Function bearssl::br_ssl_key_export
[−]
[src]
pub unsafe extern "C" fn br_ssl_key_export(
cc: *mut br_ssl_engine_context,
dst: *mut c_void,
len: usize,
label: *const c_char,
context: *const c_void,
context_len: usize
) -> c_int
\brief Export key material from a connected SSL engine (RFC 5705).
This calls compute a secret key of arbitrary length from the master
secret of a connected SSL engine. If the provided context is not
currently in "application data" state (initial handshake is not
finished, another handshake is ongoing, or the connection failed or
was closed), then this function returns 0. Otherwise, a secret key of
length len
bytes is computed and written in the buffer pointed to
by dst
, and 1 is returned.
The computed key follows the specification described in RFC 5705.
That RFC includes two key computations, with and without a "context
value". If context
is NULL
, then the variant without context is
used; otherwise, the context_len
bytes located at the address
pointed to by context
are used in the computation. Note that it
is possible to have a "with context" key with a context length of
zero bytes, by setting context
to a non-NULL
value but
context_len
to 0.
When context bytes are used, the context length MUST NOT exceed 65535 bytes.
\param cc SSL engine context.
\param dst destination buffer for exported key.
\param len exported key length (in bytes).
\param label disambiguation label.
\param context context value (or NULL
).
\param context_len context length (in bytes).
\return 1 on success, 0 on error.