Update build for OpenSSL-1.0.0a.
[dragonfly.git] / secure / lib / libssl / man / SSL_CTX_set_tmp_rsa_callback.3
... / ...
CommitLineData
1.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14)
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sp \" Vertical space (when we can't use .PP)
6.if t .sp .5v
7.if n .sp
8..
9.de Vb \" Begin verbatim text
10.ft CW
11.nf
12.ne \\$1
13..
14.de Ve \" End verbatim text
15.ft R
16.fi
17..
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
26.ie n \{\
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
35'br\}
36.el\{\
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
41'br\}
42.\"
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
47.\" If the F register is turned on, we'll generate index entries on stderr for
48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
51.ie \nF \{\
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
54..
55. nr % 0
56. rr F
57.\}
58.el \{\
59. de IX
60..
61.\}
62.\"
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
66.if n \{\
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
72.\}
73.if t \{\
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
79.\}
80. \" simple accents for nroff and troff
81.if n \{\
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
88.\}
89.if t \{\
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
96.\}
97. \" troff and (daisy-wheel) nroff accents
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
107. \" corrections for vroff
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
110. \" for low resolution devices (crt and lpr)
111.if \n(.H>23 .if \n(.V>19 \
112\{\
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
122.\}
123.rm #[ #] #H #V #F C
124.\" ========================================================================
125.\"
126.IX Title "SSL_CTX_set_tmp_rsa_callback 3"
127.TH SSL_CTX_set_tmp_rsa_callback 3 "2010-06-01" "1.0.0a" "OpenSSL"
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
132.SH "NAME"
133SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle RSA keys for ephemeral key exchange
134.SH "SYNOPSIS"
135.IX Header "SYNOPSIS"
136.Vb 1
137\& #include <openssl/ssl.h>
138\&
139\& void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
140\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
141\& long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
142\& long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
143\&
144\& void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
145\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
146\& long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
147\& long SSL_need_tmp_rsa(SSL *ssl)
148\&
149\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
150.Ve
151.SH "DESCRIPTION"
152.IX Header "DESCRIPTION"
153\&\fISSL_CTX_set_tmp_rsa_callback()\fR sets the callback function for \fBctx\fR to be
154used when a temporary/ephemeral \s-1RSA\s0 key is required to \fBtmp_rsa_callback\fR.
155The callback is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR
156with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected.
157.PP
158\&\fISSL_CTX_set_tmp_rsa()\fR sets the temporary/ephemeral \s-1RSA\s0 key to be used to be
159\&\fBrsa\fR. The key is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR
160with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected.
161.PP
162\&\fISSL_CTX_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed
163for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key
164with a keysize larger than 512 bits is installed.
165.PP
166\&\fISSL_set_tmp_rsa_callback()\fR sets the callback only for \fBssl\fR.
167.PP
168\&\fISSL_set_tmp_rsa()\fR sets the key only for \fBssl\fR.
169.PP
170\&\fISSL_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed,
171for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key
172with a keysize larger than 512 bits is installed.
173.PP
174These functions apply to \s-1SSL/TLS\s0 servers only.
175.SH "NOTES"
176.IX Header "NOTES"
177When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1RSA\s0 key exchange
178can take place. In this case the session data are negotiated using the
179ephemeral/temporary \s-1RSA\s0 key and the \s-1RSA\s0 key supplied and certified
180by the certificate chain is only used for signing.
181.PP
182Under previous export restrictions, ciphers with \s-1RSA\s0 keys shorter (512 bits)
183than the usual key length of 1024 bits were created. To use these ciphers
184with \s-1RSA\s0 keys of usual length, an ephemeral key exchange must be performed,
185as the normal (certified) key cannot be directly used.
186.PP
187Using ephemeral \s-1RSA\s0 key exchange yields forward secrecy, as the connection
188can only be decrypted, when the \s-1RSA\s0 key is known. By generating a temporary
189\&\s-1RSA\s0 key inside the server application that is lost when the application
190is left, it becomes impossible for an attacker to decrypt past sessions,
191even if he gets hold of the normal (certified) \s-1RSA\s0 key, as this key was
192used for signing only. The downside is that creating a \s-1RSA\s0 key is
193computationally expensive.
194.PP
195Additionally, the use of ephemeral \s-1RSA\s0 key exchange is only allowed in
196the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, that is
197for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes
198violates the standard and can break interoperability with clients.
199It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key
200exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead
201in order to achieve forward secrecy (see
202\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
203.PP
204On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default
205and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of
206\&\fISSL_CTX_set_options\fR\|(3), violating the \s-1TLS/SSL\s0
207standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers,
208it will automatically be used without this option!
209.PP
210An application may either directly specify the key or can supply the key via
211a callback function. The callback approach has the advantage, that the
212callback may generate the key only in case it is actually needed. As the
213generation of a \s-1RSA\s0 key is however costly, it will lead to a significant
214delay in the handshake procedure. Another advantage of the callback function
215is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0
216usage) while the explicit setting of the key is only useful for key size of
217512 bits to satisfy the export restricted ciphers and does give away key length
218if a longer key would be allowed.
219.PP
220The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and
221the \fBis_export\fR information. The \fBis_export\fR flag is set, when the
222ephemeral \s-1RSA\s0 key exchange is performed with an export cipher.
223.SH "EXAMPLES"
224.IX Header "EXAMPLES"
225Generate temporary \s-1RSA\s0 keys to prepare ephemeral \s-1RSA\s0 key exchange. As the
226generation of a \s-1RSA\s0 key costs a lot of computer time, they saved for later
227reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
228respectively are generated.
229.PP
230.Vb 4
231\& ...
232\& /* Set up ephemeral RSA stuff */
233\& RSA *rsa_512 = NULL;
234\& RSA *rsa_1024 = NULL;
235\&
236\& rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
237\& if (rsa_512 == NULL)
238\& evaluate_error_queue();
239\&
240\& rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
241\& if (rsa_1024 == NULL)
242\& evaluate_error_queue();
243\&
244\& ...
245\&
246\& RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
247\& {
248\& RSA *rsa_tmp=NULL;
249\&
250\& switch (keylength) {
251\& case 512:
252\& if (rsa_512)
253\& rsa_tmp = rsa_512;
254\& else { /* generate on the fly, should not happen in this example */
255\& rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
256\& rsa_512 = rsa_tmp; /* Remember for later reuse */
257\& }
258\& break;
259\& case 1024:
260\& if (rsa_1024)
261\& rsa_tmp=rsa_1024;
262\& else
263\& should_not_happen_in_this_example();
264\& break;
265\& default:
266\& /* Generating a key on the fly is very costly, so use what is there */
267\& if (rsa_1024)
268\& rsa_tmp=rsa_1024;
269\& else
270\& rsa_tmp=rsa_512; /* Use at least a shorter key */
271\& }
272\& return(rsa_tmp);
273\& }
274.Ve
275.SH "RETURN VALUES"
276.IX Header "RETURN VALUES"
277\&\fISSL_CTX_set_tmp_rsa_callback()\fR and \fISSL_set_tmp_rsa_callback()\fR do not return
278diagnostic output.
279.PP
280\&\fISSL_CTX_set_tmp_rsa()\fR and \fISSL_set_tmp_rsa()\fR do return 1 on success and 0
281on failure. Check the error queue to find out the reason of failure.
282.PP
283\&\fISSL_CTX_need_tmp_rsa()\fR and \fISSL_need_tmp_rsa()\fR return 1 if a temporary
284\&\s-1RSA\s0 key is needed and 0 otherwise.
285.SH "SEE ALSO"
286.IX Header "SEE ALSO"
287\&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3),
288\&\fISSL_CTX_set_options\fR\|(3),
289\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3),
290\&\fISSL_new\fR\|(3), \fIciphers\fR\|(1)