gnutls_prf_raw(3)                  gnutls                  gnutls_prf_raw(3)

NAME         top

       gnutls_prf_raw - API function

SYNOPSIS         top

       #include <gnutls/gnutls.h>

       int gnutls_prf_raw(gnutls_session_t session, size_t label_size, const
       char * label, size_t seed_size, const char * seed, size_t outsize,
       char * out);

ARGUMENTS         top

       gnutls_session_t session
                   is a gnutls_session_t type.

       size_t label_size
                   length of the  label variable.

       const char * label
                   label used in PRF computation, typically a short string.

       size_t seed_size
                   length of the  seed variable.

       const char * seed
                   optional extra data to seed the PRF with.

       size_t outsize
                   size of pre-allocated output buffer to hold the output.

       char * out  pre-allocated buffer to hold the generated data.

DESCRIPTION         top

       Apply the TLS Pseudo-Random-Function (PRF) on the master secret and
       the provided data.

       The  label variable usually contains a string denoting the purpose
       for the generated data.  The  seed usually contains data such as the
       client and server random, perhaps together with some additional data
       that is added to guarantee uniqueness of the output for a particular

       Because the output is not guaranteed to be unique for a particular
       session unless  seed includes the client random and server random
       fields (the PRF would output the same data on another connection
       resumed from the first one), it is not recommended to use this
       function directly.  The gnutls_prf() function seeds the PRF with the
       client and server random fields directly, and is recommended if you
       want to generate pseudo random data unique for each session.

NOTE         top

       This function will only operate under TLS versions prior to 1.3.  In
       TLS1.3 the use of PRF is replaced with HKDF and the generic exporters
       like gnutls_prf_rfc5705() should be used instead. Under TLS1.3 this
       function returns GNUTLS_E_INVALID_REQUEST.

RETURNS         top

       GNUTLS_E_SUCCESS on success, or an error code.

REPORTING BUGS         top

       Report bugs to <>.
       Home page:

COPYRIGHT         top

       Copyright © 2001-2019 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification,
       are permitted in any medium without royalty provided the copyright
       notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo manual.
       If the /usr/share/doc/gnutls/ directory does not contain the HTML
       form visit 

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at 
       ⟨⟩.  If you have a bug report for this manual
       page, send it to  This page was obtained from the
       tarball gnutls-3.6.9.tar.xz fetched from
       ⟨⟩ on 2020-02-08.  If you discover
       any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page, or
       you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail

gnutls                              3.6.9                  gnutls_prf_raw(3)