obtain keying material for application use
, unsigned char *out
, size_t llen
const unsigned char *context
During the creation of a TLS or DTLS connection, shared keying material is
established between the two endpoints. The function
() enables an
application to use some of this keying material for its own purposes in
accordance with RFC 5705.
An application may need to securely establish the context within which this
keying material will be used. For example, this may include identifiers for
the application session, application algorithms or parameters, or the lifetime
of the context. The context value is left to the application but must be the
same on both sides of the communication.
For a given SSL connection s
bytes of data will be written to
. The application specific context should
be supplied in the location pointed to by
and should be
bytes long. Provision of a context
is optional. If the context should be omitted entirely, then
should be set to 0. Otherwise it
should be any other value. If use_context
0, then the values of context
In TLSv1.2 and below, a zero length context is treated differently from no
context at all, and will result in different keying material being returned.
An application specific label should be provided in the location pointed to by
and should be
bytes long. Typically this will be a
value from the
Exporter Label Registry
Alternatively, labels beginning with "EXPERIMENTAL" are permitted by
the standard to be used without registration.
() returns 1 on
success or 0 or -1 on failure.
() first appeared
in OpenSSL 1.0.1 and has been available since OpenBSD