Commit 5eb72736 authored by Matt Caswell's avatar Matt Caswell
Browse files

Document SSL_SESSION_set1_master_key() 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
parent 7721978c

doc/man3/SSL_get_client_random.pod

+22 −7
Original line number Diff line number Diff line
@@ -2,7 +2,11 @@ 


=head1 NAME



SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retrieve internal TLS/SSL random values and master key

SSL_get_client_random,

SSL_get_server_random,

SSL_SESSION_get_master_key,

SSL_SESSION_set1_master_key

- get internal TLS/SSL random values and get/set master key



=head1 SYNOPSIS
@@ -12,6 +16,8 @@ SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retri 
 size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);

 size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,

                                   unsigned char *out, size_t outlen);

 int SSL_SESSION_set1_master_key(SSL_SESSION *sess, unsigned char *in,

                                 size_t len);



=head1 DESCRIPTION
@@ -30,6 +36,13 @@ SSL_SESSION_get_master_key() behaves the same, but extracts the master 
secret used to guarantee the security of the SSL/TLS session.  This one

can be dangerous if misused; see NOTES below.



SSL_SESSION_set1_master_key() sets the master key value associated with the

SSL_SESSION B<sess>. For example, this could be used to set up a session based

PSK (see L<SSL_CTX_set_psk_use_session_callback(3)>). The master key of length

B<len> should be provided at B<in>. A copy of the supplied master key is taken

by the function, so the caller is responsible for freeing and cleaning any

memory associated with B<in>. The caller must ensure that the length of the ke

is suitable for the ciphersuite associated with the SSL_SESSION.



=head1 NOTES
@@ -64,22 +77,24 @@ values based on their view of the current time. 


=head1 RETURN VALUES



If B<outlen> is greater than 0, these functions return the number of bytes

actually copied, which will be less than or equal to B<outlen>.

SSL_SESSION_set1_master_key() returns 1 on success or 0 on failure.



If B<outlen> is 0, these functions return the maximum number

For the other functions, if B<outlen> is greater than 0 then these functions

return the number of bytes actually copied, which will be less than or equal to

B<outlen>. If B<outlen> is 0 then these functions return the maximum number

of bytes they would copy -- that is, the length of the underlying field.



=head1 SEE ALSO



L<ssl(7)>,

L<RAND_bytes(3)>,

L<SSL_export_keying_material(3)>

L<SSL_export_keying_material(3)>,

L<SSL_CTX_set_psk_use_session_callback(3)>





=head1 COPYRIGHT



Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.



Licensed under the OpenSSL license (the "License").  You may not use

this file except in compliance with the License.  You can obtain a copy