1 files changed, 175 insertions, 0 deletions
diff --git a/src/lib/libssl/man/SSL_read_early_data.3 b/src/lib/libssl/man/SSL_read_early_data.3
new file mode 100644
index 0000000000..71ad3c52a3
--- /dev/null
+++ b/src/lib/libssl/man/SSL_read_early_data.3
@@ -0,0 +1,175 @@
+.\" $OpenBSD: SSL_read_early_data.3,v 1.1 2020/09/21 08:53:56 schwarze Exp $
+.\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
+.\"
+.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: September 21 2020 $
+.Dt SSL_READ_EARLY_DATA 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set_max_early_data ,
+.Nm SSL_set_max_early_data ,
+.Nm SSL_SESSION_set_max_early_data ,
+.Nm SSL_CTX_get_max_early_data ,
+.Nm SSL_get_max_early_data ,
+.Nm SSL_SESSION_get_max_early_data ,
+.Nm SSL_write_early_data ,
+.Nm SSL_read_early_data ,
+.Nm SSL_get_early_data_status
+.Nd transmit application data before the handshake is complete
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft int
+.Fo SSL_CTX_set_max_early_data
+.Fa "SSL_CTX *ctx"
+.Fa "uint32_t max_bytes"
+.Fc
+.Ft int
+.Fo SSL_set_max_early_data
+.Fa "SSL *ssl"
+.Fa "uint32_t max_bytes"
+.Fc
+.Ft int
+.Fo SSL_SESSION_set_max_early_data
+.Fa "SSL_SESSION *session"
+.Fa "uint32_t max_bytes"
+.Fc
+.Ft uint32_t
+.Fo SSL_CTX_get_max_early_data
+.Fa "const SSL_CTX *ctx"
+.Fc
+.Ft uint32_t
+.Fo SSL_get_max_early_data
+.Fa "const SSL *ssl"
+.Fc
+.Ft uint32_t
+.Fo SSL_SESSION_get_max_early_data
+.Fa "const SSL_SESSION *session"
+.Fc
+.Ft int
+.Fo SSL_write_early_data
+.Fa "SSL *ssl"
+.Fa "const void *buf"
+.Fa "size_t len"
+.Fa "size_t *written"
+.Fc
+.Ft int
+.Fo SSL_read_early_data
+.Fa "SSL *ssl"
+.Fa "void *buf"
+.Fa "size_t maxlen"
+.Fa "size_t *readbytes"
+.Fc
+.Ft int
+.Fo SSL_get_early_data_status
+.Fa "const SSL *ssl"
+.Fc
+.Sh DESCRIPTION
+In LibreSSL, these functions have no effect.
+They are only provided because some application programs
+expect the API to be available when TLSv1.3 is supported.
+Using these functions is strongly discouraged because they provide
+marginal benefit in the first place even when implemented and
+used as designed, because they have absurdly complicated semantics,
+and because when they are used, inconspicuous oversights are likely
+to cause serious security vulnerabilities.
+.Pp
+If these functions are used, other TLS implementations
+may allow the transfer of application data
+before the inital handshake is complete.
+Even when used as designed, security of the connection is compromised;
+in particular, application data is exchanged with unauthenticated peers,
+and there is no forward secrecy.
+Other downsides include an increased risk of replay attacks.
+.Pp
+.Fn SSL_CTX_set_max_early_data ,
+.Fn SSL_set_max_early_data ,
+and
+.Fn SSL_SESSION_set_max_early_data
+are intended to configure the maximum number of bytes per session
+that can be transmitted before the handshake is complete.
+With LibreSSL, all arguments are ignored.
+.Pp
+An endpoint can attempt to send application data with
+.Fn SSL_write_early_data
+before the handshake is complete.
+With LibreSSL, such attempts always fail and set
+.Pf * Fa written
+to 0.
+.Pp
+A server can attempt to read application data from the client using
+.Fn SSL_read_early_data
+before the handshake is complete.
+With LibreSSL, no such data is ever accepted and
+.Pf * Fa readbytes
+is always set to 0.
+.Sh RETURN VALUES
+.Fn SSL_CTX_set_max_early_data ,
+.Fn SSL_set_max_early_data ,
+and
+.Fn SSL_SESSION_set_max_early_data
+return 1 for success or 0 for failure.
+With LibreSSL, they always succeed.
+.Pp
+.Fn SSL_CTX_get_max_early_data ,
+.Fn SSL_get_max_early_data ,
+and
+.Fn SSL_SESSION_get_max_early_data
+return the maximum number of bytes of application data
+that will be accepted from the peer before the handshake is complete.
+With LibreSSL, they always return 0.
+.Pp
+.Fn SSL_write_early_data
+returns 1 for success or 0 for failure.
+With LibreSSL, it always fails.
+.Pp
+With LibreSSL,
+.Fn SSL_read_early_data
+always returns
+.Dv SSL_READ_EARLY_DATA_FINISH
+on the server side and
+.Dv SSL_READ_EARLY_DATA_ERROR
+on the client side.
+.Dv SSL_READ_EARLY_DATA_SUCCESS
+can occur with other implementations, but not with LibreSSL.
+.Pp
+With LibreSSL,
+.Fn SSL_get_early_data_status
+always returns
+.Dv SSL_EARLY_DATA_REJECTED .
+With other implementations, it might also return
+.Dv SSL_EARLY_DATA_NOT_SENT
+or
+.Dv SSL_EARLY_DATA_ACCEPTED .
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_read 3 ,
+.Xr SSL_write 3
+.Sh STANDARDS
+RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3:
+.Bl -tag -width "section 4.2.10" -compact
+.It Section 2.3
+0-RTT data
+.It Section 4.2.10
+Early Data Indication
+.It Section 8
+0-RTT and Anti-Replay
+.It Appendix E.5
+Replay Attacks on 0-RTT
+.El
+.Sh HISTORY
+These functions first appeared in OpenSSL 1.1.1
+and have been available since
+.Ox 6.9 .

diff --git a/src/lib/libssl/man/SSL_read_early_data.3 b/src/lib/libssl/man/SSL_read_early_data.3 new file mode 100644 index 0000000000..71ad3c52a3 --- /dev/null +++ b/src/lib/libssl/man/SSL_read_early_data.3
@@ -0,0 +1,175 @@
	1	.\" $OpenBSD: SSL_read_early_data.3,v 1.1 2020/09/21 08:53:56 schwarze Exp $
	2	.\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
	3	.\"
	4	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
	5	.\"
	6	.\" Permission to use, copy, modify, and distribute this software for any
	7	.\" purpose with or without fee is hereby granted, provided that the above
	8	.\" copyright notice and this permission notice appear in all copies.
	9	.\"
	10	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	11	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	12	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	13	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	14	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	15	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	16	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	17	.\"
	18	.Dd $Mdocdate: September 21 2020 $
	19	.Dt SSL_READ_EARLY_DATA 3
	20	.Os
	21	.Sh NAME
	22	.Nm SSL_CTX_set_max_early_data ,
	23	.Nm SSL_set_max_early_data ,
	24	.Nm SSL_SESSION_set_max_early_data ,
	25	.Nm SSL_CTX_get_max_early_data ,
	26	.Nm SSL_get_max_early_data ,
	27	.Nm SSL_SESSION_get_max_early_data ,
	28	.Nm SSL_write_early_data ,
	29	.Nm SSL_read_early_data ,
	30	.Nm SSL_get_early_data_status
	31	.Nd transmit application data before the handshake is complete
	32	.Sh SYNOPSIS
	33	.In openssl/ssl.h
	34	.Ft int
	35	.Fo SSL_CTX_set_max_early_data
	36	.Fa "SSL_CTX *ctx"
	37	.Fa "uint32_t max_bytes"
	38	.Fc
	39	.Ft int
	40	.Fo SSL_set_max_early_data
	41	.Fa "SSL *ssl"
	42	.Fa "uint32_t max_bytes"
	43	.Fc
	44	.Ft int
	45	.Fo SSL_SESSION_set_max_early_data
	46	.Fa "SSL_SESSION *session"
	47	.Fa "uint32_t max_bytes"
	48	.Fc
	49	.Ft uint32_t
	50	.Fo SSL_CTX_get_max_early_data
	51	.Fa "const SSL_CTX *ctx"
	52	.Fc
	53	.Ft uint32_t
	54	.Fo SSL_get_max_early_data
	55	.Fa "const SSL *ssl"
	56	.Fc
	57	.Ft uint32_t
	58	.Fo SSL_SESSION_get_max_early_data
	59	.Fa "const SSL_SESSION *session"
	60	.Fc
	61	.Ft int
	62	.Fo SSL_write_early_data
	63	.Fa "SSL *ssl"
	64	.Fa "const void *buf"
	65	.Fa "size_t len"
	66	.Fa "size_t *written"
	67	.Fc
	68	.Ft int
	69	.Fo SSL_read_early_data
	70	.Fa "SSL *ssl"
	71	.Fa "void *buf"
	72	.Fa "size_t maxlen"
	73	.Fa "size_t *readbytes"
	74	.Fc
	75	.Ft int
	76	.Fo SSL_get_early_data_status
	77	.Fa "const SSL *ssl"
	78	.Fc
	79	.Sh DESCRIPTION
	80	In LibreSSL, these functions have no effect.
	81	They are only provided because some application programs
	82	expect the API to be available when TLSv1.3 is supported.
	83	Using these functions is strongly discouraged because they provide
	84	marginal benefit in the first place even when implemented and
	85	used as designed, because they have absurdly complicated semantics,
	86	and because when they are used, inconspicuous oversights are likely
	87	to cause serious security vulnerabilities.
	88	.Pp
	89	If these functions are used, other TLS implementations
	90	may allow the transfer of application data
	91	before the inital handshake is complete.
	92	Even when used as designed, security of the connection is compromised;
	93	in particular, application data is exchanged with unauthenticated peers,
	94	and there is no forward secrecy.
	95	Other downsides include an increased risk of replay attacks.
	96	.Pp
	97	.Fn SSL_CTX_set_max_early_data ,
	98	.Fn SSL_set_max_early_data ,
	99	and
	100	.Fn SSL_SESSION_set_max_early_data
	101	are intended to configure the maximum number of bytes per session
	102	that can be transmitted before the handshake is complete.
	103	With LibreSSL, all arguments are ignored.
	104	.Pp
	105	An endpoint can attempt to send application data with
	106	.Fn SSL_write_early_data
	107	before the handshake is complete.
	108	With LibreSSL, such attempts always fail and set
	109	.Pf * Fa written
	110	to 0.
	111	.Pp
	112	A server can attempt to read application data from the client using
	113	.Fn SSL_read_early_data
	114	before the handshake is complete.
	115	With LibreSSL, no such data is ever accepted and
	116	.Pf * Fa readbytes
	117	is always set to 0.
	118	.Sh RETURN VALUES
	119	.Fn SSL_CTX_set_max_early_data ,
	120	.Fn SSL_set_max_early_data ,
	121	and
	122	.Fn SSL_SESSION_set_max_early_data
	123	return 1 for success or 0 for failure.
	124	With LibreSSL, they always succeed.
	125	.Pp
	126	.Fn SSL_CTX_get_max_early_data ,
	127	.Fn SSL_get_max_early_data ,
	128	and
	129	.Fn SSL_SESSION_get_max_early_data
	130	return the maximum number of bytes of application data
	131	that will be accepted from the peer before the handshake is complete.
	132	With LibreSSL, they always return 0.
	133	.Pp
	134	.Fn SSL_write_early_data
	135	returns 1 for success or 0 for failure.
	136	With LibreSSL, it always fails.
	137	.Pp
	138	With LibreSSL,
	139	.Fn SSL_read_early_data
	140	always returns
	141	.Dv SSL_READ_EARLY_DATA_FINISH
	142	on the server side and
	143	.Dv SSL_READ_EARLY_DATA_ERROR
	144	on the client side.
	145	.Dv SSL_READ_EARLY_DATA_SUCCESS
	146	can occur with other implementations, but not with LibreSSL.
	147	.Pp
	148	With LibreSSL,
	149	.Fn SSL_get_early_data_status
	150	always returns
	151	.Dv SSL_EARLY_DATA_REJECTED .
	152	With other implementations, it might also return
	153	.Dv SSL_EARLY_DATA_NOT_SENT
	154	or
	155	.Dv SSL_EARLY_DATA_ACCEPTED .
	156	.Sh SEE ALSO
	157	.Xr ssl 3 ,
	158	.Xr SSL_read 3 ,
	159	.Xr SSL_write 3
	160	.Sh STANDARDS
	161	RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3:
	162	.Bl -tag -width "section 4.2.10" -compact
	163	.It Section 2.3
	164	0-RTT data
	165	.It Section 4.2.10
	166	Early Data Indication
	167	.It Section 8
	168	0-RTT and Anti-Replay
	169	.It Appendix E.5
	170	Replay Attacks on 0-RTT
	171	.El
	172	.Sh HISTORY
	173	These functions first appeared in OpenSSL 1.1.1
	174	and have been available since
	175	.Ox 6.9 .