New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add documentation for the SSL_export_keying_material() function #3735
Add documentation for the SSL_export_keying_material() function #3735
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nits.
|
||
=head1 DESCRIPTION | ||
|
||
During the creation of a TLS or DTLS connection shared keying material is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DTLS connection sounds weird but I can't think of any other way to put this.
For a given SSL connection B<s>, B<olen> bytes of data will be written to | ||
B<out>. The application specific context should be supplied in the location | ||
pointed to by B<context> and should be B<contextlen> bytes long. Provision of | ||
a context is optional in the standard. If the context should be omitted entirely |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/in the standard//
An application may need to securely establish the context within which this | ||
keying material will be used. For example this may include identifiers for the | ||
application session, application algorithms or parameters, or the lifetime of | ||
the context. The specific details of the contents of the context are application |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps "The context value is left to the application." ?
Also perhaps add something about that if there are two parties using the key, the context must be exactly the same for each "side" of the communication.
|
||
An application specific label should be provided in the location pointed to by | ||
B<label> and should be B<llen> bytes long. Typically this will be a value from | ||
the IANA Exporter Label Registry. Alternatively labels beginning with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add a url link
7d6ffa8
to
aa86dde
Compare
Update commit pushed addressing comments. |
Pushed. Thanks. |
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #3735)
This adds documentation for the existing SSL_export_keying_material() function. It is a pre-cursor to working on #3680. This is the master version. Separate PRs will be created for the backport to 1.1.0 and 1.0.2.
Checklist