New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add documentation for the SSL_export_keying_material() function #3735
Closed
mattcaswell
wants to merge
1
commit into
openssl:master
from
mattcaswell:document-export-keying-material
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| =pod | ||
|
|
||
| =head1 NAME | ||
|
|
||
| SSL_export_keying_material - obtain keying material for application use | ||
|
|
||
| =head1 SYNOPSIS | ||
|
|
||
| #include <openssl/ssl.h> | ||
|
|
||
| int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | ||
| const char *label, size_t llen, | ||
| const unsigned char *context, | ||
| size_t contextlen, int use_context); | ||
|
|
||
| =head1 DESCRIPTION | ||
|
|
||
| During the creation of a TLS or DTLS connection shared keying material is | ||
| established between the two endpoints. The function SSL_export_keying_material() | ||
| enables an application to use some of this keying material for its own purposes | ||
| in accordance with RFC5705. | ||
|
|
||
| An application may need to securely establish the context within which this | ||
| keying material will be used. For example this may include identifiers for the | ||
| application session, application algorithms or parameters, or the lifetime of | ||
| the context. The context value is left to the application but must be the same | ||
| on both sides of the communication. | ||
|
|
||
| For a given SSL connection B<s>, B<olen> bytes of data will be written to | ||
| B<out>. The application specific context should be supplied in the location | ||
| pointed to by B<context> and should be B<contextlen> bytes long. Provision of | ||
| a context is optional. If the context should be omitted entirely then | ||
| B<use_context> should be set to 0. Otherwise it should be any other value. If | ||
| B<use_context> is 0 then the values of B<context> and B<contextlen> are ignored. | ||
| Note that a zero length context is treated differently to no context at all, and | ||
| will result in different keying material being returned. | ||
|
|
||
| An application specific label should be provided in the location pointed to by | ||
| B<label> and should be B<llen> bytes long. Typically this will be a value from | ||
| the IANA Exporter Label Registry | ||
| (L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>). | ||
| Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard | ||
| to be used without registration. | ||
|
|
||
| Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and | ||
| above. Attempting to use it in SSLv3 will result in an error. | ||
|
|
||
| =head1 RETURN VALUES | ||
|
|
||
| SSL_export_keying_material() returns 0 or -1 on failure or 1 on success. | ||
|
|
||
| =head1 COPYRIGHT | ||
|
|
||
| Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | ||
|
|
||
| Licensed under the OpenSSL license (the "License"). You may not use | ||
| this file except in compliance with the License. You can obtain a copy | ||
| in the file LICENSE in the source distribution or at | ||
| L<https://www.openssl.org/source/license.html>. | ||
|
|
||
| =cut | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DTLS connection sounds weird but I can't think of any other way to put this.