Commit d9720a59 authored by Antoine Salon's avatar Antoine Salon Committed by Matt Caswell
Browse files

Add SSL_CTX_set_tmp_ecdh.pod 



Signed-off-by: default avatarAntoine Salon <asalon@vmware.com>

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
parent dc703d6b

doc/man3/SSL_CTX_set_tmp_ecdh.pod

0 → 100644
+48 −0
Original line number Diff line number Diff line 
=pod



=head1 NAME



SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto

- handle ECDH keys for ephemeral key exchange



=head1 SYNOPSIS



#include <openssl/ssl.h>



long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh);

long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh);



long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state);

long SSL_set_ecdh_auto(SSL *ssl, int state);



=head1 DESCRIPTION



SSL_CTX_set_tmp_ecdh() sets ECDH parameters to be used to be B<ecdh>.

The key is inherited by all B<ssl> objects created from B<ctx>.



SSL_set_tmp_ecdh() sets the parameters only for B<ssl>.



SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() are deprecated and

have no effect.



=head1 RETURN VALUES



SSL_CTX_set_tmp_ecdh() and SSL_set_tmp_ecdh() return 1 on success and 0

on failure.



=head1 SEE ALSO



L<ssl(7)>, L<SSL_CTX_set1_curves(3)>, L<SSL_CTX_set_cipher_list(3)>,

L<SSL_CTX_set_options(3)>, L<SSL_CTX_set_tmp_dh_callback(3)>,

L<ciphers(1)>, L<ecparam(1)>



=head1 COPYRIGHT



Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.



Licensed under the OpenSSL license (the "License").  You may not use

this file except in compliance with the License.  You can obtain a copy

in the file LICENSE in the source distribution or at

L<https://www.openssl.org/source/license.html>.



=cut

doc/man7/ssl.pod

+9 −0
Original line number Diff line number Diff line
@@ -383,6 +383,8 @@ Use the file path to locate trusted CA certificates. 


=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));



=item long B<SSL_CTX_set_tmp_ecdh>(SSL_CTX* ctx, const EC_KEY *ecdh);



=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))



=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
@@ -678,6 +680,12 @@ fresh handle for each connection. 


=item void B<SSL_set_timeout>(SSL *ssl, long t);



=item long B<SSL_set_tmp_dh>(SSL *ssl, DH *dh);



=item long B<SSL_set_tmp_dh_callback>(SSL *ssl, DH *(*cb)(void));



=item long B<SSL_set_tmp_ecdh>(SSL *ssl, const EC_KEY *ecdh);



=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))



=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
@@ -785,6 +793,7 @@ L<SSL_CTX_set_session_id_context(3)>, 
L<SSL_CTX_set_ssl_version(3)>,

L<SSL_CTX_set_timeout(3)>,

L<SSL_CTX_set_tmp_dh_callback(3)>,

L<SSL_CTX_set_tmp_ecdh(3)>,

L<SSL_CTX_set_verify(3)>,

L<SSL_CTX_use_certificate(3)>,

L<SSL_alert_type_string(3)>,

ssl/s3_lib.c

+4 −4
Original line number Diff line number Diff line
@@ -3414,7 +3414,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 
            EVP_PKEY *pkdh = NULL;

            if (dh == NULL) {

                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);

                return ret;

                return 0;

            }

            pkdh = ssl_dh_to_pkey(dh);

            if (pkdh == NULL) {
@@ -3425,11 +3425,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) 
                              EVP_PKEY_security_bits(pkdh), 0, pkdh)) {

                SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);

                EVP_PKEY_free(pkdh);

                return ret;

                return 0;

            }

            EVP_PKEY_free(s->cert->dh_tmp);

            s->cert->dh_tmp = pkdh;

            ret = 1;

            return 1;

        }

        break;

    case SSL_CTRL_SET_TMP_DH_CB:
@@ -3781,7 +3781,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) 
                                  EVP_PKEY_security_bits(pkdh), 0, pkdh)) {

                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);

                EVP_PKEY_free(pkdh);

                return 1;

                return 0;

            }

            EVP_PKEY_free(ctx->cert->dh_tmp);

            ctx->cert->dh_tmp = pkdh;

util/private.num

+4 −0
Original line number Diff line number Diff line
@@ -365,6 +365,7 @@ SSL_CTX_set1_sigalgs define 
SSL_CTX_set1_sigalgs_list               define

SSL_CTX_set1_verify_cert_store          define

SSL_CTX_set_current_cert                define

SSL_CTX_set_ecdh_auto                   define

SSL_CTX_set_max_cert_list               define

SSL_CTX_set_max_pipelines               define

SSL_CTX_set_max_proto_version           define
@@ -382,6 +383,7 @@ SSL_CTX_set_tlsext_status_cb define 
SSL_CTX_set_tlsext_status_type          define

SSL_CTX_set_tlsext_ticket_key_cb        define

SSL_CTX_set_tmp_dh                      define

SSL_CTX_set_tmp_ecdh                    define

SSL_add0_chain_cert                     define

SSL_add1_chain_cert                     define

SSL_build_cert_chain                    define
@@ -433,6 +435,7 @@ SSL_set1_sigalgs define 
SSL_set1_sigalgs_list                   define

SSL_set1_verify_cert_store              define

SSL_set_current_cert                    define

SSL_set_ecdh_auto                       define

SSL_set_max_cert_list                   define

SSL_set_max_pipelines                   define

SSL_set_max_proto_version               define
@@ -448,6 +451,7 @@ SSL_set_tlsext_host_name define 
SSL_set_tlsext_status_ocsp_resp         define

SSL_set_tlsext_status_type              define

SSL_set_tmp_dh                          define

SSL_set_tmp_ecdh                        define

SSL_want_async                          define

SSL_want_async_job                      define

SSL_want_client_hello_cb                define