1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\" Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] \fP
.\}
.if t \{\
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
.if n \{\
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
.if t \{\
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
. \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
. \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "SSL_GET_CLIENT_RANDOM 3ossl"
.TH SSL_GET_CLIENT_RANDOM 3ossl "2023-09-19" "3.0.11" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
SSL_get_client_random,
SSL_get_server_random,
SSL_SESSION_get_master_key,
SSL_SESSION_set1_master_key
\&\- get internal TLS/SSL random values and get/set master key
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ssl.h>
\&
\& size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
\& size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
\& size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
\& unsigned char *out, size_t outlen);
\& int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
\& size_t len);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fBSSL_get_client_random()\fR extracts the random value sent from the client
to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many
bytes as it can of this value into the buffer provided in \fBout\fR,
which must have at least \fBoutlen\fR bytes available. It returns the
total number of bytes that were actually copied. If \fBoutlen\fR is
zero, \fBSSL_get_client_random()\fR copies nothing, and returns the
total size of the client_random value.
.PP
\&\fBSSL_get_server_random()\fR behaves the same, but extracts the random value
sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake.
.PP
\&\fBSSL_SESSION_get_master_key()\fR behaves the same, but extracts the master
secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one
can be dangerous if misused; see \s-1NOTES\s0 below.
.PP
\&\fBSSL_SESSION_set1_master_key()\fR sets the master key value associated with the
\&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based
\&\s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length
\&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the
function, so the caller is responsible for freeing and cleaning any memory
associated with \fBin\fR. The caller must ensure that the length of the key is
suitable for the ciphersuite associated with the \s-1SSL_SESSION.\s0
.SH "NOTES"
.IX Header "NOTES"
You probably shouldn't use these functions.
.PP
These functions expose internal values from the \s-1TLS\s0 handshake, for
use in low-level protocols. You probably should not use them, unless
you are implementing something that needs access to the internal protocol
details.
.PP
Despite the names of \fBSSL_get_client_random()\fR and \fBSSL_get_server_random()\fR, they
\&\s-1ARE NOT\s0 random number generators. Instead, they return the mostly-random values that
were already generated and used in the \s-1TLS\s0 protocol. Using them
in place of \fBRAND_bytes()\fR would be grossly foolish.
.PP
The security of your \s-1TLS\s0 session depends on keeping the master key secret:
do not expose it, or any information about it, to anybody.
If you need to calculate another secret value that depends on the master
secret, you should probably use \fBSSL_export_keying_material()\fR instead, and
forget that you ever saw these functions.
.PP
In current versions of the \s-1TLS\s0 protocols, the length of client_random
(and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for
other outlen arguments to the SSL_get_*\fB_random()\fR functions is provided
in case of the unlikely event that a future version or variant of \s-1TLS\s0
uses some other length there.
.PP
Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called
\&\*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those
values based on their view of the current time.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fBSSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure.
.PP
For the other functions, if \fBoutlen\fR is greater than 0 then these functions
return the number of bytes actually copied, which will be less than or equal to
\&\fBoutlen\fR. If \fBoutlen\fR is 0 then these functions return the maximum number
of bytes they would copy \*(-- that is, the length of the underlying field.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBssl\fR\|(7),
\&\fBRAND_bytes\fR\|(3),
\&\fBSSL_export_keying_material\fR\|(3),
\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.
|
