EVP_PKEY_CTX_SET_TLS1_PRF_MD - Online Linux Manual PageSection : 3ossl
Updated : 2022-03-15
Source : 3.0.2
Note : OpenSSL
NAMEEVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed − TLS PRF key derivation algorithm
SYNOPSIS #include <openssl/kdf.h>
int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx,
unsigned char *sec, int seclen);
int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx,
unsigned char *seed, int seedlen);
DESCRIPTIONThe EVP_PKEY_TLS1_PRF algorithm implements the PRF key derivation function for TLS. It has no associated private key and only implements key derivation using EVP_PKEY_derive (3). EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF algorithm using both MD5 and SHA1 as used in TLS 1.0 and 1.1. EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF to seclen bytes of the buffer sec. Any existing secret value is replaced and any seed is reset. EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to seedlen bytes of seed. If a seed is already set it is appended to the existing value.
STRING CTRLSThe TLS PRF also supports string based control operations using EVP_PKEY_CTX_ctrl_str (3). The type parameter ‟md” uses the supplied value as the name of the digest algorithm to use. The type parameters ‟secret” and ‟seed” use the supplied value parameter as a secret or seed value. The names ‟hexsecret” and ‟hexseed” are similar except they take a hex string which is converted to binary.
NOTESA context for the TLS PRF can be obtained by calling: EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
The digest, secret value and seed must be set before a key is derived or an error occurs. The total length of all seeds cannot exceed 1024 bytes in length: this should be more than enough for any normal use of the TLS PRF. The output length of the PRF is specified by the length parameter in the EVP_PKEY_derive() function. Since the output length is variable, setting the buffer to NULL is not meaningful for the TLS PRF. Optimised versions of the TLS PRF can be implemented in an ENGINE.
RETURN VALUESAll these functions return 1 for success and 0 or a negative value for failure. In particular a return value of −2 indicates the operation is not supported by the public key algorithm.
EXAMPLESThis example derives 10 bytes using SHA−256 with the secret key ‟secret” and seed value ‟seed”: EVP_PKEY_CTX *pctx;
unsigned char out[10];
size_t outlen = sizeof(out);
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
if (EVP_PKEY_derive_init(pctx) <= 0)
/* Error */
if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
/* Error */
if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
/* Error */
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
/* Error */
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
/* Error */
SEE ALSOEVP_PKEY_CTX_new (3), EVP_PKEY_CTX_ctrl_str (3), EVP_PKEY_derive (3)
HISTORYAll of the functions described here were converted from macros to functions in OpenSSL 3.0.
COPYRIGHTCopyright 2016−2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the ‟License”). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>. 0
Johanes Gumabo
Data Size : 13,052 byte
man-EVP_PKEY_CTX_add1_tls1_prf_seed.3osslBuild : 2024-12-05, 20:55 :
Visitor Screen : x
Visitor Counter ( page / site ) : 4 / 185,068
Visitor ID : :
Visitor IP : 3.144.99.39 :
Visitor Provider : AMAZON-02 :
Provider Position ( lat x lon ) : 39.962500 x -83.006100 : x
Provider Accuracy Radius ( km ) : 1000 :
Provider City : Columbus :
Provider Province : Ohio , : ,
Provider Country : United States :
Provider Continent : North America :
Visitor Recorder : Version :
Visitor Recorder : Library :
Online Linux Manual Page : Version : Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page : Library : lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page : Library : lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base : Version : Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base : Library : lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.
ERROR : Need New Coding : (parse_manual_page_|249|E___VP_PKEY_CTX_add1_tls1_prf_seed.3ossl|36/37|el══─{─══.|.el══─{─══. ds -- \|\(em\|
) (htmlprn|149|E___VP_PKEY_CTX_add1_tls1_prf_seed.3ossl|36/37|.el══─{─══. ds -- — |.el══─{─══. ds -- \|\(em\|
) (parse_manual_page_|249|E___VP_PKEY_CTX_add1_tls1_prf_seed.3ossl|43|br══─}─══|'br══─}─══
) (htmlprn|149|E___VP_PKEY_CTX_add1_tls1_prf_seed.3ossl|43|'br══─}─══ |'br══─}─══
)