### SSL_CTX_set_tmp_rsa_callback (3)

#### Leading comments

Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32) Standard preamble: ========================================================================

#### NAME

SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange#### SYNOPSIS

#include <openssl/ssl.h> void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) long SSL_need_tmp_rsa(SSL *ssl) RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);

#### DESCRIPTION

*SSL_CTX_set_tmp_rsa_callback()*sets the callback function for

**ctx**to be used when a temporary/ephemeral

**tmp_rsa_callback**. The callback is inherited by all

**ctx**with <

*SSL_new*(3)|

*SSL_new*(3)>. Already created

*SSL_CTX_set_tmp_rsa()* sets the temporary/ephemeral

**rsa**. The key is inherited by all

**ctx**with <

*SSL_new*(3)|

*SSL_new*(3)>. Already created

*SSL_CTX_need_tmp_rsa()* returns 1, if a temporary/ephemeral

*SSL_set_tmp_rsa_callback()* sets the callback only for **ssl**.

*SSL_set_tmp_rsa()* sets the key only for **ssl**.

*SSL_need_tmp_rsa()* returns 1, if a temporary/ephemeral

These functions apply to

#### NOTES

When using a cipher withUnder previous export restrictions, ciphers with

Using ephemeral

Additionally, the use of ephemeral

*SSL_CTX_set_tmp_dh_callback*(3)).

An application may either directly specify the key or can supply the key via a callback function. The callback approach has the advantage, that the callback may generate the key only in case it is actually needed. As the generation of a

The **tmp_rsa_callback** is called with the **keylength** needed and
the **is_export** information. The **is_export** flag is set, when the
ephemeral

#### EXAMPLES

Generate temporary

... /* Set up ephemeral RSA stuff */ RSA *rsa_512 = NULL; RSA *rsa_1024 = NULL; rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); if (rsa_512 == NULL) evaluate_error_queue(); rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); if (rsa_1024 == NULL) evaluate_error_queue(); ... RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) { RSA *rsa_tmp=NULL; switch (keylength) { case 512: if (rsa_512) rsa_tmp = rsa_512; else { /* generate on the fly, should not happen in this example */ rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); rsa_512 = rsa_tmp; /* Remember for later reuse */ } break; case 1024: if (rsa_1024) rsa_tmp=rsa_1024; else should_not_happen_in_this_example(); break; default: /* Generating a key on the fly is very costly, so use what is there */ if (rsa_1024) rsa_tmp=rsa_1024; else rsa_tmp=rsa_512; /* Use at least a shorter key */ } return(rsa_tmp); }

#### RETURN VALUES

*SSL_CTX_set_tmp_rsa_callback()*and

*SSL_set_tmp_rsa_callback()*do not return diagnostic output.

*SSL_CTX_set_tmp_rsa()* and *SSL_set_tmp_rsa()* do return 1 on success and 0
on failure. Check the error queue to find out the reason of failure.

*SSL_CTX_need_tmp_rsa()* and *SSL_need_tmp_rsa()* return 1 if a temporary

#### SEE ALSO

*ssl*(3),

*SSL_CTX_set_cipher_list*(3),

*SSL_CTX_set_options*(3),

*SSL_CTX_set_tmp_dh_callback*(3),

*SSL_new*(3),

*ciphers*(1)