From: Antoine Salon Date: Tue, 16 Oct 2018 23:40:01 +0000 (-0700) Subject: Add SSL_CTX_set_tmp_ecdh.pod X-Git-Tag: openssl-3.0.0-alpha1~2897 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d9720a5992315a6936ffba55d2fbbac460fb96a2;p=oweals%2Fopenssl.git Add SSL_CTX_set_tmp_ecdh.pod Signed-off-by: Antoine Salon Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7522) --- diff --git a/doc/man3/SSL_CTX_set_tmp_ecdh.pod b/doc/man3/SSL_CTX_set_tmp_ecdh.pod new file mode 100644 index 0000000000..08e88da312 --- /dev/null +++ b/doc/man3/SSL_CTX_set_tmp_ecdh.pod @@ -0,0 +1,48 @@ +=pod + +=head1 NAME + +SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto +- handle ECDH keys for ephemeral key exchange + +=head1 SYNOPSIS + +#include + +long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh); +long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh); + +long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state); +long SSL_set_ecdh_auto(SSL *ssl, int state); + +=head1 DESCRIPTION + +SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be B. +The key is inherited by all B objects created from B. + +SSL_set_tmp_ecdh() sets the parameters only for B. + +SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() are deprecated and +have no effect. + +=head1 RETURN VALUES + +SSL_CTX_set_tmp_ecdh() and SSL_set_tmp_ecdh() return 1 on success and 0 +on failure. + +=head1 SEE ALSO + +L, L, L, +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod index 6cc1c4bcff..1695f7ea19 100644 --- a/doc/man7/ssl.pod +++ b/doc/man7/ssl.pod @@ -383,6 +383,8 @@ Use the file path to locate trusted CA certificates. =item long B(SSL_CTX *ctx, DH *(*cb)(void)); +=item long B(SSL_CTX* ctx, const EC_KEY *ecdh); + =item void B(SSL_CTX *ctx, int mode, int (*cb);(void)) =item int B(SSL_CTX *ctx, EVP_PKEY *pkey); @@ -678,6 +680,12 @@ fresh handle for each connection. =item void B(SSL *ssl, long t); +=item long B(SSL *ssl, DH *dh); + +=item long B(SSL *ssl, DH *(*cb)(void)); + +=item long B(SSL *ssl, const EC_KEY *ecdh); + =item void B(SSL *ssl, int mode, int (*callback);(void)) =item void B(SSL *ssl, long arg); @@ -785,6 +793,7 @@ L, L, L, L, +L, L, L, L, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 866ca4dfa9..4b9906f215 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3414,7 +3414,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY *pkdh = NULL; if (dh == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return ret; + return 0; } pkdh = ssl_dh_to_pkey(dh); if (pkdh == NULL) { @@ -3425,11 +3425,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY_security_bits(pkdh), 0, pkdh)) { SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL); EVP_PKEY_free(pkdh); - return ret; + return 0; } EVP_PKEY_free(s->cert->dh_tmp); s->cert->dh_tmp = pkdh; - ret = 1; + return 1; } break; case SSL_CTRL_SET_TMP_DH_CB: @@ -3781,7 +3781,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) EVP_PKEY_security_bits(pkdh), 0, pkdh)) { SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL); EVP_PKEY_free(pkdh); - return 1; + return 0; } EVP_PKEY_free(ctx->cert->dh_tmp); ctx->cert->dh_tmp = pkdh; diff --git a/util/private.num b/util/private.num index 4a0ed292ec..d6724ed5f3 100644 --- a/util/private.num +++ b/util/private.num @@ -365,6 +365,7 @@ SSL_CTX_set1_sigalgs define SSL_CTX_set1_sigalgs_list define SSL_CTX_set1_verify_cert_store define SSL_CTX_set_current_cert define +SSL_CTX_set_ecdh_auto define SSL_CTX_set_max_cert_list define SSL_CTX_set_max_pipelines define SSL_CTX_set_max_proto_version define @@ -382,6 +383,7 @@ SSL_CTX_set_tlsext_status_cb define SSL_CTX_set_tlsext_status_type define SSL_CTX_set_tlsext_ticket_key_cb define SSL_CTX_set_tmp_dh define +SSL_CTX_set_tmp_ecdh define SSL_add0_chain_cert define SSL_add1_chain_cert define SSL_build_cert_chain define @@ -433,6 +435,7 @@ SSL_set1_sigalgs define SSL_set1_sigalgs_list define SSL_set1_verify_cert_store define SSL_set_current_cert define +SSL_set_ecdh_auto define SSL_set_max_cert_list define SSL_set_max_pipelines define SSL_set_max_proto_version define @@ -448,6 +451,7 @@ SSL_set_tlsext_host_name define SSL_set_tlsext_status_ocsp_resp define SSL_set_tlsext_status_type define SSL_set_tmp_dh define +SSL_set_tmp_ecdh define SSL_want_async define SSL_want_async_job define SSL_want_client_hello_cb define