607bf31452c63b312701c91e417c4d2b8e14ba0c.zip | |
Implement exporter for TLSv1.3.
This implements the key material exporter for TLSv1.3, as defined in
RFC8446 section 7.5.
Issue reported by nmathewson on github.
ok inoguchi@ tb@
Diffstat (limited to 'lib/libssl/tls13_internal.h')
| -rw-r--r-- | lib/libssl/tls13_internal.h | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h index 03a1a6b4b15..ea5f9a14739 100644 --- a/lib/libssl/tls13_internal.h +++ b/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.86 2020/07/30 16:23:17 tb Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.87 2020/11/16 18:55:15 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -148,6 +148,16 @@ void tls13_secrets_destroy(struct tls13_secrets *secrets); int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest, const struct tls13_secret *secret, const char *label, const struct tls13_secret *context); +int tls13_hkdf_expand_label_with_length(struct tls13_secret *out, + const EVP_MD *digest, const struct tls13_secret *secret, + const uint8_t *label, size_t label_len, const struct tls13_secret *context); + +int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest, + const struct tls13_secret *secret, const char *label, + const struct tls13_secret *context); +int tls13_derive_secret_with_label_length(struct tls13_secret *out, + const EVP_MD *digest, const struct tls13_secret *secret, + const uint8_t *label, size_t label_len, const struct tls13_secret *context); int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk, size_t psk_len, const struct tls13_secret *context); @@ -412,6 +422,10 @@ int tls13_error_setx(struct tls13_error *error, int code, int subcode, tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \ (fmt), __VA_ARGS__) +int tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len, + const uint8_t *context_value, size_t context_value_len, uint8_t *out, + size_t out_len); + extern const uint8_t tls13_downgrade_12[8]; extern const uint8_t tls13_downgrade_11[8]; extern const uint8_t tls13_hello_retry_request_hash[32]; |