Add documentation for the SSL_export_keying_material() function #3735
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jun 21, 2017
richsalz
approved these changes
Jun 21, 2017
|
|
||
| =head1 DESCRIPTION | ||
|
|
||
| During the creation of a TLS or DTLS connection shared keying material is |
There was a problem hiding this comment.
DTLS connection sounds weird but I can't think of any other way to put this.
| For a given SSL connection B<s>, B<olen> bytes of data will be written to | ||
| B<out>. The application specific context should be supplied in the location | ||
| pointed to by B<context> and should be B<contextlen> bytes long. Provision of | ||
| a context is optional in the standard. If the context should be omitted entirely |
| An application may need to securely establish the context within which this | ||
| keying material will be used. For example this may include identifiers for the | ||
| application session, application algorithms or parameters, or the lifetime of | ||
| the context. The specific details of the contents of the context are application |
There was a problem hiding this comment.
Perhaps "The context value is left to the application." ?
Also perhaps add something about that if there are two parties using the key, the context must be exactly the same for each "side" of the communication.
|
|
||
| An application specific label should be provided in the location pointed to by | ||
| B<label> and should be B<llen> bytes long. Typically this will be a value from | ||
| the IANA Exporter Label Registry. Alternatively labels beginning with |
mattcaswell
force-pushed
the
document-export-keying-material
branch
from
7d6ffa8
to
aa86dde
Compare
|
Update commit pushed addressing comments. |
richsalz
approved these changes
Jun 21, 2017
richsalz
added
the
approval: done
|
Pushed. Thanks. |
levitte
pushed a commit
that referenced
this pull request
Jun 21, 2017
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #3735)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds documentation for the existing SSL_export_keying_material() function. It is a pre-cursor to working on #3680. This is the master version. Separate PRs will be created for the backport to 1.1.0 and 1.0.2.
Checklist