diff options
| author | Arne Schwabe | 2020-08-14 16:51:53 +0200 |
|---|---|---|
| committer | Gert Doering | 2020-08-23 21:49:21 +0200 |
| commit | 10abd656a3ae279cea7344055ce23637b7a62f6b (patch) | |
| tree | 1df36a144356b969012d9b2a49d347ab82ef4270 /src/openvpn/ssl_backend.h | |
| parent | 62560e2a29144ffefec231ae7147eb4e9c7dfebf (diff) | |
| download | openvpn-10abd656a3ae279cea7344055ce23637b7a62f6b.zip openvpn-10abd656a3ae279cea7344055ce23637b7a62f6b.tar.gz | |
Refactor key_state_export_keying_material functions
This refactors the common code between mbed SSL and OpenSSL into
export_user_keying_material and also prepares the backend functions
to export more than one key.
Also fix checking the return value of SSL_export_keying_material
only 1 is a success, -1 is also an error.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Patch V2: Cache secrets for mbed TLS instead generating all ekms
in the call back function
Patch V3: comment is no longer a lie. (fixed doxygen)
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20200814145153.12895-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20739.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl_backend.h')
| -rw-r--r-- | src/openvpn/ssl_backend.h | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index 7f52ab1..cf9fba2 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -394,13 +394,21 @@ void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, * derived from existing TLS channel. This exported keying material can then be * used for a variety of purposes. * - * @param ks_ssl The SSL channel's state info * @param session The session associated with the given key_state - */ - -void -key_state_export_keying_material(struct key_state_ssl *ks_ssl, - struct tls_session *session) __attribute__((nonnull)); + * @param label The label to use when exporting the key + * @param label_size The size of the label to use when exporting the key + * @param ekm_size THe size of the exported/returned key material + * @param gc gc_arena that might be used to allocate the string + * returned + * @returns The exported key material, the caller may zero the + * string but should not free it + */ + +unsigned char* +key_state_export_keying_material(struct tls_session *session, + const char* label, size_t label_size, + size_t ekm_size, + struct gc_arena *gc) __attribute__((nonnull)); /**************************************************************************/ /** @addtogroup control_tls |