SSL export fixes (from Adam Langley).

[openssl.git] / ssl / tls1.h

diff --git a/ssl/tls1.h b/ssl/tls1.h
index f121e042719e1cce6a64b7ffd898e86368cb3892..a3a4d5d57f234f35e193eec34582e7f60aeb67f4 100644 (file)
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -262,8 +262,16 @@ extern "C" {
 
 const char *SSL_get_servername(const SSL *s, const int type);
 int SSL_get_servername_type(const SSL *s);
-int SSL_export_keying_material(SSL *s, unsigned char *out, int olen, 
-        char *label, int llen, unsigned char *p, int plen, int use_context);
+/* SSL_export_keying_material exports a value derived from the master secret,
+ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+ * optional context. (Since a zero length context is allowed, the |use_context|
+ * flag controls whether a context is included.)
+ *
+ * It returns 1 on success and zero otherwise.
+ */
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+       const char *label, size_t llen, const unsigned char *p, size_t plen,
+       int use_context);
 
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)