gnutls_prf_raw(3) — Linux manual page


gnutls_prf_raw(3)                gnutls                gnutls_prf_raw(3)

NAME         top

       gnutls_prf_raw - API function

SYNOPSIS         top

       #include <gnutls/gnutls.h>

       int gnutls_prf_raw(gnutls_session_t session, size_t label_size,
       const char * label, size_t seed_size, const char * seed, size_t
       outsize, char * out);

ARGUMENTS         top

       gnutls_session_t session
                   is a gnutls_session_t type.

       size_t label_size
                   length of the  label variable.

       const char * label
                   label used in PRF computation, typically a short

       size_t seed_size
                   length of the  seed variable.

       const char * seed
                   optional extra data to seed the PRF with.

       size_t outsize
                   size of pre-allocated output buffer to hold the

       char * out  pre-allocated buffer to hold the generated data.

DESCRIPTION         top

       Apply the TLS Pseudo-Random-Function (PRF) on the master secret
       and the provided data.

       The  label variable usually contains a string denoting the
       purpose for the generated data.  The  seed usually contains data
       such as the client and server random, perhaps together with some
       additional data that is added to guarantee uniqueness of the
       output for a particular purpose.

       Because the output is not guaranteed to be unique for a
       particular session unless  seed includes the client random and
       server random fields (the PRF would output the same data on
       another connection resumed from the first one), it is not
       recommended to use this function directly.  The gnutls_prf()
       function seeds the PRF with the client and server random fields
       directly, and is recommended if you want to generate pseudo
       random data unique for each session.

NOTE         top

       This function will only operate under TLS versions prior to 1.3.
       In TLS1.3 the use of PRF is replaced with HKDF and the generic
       exporters like gnutls_prf_rfc5705() should be used instead. Under
       TLS1.3 this function returns GNUTLS_E_INVALID_REQUEST.

RETURNS         top

       GNUTLS_E_SUCCESS on success, or an error code.

REPORTING BUGS         top

       Report bugs to <>.
       Home page:

COPYRIGHT         top

       Copyright © 2001- Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty
       provided the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit 

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨⟩.  If you have a bug report for this
       manual page, send it to  This page was obtained
       from the tarball gnutls-3.8.0.tar.xz fetched from
       ⟨⟩ on 2023-06-23.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to

gnutls                            3.8.0                gnutls_prf_raw(3)