diff --git a/doc/ssl/SSL_get_client_random.pod b/doc/ssl/SSL_get_client_random.pod
index bec45d7e0eafa77c336d911b946d7b084a1fe149..75a5c33d2217f0d352dfa49b8667d86020d723bc 100644
--- a/doc/ssl/SSL_get_client_random.pod
+++ b/doc/ssl/SSL_get_client_random.pod
@@ -8,9 +8,9 @@ SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retri
 
  #include <openssl/ssl.h>
 
- int SSL_get_client_random(const SSL *ssl, unsigned char *out, int outlen);
- int SSL_get_server_random(const SSL *ssl, unsigned char *out, int outlen);
- int SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, int outlen);
+ int SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
+ int SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
+ int SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen);
 
 =head1 DESCRIPTION
 
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index e52fbb5a13fe43e7a2831e4737d7049a5cddf723..261e399640f468891de1eabef26d2be48ee3c372 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1652,9 +1652,12 @@ void SSL_set_state(SSL *ssl, int state);
 void SSL_set_verify_result(SSL *ssl, long v);
 __owur long SSL_get_verify_result(const SSL *ssl);
 
-__owur int SSL_get_client_random(const SSL *ssl, unsigned char *out, int outlen);
-__owur int SSL_get_server_random(const SSL *ssl, unsigned char *out, int outlen);
-__owur int SSL_SESSION_get_master_key(const SSL_SESSION *ssl, unsigned char *out, int outlen);
+__owur int SSL_get_client_random(const SSL *ssl, unsigned char *out,
+                                 size_t outlen);
+__owur int SSL_get_server_random(const SSL *ssl, unsigned char *out,
+                                 size_t outlen);
+__owur int SSL_SESSION_get_master_key(const SSL_SESSION *ssl,
+                                      unsigned char *out, size_t outlen);
 
 __owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
 void *SSL_get_ex_data(const SSL *ssl, int idx);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 081f27a73e92ee81f1ae3ad9af477b2ad683547b..f046770756c0def1c02888171d027144e6a85978 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2897,9 +2897,9 @@ long SSL_get_verify_result(const SSL *ssl)
     return (ssl->verify_result);
 }
 
-int SSL_get_client_random(const SSL *ssl, unsigned char *out, int outlen)
+int SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
 {
-    if (outlen < 0)
+    if (outlen == 0)
         return sizeof(ssl->s3->client_random);
     if (outlen > sizeof(ssl->s3->client_random))
         outlen = sizeof(ssl->s3->client_random);
@@ -2907,9 +2907,9 @@ int SSL_get_client_random(const SSL *ssl, unsigned char *out, int outlen)
     return (outlen);
 }
 
-int SSL_get_server_random(const SSL *ssl, unsigned char *out, int outlen)
+int SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
 {
-    if (outlen < 0)
+    if (outlen == 0)
         return sizeof(ssl->s3->server_random);
     if (outlen > sizeof(ssl->s3->server_random))
         outlen = sizeof(ssl->s3->server_random);
@@ -2918,11 +2918,15 @@ int SSL_get_server_random(const SSL *ssl, unsigned char *out, int outlen)
 }
 
 int SSL_SESSION_get_master_key(const SSL_SESSION *session,
-                               unsigned char *out, int outlen)
+                               unsigned char *out, size_t outlen)
 {
-    if (outlen < 0)
+    if (outlen == 0)
         return session->master_key_length;
-    if (outlen > session->master_key_length)
+    if (session->master_key_length < 0) {
+        /* Should never happen */
+        return 0;
+    }
+    if (outlen > (size_t)session->master_key_length)
         outlen = session->master_key_length;
     memcpy(out, session->master_key, outlen);
     return (outlen);