SSL export fixes (from Adam Langley) [original from 1.0.1]

[openssl.git] / ssl / tls1.h

diff --git a/ssl/tls1.h b/ssl/tls1.h
index 49575e79890759c2a126118d4e9a0fad66de3789..c5e3a70022b5ac5c13b1176db53ad6757af1bcb0 100644 (file)
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -265,8 +265,16 @@ extern "C" {
 
 const char *SSL_get_servername(const SSL *s, const int type);
 int SSL_get_servername_type(const SSL *s);
-int SSL_export_keying_material(SSL *s, unsigned char *out, int olen, 
-        char *label, int llen, unsigned char *p, int plen, int use_context);
+/* SSL_export_keying_material exports a value derived from the master secret,
+ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+ * optional context. (Since a zero length context is allowed, the |use_context|
+ * flag controls whether a context is included.)
+ *
+ * It returns 1 on success and zero otherwise.
+ */
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+       const char *label, size_t llen, const unsigned char *p, size_t plen,
+       int use_context);
 
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)