Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / lib / libssl / man / SSL_CTX_set_tmp_rsa_callback.3
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
e056f0e0
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
e056f0e0 5.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
6.if t .sp .5v
7.if n .sp
8..
e056f0e0 9.de Vb \" Begin verbatim text
984263bc
MD
10.ft CW
11.nf
12.ne \\$1
13..
e056f0e0 14.de Ve \" End verbatim text
984263bc 15.ft R
984263bc
MD
16.fi
17..
e056f0e0
JR
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
e056f0e0 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 26.ie n \{\
e056f0e0
JR
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
984263bc
MD
35'br\}
36.el\{\
e056f0e0
JR
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
984263bc 41'br\}
e056f0e0 42.\"
e257b235
PA
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
e056f0e0 47.\" If the F register is turned on, we'll generate index entries on stderr for
01185282 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
e056f0e0
JR
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
e257b235 51.ie \nF \{\
e056f0e0
JR
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 54..
e056f0e0
JR
55. nr % 0
56. rr F
984263bc 57.\}
e257b235
PA
58.el \{\
59. de IX
60..
61.\}
aac4ff6f 62.\"
e056f0e0
JR
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
984263bc 66.if n \{\
e056f0e0
JR
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
984263bc
MD
72.\}
73.if t \{\
e056f0e0
JR
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
984263bc 79.\}
e056f0e0 80. \" simple accents for nroff and troff
984263bc 81.if n \{\
e056f0e0
JR
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
984263bc
MD
88.\}
89.if t \{\
e056f0e0
JR
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 96.\}
e056f0e0 97. \" troff and (daisy-wheel) nroff accents
984263bc
MD
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 107. \" corrections for vroff
984263bc
MD
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 110. \" for low resolution devices (crt and lpr)
984263bc
MD
111.if \n(.H>23 .if \n(.V>19 \
112\{\
e056f0e0
JR
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
984263bc
MD
122.\}
123.rm #[ #] #H #V #F C
e056f0e0
JR
124.\" ========================================================================
125.\"
126.IX Title "SSL_CTX_set_tmp_rsa_callback 3"
e3261593 127.TH SSL_CTX_set_tmp_rsa_callback 3 "2012-01-04" "1.0.0f" "OpenSSL"
e257b235
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
984263bc 132.SH "NAME"
a7d27d5a 133SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle RSA keys for ephemeral key exchange
984263bc 134.SH "SYNOPSIS"
e056f0e0 135.IX Header "SYNOPSIS"
984263bc
MD
136.Vb 1
137\& #include <openssl/ssl.h>
e257b235 138\&
984263bc
MD
139\& void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
140\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
141\& long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
142\& long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
e257b235 143\&
984263bc
MD
144\& void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
145\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
146\& long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
147\& long SSL_need_tmp_rsa(SSL *ssl)
e257b235 148\&
edae4a78 149\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
984263bc
MD
150.Ve
151.SH "DESCRIPTION"
e056f0e0
JR
152.IX Header "DESCRIPTION"
153\&\fISSL_CTX_set_tmp_rsa_callback()\fR sets the callback function for \fBctx\fR to be
154used when a temporary/ephemeral \s-1RSA\s0 key is required to \fBtmp_rsa_callback\fR.
155The callback is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR
156with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected.
984263bc 157.PP
e056f0e0
JR
158\&\fISSL_CTX_set_tmp_rsa()\fR sets the temporary/ephemeral \s-1RSA\s0 key to be used to be
159\&\fBrsa\fR. The key is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR
160with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected.
984263bc 161.PP
e056f0e0
JR
162\&\fISSL_CTX_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed
163for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key
984263bc
MD
164with a keysize larger than 512 bits is installed.
165.PP
e056f0e0 166\&\fISSL_set_tmp_rsa_callback()\fR sets the callback only for \fBssl\fR.
984263bc 167.PP
e056f0e0 168\&\fISSL_set_tmp_rsa()\fR sets the key only for \fBssl\fR.
984263bc 169.PP
e056f0e0
JR
170\&\fISSL_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed,
171for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key
984263bc
MD
172with a keysize larger than 512 bits is installed.
173.PP
e056f0e0 174These functions apply to \s-1SSL/TLS\s0 servers only.
984263bc 175.SH "NOTES"
e056f0e0
JR
176.IX Header "NOTES"
177When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1RSA\s0 key exchange
984263bc 178can take place. In this case the session data are negotiated using the
e056f0e0 179ephemeral/temporary \s-1RSA\s0 key and the \s-1RSA\s0 key supplied and certified
984263bc
MD
180by the certificate chain is only used for signing.
181.PP
e056f0e0 182Under previous export restrictions, ciphers with \s-1RSA\s0 keys shorter (512 bits)
984263bc 183than the usual key length of 1024 bits were created. To use these ciphers
e056f0e0 184with \s-1RSA\s0 keys of usual length, an ephemeral key exchange must be performed,
984263bc
MD
185as the normal (certified) key cannot be directly used.
186.PP
e056f0e0
JR
187Using ephemeral \s-1RSA\s0 key exchange yields forward secrecy, as the connection
188can only be decrypted, when the \s-1RSA\s0 key is known. By generating a temporary
189\&\s-1RSA\s0 key inside the server application that is lost when the application
984263bc 190is left, it becomes impossible for an attacker to decrypt past sessions,
e056f0e0
JR
191even if he gets hold of the normal (certified) \s-1RSA\s0 key, as this key was
192used for signing only. The downside is that creating a \s-1RSA\s0 key is
984263bc
MD
193computationally expensive.
194.PP
e056f0e0
JR
195Additionally, the use of ephemeral \s-1RSA\s0 key exchange is only allowed in
196the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, that is
197for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes
984263bc 198violates the standard and can break interoperability with clients.
e056f0e0 199It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key
e257b235 200exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead
984263bc 201in order to achieve forward secrecy (see
e056f0e0 202\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
984263bc 203.PP
e056f0e0
JR
204On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default
205and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of
206\&\fISSL_CTX_set_options\fR\|(3), violating the \s-1TLS/SSL\s0
207standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers,
984263bc
MD
208it will automatically be used without this option!
209.PP
210An application may either directly specify the key or can supply the key via
211a callback function. The callback approach has the advantage, that the
212callback may generate the key only in case it is actually needed. As the
e056f0e0 213generation of a \s-1RSA\s0 key is however costly, it will lead to a significant
984263bc 214delay in the handshake procedure. Another advantage of the callback function
e056f0e0 215is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0
984263bc
MD
216usage) while the explicit setting of the key is only useful for key size of
217512 bits to satisfy the export restricted ciphers and does give away key length
218if a longer key would be allowed.
219.PP
220The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and
221the \fBis_export\fR information. The \fBis_export\fR flag is set, when the
e056f0e0 222ephemeral \s-1RSA\s0 key exchange is performed with an export cipher.
984263bc 223.SH "EXAMPLES"
e056f0e0
JR
224.IX Header "EXAMPLES"
225Generate temporary \s-1RSA\s0 keys to prepare ephemeral \s-1RSA\s0 key exchange. As the
226generation of a \s-1RSA\s0 key costs a lot of computer time, they saved for later
984263bc
MD
227reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
228respectively are generated.
229.PP
230.Vb 4
231\& ...
232\& /* Set up ephemeral RSA stuff */
233\& RSA *rsa_512 = NULL;
234\& RSA *rsa_1024 = NULL;
e257b235 235\&
984263bc
MD
236\& rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
237\& if (rsa_512 == NULL)
238\& evaluate_error_queue();
e257b235 239\&
984263bc
MD
240\& rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
241\& if (rsa_1024 == NULL)
242\& evaluate_error_queue();
e257b235 243\&
984263bc 244\& ...
e257b235 245\&
984263bc
MD
246\& RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
247\& {
248\& RSA *rsa_tmp=NULL;
e257b235 249\&
984263bc
MD
250\& switch (keylength) {
251\& case 512:
252\& if (rsa_512)
253\& rsa_tmp = rsa_512;
254\& else { /* generate on the fly, should not happen in this example */
255\& rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
256\& rsa_512 = rsa_tmp; /* Remember for later reuse */
257\& }
258\& break;
259\& case 1024:
260\& if (rsa_1024)
261\& rsa_tmp=rsa_1024;
262\& else
263\& should_not_happen_in_this_example();
264\& break;
265\& default:
266\& /* Generating a key on the fly is very costly, so use what is there */
267\& if (rsa_1024)
268\& rsa_tmp=rsa_1024;
269\& else
270\& rsa_tmp=rsa_512; /* Use at least a shorter key */
271\& }
272\& return(rsa_tmp);
273\& }
274.Ve
275.SH "RETURN VALUES"
e056f0e0
JR
276.IX Header "RETURN VALUES"
277\&\fISSL_CTX_set_tmp_rsa_callback()\fR and \fISSL_set_tmp_rsa_callback()\fR do not return
984263bc
MD
278diagnostic output.
279.PP
e056f0e0 280\&\fISSL_CTX_set_tmp_rsa()\fR and \fISSL_set_tmp_rsa()\fR do return 1 on success and 0
984263bc
MD
281on failure. Check the error queue to find out the reason of failure.
282.PP
e056f0e0
JR
283\&\fISSL_CTX_need_tmp_rsa()\fR and \fISSL_need_tmp_rsa()\fR return 1 if a temporary
284\&\s-1RSA\s0 key is needed and 0 otherwise.
984263bc 285.SH "SEE ALSO"
a7d27d5a 286.IX Header "SEE ALSO"
e056f0e0
JR
287\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3),
288\&\fISSL_CTX_set_options\fR\|(3),
289\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3),
290\&\fISSL_new\fR\|(3), \fIciphers\fR\|(1)