From 29e4fea2b26985a422381919c1d9afa510db271a Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sat, 17 Feb 2018 15:32:20 +0000
Subject: [PATCH] Provide SSL_SESSION_get_master_key()

---
 lib/libssl/Symbols.list |  1 +
 lib/libssl/ssl.h        |  4 +++-
 lib/libssl/ssl_sess.c   | 19 ++++++++++++++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list
index 90e73becd77..b20f29a3281 100644
--- a/lib/libssl/Symbols.list
+++ b/lib/libssl/Symbols.list
@@ -134,6 +134,7 @@ SSL_SESSION_get_compress_id
 SSL_SESSION_get_ex_data
 SSL_SESSION_get_ex_new_index
 SSL_SESSION_get_id
+SSL_SESSION_get_master_key
 SSL_SESSION_get_time
 SSL_SESSION_get_timeout
 SSL_SESSION_new
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 692bd1a3950..1b7a3fbeba1 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.139 2018/02/17 15:19:43 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.140 2018/02/17 15:32:20 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1277,6 +1277,8 @@ const char *SSL_state_string(const SSL *s);
 const char *SSL_rstate_string(const SSL *s);
 const char *SSL_state_string_long(const SSL *s);
 const char *SSL_rstate_string_long(const SSL *s);
+size_t	SSL_SESSION_get_master_key(const SSL_SESSION *ss,
+	    unsigned char *out, size_t max_out);
 long	SSL_SESSION_get_time(const SSL_SESSION *s);
 long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long	SSL_SESSION_get_timeout(const SSL_SESSION *s);
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 59d7d9ec24f..70c6daa22d7 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.71 2017/04/10 17:27:33 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.72 2018/02/17 15:32:20 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -753,6 +753,23 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
 	return (ret);
 }
 
+size_t
+SSL_SESSION_get_master_key(const SSL_SESSION *ss, unsigned char *out,
+    size_t max_out)
+{
+	size_t len = ss->master_key_length;
+
+	if (out == NULL)
+		return len;
+
+	if (len > max_out)
+		len = max_out;
+
+	memcpy(out, ss->master_key, len);
+
+	return len;
+}
+
 long
 SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
 {
-- 
2.20.1