From ca86616f46aeda90888c0dc1a6784c014867e999 Mon Sep 17 00:00:00 2001
From: schwarze <>
Date: Mon, 21 Aug 2017 10:10:25 +0000
Subject: import SSL_export_keying_material(3) from OpenSSL

---
 src/lib/libssl/man/Makefile                     |   3 +-
 src/lib/libssl/man/SSL_export_keying_material.3 | 127 ++++++++++++++++++++++++
 src/lib/libssl/man/ssl.3                        |   5 +-
 3 files changed, 132 insertions(+), 3 deletions(-)
 create mode 100644 src/lib/libssl/man/SSL_export_keying_material.3

(limited to 'src/lib')

diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
index ab11293d1c..96daeb8975 100644
--- a/src/lib/libssl/man/Makefile
+++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.58 2017/08/19 23:45:10 schwarze Exp $
+# $OpenBSD: Makefile,v 1.59 2017/08/21 10:10:25 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -65,6 +65,7 @@ MAN =	BIO_f_ssl.3 \
 	SSL_do_handshake.3 \
 	SSL_dup.3 \
 	SSL_dup_CA_list.3 \
+	SSL_export_keying_material.3 \
 	SSL_free.3 \
 	SSL_get_SSL_CTX.3 \
 	SSL_get_certificate.3 \
diff --git a/src/lib/libssl/man/SSL_export_keying_material.3 b/src/lib/libssl/man/SSL_export_keying_material.3
new file mode 100644
index 0000000000..613446a275
--- /dev/null
+++ b/src/lib/libssl/man/SSL_export_keying_material.3
@@ -0,0 +1,127 @@
+.\"	$OpenBSD: SSL_export_keying_material.3,v 1.1 2017/08/21 10:10:25 schwarze Exp $
+.\"	OpenSSL a599574b Jun 28 17:18:27 2017 +0100
+.\"	OpenSSL 23cec1f4 Jun 21 13:55:02 2017 +0100
+.\"
+.\" This file was written by Matt Caswell <matt@openssl.org>.
+.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 21 2017 $
+.Dt SSL_EXPORT_KEYING_MATERIAL 3
+.Os
+.Sh NAME
+.Nm SSL_export_keying_material
+.Nd obtain keying material for application use
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft int
+.Fo SSL_export_keying_material
+.Fa "SSL *s"
+.Fa "unsigned char *out"
+.Fa "size_t olen"
+.Fa "const char *label"
+.Fa "size_t llen"
+.Fa "const unsigned char *context"
+.Fa "size_t contextlen"
+.Fa "int use_context"
+.Fc
+.Sh DESCRIPTION
+During the creation of a TLS or DTLS connection,
+shared keying material is established between the two endpoints.
+The function
+.Fn SSL_export_keying_material
+enables an application to use some of this keying material
+for its own purposes in accordance with RFC 5705.
+.Pp
+An application may need to securely establish the context
+within which this keying material will be used.
+For example, this may include identifiers for the application session,
+application algorithms or parameters, or the lifetime of the context.
+The context value is left to the application but must be the same on
+both sides of the communication.
+.Pp
+For a given SSL connection
+.Fa s ,
+.Fa olen
+bytes of data will be written to
+.Fa out .
+The application specific context should be supplied
+in the location pointed to by
+.Fa context
+and should be
+.Fa contextlen
+bytes long.
+Provision of a context is optional.
+If the context should be omitted entirely, then
+.Fa use_context
+should be set to 0.
+Otherwise it should be any other value.
+If
+.Fa use_context
+is 0, then the values of
+.Fa context
+and
+.Fa contextlen
+are ignored.
+.Pp
+In TLSv1.2 and below, a zero length context is treated differently
+from no context at all, and will result in different keying material
+being returned.
+.Pp
+An application specific label should be provided in the location pointed
+to by
+.Fa label
+and should be
+.Fa llen
+bytes long.
+Typically this will be a value from the
+.Lk https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels "IANA Exporter Label Registry" .
+.Pp
+Alternatively, labels beginning with "EXPERIMENTAL" are permitted by the
+standard to be used without registration.
+.Sh RETURN VALUES
+.Fn SSL_export_keying_material
+returns 1 on success or 0 or -1 on failure.
diff --git a/src/lib/libssl/man/ssl.3 b/src/lib/libssl/man/ssl.3
index fe72bbc4d2..9f3f121b32 100644
--- a/src/lib/libssl/man/ssl.3
+++ b/src/lib/libssl/man/ssl.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssl.3,v 1.10 2017/08/19 23:45:10 schwarze Exp $
+.\"	$OpenBSD: ssl.3,v 1.11 2017/08/21 10:10:25 schwarze Exp $
 .\"	OpenSSL e330f55d Nov 11 00:51:04 2016 +0100
 .\"
 .\" This file was written by Ralf S. Engelschall <rse@openssl.org>,
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 19 2017 $
+.Dd $Mdocdate: August 21 2017 $
 .Dt SSL 3
 .Os
 .Sh NAME
@@ -285,6 +285,7 @@ I/O:
 .Pp
 Accessors:
 .Xr SSL_copy_session_id 3 ,
+.Xr SSL_export_keying_material 3 ,
 .Xr SSL_get_SSL_CTX 3 ,
 .Xr SSL_get_certificate 3 ,
 .Xr SSL_get_default_timeout 3 ,
-- 
cgit v1.2.3-55-g6feb