On Tue, Feb 19, 2019 at 12:42:16PM +0200, Ervin Oro wrote: > According to the proposed standard change in > https://emu-wg.github.io/draft-ietf-emu-eap-tls13/draft-ietf-emu-eap-tls13.html#rfc.section.2.3 That has not yet been published in an actual draft, so I don't want to apply such changes yet. Should it be included in draft-ietf-emu-eap-tls13-04, this could be considered. It would be useful to split this patch into two parts: one to add support for the optional context parameter to the exporter (and that could be applied now) and the other one for modifying EAP-TLS v1.3 to use this (which would wait for the draft to be published). > diff --git a/src/crypto/tls.h b/src/crypto/tls.h > @@ -378,6 +381,13 @@ int __must_check tls_connection_export_key(void *tls_ctx, > const char *label, > u8 *out, size_t out_len); > > +int __must_check tls_connection_export_key2(void *tls_ctx, > + struct tls_connection *conn, > + const char *label, > + const unsigned char *context, > + size_t contextlen, int use_context, > + u8 *out, size_t out_len); I don't see any need for introducing a new function for this. The existing tls_connection_export_key() should be extended with the new parameters instead. There should be no need for that use_context argument either. context != NULL can be used for that implicitly. > diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c > @@ -455,6 +455,15 @@ int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, > } > > > +int tls_connection_export_key2(void *tls_ctx, struct tls_connection *conn, > + const char *label, const unsigned char *context, > + size_t contextlen, int use_context, u8 *out, > + size_t out_len) > +{ > + return -1; > +} It would be straightforward to support this new context argument with the internal TLS implementation. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
