From 5eb7273669e5dc05c9b744cbba5a2a2915827746 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 14 Jun 2017 10:37:25 +0100
Subject: Document SSL_SESSION_set1_master_key()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3670)
---
 doc/man3/SSL_get_client_random.pod | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

(limited to 'doc')

diff --git a/doc/man3/SSL_get_client_random.pod b/doc/man3/SSL_get_client_random.pod
index 7f4e753582..d6918f8dbe 100644
--- a/doc/man3/SSL_get_client_random.pod
+++ b/doc/man3/SSL_get_client_random.pod
@@ -2,7 +2,11 @@
 
 =head1 NAME
 
-SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retrieve internal TLS/SSL random values and master key
+SSL_get_client_random,
+SSL_get_server_random,
+SSL_SESSION_get_master_key,
+SSL_SESSION_set1_master_key
+- get internal TLS/SSL random values and get/set master key
 
 =head1 SYNOPSIS
 
@@ -12,6 +16,8 @@ SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retri
  size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
  size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
                                    unsigned char *out, size_t outlen);
+ int SSL_SESSION_set1_master_key(SSL_SESSION *sess, unsigned char *in,
+                                 size_t len);
 
 =head1 DESCRIPTION
 
@@ -30,6 +36,13 @@ SSL_SESSION_get_master_key() behaves the same, but extracts the master
 secret used to guarantee the security of the SSL/TLS session.  This one
 can be dangerous if misused; see NOTES below.
 
+SSL_SESSION_set1_master_key() sets the master key value associated with the
+SSL_SESSION B<sess>. For example, this could be used to set up a session based
+PSK (see L<SSL_CTX_set_psk_use_session_callback(3)>). The master key of length
+B<len> should be provided at B<in>. A copy of the supplied master key is taken
+by the function, so the caller is responsible for freeing and cleaning any
+memory associated with B<in>. The caller must ensure that the length of the ke
+is suitable for the ciphersuite associated with the SSL_SESSION.
 
 =head1 NOTES
 
@@ -64,22 +77,24 @@ values based on their view of the current time.
 
 =head1 RETURN VALUES
 
-If B<outlen> is greater than 0, these functions return the number of bytes
-actually copied, which will be less than or equal to B<outlen>.
+SSL_SESSION_set1_master_key() returns 1 on success or 0 on failure.
 
-If B<outlen> is 0, these functions return the maximum number
-of bytes they would copy--that is, the length of the underlying field.
+For the other functions, if B<outlen> is greater than 0 then these functions
+return the number of bytes actually copied, which will be less than or equal to
+B<outlen>. If B<outlen> is 0 then these functions return the maximum number
+of bytes they would copy -- that is, the length of the underlying field.
 
 =head1 SEE ALSO
 
 L<ssl(7)>,
 L<RAND_bytes(3)>,
-L<SSL_export_keying_material(3)>
+L<SSL_export_keying_material(3)>,
+L<SSL_CTX_set_psk_use_session_callback(3)>
 
 
 =head1 COPYRIGHT
 
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
-- 
cgit v1.2.3