Update files for OpenSSL-1.0.2h import.

[dragonfly.git] / secure / lib / libssl / man / SSL_CTX_set1_curves.3

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set1_curves 3"
.TH SSL_CTX_set1_curves 3 "2016-05-03" "1.0.2h" "OpenSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves,
SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve,
SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto \- EC supported curve functions
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ssl.h>
\&
\& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen);
\& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list);
\&
\& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen);
\& int SSL_set1_curves_list(SSL *ssl, char *list);
\&
\& int SSL_get1_curves(SSL *ssl, int *curves);
\& int SSL_get_shared_curve(SSL *s, int n);
\&
\& int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff);
\& int SSL_set_ecdh_auto(SSL *s, int onoff);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_CTX_set1_curves()\fR sets the supported curves for \fBctx\fR to \fBclistlen\fR
curves in the array \fBclist\fR. The array consist of all NIDs of curves in
preference order. For a \s-1TLS\s0 client the curves are used directly in the
supported curves extension. For a \s-1TLS\s0 server the curves are used to 
determine the set of shared curves.
.PP
\&\fISSL_CTX_set1_curves_list()\fR sets the supported curves for \fBctx\fR to
string \fBlist\fR. The string is a colon separated list of curve NIDs or
names, for example \*(L"P\-521:P\-384:P\-256\*(R".
.PP
\&\fISSL_set1_curves()\fR and \fISSL_set1_curves_list()\fR are similar except they set
supported curves for the \s-1SSL\s0 structure \fBssl\fR.
.PP
\&\fISSL_get1_curves()\fR returns the set of supported curves sent by a client
in the supported curves extension. It returns the total number of 
supported curves. The \fBcurves\fR parameter can be \fB\s-1NULL\s0\fR to simply
return the number of curves for memory allocation purposes. The
\&\fBcurves\fR array is in the form of a set of curve NIDs in preference
order. It can return zero if the client did not send a supported curves
extension.
.PP
\&\fISSL_get_shared_curve()\fR returns shared curve \fBn\fR for a server-side
\&\s-1SSL \s0\fBssl\fR. If \fBn\fR is \-1 then the total number of shared curves is
returned, which may be zero. Other than for diagnostic purposes,
most applications will only be interested in the first shared curve
so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range,
NID_undef is returned.
.PP
\&\fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR set automatic curve
selection for server \fBctx\fR or \fBssl\fR to \fBonoff\fR. If \fBonoff\fR is 1 then 
the highest preference curve is automatically used for \s-1ECDH\s0 temporary
keys used during key exchange.
.PP
All these functions are implemented as macros.
.SH "NOTES"
.IX Header "NOTES"
If an application wishes to make use of several of these functions for
configuration purposes either on a command line or in a file it should
consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options.
.PP
The functions \fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR can be used to
make a server always choose the most appropriate curve for a client. If set
it will override any temporary \s-1ECDH\s0 parameters set by a server. Previous
versions of OpenSSL could effectively only use a single \s-1ECDH\s0 curve set
using a function such as \fISSL_CTX_set_ecdh_tmp()\fR. Newer applications should
just call:
.PP
.Vb 1
\& SSL_CTX_set_ecdh_auto(ctx, 1);
.Ve
.PP
and they will automatically support \s-1ECDH\s0 using the most appropriate shared
curve.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISSL_CTX_set1_curves()\fR, \fISSL_CTX_set1_curves_list()\fR, \fISSL_set1_curves()\fR,
\&\fISSL_set1_curves_list()\fR, \fISSL_CTX_set_ecdh_auto()\fR and \fISSL_set_ecdh_auto()\fR
return 1 for success and 0 for failure.
.PP
\&\fISSL_get1_curves()\fR returns the number of curves, which may be zero.
.PP
\&\fISSL_get_shared_curve()\fR returns the \s-1NID\s0 of shared curve \fBn\fR or NID_undef if there
is no shared curve \fBn\fR; or the total number of shared curves if \fBn\fR
is \-1.
.PP
When called on a client \fBssl\fR, \fISSL_get_shared_curve()\fR has no meaning and
returns \-1.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
These functions were first added to OpenSSL 1.0.2.