ports/security/openssl-unsafe/files/patch-RFC-5705
Bernard Spil b580e6a1fa security/openssl-unsafe: Add OpenSSL port for scanning/testing
- OpenSSL binary and libs for testing and scanning
 - Use with e.g. sslscan or testssl.sh

Differential Revision:	https://reviews.freebsd.org/D9483
2017-10-10 11:47:19 +00:00

37 lines
1.2 KiB
Text

--- ssl/ssl.h.orig 2017-07-06 01:00:00 UTC
+++ ssl/ssl.h
@@ -2598,6 +2598,10 @@ const char *SSL_CIPHER_standard_name(con
const struct openssl_ssl_test_functions *SSL_test_functions(void);
# endif
+void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+ unsigned char *context, int context_len,
+ unsigned char *out, int olen);
+
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
--- ssl/t1_enc.c.orig 2017-07-06 01:00:00 UTC
+++ ssl/t1_enc.c
@@ -1461,6 +1461,21 @@ int tls1_export_keying_material(SSL *s,
return (rv);
}
+void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+ unsigned char *context, int context_len,
+ unsigned char *out, int olen)
+ {
+ unsigned char tmp[olen];
+
+ tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+ label, label_len,
+ s->s3->client_random,SSL3_RANDOM_SIZE,
+ s->s3->server_random,SSL3_RANDOM_SIZE,
+ context, context_len, NULL, 0,
+ s->session->master_key, s->session->master_key_length,
+ out, tmp, olen);
+ }
+
int tls1_alert_code(int code)
{
switch (code) {