diff options
| author | Daniel Kubec <niel@rtfm.cz> | 2015-03-12 15:14:20 +0100 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2015-10-10 00:02:40 +0200 |
| commit | 685e486e8b8f70c25f09590c24762ff734f94a51 (patch) | |
| tree | 2352755e34a75ea39f48497d6fb7dc7469330294 /src/openvpn/ssl_backend.h | |
| parent | 7246ccfdbe6039c5c578ecaa07505307d53b8e84 (diff) | |
| download | openvpn-685e486e8b8f70c25f09590c24762ff734f94a51.tar.gz openvpn-685e486e8b8f70c25f09590c24762ff734f94a51.tar.xz openvpn-685e486e8b8f70c25f09590c24762ff734f94a51.zip | |
Added support for TLS Keying Material Exporters [RFC-5705]
Keying Material Exporter [RFC-5705] allow additional keying material to be
derived from existing TLS channel. This exported keying material can then be
used for a variety of purposes.
[DS: Updated man page to document both upper and lower length boundaries]
Signed-off-by: Daniel Kubec <niel@rtfm.cz>
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com
Acked-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'src/openvpn/ssl_backend.h')
| -rw-r--r-- | src/openvpn/ssl_backend.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index b0777bf..99930e5 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -334,6 +334,19 @@ void key_state_ssl_init(struct key_state_ssl *ks_ssl, */ void key_state_ssl_free(struct key_state_ssl *ks_ssl); +/** + * Keying Material Exporters [RFC 5705] allows additional keying material to be + * derived from existing TLS channel. This exported keying material can then be + * used for a variety of purposes. + * + * @param ks_ssl The SSL channel's state info + * @param session The session associated with the given key_state + */ + +void +key_state_export_keying_material(struct key_state_ssl *ks_ssl, + struct tls_session *session) __attribute__((nonnull)); + /**************************************************************************/ /** @addtogroup control_tls * @{ */ |