Inicio Explorar Axuda
Iniciar sesión
OWEALs
/
openssl
réplica de git://git.openssl.org/openssl.git
2
0
Fork 0
Ficheiros Incidencias 1 Wiki
Árbore: 6594baf645
Ramas Etiquetas
openssl
/
doc
/
man3
/
SSL_get_client_random.pod

SSL_get_client_random.pod 4.1 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. SSL_get_client_random,
    6. 

  6. SSL_get_server_random,
    7. 

  7. SSL_SESSION_get_master_key,
    8. 

  8. SSL_SESSION_set1_master_key
    9. 

  9. - get internal TLS/SSL random values and get/set master key
    10. 

  10. 

  11. =head1 SYNOPSIS
    12. 

  12. 

  13.  #include <openssl/ssl.h>
    14. 

  14. 

  15.  size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
    16. 

  16.  size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
    17. 

  17.  size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
    18. 

  18.                                    unsigned char *out, size_t outlen);
    19. 

  19.  int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
    20. 

  20.                                  size_t len);
    21. 

  21. 

  22. =head1 DESCRIPTION
    23. 

  23. 

  24. SSL_get_client_random() extracts the random value sent from the client
    25. 

  25. to the server during the initial SSL/TLS handshake.  It copies as many
    26. 

  26. bytes as it can of this value into the buffer provided in B<out>,
    27. 

  27. which must have at least B<outlen> bytes available. It returns the
    28. 

  28. total number of bytes that were actually copied.  If B<outlen> is
    29. 

  29. zero, SSL_get_client_random() copies nothing, and returns the
    30. 

  30. total size of the client_random value.
    31. 

  31. 

  32. SSL_get_server_random() behaves the same, but extracts the random value
    33. 

  33. sent from the server to the client during the initial SSL/TLS handshake.
    34. 

  34. 

  35. SSL_SESSION_get_master_key() behaves the same, but extracts the master
    36. 

  36. secret used to guarantee the security of the SSL/TLS session.  This one
    37. 

  37. can be dangerous if misused; see NOTES below.
    38. 

  38. 

  39. SSL_SESSION_set1_master_key() sets the master key value associated with the
    40. 

  40. SSL_SESSION B<sess>. For example, this could be used to set up a session based
    41. 

  41. PSK (see L<SSL_CTX_set_psk_use_session_callback(3)>). The master key of length
    42. 

  42. B<len> should be provided at B<in>. The supplied master key is copied by the
    43. 

  43. function, so the caller is responsible for freeing and cleaning any memory
    44. 

  44. associated with B<in>. The caller must ensure that the length of the key is
    45. 

  45. suitable for the ciphersuite associated with the SSL_SESSION.
    46. 

  46. 

  47. =head1 NOTES
    48. 

  48. 

  49. You probably shouldn't use these functions.
    50. 

  50. 

  51. These functions expose internal values from the TLS handshake, for
    52. 

  52. use in low-level protocols.  You probably should not use them, unless
    53. 

  53. you are implementing something that needs access to the internal protocol
    54. 

  54. details.
    55. 

  55. 

  56. Despite the names of SSL_get_client_random() and SSL_get_server_random(), they
    57. 

  57. ARE NOT random number generators.  Instead, they return the mostly-random values that
    58. 

  58. were already generated and used in the TLS protocol.  Using them
    59. 

  59. in place of RAND_bytes() would be grossly foolish.
    60. 

  60. 

  61. The security of your TLS session depends on keeping the master key secret:
    62. 

  62. do not expose it, or any information about it, to anybody.
    63. 

  63. If you need to calculate another secret value that depends on the master
    64. 

  64. secret, you should probably use SSL_export_keying_material() instead, and
    65. 

  65. forget that you ever saw these functions.
    66. 

  66. 

  67. In current versions of the TLS protocols, the length of client_random
    68. 

  68. (and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for
    69. 

  69. other outlen arguments to the SSL_get_*_random() functions is provided
    70. 

  70. in case of the unlikely event that a future version or variant of TLS
    71. 

  71. uses some other length there.
    72. 

  72. 

  73. Finally, though the "client_random" and "server_random" values are called
    74. 

  74. "random", many TLS implementations will generate four bytes of those
    75. 

  75. values based on their view of the current time.
    76. 

  76. 

  77. 

  78. =head1 RETURN VALUES
    79. 

  79. 

  80. SSL_SESSION_set1_master_key() returns 1 on success or 0 on failure.
    81. 

  81. 

  82. For the other functions, if B<outlen> is greater than 0 then these functions
    83. 

  83. return the number of bytes actually copied, which will be less than or equal to
    84. 

  84. B<outlen>. If B<outlen> is 0 then these functions return the maximum number
    85. 

  85. of bytes they would copy -- that is, the length of the underlying field.
    86. 

  86. 

  87. =head1 SEE ALSO
    88. 

  88. 

  89. L<ssl(7)>,
    90. 

  90. L<RAND_bytes(3)>,
    91. 

  91. L<SSL_export_keying_material(3)>,
    92. 

  92. L<SSL_CTX_set_psk_use_session_callback(3)>
    93. 

  93. 

  94. 

  95. =head1 COPYRIGHT
    96. 

  96. 

  97. Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
    98. 

  98. 

  99. Licensed under the Apache License 2.0 (the "License").  You may not use
    100. 

  100. this file except in compliance with the License.  You can obtain a copy
    101. 

  101. in the file LICENSE in the source distribution or at
    102. 

  102. L<https://www.openssl.org/source/license.html>.
    103. 

  103. 

  104. =cut
    105.