summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@cvs.openbsd.org>2017-08-12 12:31:31 +0000
committerIngo Schwarze <schwarze@cvs.openbsd.org>2017-08-12 12:31:31 +0000
commit389d1e4942cc77948c1ec0c0d3d3a2a659a7c14e (patch)
tree3af24bb390df1042855b99d85001caa768458685
parentc58335c2e1e49a6e35f43c03b3f321d56ca0320d (diff)
New manual page SSL_set_tmp_ecdh(3) written from scratch.
Feedback and OK jsing@.
Diffstat
-rw-r--r--lib/libssl/man/Makefile3
-rw-r--r--lib/libssl/man/SSL_CTX_set_tmp_dh_callback.37
-rw-r--r--lib/libssl/man/SSL_set_tmp_ecdh.3102
-rw-r--r--lib/libssl/man/ssl.37
4 files changed, 112 insertions, 7 deletions
diff --git a/lib/libssl/man/Makefile b/lib/libssl/man/Makefile
index c0b304cd806..3a704dd5ff1 100644
--- a/lib/libssl/man/Makefile
+++ b/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.55 2017/04/10 15:54:46 schwarze Exp $
+# $OpenBSD: Makefile,v 1.56 2017/08/12 12:31:30 schwarze Exp $
.include <bsd.own.mk>
@@ -99,6 +99,7 @@ MAN = BIO_f_ssl.3 \
SSL_set_max_send_fragment.3 \
SSL_set_session.3 \
SSL_set_shutdown.3 \
+ SSL_set_tmp_ecdh.3 \
SSL_set_verify_result.3 \
SSL_shutdown.3 \
SSL_state_string.3 \
diff --git a/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index f7461b22d56..3cfb060a9e5 100644
--- a/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.3 2017/07/05 12:23:46 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.4 2017/08/12 12:31:30 schwarze Exp $
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 5 2017 $
+.Dd $Mdocdate: August 12 2017 $
.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
.Os
.Sh NAME
@@ -219,4 +219,5 @@ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
.Xr openssl 1 ,
.Xr ssl 3 ,
.Xr SSL_CTX_set_cipher_list 3 ,
-.Xr SSL_CTX_set_options 3
+.Xr SSL_CTX_set_options 3 ,
+.Xr SSL_set_tmp_ecdh 3
diff --git a/lib/libssl/man/SSL_set_tmp_ecdh.3 b/lib/libssl/man/SSL_set_tmp_ecdh.3
new file mode 100644
index 00000000000..34e59172d18
--- /dev/null
+++ b/lib/libssl/man/SSL_set_tmp_ecdh.3
@@ -0,0 +1,102 @@
+.\" $OpenBSD: SSL_set_tmp_ecdh.3,v 1.1 2017/08/12 12:31:30 schwarze Exp $
+.\"
+.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 12 2017 $
+.Dt SSL_SET_TMP_ECDH 3
+.Os
+.Sh NAME
+.Nm SSL_set_tmp_ecdh ,
+.Nm SSL_CTX_set_tmp_ecdh ,
+.Nm SSL_set_ecdh_auto ,
+.Nm SSL_CTX_set_ecdh_auto ,
+.Nm SSL_set_tmp_ecdh_callback ,
+.Nm SSL_CTX_set_tmp_ecdh_callback
+.Nd select a curve for ECDH ephemeral key exchange
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft long
+.Fo SSL_set_tmp_ecdh
+.Fa "SSL *ssl"
+.Fa "EC_KEY *ecdh"
+.Fc
+.Ft long
+.Fo SSL_CTX_set_tmp_ecdh
+.Fa "SSL_CTX *ctx"
+.Fa "EC_KEY *ecdh"
+.Fc
+.Ft long
+.Fo SSL_set_ecdh_auto
+.Fa "SSL *ssl"
+.Fa "int state"
+.Fc
+.Ft long
+.Fo SSL_CTX_set_ecdh_auto
+.Fa "SSL_CTX *ctx"
+.Fa "int state"
+.Fc
+.Ft void
+.Fo SSL_set_tmp_ecdh_callback
+.Fa "SSL *ssl"
+.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)"
+.Fc
+.Ft void
+.Fo SSL_CTX_set_tmp_ecdh_callback
+.Fa "SSL_CTX *ctx"
+.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)"
+.Fc
+.Sh DESCRIPTION
+Automatic EC curve selection and generation is always enabled in
+LibreSSL, and applications cannot manually provide EC keys for use
+with ECDHE key exchange.
+.Pp
+The only remaining effect of
+.Fn SSL_set_tmp_ecdh
+is that the curve of the given
+.Fa ecdh
+key becomes the only curve enabled for the
+.Fa ssl
+connection.
+.Pp
+.Fn SSL_CTX_set_tmp_ecdh
+has the same effect on all connections that will be created from
+.Fa ctx
+in the future.
+.Pp
+The functions
+.Fn SSL_set_ecdh_auto ,
+.Fn SSL_CTX_set_ecdh_auto ,
+.Fn SSL_set_tmp_ecdh_callback ,
+and
+.Fn SSL_CTX_set_tmp_ecdh_callback
+are deprecated and have no effect.
+.Sh RETURN VALUES
+.Fn SSL_set_tmp_ecdh
+and
+.Fn SSL_CTX_set_tmp_ecdh
+return 1 on success or 0 on failure.
+.Pp
+.Fn SSL_set_ecdh_auto ,
+.Fn SSL_CTX_set_ecdh_auto ,
+.Fn SSL_set_tmp_ecdh_callback ,
+and
+.Fn SSL_CTX_set_tmp_ecdh_callback
+always return 1.
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_CTX_set_cipher_list 3 ,
+.Xr SSL_CTX_set_options 3 ,
+.Xr SSL_CTX_set_tmp_dh_callback 3 ,
+.Xr SSL_new 3
diff --git a/lib/libssl/man/ssl.3 b/lib/libssl/man/ssl.3
index dd3a3451e15..c01bddd0df0 100644
--- a/lib/libssl/man/ssl.3
+++ b/lib/libssl/man/ssl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssl.3,v 1.7 2017/04/10 15:37:55 schwarze Exp $
+.\" $OpenBSD: ssl.3,v 1.8 2017/08/12 12:31:30 schwarze Exp $
.\" OpenSSL e330f55d Nov 11 00:51:04 2016 +0100
.\"
.\" This file was written by Ralf S. Engelschall <rse@openssl.org>,
@@ -50,7 +50,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: April 10 2017 $
+.Dd $Mdocdate: August 12 2017 $
.Dt SSL 3
.Os
.Sh NAME
@@ -222,7 +222,8 @@ Configuration functions:
.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
.Xr SSL_CTX_set_verify 3 ,
.Xr SSL_CTX_use_certificate 3 ,
-.Xr SSL_set1_param 3 ,
+.Xr SSL_set_tmp_ecdh 3 ,
+.Xr SSL_set1_param 3
.Pp
Accessors:
.Xr SSL_CTX_get_ex_new_index 3 ,
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-08 09:15:14 +0000