diff options
| author | Benjamin Saunders <[email protected]> | 2018-05-17 13:16:41 -0700 |
|---|---|---|
| committer | Benjamin Saunders <[email protected]> | 2018-05-17 13:16:41 -0700 |
| commit | 69c75a178bbc70dd10d0d69ac8bf9e842cf4ff1f (patch) | |
| tree | 4a8353de056a04581cbffcc272d4d9a5e01056ce | |
| parent | Expose max TLS1.3 early data accessors (diff) | |
| download | rust-openssl-69c75a178bbc70dd10d0d69ac8bf9e842cf4ff1f.tar.xz rust-openssl-69c75a178bbc70dd10d0d69ac8bf9e842cf4ff1f.zip | |
Expose early keying material export
| -rw-r--r-- | openssl-sys/src/openssl/v111.rs | 10 | ||||
| -rw-r--r-- | openssl/src/ssl/mod.rs | 27 |
2 files changed, 37 insertions, 0 deletions
diff --git a/openssl-sys/src/openssl/v111.rs b/openssl-sys/src/openssl/v111.rs index e284ff98..4a3f9560 100644 --- a/openssl-sys/src/openssl/v111.rs +++ b/openssl-sys/src/openssl/v111.rs @@ -89,4 +89,14 @@ extern "C" { pub fn SSL_get_max_early_data(ctx: *const ::SSL) -> u32; pub fn SSL_SESSION_set_max_early_data(ctx: *mut ::SSL_SESSION, max_early_data: u32) -> c_int; pub fn SSL_SESSION_get_max_early_data(ctx: *const ::SSL_SESSION) -> u32; + + pub fn SSL_export_keying_material_early( + s: *mut ::SSL, + out: *mut c_uchar, + olen: size_t, + label: *const c_char, + llen: size_t, + context: *const c_uchar, + contextlen: size_t, + ) -> c_int; } diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 33ffa737..78ae2267 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -2498,6 +2498,33 @@ impl SslRef { } } + /// Derives keying material for application use in accordance to RFC 5705. + /// + /// Requires OpenSSL 1.1.1 or newer. + /// + /// This corresponds to [`SSL_export_keying_material_early`]. + /// + /// [`SSL_export_keying_material_early`]: https://www.openssl.org/docs/manmaster/man3/SSL_export_keying_material_early.html + #[cfg(ossl111)] + pub fn export_keying_material_early( + &self, + out: &mut [u8], + label: &str, + context: &[u8], + ) -> Result<(), ErrorStack> { + unsafe { + cvt(ffi::SSL_export_keying_material_early( + self.as_ptr(), + out.as_mut_ptr() as *mut c_uchar, + out.len(), + label.as_ptr() as *const c_char, + label.len(), + context.as_ptr() as *const c_uchar, + context.len(), + )).map(|_| ()) + } + } + /// Sets the session to be used. /// /// This should be called before the handshake to attempt to reuse a previously established |