diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3')
| -rw-r--r-- | secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 | 68 |
1 files changed, 51 insertions, 17 deletions
diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 index 24e74e8f4ee5..3c7cfb6555ed 100644 --- a/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,13 +133,13 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" -.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2020-03-17" "1.1.1e" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb \&\- Callback functions for stateless TLS1.3 cookies +SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb, SSL_CTX_set_cookie_generate_cb, SSL_CTX_set_cookie_verify_cb \&\- Callback functions for stateless TLS1.3 cookies .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -155,29 +155,63 @@ SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb \& int (*verify_stateless_cookie_cb) (SSL *ssl, \& const unsigned char *cookie, \& size_t cookie_len)); +\& +\& void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, +\& int (*app_gen_cookie_cb) (SSL *ssl, +\& unsigned char +\& *cookie, +\& unsigned int +\& *cookie_len)); +\& void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, +\& int (*app_verify_cookie_cb) (SSL *ssl, +\& const unsigned +\& char *cookie, +\& unsigned int +\& cookie_len)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3) -to generate the application-controlled portion of the cookie provided to clients -in the HelloRetryRequest transmitted as a response to a ClientHello with a -missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must write at most -\&\s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number of bytes -written to \fBcookie_len\fR. If a cookie cannot be generated, a zero return value -can be used to abort the handshake. +\&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR sets the callback used by +\&\fBSSL_stateless\fR\|(3) to generate the application-controlled portion of the cookie +provided to clients in the HelloRetryRequest transmitted as a response to a +ClientHello with a missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must +write at most \s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number +of bytes written to \fBcookie_len\fR. If a cookie cannot be generated, a zero +return value can be used to abort the handshake. +.PP +\&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR sets the callback used by +\&\fBSSL_stateless\fR\|(3) to determine whether the application-controlled portion of a +ClientHello cookie is valid. The cookie data is pointed to by \fBcookie\fR and is of +length \fBcookie_len\fR. A nonzero return value from \fBverify_stateless_cookie_cb()\fR +communicates that the cookie is valid. The integrity of the entire cookie, +including the application-controlled portion, is automatically verified by \s-1HMAC\s0 +before \fBverify_stateless_cookie_cb()\fR is called. +.PP +\&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBDTLSv1_listen\fR\|(3) +to generate the cookie provided to clients in the HelloVerifyRequest transmitted +as a response to a ClientHello with a missing or invalid cookie. +\&\fBapp_gen_cookie_cb()\fR must write at most \s-1DTLS1_COOKIE_LENGTH\s0 bytes into +\&\fBcookie\fR, and must write the number of bytes written to \fBcookie_len\fR. If a +cookie cannot be generated, a zero return value can be used to abort the +handshake. .PP -\&\fBSSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3) to -determine whether the application-controlled portion of a ClientHello cookie is -valid. A nonzero return value from \fBapp_verify_cookie_cb()\fR communicates that the -cookie is valid. The integrity of the entire cookie, including the -application-controlled portion, is automatically verified by \s-1HMAC\s0 before -\&\fBverify_stateless_cookie_cb()\fR is called. +\&\fBSSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fBDTLSv1_listen\fR\|(3) to +determine whether the cookie in a ClientHello is valid. The cookie data is +pointed to by \fBcookie\fR and is of length \fBcookie_len\fR. A nonzero return value +from \fBapp_verify_cookie_cb()\fR communicates that the cookie is valid. The +integrity of the cookie is not verified by OpenSSL. This is an application +responsibility. .SH "RETURN VALUES" .IX Header "RETURN VALUES" Neither function returns a value. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBSSL_stateless\fR\|(3) +\&\fBSSL_stateless\fR\|(3), +\&\fBDTLSv1_listen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_stateless_cookie_generate_cb()\fR and +\&\fBSSL_CTX_set_stateless_cookie_verify_cb()\fR were added in OpenSSL 1.1.1. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. |