SSL_set_tmp_rsa_callback (3)
Leading comments
Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32) Standard preamble: ========================================================================
NAME
SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchangeSYNOPSIS
#include <openssl/ssl.h> void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) long SSL_need_tmp_rsa(SSL *ssl) RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
DESCRIPTION
SSL_CTX_set_tmp_rsa_callback() sets the callback function for ctx to be used when a temporary/ephemeralSSL_CTX_set_tmp_rsa() sets the temporary/ephemeral
SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral
SSL_set_tmp_rsa_callback() sets the callback only for ssl.
SSL_set_tmp_rsa() sets the key only for ssl.
SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral
These functions apply to
NOTES
When using a cipher withUnder previous export restrictions, ciphers with
Using ephemeral
Additionally, the use of ephemeral
An application may either directly specify the key or can supply the key via a callback function. The callback approach has the advantage, that the callback may generate the key only in case it is actually needed. As the generation of a
The tmp_rsa_callback is called with the keylength needed and the is_export information. The is_export flag is set, when the ephemeral
EXAMPLES
Generate temporary
... /* Set up ephemeral RSA stuff */ RSA *rsa_512 = NULL; RSA *rsa_1024 = NULL; rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); if (rsa_512 == NULL) evaluate_error_queue(); rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); if (rsa_1024 == NULL) evaluate_error_queue(); ... RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) { RSA *rsa_tmp=NULL; switch (keylength) { case 512: if (rsa_512) rsa_tmp = rsa_512; else { /* generate on the fly, should not happen in this example */ rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); rsa_512 = rsa_tmp; /* Remember for later reuse */ } break; case 1024: if (rsa_1024) rsa_tmp=rsa_1024; else should_not_happen_in_this_example(); break; default: /* Generating a key on the fly is very costly, so use what is there */ if (rsa_1024) rsa_tmp=rsa_1024; else rsa_tmp=rsa_512; /* Use at least a shorter key */ } return(rsa_tmp); }
RETURN VALUES
SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return diagnostic output.SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0 on failure. Check the error queue to find out the reason of failure.
SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary