head	1.1;
access;
symbols
	RELEASE_8_3_0:1.1
	RELEASE_9_0_0:1.1;
locks; strict;
comment	@# @;


1.1
date	2011.09.07.18.10.58;	author dinoex;	state Exp;
branches;
next	;


desc
@@


1.1
log
@- Security update to 1.0.0e
Security: http://openssl.org/news/secadv_20110906.txt

- drop option TLS_EXTRACTOR, now in distribution

- add RFC-5705 patch
Obtained from:	OpenBSD
@
text
@--- ssl/ssl.h	6 Jan 2010 17:37:38 -0000	1.221.2.24
+++ ssl/ssl.h	17 Jun 2010 12:25:35 -0000
@@@@ -1806,6 +1806,10 @@@@
 /* Pre-shared secret session resumption functions */
 int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 
+void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+                           unsigned char *context, int context_len,
+                           unsigned char *out, int olen);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.

--- ssl/t1_enc.c	15 Jun 2010 17:25:15 -0000	1.57.2.3
+++ ssl/t1_enc.c	17 Jun 2010 12:25:35 -0000
@@@@ -1043,3 +1043,17 @@@@
 		}
 	}
 
+void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+                           unsigned char *context, int context_len,
+                           unsigned char *out, int olen)
+	{
+	unsigned char tmp[olen];
+	
+	tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+			 label, label_len,
+			 s->s3->client_random,SSL3_RANDOM_SIZE,
+			 s->s3->server_random,SSL3_RANDOM_SIZE,
+			 context, context_len, NULL, 0,
+			 s->session->master_key, s->session->master_key_length,
+			 out, tmp, olen);
+	}
@
