1 files changed, 102 insertions, 0 deletions
diff --git a/src/lib/libssl/man/SSL_set_tmp_ecdh.3 b/src/lib/libssl/man/SSL_set_tmp_ecdh.3
new file mode 100644
index 0000000000..34e59172d1
--- /dev/null
+++ b/src/lib/libssl/man/SSL_set_tmp_ecdh.3
@@ -0,0 +1,102 @@
+.\"     $OpenBSD: SSL_set_tmp_ecdh.3,v 1.1 2017/08/12 12:31:30 schwarze Exp $
+.\"
+.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 12 2017 $
+.Dt SSL_SET_TMP_ECDH 3
+.Os
+.Sh NAME
+.Nm SSL_set_tmp_ecdh ,
+.Nm SSL_CTX_set_tmp_ecdh ,
+.Nm SSL_set_ecdh_auto ,
+.Nm SSL_CTX_set_ecdh_auto ,
+.Nm SSL_set_tmp_ecdh_callback ,
+.Nm SSL_CTX_set_tmp_ecdh_callback
+.Nd select a curve for ECDH ephemeral key exchange
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft long
+.Fo SSL_set_tmp_ecdh
+.Fa "SSL *ssl"
+.Fa "EC_KEY *ecdh"
+.Fc
+.Ft long
+.Fo SSL_CTX_set_tmp_ecdh
+.Fa "SSL_CTX *ctx"
+.Fa "EC_KEY *ecdh"
+.Fc
+.Ft long
+.Fo SSL_set_ecdh_auto
+.Fa "SSL *ssl"
+.Fa "int state"
+.Fc
+.Ft long
+.Fo SSL_CTX_set_ecdh_auto
+.Fa "SSL_CTX *ctx"
+.Fa "int state"
+.Fc
+.Ft void
+.Fo SSL_set_tmp_ecdh_callback
+.Fa "SSL *ssl"
+.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)"
+.Fc
+.Ft void
+.Fo SSL_CTX_set_tmp_ecdh_callback
+.Fa "SSL_CTX *ctx"
+.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)"
+.Fc
+.Sh DESCRIPTION
+Automatic EC curve selection and generation is always enabled in
+LibreSSL, and applications cannot manually provide EC keys for use
+with ECDHE key exchange.
+.Pp
+The only remaining effect of
+.Fn SSL_set_tmp_ecdh
+is that the curve of the given
+.Fa ecdh
+key becomes the only curve enabled for the
+.Fa ssl
+connection.
+.Pp
+.Fn SSL_CTX_set_tmp_ecdh
+has the same effect on all connections that will be created from
+.Fa ctx
+in the future.
+.Pp
+The functions
+.Fn SSL_set_ecdh_auto ,
+.Fn SSL_CTX_set_ecdh_auto ,
+.Fn SSL_set_tmp_ecdh_callback ,
+and
+.Fn SSL_CTX_set_tmp_ecdh_callback
+are deprecated and have no effect.
+.Sh RETURN VALUES
+.Fn SSL_set_tmp_ecdh
+and
+.Fn SSL_CTX_set_tmp_ecdh
+return 1 on success or 0 on failure.
+.Pp
+.Fn SSL_set_ecdh_auto ,
+.Fn SSL_CTX_set_ecdh_auto ,
+.Fn SSL_set_tmp_ecdh_callback ,
+and
+.Fn SSL_CTX_set_tmp_ecdh_callback
+always return 1.
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_CTX_set_cipher_list 3 ,
+.Xr SSL_CTX_set_options 3 ,
+.Xr SSL_CTX_set_tmp_dh_callback 3 ,
+.Xr SSL_new 3

diff --git a/src/lib/libssl/man/SSL_set_tmp_ecdh.3 b/src/lib/libssl/man/SSL_set_tmp_ecdh.3 new file mode 100644 index 0000000000..34e59172d1 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_tmp_ecdh.3
@@ -0,0 +1,102 @@
	1	.\" $OpenBSD: SSL_set_tmp_ecdh.3,v 1.1 2017/08/12 12:31:30 schwarze Exp $
	2	.\"
	3	.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
	4	.\"
	5	.\" Permission to use, copy, modify, and distribute this software for any
	6	.\" purpose with or without fee is hereby granted, provided that the above
	7	.\" copyright notice and this permission notice appear in all copies.
	8	.\"
	9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	.\"
	17	.Dd $Mdocdate: August 12 2017 $
	18	.Dt SSL_SET_TMP_ECDH 3
	19	.Os
	20	.Sh NAME
	21	.Nm SSL_set_tmp_ecdh ,
	22	.Nm SSL_CTX_set_tmp_ecdh ,
	23	.Nm SSL_set_ecdh_auto ,
	24	.Nm SSL_CTX_set_ecdh_auto ,
	25	.Nm SSL_set_tmp_ecdh_callback ,
	26	.Nm SSL_CTX_set_tmp_ecdh_callback
	27	.Nd select a curve for ECDH ephemeral key exchange
	28	.Sh SYNOPSIS
	29	.In openssl/ssl.h
	30	.Ft long
	31	.Fo SSL_set_tmp_ecdh
	32	.Fa "SSL *ssl"
	33	.Fa "EC_KEY *ecdh"
	34	.Fc
	35	.Ft long
	36	.Fo SSL_CTX_set_tmp_ecdh
	37	.Fa "SSL_CTX *ctx"
	38	.Fa "EC_KEY *ecdh"
	39	.Fc
	40	.Ft long
	41	.Fo SSL_set_ecdh_auto
	42	.Fa "SSL *ssl"
	43	.Fa "int state"
	44	.Fc
	45	.Ft long
	46	.Fo SSL_CTX_set_ecdh_auto
	47	.Fa "SSL_CTX *ctx"
	48	.Fa "int state"
	49	.Fc
	50	.Ft void
	51	.Fo SSL_set_tmp_ecdh_callback
	52	.Fa "SSL *ssl"
	53	.Fa "EC_KEY (ecdh)(SSL *ssl, int is_export, int keylength)"
	54	.Fc
	55	.Ft void
	56	.Fo SSL_CTX_set_tmp_ecdh_callback
	57	.Fa "SSL_CTX *ctx"
	58	.Fa "EC_KEY (ecdh)(SSL *ssl, int is_export, int keylength)"
	59	.Fc
	60	.Sh DESCRIPTION
	61	Automatic EC curve selection and generation is always enabled in
	62	LibreSSL, and applications cannot manually provide EC keys for use
	63	with ECDHE key exchange.
	64	.Pp
	65	The only remaining effect of
	66	.Fn SSL_set_tmp_ecdh
	67	is that the curve of the given
	68	.Fa ecdh
	69	key becomes the only curve enabled for the
	70	.Fa ssl
	71	connection.
	72	.Pp
	73	.Fn SSL_CTX_set_tmp_ecdh
	74	has the same effect on all connections that will be created from
	75	.Fa ctx
	76	in the future.
	77	.Pp
	78	The functions
	79	.Fn SSL_set_ecdh_auto ,
	80	.Fn SSL_CTX_set_ecdh_auto ,
	81	.Fn SSL_set_tmp_ecdh_callback ,
	82	and
	83	.Fn SSL_CTX_set_tmp_ecdh_callback
	84	are deprecated and have no effect.
	85	.Sh RETURN VALUES
	86	.Fn SSL_set_tmp_ecdh
	87	and
	88	.Fn SSL_CTX_set_tmp_ecdh
	89	return 1 on success or 0 on failure.
	90	.Pp
	91	.Fn SSL_set_ecdh_auto ,
	92	.Fn SSL_CTX_set_ecdh_auto ,
	93	.Fn SSL_set_tmp_ecdh_callback ,
	94	and
	95	.Fn SSL_CTX_set_tmp_ecdh_callback
	96	always return 1.
	97	.Sh SEE ALSO
	98	.Xr ssl 3 ,
	99	.Xr SSL_CTX_set_cipher_list 3 ,
	100	.Xr SSL_CTX_set_options 3 ,
	101	.Xr SSL_CTX_set_tmp_dh_callback 3 ,
	102	.Xr SSL_new 3