In ssl.h rev. 1.139 2018/02/17 15:19:43 and rev. 1.140 2018/02/17 15:32:20,

jsing@ provided SSL_get_client_random(3), SSL_get_server_random(3), and SSL_SESSION_get_master_key(3). Import the documentation from OpenSSL, with some tweaks.
author: schwarze <> 2018-02-18 23:34:01 +0000
committer: schwarze <> 2018-02-18 23:34:01 +0000
commit: 4a908045e56e3c83995034233c478adfcf0e2206 (patch)
tree: c07ba7520a7de4c358d47a41c565a9ff935ed1f3
parent: 485025f81a33c7beb4a855ed422c1fe276b4ac53 (diff)
download: openbsd-4a908045e56e3c83995034233c478adfcf0e2206.tar.gz
openbsd-4a908045e56e3c83995034233c478adfcf0e2206.tar.bz2
openbsd-4a908045e56e3c83995034233c478adfcf0e2206.zip
2 files changed, 148 insertions, 1 deletions
diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
index 963e1037e9..413d77c0a7 100644
--- a/src/lib/libssl/man/Makefile
+++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.60 2018/02/18 22:18:59 schwarze Exp $
+# $OpenBSD: Makefile,v 1.61 2018/02/18 23:34:01 schwarze Exp $
 .include <bsd.own.mk>
@@ -72,6 +72,7 @@ MAN =	BIO_f_ssl.3 \
        SSL_get_certificate.3 \
        SSL_get_ciphers.3 \
        SSL_get_client_CA_list.3 \
+        SSL_get_client_random.3 \
        SSL_get_current_cipher.3 \
        SSL_get_default_timeout.3 \
        SSL_get_error.3 \
diff --git a/src/lib/libssl/man/SSL_get_client_random.3 b/src/lib/libssl/man/SSL_get_client_random.3
new file mode 100644
index 0000000000..8ab663846a
--- /dev/null
+++ b/src/lib/libssl/man/SSL_get_client_random.3
@@ -0,0 +1,146 @@
+.\" $OpenBSD: SSL_get_client_random.3,v 1.1 2018/02/18 23:34:01 schwarze Exp $
+.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
+.\"
+.\" This file was written by Nick Mathewson <nickm@torproject.org>
+.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: February 18 2018 $
+.Dt SSL_GET_CLIENT_RANDOM 3
+.Os
+.Sh NAME
+.Nm SSL_get_client_random ,
+.Nm SSL_get_server_random ,
+.Nm SSL_SESSION_get_master_key
+.Nd get internal TLS handshake random values and master key
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft size_t
+.Fo SSL_get_client_random
+.Fa "const SSL *ssl"
+.Fa "unsigned char *out"
+.Fa "size_t outlen"
+.Fc
+.Ft size_t
+.Fo SSL_get_server_random
+.Fa "const SSL *ssl"
+.Fa "unsigned char *out"
+.Fa "size_t outlen"
+.Fc
+.Ft size_t
+.Fo SSL_SESSION_get_master_key
+.Fa "const SSL_SESSION *session"
+.Fa "unsigned char *out"
+.Fa "size_t outlen"
+.Fc
+.Sh DESCRIPTION
+.Fn SSL_get_client_random
+extracts the random value that was sent from the client to the server
+during the initial TLS handshake.
+It copies at most
+.Fa outlen
+bytes of this value into the buffer
+.Fa out .
+If
+.Fa outlen
+is zero, nothing is copied.
+.Pp
+.Fn SSL_get_server_random
+behaves the same, but extracts the random value that was sent
+from the server to the client during the initial TLS handshake.
+.Pp
+.Fn SSL_SESSION_get_master_key
+behaves the same, but extracts the master secret used to guarantee the
+security of the TLS session.
+The security of the TLS session depends on keeping the master key
+secret: do not expose it, or any information about it, to anybody.
+To calculate another secret value that depends on the master secret,
+use
+.Xr SSL_export_keying_material 3
+instead.
+.Pp
+All these functions expose internal values from the TLS handshake,
+for use in low-level protocols.
+Avoid using them unless implementing a feature
+that requires access to the internal protocol details.
+.Pp
+Despite the names of
+.Fn SSL_get_client_random
+and
+.Fn SSL_get_server_random ,
+they are not random number generators.
+Instead, they return the mostly-random values that were already
+generated and used in the TLS protocol.
+.Pp
+In current versions of the TLS protocols,
+the length of client_random and server_random is always
+.Dv SSL3_RANDOM_SIZE
+bytes.
+Support for other
+.Fa outlen
+arguments is provided for the unlikely event that a future
+version or variant of TLS uses some other length.
+.Pp
+Finally, though the client_random and server_random values are called
+.Dq random ,
+many TLS implementations generate four bytes of those values
+based on their view of the current time.
+.Sh RETURN VALUES
+If
+.Fa outlen
+is greater than 0, these functions return the number of bytes
+actually copied, which is less than or equal to
+.Fa outlen .
+If
+.Fa outlen
+is 0, these functions return the maximum number of bytes they would
+copy \(em that is, the length of the underlying field.
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_export_keying_material 3 ,
+.Xr SSL_SESSION_get_id 3 ,
+.Xr SSL_SESSION_get_time 3 ,
+.Xr SSL_SESSION_new 3
author	schwarze <>	2018-02-18 23:34:01 +0000
committer	schwarze <>	2018-02-18 23:34:01 +0000
commit	4a908045e56e3c83995034233c478adfcf0e2206 (patch)
tree	c07ba7520a7de4c358d47a41c565a9ff935ed1f3
parent	485025f81a33c7beb4a855ed422c1fe276b4ac53 (diff)
download	openbsd-4a908045e56e3c83995034233c478adfcf0e2206.tar.gz openbsd-4a908045e56e3c83995034233c478adfcf0e2206.tar.bz2 openbsd-4a908045e56e3c83995034233c478adfcf0e2206.zip

diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index 963e1037e9..413d77c0a7 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.60 2018/02/18 22:18:59 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.61 2018/02/18 23:34:01 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -72,6 +72,7 @@ MAN = BIO_f_ssl.3 \
72	SSL_get_certificate.3 \	72	SSL_get_certificate.3 \
73	SSL_get_ciphers.3 \	73	SSL_get_ciphers.3 \
74	SSL_get_client_CA_list.3 \	74	SSL_get_client_CA_list.3 \
		75	SSL_get_client_random.3 \
75	SSL_get_current_cipher.3 \	76	SSL_get_current_cipher.3 \
76	SSL_get_default_timeout.3 \	77	SSL_get_default_timeout.3 \
77	SSL_get_error.3 \	78	SSL_get_error.3 \


diff --git a/src/lib/libssl/man/SSL_get_client_random.3 b/src/lib/libssl/man/SSL_get_client_random.3 new file mode 100644 index 0000000000..8ab663846a --- /dev/null +++ b/src/lib/libssl/man/SSL_get_client_random.3
@@ -0,0 +1,146 @@
		1	.\" $OpenBSD: SSL_get_client_random.3,v 1.1 2018/02/18 23:34:01 schwarze Exp $
		2	.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
		3	.\"
		4	.\" This file was written by Nick Mathewson <nickm@torproject.org>
		5	.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved.
		6	.\"
		7	.\" Redistribution and use in source and binary forms, with or without
		8	.\" modification, are permitted provided that the following conditions
		9	.\" are met:
		10	.\"
		11	.\" 1. Redistributions of source code must retain the above copyright
		12	.\" notice, this list of conditions and the following disclaimer.
		13	.\"
		14	.\" 2. Redistributions in binary form must reproduce the above copyright
		15	.\" notice, this list of conditions and the following disclaimer in
		16	.\" the documentation and/or other materials provided with the
		17	.\" distribution.
		18	.\"
		19	.\" 3. All advertising materials mentioning features or use of this
		20	.\" software must display the following acknowledgment:
		21	.\" "This product includes software developed by the OpenSSL Project
		22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		23	.\"
		24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		25	.\" endorse or promote products derived from this software without
		26	.\" prior written permission. For written permission, please contact
		27	.\" openssl-core@openssl.org.
		28	.\"
		29	.\" 5. Products derived from this software may not be called "OpenSSL"
		30	.\" nor may "OpenSSL" appear in their names without prior written
		31	.\" permission of the OpenSSL Project.
		32	.\"
		33	.\" 6. Redistributions of any form whatsoever must retain the following
		34	.\" acknowledgment:
		35	.\" "This product includes software developed by the OpenSSL Project
		36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		37	.\"
		38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
		50	.\"
		51	.Dd $Mdocdate: February 18 2018 $
		52	.Dt SSL_GET_CLIENT_RANDOM 3
		53	.Os
		54	.Sh NAME
		55	.Nm SSL_get_client_random ,
		56	.Nm SSL_get_server_random ,
		57	.Nm SSL_SESSION_get_master_key
		58	.Nd get internal TLS handshake random values and master key
		59	.Sh SYNOPSIS
		60	.In openssl/ssl.h
		61	.Ft size_t
		62	.Fo SSL_get_client_random
		63	.Fa "const SSL *ssl"
		64	.Fa "unsigned char *out"
		65	.Fa "size_t outlen"
		66	.Fc
		67	.Ft size_t
		68	.Fo SSL_get_server_random
		69	.Fa "const SSL *ssl"
		70	.Fa "unsigned char *out"
		71	.Fa "size_t outlen"
		72	.Fc
		73	.Ft size_t
		74	.Fo SSL_SESSION_get_master_key
		75	.Fa "const SSL_SESSION *session"
		76	.Fa "unsigned char *out"
		77	.Fa "size_t outlen"
		78	.Fc
		79	.Sh DESCRIPTION
		80	.Fn SSL_get_client_random
		81	extracts the random value that was sent from the client to the server
		82	during the initial TLS handshake.
		83	It copies at most
		84	.Fa outlen
		85	bytes of this value into the buffer
		86	.Fa out .
		87	If
		88	.Fa outlen
		89	is zero, nothing is copied.
		90	.Pp
		91	.Fn SSL_get_server_random
		92	behaves the same, but extracts the random value that was sent
		93	from the server to the client during the initial TLS handshake.
		94	.Pp
		95	.Fn SSL_SESSION_get_master_key
		96	behaves the same, but extracts the master secret used to guarantee the
		97	security of the TLS session.
		98	The security of the TLS session depends on keeping the master key
		99	secret: do not expose it, or any information about it, to anybody.
		100	To calculate another secret value that depends on the master secret,
		101	use
		102	.Xr SSL_export_keying_material 3
		103	instead.
		104	.Pp
		105	All these functions expose internal values from the TLS handshake,
		106	for use in low-level protocols.
		107	Avoid using them unless implementing a feature
		108	that requires access to the internal protocol details.
		109	.Pp
		110	Despite the names of
		111	.Fn SSL_get_client_random
		112	and
		113	.Fn SSL_get_server_random ,
		114	they are not random number generators.
		115	Instead, they return the mostly-random values that were already
		116	generated and used in the TLS protocol.
		117	.Pp
		118	In current versions of the TLS protocols,
		119	the length of client_random and server_random is always
		120	.Dv SSL3_RANDOM_SIZE
		121	bytes.
		122	Support for other
		123	.Fa outlen
		124	arguments is provided for the unlikely event that a future
		125	version or variant of TLS uses some other length.
		126	.Pp
		127	Finally, though the client_random and server_random values are called
		128	.Dq random ,
		129	many TLS implementations generate four bytes of those values
		130	based on their view of the current time.
		131	.Sh RETURN VALUES
		132	If
		133	.Fa outlen
		134	is greater than 0, these functions return the number of bytes
		135	actually copied, which is less than or equal to
		136	.Fa outlen .
		137	If
		138	.Fa outlen
		139	is 0, these functions return the maximum number of bytes they would
		140	copy \(em that is, the length of the underlying field.
		141	.Sh SEE ALSO
		142	.Xr ssl 3 ,
		143	.Xr SSL_export_keying_material 3 ,
		144	.Xr SSL_SESSION_get_id 3 ,
		145	.Xr SSL_SESSION_get_time 3 ,
		146	.Xr SSL_SESSION_new 3