From 20d1bc3a6c917bf8b404d9b5a7a559199eb00e34 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Sat, 12 Aug 2017 12:31:30 +0000 Subject: New manual page SSL_set_tmp_ecdh(3) written from scratch. Feedback and OK jsing@. --- src/lib/libssl/man/Makefile | 3 +- src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 | 7 +- src/lib/libssl/man/SSL_set_tmp_ecdh.3 | 102 +++++++++++++++++++++++ src/lib/libssl/man/ssl.3 | 7 +- 4 files changed, 112 insertions(+), 7 deletions(-) create mode 100644 src/lib/libssl/man/SSL_set_tmp_ecdh.3 (limited to 'src/lib') diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index c0b304cd80..3a704dd5ff 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.55 2017/04/10 15:54:46 schwarze Exp $ +# $OpenBSD: Makefile,v 1.56 2017/08/12 12:31:30 schwarze Exp $ .include @@ -99,6 +99,7 @@ MAN = BIO_f_ssl.3 \ SSL_set_max_send_fragment.3 \ SSL_set_session.3 \ SSL_set_shutdown.3 \ + SSL_set_tmp_ecdh.3 \ SSL_set_verify_result.3 \ SSL_shutdown.3 \ SSL_state_string.3 \ diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index f7461b22d5..3cfb060a9e 100644 --- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.3 2017/07/05 12:23:46 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.4 2017/08/12 12:31:30 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 5 2017 $ +.Dd $Mdocdate: August 12 2017 $ .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3 .Os .Sh NAME @@ -219,4 +219,5 @@ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { .Xr openssl 1 , .Xr ssl 3 , .Xr SSL_CTX_set_cipher_list 3 , -.Xr SSL_CTX_set_options 3 +.Xr SSL_CTX_set_options 3 , +.Xr SSL_set_tmp_ecdh 3 diff --git a/src/lib/libssl/man/SSL_set_tmp_ecdh.3 b/src/lib/libssl/man/SSL_set_tmp_ecdh.3 new file mode 100644 index 0000000000..34e59172d1 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_tmp_ecdh.3 @@ -0,0 +1,102 @@ +.\" $OpenBSD: SSL_set_tmp_ecdh.3,v 1.1 2017/08/12 12:31:30 schwarze Exp $ +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 12 2017 $ +.Dt SSL_SET_TMP_ECDH 3 +.Os +.Sh NAME +.Nm SSL_set_tmp_ecdh , +.Nm SSL_CTX_set_tmp_ecdh , +.Nm SSL_set_ecdh_auto , +.Nm SSL_CTX_set_ecdh_auto , +.Nm SSL_set_tmp_ecdh_callback , +.Nm SSL_CTX_set_tmp_ecdh_callback +.Nd select a curve for ECDH ephemeral key exchange +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fo SSL_set_tmp_ecdh +.Fa "SSL *ssl" +.Fa "EC_KEY *ecdh" +.Fc +.Ft long +.Fo SSL_CTX_set_tmp_ecdh +.Fa "SSL_CTX *ctx" +.Fa "EC_KEY *ecdh" +.Fc +.Ft long +.Fo SSL_set_ecdh_auto +.Fa "SSL *ssl" +.Fa "int state" +.Fc +.Ft long +.Fo SSL_CTX_set_ecdh_auto +.Fa "SSL_CTX *ctx" +.Fa "int state" +.Fc +.Ft void +.Fo SSL_set_tmp_ecdh_callback +.Fa "SSL *ssl" +.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)" +.Fc +.Ft void +.Fo SSL_CTX_set_tmp_ecdh_callback +.Fa "SSL_CTX *ctx" +.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)" +.Fc +.Sh DESCRIPTION +Automatic EC curve selection and generation is always enabled in +LibreSSL, and applications cannot manually provide EC keys for use +with ECDHE key exchange. +.Pp +The only remaining effect of +.Fn SSL_set_tmp_ecdh +is that the curve of the given +.Fa ecdh +key becomes the only curve enabled for the +.Fa ssl +connection. +.Pp +.Fn SSL_CTX_set_tmp_ecdh +has the same effect on all connections that will be created from +.Fa ctx +in the future. +.Pp +The functions +.Fn SSL_set_ecdh_auto , +.Fn SSL_CTX_set_ecdh_auto , +.Fn SSL_set_tmp_ecdh_callback , +and +.Fn SSL_CTX_set_tmp_ecdh_callback +are deprecated and have no effect. +.Sh RETURN VALUES +.Fn SSL_set_tmp_ecdh +and +.Fn SSL_CTX_set_tmp_ecdh +return 1 on success or 0 on failure. +.Pp +.Fn SSL_set_ecdh_auto , +.Fn SSL_CTX_set_ecdh_auto , +.Fn SSL_set_tmp_ecdh_callback , +and +.Fn SSL_CTX_set_tmp_ecdh_callback +always return 1. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_cipher_list 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_CTX_set_tmp_dh_callback 3 , +.Xr SSL_new 3 diff --git a/src/lib/libssl/man/ssl.3 b/src/lib/libssl/man/ssl.3 index dd3a3451e1..c01bddd0df 100644 --- a/src/lib/libssl/man/ssl.3 +++ b/src/lib/libssl/man/ssl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssl.3,v 1.7 2017/04/10 15:37:55 schwarze Exp $ +.\" $OpenBSD: ssl.3,v 1.8 2017/08/12 12:31:30 schwarze Exp $ .\" OpenSSL e330f55d Nov 11 00:51:04 2016 +0100 .\" .\" This file was written by Ralf S. Engelschall , @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 10 2017 $ +.Dd $Mdocdate: August 12 2017 $ .Dt SSL 3 .Os .Sh NAME @@ -222,7 +222,8 @@ Configuration functions: .Xr SSL_CTX_set_tmp_rsa_callback 3 , .Xr SSL_CTX_set_verify 3 , .Xr SSL_CTX_use_certificate 3 , -.Xr SSL_set1_param 3 , +.Xr SSL_set_tmp_ecdh 3 , +.Xr SSL_set1_param 3 .Pp Accessors: .Xr SSL_CTX_get_ex_new_index 3 , -- cgit v1.2.3-55-g6feb