[thirdparty/openssl.git] / doc / man3 / SSL_get_client_random.pod

=pod

=head1 NAME

SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retrieve internal TLS/SSL random values and master key

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
 size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
 size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen);

=head1 DESCRIPTION

SSL_get_client_random() extracts the random value sent from the client
to the server during the initial SSL/TLS handshake.  It copies as many
bytes as it can of this value into the buffer provided in B<out>,
which must have at least B<outlen> bytes available. It returns the
total number of bytes that were actually copied.  If B<outlen> is
zero, SSL_get_client_random() copies nothing, and returns the
total size of the client_random value.

SSL_get_server_random() behaves the same, but extracts the random value
sent from the server to the client during the initial SSL/TLS handshake.

SSL_SESSION_get_master_key() behaves the same, but extracts the master
secret used to guarantee the security of the SSL/TLS session.  This one
can be dangerous if misused; see NOTES below.


=head1 NOTES

You probably shouldn't use these functions.

These functions expose internal values from the TLS handshake, for
use in low-level protocols.  You probably should not use them, unless
you are implementing something that needs access to the internal protocol
details.

Despite the names of SSL_get_client_random() and SSL_get_server_random(), they
ARE NOT random number generators.  Instead, they return the mostly-random values that
were already generated and used in the TLS protocol.  Using them
in place of RAND_bytes() would be grossly foolish.

The security of your TLS session depends on keeping the master key secret:
do not expose it, or any information about it, to anybody.
If you need to calculate another secret value that depends on the master
secret, you should probably use SSL_export_keying_material() instead, and
forget that you ever saw these functions.

In current versions of the TLS protocols, the length of client_random
(and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for
other outlen arguments to the SSL_get_*_random() functions is provided
in case of the unlikely event that a future version or variant of TLS
uses some other length there.

Finally, though the "client_random" and "server_random" values are called
"random", many TLS implementations will generate four bytes of those
values based on their view of the current time.


=head1 RETURN VALUES

If B<outlen> is greater than 0, these functions return the number of bytes
actually copied, which will be less than or equal to B<outlen>.

If B<outlen> is 0, these functions return the maximum number
of bytes they would copy--that is, the length of the underlying field.

=head1 SEE ALSO

L<ssl(7)>,
L<RAND_bytes(3)>,
L<SSL_export_keying_material(3)>


=head1 COPYRIGHT

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
858618e7 NM	1	=pod
	2
	3	=head1 NAME
	4
	5	SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retrieve internal TLS/SSL random values and master key
	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/ssl.h>
	10
d9f1c639 MC	11	size_t SSL_get_client_random(const SSL ssl, unsigned char out, size_t outlen);
	12	size_t SSL_get_server_random(const SSL ssl, unsigned char out, size_t outlen);
	13	size_t SSL_SESSION_get_master_key(const SSL_SESSION session, unsigned char out, size_t outlen);
858618e7 NM	14
	15	=head1 DESCRIPTION
	16
	17	SSL_get_client_random() extracts the random value sent from the client
7470cefc NM	18	to the server during the initial SSL/TLS handshake. It copies as many
	19	bytes as it can of this value into the buffer provided in B<out>,
	20	which must have at least B<outlen> bytes available. It returns the
d9f1c639 MC	21	total number of bytes that were actually copied. If B<outlen> is
d9f1c639 MC	22	zero, SSL_get_client_random() copies nothing, and returns the
7470cefc	23	total size of the client_random value.
858618e7 NM	24
	25	SSL_get_server_random() behaves the same, but extracts the random value
	26	sent from the server to the client during the initial SSL/TLS handshake.
	27
	28	SSL_SESSION_get_master_key() behaves the same, but extracts the master
	29	secret used to guarantee the security of the SSL/TLS session. This one
	30	can be dangerous if misused; see NOTES below.
	31
	32
	33	=head1 NOTES
	34
	35	You probably shouldn't use these functions.
	36
	37	These functions expose internal values from the TLS handshake, for
	38	use in low-level protocols. You probably should not use them, unless
	39	you are implementing something that needs access to the internal protocol
	40	details.
	41
	42	Despite the names of SSL_get_client_random() and SSL_get_server_random(), they
	43	ARE NOT random number generators. Instead, they return the mostly-random values that
24c2cd39	44	were already generated and used in the TLS protocol. Using them
858618e7 NM	45	in place of RAND_bytes() would be grossly foolish.
	46
	47	The security of your TLS session depends on keeping the master key secret:
	48	do not expose it, or any information about it, to anybody.
	49	If you need to calculate another secret value that depends on the master
	50	secret, you should probably use SSL_export_keying_material() instead, and
	51	forget that you ever saw these functions.
	52
7470cefc NM	53	In current versions of the TLS protocols, the length of client_random
	54	(and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for
	55	other outlen arguments to the SSL_get_*_random() functions is provided
	56	in case of the unlikely event that a future version or variant of TLS
	57	uses some other length there.
	58
858618e7 NM	59	Finally, though the "client_random" and "server_random" values are called
	60	"random", many TLS implementations will generate four bytes of those
	61	values based on their view of the current time.
	62
	63
	64	=head1 RETURN VALUES
	65
d9f1c639	66	If B<outlen> is greater than 0, these functions return the number of bytes
858618e7 NM	67	actually copied, which will be less than or equal to B<outlen>.
858618e7 NM	68
d9f1c639	69	If B<outlen> is 0, these functions return the maximum number
858618e7 NM	70	of bytes they would copy--that is, the length of the underlying field.
	71
	72	=head1 SEE ALSO
	73
b97fdb57	74	L<ssl(7)>,
9b86974e RS	75	L<RAND_bytes(3)>,
9b86974e RS	76	L<SSL_export_keying_material(3)>
858618e7 NM	77
858618e7 NM	78
e2f92610 RS	79	=head1 COPYRIGHT
	80
	81	Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
	82
	83	Licensed under the OpenSSL license (the "License"). You may not use
	84	this file except in compliance with the License. You can obtain a copy
	85	in the file LICENSE in the source distribution or at
	86	L<https://www.openssl.org/source/license.html>.
	87
858618e7	88	=cut