Standard preamble:
========================================================================
..
.... Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.
If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================
Title "SSL_GET_CLIENT_RANDOM 3ossl"
way too many mistakes in technical documents.
\fBSSL_get_server_random() behaves the same, but extracts the random value sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake.
\fBSSL_SESSION_get_master_key() behaves the same, but extracts the master secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one can be dangerous if misused; see \s-1NOTES\s0 below.
\fBSSL_SESSION_set1_master_key() sets the master key value associated with the \s-1SSL_SESSION\s0 sess. For example, this could be used to set up a session based \s-1PSK\s0 (see SSL_CTX_set_psk_use_session_callback\|(3)). The master key of length \fBlen should be provided at in. The supplied master key is copied by the function, so the caller is responsible for freeing and cleaning any memory associated with in. The caller must ensure that the length of the key is suitable for the ciphersuite associated with the \s-1SSL_SESSION.\s0
These functions expose internal values from the \s-1TLS\s0 handshake, for use in low-level protocols. You probably should not use them, unless you are implementing something that needs access to the internal protocol details.
Despite the names of SSL_get_client_random() and SSL_get_server_random(), they \s-1ARE NOT\s0 random number generators. Instead, they return the mostly-random values that were already generated and used in the \s-1TLS\s0 protocol. Using them in place of RAND_bytes() would be grossly foolish.
The security of your \s-1TLS\s0 session depends on keeping the master key secret: do not expose it, or any information about it, to anybody. If you need to calculate another secret value that depends on the master secret, you should probably use SSL_export_keying_material() instead, and forget that you ever saw these functions.
In current versions of the \s-1TLS\s0 protocols, the length of client_random (and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for other outlen arguments to the SSL_get_*_random() functions is provided in case of the unlikely event that a future version or variant of \s-1TLS\s0 uses some other length there.
Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called \*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those values based on their view of the current time.
For the other functions, if outlen is greater than 0 then these functions return the number of bytes actually copied, which will be less than or equal to \fBoutlen. If outlen is 0 then these functions return the maximum number of bytes they would copy \*(-- that is, the length of the underlying field.
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.