269 lines
10 KiB
Groff
Executable File
269 lines
10 KiB
Groff
Executable File
.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
|
|
.\"
|
|
.\" Standard preamble:
|
|
.\" ========================================================================
|
|
.de Sp \" Vertical space (when we can't use .PP)
|
|
.if t .sp .5v
|
|
.if n .sp
|
|
..
|
|
.de Vb \" Begin verbatim text
|
|
.ft CW
|
|
.nf
|
|
.ne \\$1
|
|
..
|
|
.de Ve \" End verbatim text
|
|
.ft R
|
|
.fi
|
|
..
|
|
.\" Set up some character translations and predefined strings. \*(-- will
|
|
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
|
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
|
|
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
|
|
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
|
|
.\" nothing in troff, for use with C<>.
|
|
.tr \(*W-
|
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
|
.ie n \{\
|
|
. ds -- \(*W-
|
|
. ds PI pi
|
|
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
. ds L" ""
|
|
. ds R" ""
|
|
. ds C` ""
|
|
. ds C' ""
|
|
'br\}
|
|
.el\{\
|
|
. ds -- \|\(em\|
|
|
. ds PI \(*p
|
|
. ds L" ``
|
|
. ds R" ''
|
|
'br\}
|
|
.\"
|
|
.\" Escape single quotes in literal strings from groff's Unicode transform.
|
|
.ie \n(.g .ds Aq \(aq
|
|
.el .ds Aq '
|
|
.\"
|
|
.\" If the F register is turned on, we'll generate index entries on stderr for
|
|
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
|
|
.\" entries marked with X<> in POD. Of course, you'll have to process the
|
|
.\" output yourself in some meaningful fashion.
|
|
.ie \nF \{\
|
|
. de IX
|
|
. tm Index:\\$1\t\\n%\t"\\$2"
|
|
..
|
|
. nr % 0
|
|
. rr F
|
|
.\}
|
|
.el \{\
|
|
. de IX
|
|
..
|
|
.\}
|
|
.\"
|
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
|
. \" fudge factors for nroff and troff
|
|
.if n \{\
|
|
. ds #H 0
|
|
. ds #V .8m
|
|
. ds #F .3m
|
|
. ds #[ \f1
|
|
. ds #] \fP
|
|
.\}
|
|
.if t \{\
|
|
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
|
. ds #V .6m
|
|
. ds #F 0
|
|
. ds #[ \&
|
|
. ds #] \&
|
|
.\}
|
|
. \" simple accents for nroff and troff
|
|
.if n \{\
|
|
. ds ' \&
|
|
. ds ` \&
|
|
. ds ^ \&
|
|
. ds , \&
|
|
. ds ~ ~
|
|
. ds /
|
|
.\}
|
|
.if t \{\
|
|
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
|
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
|
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
|
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
|
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
|
.\}
|
|
. \" troff and (daisy-wheel) nroff accents
|
|
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
|
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
|
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
|
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
|
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
|
.ds ae a\h'-(\w'a'u*4/10)'e
|
|
.ds Ae A\h'-(\w'A'u*4/10)'E
|
|
. \" corrections for vroff
|
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
|
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
|
. \" for low resolution devices (crt and lpr)
|
|
.if \n(.H>23 .if \n(.V>19 \
|
|
\{\
|
|
. ds : e
|
|
. ds 8 ss
|
|
. ds o a
|
|
. ds d- d\h'-1'\(ga
|
|
. ds D- D\h'-1'\(hy
|
|
. ds th \o'bp'
|
|
. ds Th \o'LP'
|
|
. ds ae ae
|
|
. ds Ae AE
|
|
.\}
|
|
.rm #[ #] #H #V #F C
|
|
.\" ========================================================================
|
|
.\"
|
|
.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3"
|
|
.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2020-03-02" "3.0.0-dev" "OpenSSL"
|
|
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
|
.\" way too many mistakes in technical documents.
|
|
.if n .ad l
|
|
.nh
|
|
.SH "NAME"
|
|
SSL_psk_server_cb_func,
|
|
SSL_psk_find_session_cb_func,
|
|
SSL_CTX_use_psk_identity_hint,
|
|
SSL_use_psk_identity_hint,
|
|
SSL_CTX_set_psk_server_callback,
|
|
SSL_set_psk_server_callback,
|
|
SSL_CTX_set_psk_find_session_callback,
|
|
SSL_set_psk_find_session_callback
|
|
\&\- set PSK identity hint to use
|
|
.SH "SYNOPSIS"
|
|
.IX Header "SYNOPSIS"
|
|
.Vb 1
|
|
\& #include <openssl/ssl.h>
|
|
\&
|
|
\& typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
|
|
\& const unsigned char *identity,
|
|
\& size_t identity_len,
|
|
\& SSL_SESSION **sess);
|
|
\&
|
|
\&
|
|
\& void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
|
|
\& SSL_psk_find_session_cb_func cb);
|
|
\& void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
|
|
\&
|
|
\& typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
|
|
\& const char *identity,
|
|
\& unsigned char *psk,
|
|
\& unsigned int max_psk_len);
|
|
\&
|
|
\& int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);
|
|
\& int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);
|
|
\&
|
|
\& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
|
|
\& void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
|
|
.Ve
|
|
.SH "DESCRIPTION"
|
|
.IX Header "DESCRIPTION"
|
|
A server application wishing to use TLSv1.3 PSKs should set a callback
|
|
using either \fISSL_CTX_set_psk_find_session_callback()\fR or
|
|
\&\fISSL_set_psk_find_session_callback()\fR as appropriate.
|
|
.PP
|
|
The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and
|
|
an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function
|
|
should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it
|
|
in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key,
|
|
the ciphersuite and the protocol version. See
|
|
\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3) for details.
|
|
.PP
|
|
It is also possible for the callback to succeed but not supply a \s-1PSK\s0. In this
|
|
case no \s-1PSK\s0 will be used but the handshake will continue. To do this the
|
|
callback should return successfully and ensure that \fB*sess\fR is
|
|
\&\s-1NULL\s0.
|
|
.PP
|
|
Identity hints are not relevant for TLSv1.3. A server application wishing to use
|
|
\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fISSL_CTX_use_psk_identity_hint()\fR
|
|
to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context
|
|
object \fBctx\fR. \fISSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0
|
|
identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is
|
|
\&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted.
|
|
.PP
|
|
In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server does not send the
|
|
ServerKeyExchange message to the client.
|
|
.PP
|
|
A server application wishing to use PSKs for TLSv1.2 and below must provide a
|
|
callback function which is called when the server receives the
|
|
ClientKeyExchange message from the client. The purpose of the callback function
|
|
is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used
|
|
during the connection setup phase. The callback is set using the functions
|
|
\&\fISSL_CTX_set_psk_server_callback()\fR or \fISSL_set_psk_server_callback()\fR. The callback
|
|
function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0
|
|
identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of
|
|
length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored.
|
|
.PP
|
|
The callback for use in TLSv1.2 will also work in TLSv1.3 although it is
|
|
recommended to use \fISSL_CTX_set_psk_find_session_callback()\fR
|
|
or \fISSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has
|
|
been negotiated then OpenSSL will first check to see if a callback has been set
|
|
via \fISSL_CTX_set_psk_find_session_callback()\fR or \fISSL_set_psk_find_session_callback()\fR
|
|
and it will use that in preference. If no such callback is present then it will
|
|
check to see if a callback has been set via \fISSL_CTX_set_psk_server_callback()\fR or
|
|
\&\fISSL_set_psk_server_callback()\fR and use that. In this case the handshake digest
|
|
will default to \s-1SHA\-256\s0 for any returned \s-1PSK\s0.
|
|
.PP
|
|
A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption
|
|
has occurred so that \fISSL_session_reused\fR\|(3) will return true.
|
|
.SH "RETURN VALUES"
|
|
.IX Header "RETURN VALUES"
|
|
\&\fB\f(BISSL_CTX_use_psk_identity_hint()\fB\fR and \fB\f(BISSL_use_psk_identity_hint()\fB\fR return
|
|
1 on success, 0 otherwise.
|
|
.PP
|
|
Return values from the TLSv1.2 and below server callback are interpreted as
|
|
follows:
|
|
.IP "0" 4
|
|
\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message
|
|
will be sent and the connection setup fails.
|
|
.IP ">0" 4
|
|
.IX Item ">0"
|
|
\&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0
|
|
successfully in parameter \fBpsk\fR. Return value is the length of
|
|
\&\fBpsk\fR in bytes. It is an error to return a value greater than
|
|
\&\fBmax_psk_len\fR.
|
|
.Sp
|
|
If the \s-1PSK\s0 identity was not found but the callback instructs the
|
|
protocol to continue anyway, the callback must provide some random
|
|
data to \fBpsk\fR and return the length of the random data, so the
|
|
connection will fail with decryption_error before it will be finished
|
|
completely.
|
|
.PP
|
|
The \fBSSL_psk_find_session_cb_func\fR callback should return 1 on success or 0 on
|
|
failure. In the event of failure the connection setup fails.
|
|
.SH "NOTES"
|
|
.IX Header "NOTES"
|
|
There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or
|
|
below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution:
|
|
.PP
|
|
\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output
|
|
in both versions, only limited analysis has been done. Implementations can
|
|
ensure safety from cross-protocol related output by not reusing PSKs between
|
|
\&\s-1TLS\s0 1.3 and \s-1TLS\s0 1.2.\*(R"
|
|
.SH "SEE ALSO"
|
|
.IX Header "SEE ALSO"
|
|
\&\fIssl\fR\|(7),
|
|
\&\fISSL_CTX_set_psk_use_session_callback\fR\|(3),
|
|
\&\fISSL_set_psk_use_session_callback\fR\|(3)
|
|
.SH "HISTORY"
|
|
.IX Header "HISTORY"
|
|
\&\fISSL_CTX_set_psk_find_session_callback()\fR and \fISSL_set_psk_find_session_callback()\fR
|
|
were added in OpenSSL 1.1.1.
|
|
.SH "COPYRIGHT"
|
|
.IX Header "COPYRIGHT"
|
|
Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
.PP
|
|
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file \s-1LICENSE\s0 in the source distribution or at
|
|
<https://www.openssl.org/source/license.html>.
|