{
    "mode": "man",
    "parameter": "EVP_KDF-TLS1_PRF",
    "section": "7SSL",
    "url": "https://www.chedong.com/phpMan.php/man/EVP_KDF-TLS1_PRF/7SSL/json",
    "generated": "2026-05-30T06:07:26Z",
    "sections": {
        "NAME": {
            "content": "EVPKDF-TLS1PRF - The TLS1 PRF EVPKDF implementation\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "Support for computing the TLS1 PRF through the EVPKDF API.\n\nThe EVPKDF-TLS1PRF algorithm implements the PRF used by TLS versions up to and including\nTLS 1.2.\n",
            "subsections": [
                {
                    "name": "Identity",
                    "content": "\"TLS1-PRF\" is the name for this implementation; it can be used with the EVPKDFfetch()\nfunction.\n"
                },
                {
                    "name": "Supported parameters",
                    "content": "The supported parameters are:\n\n\"properties\" (OSSLKDFPARAMPROPERTIES) <UTF8 string>\n\"digest\" (OSSLKDFPARAMDIGEST) <UTF8 string>\nThese parameters work as described in \"PARAMETERS\" in EVPKDF(3).\n\nThe OSSLKDFPARAMDIGEST parameter is used to set the message digest associated with the\nTLS PRF.  EVPmd5sha1() is treated as a special case which uses the PRF algorithm using\nboth MD5 and SHA1 as used in TLS 1.0 and 1.1.\n\n\"secret\" (OSSLKDFPARAMSECRET) <octet string>\nThis parameter sets the secret value of the TLS PRF.  Any existing secret value is\nreplaced.\n\n\"seed\" (OSSLKDFPARAMSEED) <octet string>\nThis parameter sets the context seed.  The length of the context seed cannot exceed 1024\nbytes; this should be more than enough for any normal use of the TLS PRF.\n"
                }
            ]
        },
        "NOTES": {
            "content": "A context for the TLS PRF can be obtained by calling:\n\nEVPKDF *kdf = EVPKDFfetch(NULL, \"TLS1-PRF\", NULL);\nEVPKDFCTX *kctx = EVPKDFCTXnew(kdf);\n\nThe digest, secret value and seed must be set before a key is derived otherwise an error will\noccur.\n\nThe output length of the PRF is specified by the keylen parameter to the EVPKDFderive()\nfunction.\n",
            "subsections": []
        },
        "EXAMPLES": {
            "content": "This example derives 10 bytes using SHA-256 with the secret key \"secret\" and seed value\n\"seed\":\n\nEVPKDF *kdf;\nEVPKDFCTX *kctx;\nunsigned char out[10];\nOSSLPARAM params[4], *p = params;\n\nkdf = EVPKDFfetch(NULL, \"TLS1-PRF\", NULL);\nkctx = EVPKDFCTXnew(kdf);\nEVPKDFfree(kdf);\n\n*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMDIGEST,\nSNsha256, strlen(SNsha256));\n*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSECRET,\n\"secret\", (sizet)6);\n*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSEED,\n\"seed\", (sizet)4);\n*p = OSSLPARAMconstructend();\nif (EVPKDFderive(kctx, out, sizeof(out), params) <= 0) {\nerror(\"EVPKDFderive\");\n}\nEVPKDFCTXfree(kctx);\n",
            "subsections": []
        },
        "CONFORMING TO": {
            "content": "RFC 2246, RFC 5246 and NIST SP 800-135 r1\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "EVPKDF(3), EVPKDFCTXnew(3), EVPKDFCTXfree(3), EVPKDFCTXsetparams(3),\nEVPKDFderive(3), \"PARAMETERS\" in EVPKDF(3)\n",
            "subsections": []
        },
        "COPYRIGHT": {
            "content": "Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\").  You may not use this file except in\ncompliance with the License.  You can obtain a copy in the file LICENSE in the source\ndistribution or at <https://www.openssl.org/source/license.html>.\n\n\n\n3.0.2                                        2026-04-07                       EVPKDF-TLS1PRF(7SSL)",
            "subsections": []
        }
    },
    "summary": "EVPKDF-TLS1PRF - The TLS1 PRF EVPKDF implementation",
    "flags": [],
    "examples": [
        "This example derives 10 bytes using SHA-256 with the secret key \"secret\" and seed value",
        "\"seed\":",
        "EVPKDF *kdf;",
        "EVPKDFCTX *kctx;",
        "unsigned char out[10];",
        "OSSLPARAM params[4], *p = params;",
        "kdf = EVPKDFfetch(NULL, \"TLS1-PRF\", NULL);",
        "kctx = EVPKDFCTXnew(kdf);",
        "EVPKDFfree(kdf);",
        "*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMDIGEST,",
        "SNsha256, strlen(SNsha256));",
        "*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSECRET,",
        "\"secret\", (sizet)6);",
        "*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSEED,",
        "\"seed\", (sizet)4);",
        "*p = OSSLPARAMconstructend();",
        "if (EVPKDFderive(kctx, out, sizeof(out), params) <= 0) {",
        "error(\"EVPKDFderive\");",
        "EVPKDFCTXfree(kctx);"
    ],
    "see_also": [
        {
            "name": "EVPKDF",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDF/3/json"
        },
        {
            "name": "EVPKDFCTXnew",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXnew/3/json"
        },
        {
            "name": "EVPKDFCTXfree",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXfree/3/json"
        },
        {
            "name": "EVPKDFCTXsetparams",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXsetparams/3/json"
        },
        {
            "name": "EVPKDFderive",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDFderive/3/json"
        },
        {
            "name": "EVPKDF",
            "section": "3",
            "url": "https://www.chedong.com/phpMan.php/man/EVPKDF/3/json"
        }
    ]
}