New manual page SSL_set_tmp_ecdh(3) written from scratch.

Feedback and OK jsing@.
author: schwarze <> 2017-08-12 12:31:30 +0000
committer: schwarze <> 2017-08-12 12:31:30 +0000
commit: 20d1bc3a6c917bf8b404d9b5a7a559199eb00e34 (patch)
tree: 9a054bca374dd25312bb9e4c832ca4404e38a517
parent: 1b502abd0159118e6e27e2b923f4962a5f41100b (diff)
download: openbsd-20d1bc3a6c917bf8b404d9b5a7a559199eb00e34.tar.gz
openbsd-20d1bc3a6c917bf8b404d9b5a7a559199eb00e34.tar.bz2
openbsd-20d1bc3a6c917bf8b404d9b5a7a559199eb00e34.zip
4 files changed, 112 insertions, 7 deletions
diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
index c0b304cd80..3a704dd5ff 100644
--- a/src/lib/libssl/man/Makefile
+++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.55 2017/04/10 15:54:46 schwarze Exp $
+# $OpenBSD: Makefile,v 1.56 2017/08/12 12:31:30 schwarze Exp $
 .include <bsd.own.mk>
@@ -99,6 +99,7 @@ MAN =	BIO_f_ssl.3 \
        SSL_set_max_send_fragment.3 \
        SSL_set_session.3 \
        SSL_set_shutdown.3 \
+        SSL_set_tmp_ecdh.3 \
        SSL_set_verify_result.3 \
        SSL_shutdown.3 \
        SSL_state_string.3 \
diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index f7461b22d5..3cfb060a9e 100644
--- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.3 2017/07/05 12:23:46 schwarze Exp $
+.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.4 2017/08/12 12:31:30 schwarze Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 5 2017 $
+.Dd $Mdocdate: August 12 2017 $
 .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
 .Os
 .Sh NAME
@@ -219,4 +219,5 @@ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
 .Xr openssl 1 ,
 .Xr ssl 3 ,
 .Xr SSL_CTX_set_cipher_list 3 ,
-.Xr SSL_CTX_set_options 3
+.Xr SSL_CTX_set_options 3 ,
+.Xr SSL_set_tmp_ecdh 3
diff --git a/src/lib/libssl/man/SSL_set_tmp_ecdh.3 b/src/lib/libssl/man/SSL_set_tmp_ecdh.3
new file mode 100644
index 0000000000..34e59172d1
--- /dev/null
+++ b/src/lib/libssl/man/SSL_set_tmp_ecdh.3
@@ -0,0 +1,102 @@
+.\"     $OpenBSD: SSL_set_tmp_ecdh.3,v 1.1 2017/08/12 12:31:30 schwarze Exp $
+.\"
+.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 12 2017 $
+.Dt SSL_SET_TMP_ECDH 3
+.Os
+.Sh NAME
+.Nm SSL_set_tmp_ecdh ,
+.Nm SSL_CTX_set_tmp_ecdh ,
+.Nm SSL_set_ecdh_auto ,
+.Nm SSL_CTX_set_ecdh_auto ,
+.Nm SSL_set_tmp_ecdh_callback ,
+.Nm SSL_CTX_set_tmp_ecdh_callback
+.Nd select a curve for ECDH ephemeral key exchange
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft long
+.Fo SSL_set_tmp_ecdh
+.Fa "SSL *ssl"
+.Fa "EC_KEY *ecdh"
+.Fc
+.Ft long
+.Fo SSL_CTX_set_tmp_ecdh
+.Fa "SSL_CTX *ctx"
+.Fa "EC_KEY *ecdh"
+.Fc
+.Ft long
+.Fo SSL_set_ecdh_auto
+.Fa "SSL *ssl"
+.Fa "int state"
+.Fc
+.Ft long
+.Fo SSL_CTX_set_ecdh_auto
+.Fa "SSL_CTX *ctx"
+.Fa "int state"
+.Fc
+.Ft void
+.Fo SSL_set_tmp_ecdh_callback
+.Fa "SSL *ssl"
+.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)"
+.Fc
+.Ft void
+.Fo SSL_CTX_set_tmp_ecdh_callback
+.Fa "SSL_CTX *ctx"
+.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)"
+.Fc
+.Sh DESCRIPTION
+Automatic EC curve selection and generation is always enabled in
+LibreSSL, and applications cannot manually provide EC keys for use
+with ECDHE key exchange.
+.Pp
+The only remaining effect of
+.Fn SSL_set_tmp_ecdh
+is that the curve of the given
+.Fa ecdh
+key becomes the only curve enabled for the
+.Fa ssl
+connection.
+.Pp
+.Fn SSL_CTX_set_tmp_ecdh
+has the same effect on all connections that will be created from
+.Fa ctx
+in the future.
+.Pp
+The functions
+.Fn SSL_set_ecdh_auto ,
+.Fn SSL_CTX_set_ecdh_auto ,
+.Fn SSL_set_tmp_ecdh_callback ,
+and
+.Fn SSL_CTX_set_tmp_ecdh_callback
+are deprecated and have no effect.
+.Sh RETURN VALUES
+.Fn SSL_set_tmp_ecdh
+and
+.Fn SSL_CTX_set_tmp_ecdh
+return 1 on success or 0 on failure.
+.Pp
+.Fn SSL_set_ecdh_auto ,
+.Fn SSL_CTX_set_ecdh_auto ,
+.Fn SSL_set_tmp_ecdh_callback ,
+and
+.Fn SSL_CTX_set_tmp_ecdh_callback
+always return 1.
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_CTX_set_cipher_list 3 ,
+.Xr SSL_CTX_set_options 3 ,
+.Xr SSL_CTX_set_tmp_dh_callback 3 ,
+.Xr SSL_new 3
diff --git a/src/lib/libssl/man/ssl.3 b/src/lib/libssl/man/ssl.3
index dd3a3451e1..c01bddd0df 100644
--- a/src/lib/libssl/man/ssl.3
+++ b/src/lib/libssl/man/ssl.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssl.3,v 1.7 2017/04/10 15:37:55 schwarze Exp $
+.\"     $OpenBSD: ssl.3,v 1.8 2017/08/12 12:31:30 schwarze Exp $
 .\"     OpenSSL e330f55d Nov 11 00:51:04 2016 +0100
 .\"
 .\" This file was written by Ralf S. Engelschall <rse@openssl.org>,
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 10 2017 $
+.Dd $Mdocdate: August 12 2017 $
 .Dt SSL 3
 .Os
 .Sh NAME
@@ -222,7 +222,8 @@ Configuration functions:
 .Xr SSL_CTX_set_tmp_rsa_callback 3 ,
 .Xr SSL_CTX_set_verify 3 ,
 .Xr SSL_CTX_use_certificate 3 ,
-.Xr SSL_set1_param 3 ,
+.Xr SSL_set_tmp_ecdh 3 ,
+.Xr SSL_set1_param 3
 .Pp
 Accessors:
 .Xr SSL_CTX_get_ex_new_index 3 ,
author	schwarze <>	2017-08-12 12:31:30 +0000
committer	schwarze <>	2017-08-12 12:31:30 +0000
commit	20d1bc3a6c917bf8b404d9b5a7a559199eb00e34 (patch)
tree	9a054bca374dd25312bb9e4c832ca4404e38a517
parent	1b502abd0159118e6e27e2b923f4962a5f41100b (diff)
download	openbsd-20d1bc3a6c917bf8b404d9b5a7a559199eb00e34.tar.gz openbsd-20d1bc3a6c917bf8b404d9b5a7a559199eb00e34.tar.bz2 openbsd-20d1bc3a6c917bf8b404d9b5a7a559199eb00e34.zip

diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index c0b304cd80..3a704dd5ff 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.55 2017/04/10 15:54:46 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.56 2017/08/12 12:31:30 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -99,6 +99,7 @@ MAN = BIO_f_ssl.3 \
99	SSL_set_max_send_fragment.3 \	99	SSL_set_max_send_fragment.3 \
100	SSL_set_session.3 \	100	SSL_set_session.3 \
101	SSL_set_shutdown.3 \	101	SSL_set_shutdown.3 \
		102	SSL_set_tmp_ecdh.3 \
102	SSL_set_verify_result.3 \	103	SSL_set_verify_result.3 \
103	SSL_shutdown.3 \	104	SSL_shutdown.3 \
104	SSL_state_string.3 \	105	SSL_state_string.3 \


diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index f7461b22d5..3cfb060a9e 100644 --- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.3 2017/07/05 12:23:46 schwarze Exp $	1	.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.4 2017/08/12 12:31:30 schwarze Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: July 5 2017 $	51	.Dd $Mdocdate: August 12 2017 $
52	.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3	52	.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -219,4 +219,5 @@ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
219	.Xr openssl 1 ,	219	.Xr openssl 1 ,
220	.Xr ssl 3 ,	220	.Xr ssl 3 ,
221	.Xr SSL_CTX_set_cipher_list 3 ,	221	.Xr SSL_CTX_set_cipher_list 3 ,
222	.Xr SSL_CTX_set_options 3	222	.Xr SSL_CTX_set_options 3 ,
		223	.Xr SSL_set_tmp_ecdh 3


diff --git a/src/lib/libssl/man/SSL_set_tmp_ecdh.3 b/src/lib/libssl/man/SSL_set_tmp_ecdh.3 new file mode 100644 index 0000000000..34e59172d1 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_tmp_ecdh.3
@@ -0,0 +1,102 @@
		1	.\" $OpenBSD: SSL_set_tmp_ecdh.3,v 1.1 2017/08/12 12:31:30 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: August 12 2017 $
		18	.Dt SSL_SET_TMP_ECDH 3
		19	.Os
		20	.Sh NAME
		21	.Nm SSL_set_tmp_ecdh ,
		22	.Nm SSL_CTX_set_tmp_ecdh ,
		23	.Nm SSL_set_ecdh_auto ,
		24	.Nm SSL_CTX_set_ecdh_auto ,
		25	.Nm SSL_set_tmp_ecdh_callback ,
		26	.Nm SSL_CTX_set_tmp_ecdh_callback
		27	.Nd select a curve for ECDH ephemeral key exchange
		28	.Sh SYNOPSIS
		29	.In openssl/ssl.h
		30	.Ft long
		31	.Fo SSL_set_tmp_ecdh
		32	.Fa "SSL *ssl"
		33	.Fa "EC_KEY *ecdh"
		34	.Fc
		35	.Ft long
		36	.Fo SSL_CTX_set_tmp_ecdh
		37	.Fa "SSL_CTX *ctx"
		38	.Fa "EC_KEY *ecdh"
		39	.Fc
		40	.Ft long
		41	.Fo SSL_set_ecdh_auto
		42	.Fa "SSL *ssl"
		43	.Fa "int state"
		44	.Fc
		45	.Ft long
		46	.Fo SSL_CTX_set_ecdh_auto
		47	.Fa "SSL_CTX *ctx"
		48	.Fa "int state"
		49	.Fc
		50	.Ft void
		51	.Fo SSL_set_tmp_ecdh_callback
		52	.Fa "SSL *ssl"
		53	.Fa "EC_KEY (ecdh)(SSL *ssl, int is_export, int keylength)"
		54	.Fc
		55	.Ft void
		56	.Fo SSL_CTX_set_tmp_ecdh_callback
		57	.Fa "SSL_CTX *ctx"
		58	.Fa "EC_KEY (ecdh)(SSL *ssl, int is_export, int keylength)"
		59	.Fc
		60	.Sh DESCRIPTION
		61	Automatic EC curve selection and generation is always enabled in
		62	LibreSSL, and applications cannot manually provide EC keys for use
		63	with ECDHE key exchange.
		64	.Pp
		65	The only remaining effect of
		66	.Fn SSL_set_tmp_ecdh
		67	is that the curve of the given
		68	.Fa ecdh
		69	key becomes the only curve enabled for the
		70	.Fa ssl
		71	connection.
		72	.Pp
		73	.Fn SSL_CTX_set_tmp_ecdh
		74	has the same effect on all connections that will be created from
		75	.Fa ctx
		76	in the future.
		77	.Pp
		78	The functions
		79	.Fn SSL_set_ecdh_auto ,
		80	.Fn SSL_CTX_set_ecdh_auto ,
		81	.Fn SSL_set_tmp_ecdh_callback ,
		82	and
		83	.Fn SSL_CTX_set_tmp_ecdh_callback
		84	are deprecated and have no effect.
		85	.Sh RETURN VALUES
		86	.Fn SSL_set_tmp_ecdh
		87	and
		88	.Fn SSL_CTX_set_tmp_ecdh
		89	return 1 on success or 0 on failure.
		90	.Pp
		91	.Fn SSL_set_ecdh_auto ,
		92	.Fn SSL_CTX_set_ecdh_auto ,
		93	.Fn SSL_set_tmp_ecdh_callback ,
		94	and
		95	.Fn SSL_CTX_set_tmp_ecdh_callback
		96	always return 1.
		97	.Sh SEE ALSO
		98	.Xr ssl 3 ,
		99	.Xr SSL_CTX_set_cipher_list 3 ,
		100	.Xr SSL_CTX_set_options 3 ,
		101	.Xr SSL_CTX_set_tmp_dh_callback 3 ,
		102	.Xr SSL_new 3


diff --git a/src/lib/libssl/man/ssl.3 b/src/lib/libssl/man/ssl.3 index dd3a3451e1..c01bddd0df 100644 --- a/src/lib/libssl/man/ssl.3 +++ b/src/lib/libssl/man/ssl.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssl.3,v 1.7 2017/04/10 15:37:55 schwarze Exp $	1	.\" $OpenBSD: ssl.3,v 1.8 2017/08/12 12:31:30 schwarze Exp $
2	.\" OpenSSL e330f55d Nov 11 00:51:04 2016 +0100	2	.\" OpenSSL e330f55d Nov 11 00:51:04 2016 +0100
3	.\"	3	.\"
4	.\" This file was written by Ralf S. Engelschall <rse@openssl.org>,	4	.\" This file was written by Ralf S. Engelschall <rse@openssl.org>,
@@ -50,7 +50,7 @@
50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	50	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	51	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
52	.\"	52	.\"
53	.Dd $Mdocdate: April 10 2017 $	53	.Dd $Mdocdate: August 12 2017 $
54	.Dt SSL 3	54	.Dt SSL 3
55	.Os	55	.Os
56	.Sh NAME	56	.Sh NAME
@@ -222,7 +222,8 @@ Configuration functions:
222	.Xr SSL_CTX_set_tmp_rsa_callback 3 ,	222	.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
223	.Xr SSL_CTX_set_verify 3 ,	223	.Xr SSL_CTX_set_verify 3 ,
224	.Xr SSL_CTX_use_certificate 3 ,	224	.Xr SSL_CTX_use_certificate 3 ,
225	.Xr SSL_set1_param 3 ,	225	.Xr SSL_set_tmp_ecdh 3 ,
		226	.Xr SSL_set1_param 3
226	.Pp	227	.Pp
227	Accessors:	228	Accessors:
228	.Xr SSL_CTX_get_ex_new_index 3 ,	229	.Xr SSL_CTX_get_ex_new_index 3 ,