This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414

author: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
committer: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
commit: eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree: edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libssl/man/SSL_read_early_data.3
parent: 247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download: openbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
1 files changed, 0 insertions, 174 deletions
diff --git a/src/lib/libssl/man/SSL_read_early_data.3 b/src/lib/libssl/man/SSL_read_early_data.3
deleted file mode 100644
index 1435c15935..0000000000
--- a/src/lib/libssl/man/SSL_read_early_data.3
+++ /dev/null
@@ -1,174 +0,0 @@
-.\" $OpenBSD: SSL_read_early_data.3,v 1.4 2021/11/26 13:48:22 jsg Exp $
-.\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
-.\"
-.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: November 26 2021 $
-.Dt SSL_READ_EARLY_DATA 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_max_early_data ,
-.Nm SSL_set_max_early_data ,
-.Nm SSL_SESSION_set_max_early_data ,
-.Nm SSL_CTX_get_max_early_data ,
-.Nm SSL_get_max_early_data ,
-.Nm SSL_SESSION_get_max_early_data ,
-.Nm SSL_write_early_data ,
-.Nm SSL_read_early_data ,
-.Nm SSL_get_early_data_status
-.Nd transmit application data during the handshake
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_CTX_set_max_early_data
-.Fa "SSL_CTX *ctx"
-.Fa "uint32_t max_bytes"
-.Fc
-.Ft int
-.Fo SSL_set_max_early_data
-.Fa "SSL *ssl"
-.Fa "uint32_t max_bytes"
-.Fc
-.Ft int
-.Fo SSL_SESSION_set_max_early_data
-.Fa "SSL_SESSION *session"
-.Fa "uint32_t max_bytes"
-.Fc
-.Ft uint32_t
-.Fo SSL_CTX_get_max_early_data
-.Fa "const SSL_CTX *ctx"
-.Fc
-.Ft uint32_t
-.Fo SSL_get_max_early_data
-.Fa "const SSL *ssl"
-.Fc
-.Ft uint32_t
-.Fo SSL_SESSION_get_max_early_data
-.Fa "const SSL_SESSION *session"
-.Fc
-.Ft int
-.Fo SSL_write_early_data
-.Fa "SSL *ssl"
-.Fa "const void *buf"
-.Fa "size_t len"
-.Fa "size_t *written"
-.Fc
-.Ft int
-.Fo SSL_read_early_data
-.Fa "SSL *ssl"
-.Fa "void *buf"
-.Fa "size_t maxlen"
-.Fa "size_t *readbytes"
-.Fc
-.Ft int
-.Fo SSL_get_early_data_status
-.Fa "const SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-In LibreSSL, these functions have no effect.
-They are only provided because some application programs
-expect the API to be available when TLSv1.3 is supported.
-Using these functions is strongly discouraged because they provide
-marginal benefit in the first place even when implemented and
-used as designed, because they have absurdly complicated semantics,
-and because when they are used, inconspicuous oversights are likely
-to cause serious security vulnerabilities.
-.Pp
-If these functions are used, other TLS implementations
-may allow the transfer of application data during the initial handshake.
-Even when used as designed, security of the connection is compromised;
-in particular, application data is exchanged with unauthenticated peers,
-and there is no forward secrecy.
-Other downsides include an increased risk of replay attacks.
-.Pp
-.Fn SSL_CTX_set_max_early_data ,
-.Fn SSL_set_max_early_data ,
-and
-.Fn SSL_SESSION_set_max_early_data
-are intended to configure the maximum number of bytes per session
-that can be transmitted during the handshake.
-With LibreSSL, all arguments are ignored.
-.Pp
-An endpoint can attempt to send application data with
-.Fn SSL_write_early_data
-during the handshake.
-With LibreSSL, such attempts always fail and set
-.Pf * Fa written
-to 0.
-.Pp
-A server can attempt to read application data from the client using
-.Fn SSL_read_early_data
-during the handshake.
-With LibreSSL, no such data is ever accepted and
-.Pf * Fa readbytes
-is always set to 0.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_max_early_data ,
-.Fn SSL_set_max_early_data ,
-and
-.Fn SSL_SESSION_set_max_early_data
-return 1 for success or 0 for failure.
-With LibreSSL, they always succeed.
-.Pp
-.Fn SSL_CTX_get_max_early_data ,
-.Fn SSL_get_max_early_data ,
-and
-.Fn SSL_SESSION_get_max_early_data
-return the maximum number of bytes of application data
-that will be accepted from the peer during the handshake.
-With LibreSSL, they always return 0.
-.Pp
-.Fn SSL_write_early_data
-returns 1 for success or 0 for failure.
-With LibreSSL, it always fails.
-.Pp
-With LibreSSL,
-.Fn SSL_read_early_data
-always returns
-.Dv SSL_READ_EARLY_DATA_FINISH
-on the server side and
-.Dv SSL_READ_EARLY_DATA_ERROR
-on the client side.
-.Dv SSL_READ_EARLY_DATA_SUCCESS
-can occur with other implementations, but not with LibreSSL.
-.Pp
-With LibreSSL,
-.Fn SSL_get_early_data_status
-always returns
-.Dv SSL_EARLY_DATA_REJECTED .
-With other implementations, it might also return
-.Dv SSL_EARLY_DATA_NOT_SENT
-or
-.Dv SSL_EARLY_DATA_ACCEPTED .
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_read 3 ,
-.Xr SSL_write 3
-.Sh STANDARDS
-RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3:
-.Bl -tag -width "section 4.2.10" -compact
-.It Section 2.3
-0-RTT data
-.It Section 4.2.10
-Early Data Indication
-.It Section 8
-0-RTT and Anti-Replay
-.It Appendix E.5
-Replay Attacks on 0-RTT
-.El
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.1.1
-and have been available since
-.Ox 7.0 .
author	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
committer	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
commit	eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree	edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libssl/man/SSL_read_early_data.3
parent	247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download	openbsd-tb_20250414.tar.gz openbsd-tb_20250414.tar.bz2 openbsd-tb_20250414.zip

diff --git a/src/lib/libssl/man/SSL_read_early_data.3 b/src/lib/libssl/man/SSL_read_early_data.3 deleted file mode 100644 index 1435c15935..0000000000 --- a/src/lib/libssl/man/SSL_read_early_data.3 +++ /dev/null
@@ -1,174 +0,0 @@
1	.\" $OpenBSD: SSL_read_early_data.3,v 1.4 2021/11/26 13:48:22 jsg Exp $
2	.\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
3	.\"
4	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
5	.\"
6	.\" Permission to use, copy, modify, and distribute this software for any
7	.\" purpose with or without fee is hereby granted, provided that the above
8	.\" copyright notice and this permission notice appear in all copies.
9	.\"
10	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	.\"
18	.Dd $Mdocdate: November 26 2021 $
19	.Dt SSL_READ_EARLY_DATA 3
20	.Os
21	.Sh NAME
22	.Nm SSL_CTX_set_max_early_data ,
23	.Nm SSL_set_max_early_data ,
24	.Nm SSL_SESSION_set_max_early_data ,
25	.Nm SSL_CTX_get_max_early_data ,
26	.Nm SSL_get_max_early_data ,
27	.Nm SSL_SESSION_get_max_early_data ,
28	.Nm SSL_write_early_data ,
29	.Nm SSL_read_early_data ,
30	.Nm SSL_get_early_data_status
31	.Nd transmit application data during the handshake
32	.Sh SYNOPSIS
33	.In openssl/ssl.h
34	.Ft int
35	.Fo SSL_CTX_set_max_early_data
36	.Fa "SSL_CTX *ctx"
37	.Fa "uint32_t max_bytes"
38	.Fc
39	.Ft int
40	.Fo SSL_set_max_early_data
41	.Fa "SSL *ssl"
42	.Fa "uint32_t max_bytes"
43	.Fc
44	.Ft int
45	.Fo SSL_SESSION_set_max_early_data
46	.Fa "SSL_SESSION *session"
47	.Fa "uint32_t max_bytes"
48	.Fc
49	.Ft uint32_t
50	.Fo SSL_CTX_get_max_early_data
51	.Fa "const SSL_CTX *ctx"
52	.Fc
53	.Ft uint32_t
54	.Fo SSL_get_max_early_data
55	.Fa "const SSL *ssl"
56	.Fc
57	.Ft uint32_t
58	.Fo SSL_SESSION_get_max_early_data
59	.Fa "const SSL_SESSION *session"
60	.Fc
61	.Ft int
62	.Fo SSL_write_early_data
63	.Fa "SSL *ssl"
64	.Fa "const void *buf"
65	.Fa "size_t len"
66	.Fa "size_t *written"
67	.Fc
68	.Ft int
69	.Fo SSL_read_early_data
70	.Fa "SSL *ssl"
71	.Fa "void *buf"
72	.Fa "size_t maxlen"
73	.Fa "size_t *readbytes"
74	.Fc
75	.Ft int
76	.Fo SSL_get_early_data_status
77	.Fa "const SSL *ssl"
78	.Fc
79	.Sh DESCRIPTION
80	In LibreSSL, these functions have no effect.
81	They are only provided because some application programs
82	expect the API to be available when TLSv1.3 is supported.
83	Using these functions is strongly discouraged because they provide
84	marginal benefit in the first place even when implemented and
85	used as designed, because they have absurdly complicated semantics,
86	and because when they are used, inconspicuous oversights are likely
87	to cause serious security vulnerabilities.
88	.Pp
89	If these functions are used, other TLS implementations
90	may allow the transfer of application data during the initial handshake.
91	Even when used as designed, security of the connection is compromised;
92	in particular, application data is exchanged with unauthenticated peers,
93	and there is no forward secrecy.
94	Other downsides include an increased risk of replay attacks.
95	.Pp
96	.Fn SSL_CTX_set_max_early_data ,
97	.Fn SSL_set_max_early_data ,
98	and
99	.Fn SSL_SESSION_set_max_early_data
100	are intended to configure the maximum number of bytes per session
101	that can be transmitted during the handshake.
102	With LibreSSL, all arguments are ignored.
103	.Pp
104	An endpoint can attempt to send application data with
105	.Fn SSL_write_early_data
106	during the handshake.
107	With LibreSSL, such attempts always fail and set
108	.Pf * Fa written
109	to 0.
110	.Pp
111	A server can attempt to read application data from the client using
112	.Fn SSL_read_early_data
113	during the handshake.
114	With LibreSSL, no such data is ever accepted and
115	.Pf * Fa readbytes
116	is always set to 0.
117	.Sh RETURN VALUES
118	.Fn SSL_CTX_set_max_early_data ,
119	.Fn SSL_set_max_early_data ,
120	and
121	.Fn SSL_SESSION_set_max_early_data
122	return 1 for success or 0 for failure.
123	With LibreSSL, they always succeed.
124	.Pp
125	.Fn SSL_CTX_get_max_early_data ,
126	.Fn SSL_get_max_early_data ,
127	and
128	.Fn SSL_SESSION_get_max_early_data
129	return the maximum number of bytes of application data
130	that will be accepted from the peer during the handshake.
131	With LibreSSL, they always return 0.
132	.Pp
133	.Fn SSL_write_early_data
134	returns 1 for success or 0 for failure.
135	With LibreSSL, it always fails.
136	.Pp
137	With LibreSSL,
138	.Fn SSL_read_early_data
139	always returns
140	.Dv SSL_READ_EARLY_DATA_FINISH
141	on the server side and
142	.Dv SSL_READ_EARLY_DATA_ERROR
143	on the client side.
144	.Dv SSL_READ_EARLY_DATA_SUCCESS
145	can occur with other implementations, but not with LibreSSL.
146	.Pp
147	With LibreSSL,
148	.Fn SSL_get_early_data_status
149	always returns
150	.Dv SSL_EARLY_DATA_REJECTED .
151	With other implementations, it might also return
152	.Dv SSL_EARLY_DATA_NOT_SENT
153	or
154	.Dv SSL_EARLY_DATA_ACCEPTED .
155	.Sh SEE ALSO
156	.Xr ssl 3 ,
157	.Xr SSL_read 3 ,
158	.Xr SSL_write 3
159	.Sh STANDARDS
160	RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3:
161	.Bl -tag -width "section 4.2.10" -compact
162	.It Section 2.3
163	0-RTT data
164	.It Section 4.2.10
165	Early Data Indication
166	.It Section 8
167	0-RTT and Anti-Replay
168	.It Appendix E.5
169	Replay Attacks on 0-RTT
170	.El
171	.Sh HISTORY
172	These functions first appeared in OpenSSL 1.1.1
173	and have been available since
174	.Ox 7.0 .