ssl.h 127.9 KB
Newer Older
R
Rich Salz 已提交
1 2
/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3
 *
R
Rich Salz 已提交
4 5 6 7
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
8
 */
R
Rich Salz 已提交
9

B
Bodo Möller 已提交
10 11
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
12
 * ECC cipher suite support in OpenSSL originally developed by
B
Bodo Möller 已提交
13 14
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */
41

42 43
#ifndef HEADER_SSL_H
# define HEADER_SSL_H
44

45
# include <openssl/e_os2.h>
46
# include <openssl/opensslconf.h>
R
Rich Salz 已提交
47
# include <openssl/comp.h>
48
# include <openssl/bio.h>
49
# if OPENSSL_API_COMPAT < 0x10100000L
50
#  include <openssl/x509.h>
51 52 53 54 55 56
#  include <openssl/crypto.h>
#  include <openssl/lhash.h>
#  include <openssl/buffer.h>
# endif
# include <openssl/pem.h>
# include <openssl/hmac.h>
M
Matt Caswell 已提交
57
# include <openssl/async.h>
58

59 60
# include <openssl/safestack.h>
# include <openssl/symhacks.h>
R
Rich Salz 已提交
61
# include <openssl/ct.h>
62

63 64 65 66
#ifdef  __cplusplus
extern "C" {
#endif

R
Rich Salz 已提交
67
/* OpenSSL version number for ASN.1 encoding of the session information */
68 69
/*-
 * Version 0 - initial version
70 71
 * Version 1 - added the optional peer certificate
 */
72
# define SSL_SESSION_ASN1_VERSION 0x0001
73

74 75 76 77 78
# define SSL_MAX_SSL_SESSION_ID_LENGTH           32
# define SSL_MAX_SID_CTX_LENGTH                  32

# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
# define SSL_MAX_KEY_ARG_LENGTH                  8
M
Matt Caswell 已提交
79 80
# define SSL_MAX_MASTER_KEY_LENGTH               48
# define TLS13_MAX_RESUMPTION_MASTER_LENGTH      64
81

82 83 84
/* The maximum number of encrypt/decrypt pipelines we can support */
# define SSL_MAX_PIPELINES  32

85 86
/* text strings for the ciphers */

87
/* These are used to specify which ciphers to use and not to use */
88

89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
# define SSL_TXT_LOW             "LOW"
# define SSL_TXT_MEDIUM          "MEDIUM"
# define SSL_TXT_HIGH            "HIGH"
# define SSL_TXT_FIPS            "FIPS"

# define SSL_TXT_aNULL           "aNULL"
# define SSL_TXT_eNULL           "eNULL"
# define SSL_TXT_NULL            "NULL"

# define SSL_TXT_kRSA            "kRSA"
# define SSL_TXT_kDHr            "kDHr"
# define SSL_TXT_kDHd            "kDHd"
# define SSL_TXT_kDH             "kDH"
# define SSL_TXT_kEDH            "kEDH"/* alias for kDHE */
# define SSL_TXT_kDHE            "kDHE"
# define SSL_TXT_kECDHr          "kECDHr"
# define SSL_TXT_kECDHe          "kECDHe"
# define SSL_TXT_kECDH           "kECDH"
# define SSL_TXT_kEECDH          "kEECDH"/* alias for kECDHE */
# define SSL_TXT_kECDHE          "kECDHE"
# define SSL_TXT_kPSK            "kPSK"
110 111 112
# define SSL_TXT_kRSAPSK         "kRSAPSK"
# define SSL_TXT_kECDHEPSK       "kECDHEPSK"
# define SSL_TXT_kDHEPSK         "kDHEPSK"
113 114 115 116 117 118 119 120 121
# define SSL_TXT_kGOST           "kGOST"
# define SSL_TXT_kSRP            "kSRP"

# define SSL_TXT_aRSA            "aRSA"
# define SSL_TXT_aDSS            "aDSS"
# define SSL_TXT_aDH             "aDH"
# define SSL_TXT_aECDH           "aECDH"
# define SSL_TXT_aECDSA          "aECDSA"
# define SSL_TXT_aPSK            "aPSK"
122 123 124 125
# define SSL_TXT_aGOST94         "aGOST94"
# define SSL_TXT_aGOST01         "aGOST01"
# define SSL_TXT_aGOST12         "aGOST12"
# define SSL_TXT_aGOST           "aGOST"
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151
# define SSL_TXT_aSRP            "aSRP"

# define SSL_TXT_DSS             "DSS"
# define SSL_TXT_DH              "DH"
# define SSL_TXT_DHE             "DHE"/* same as "kDHE:-ADH" */
# define SSL_TXT_EDH             "EDH"/* alias for DHE */
# define SSL_TXT_ADH             "ADH"
# define SSL_TXT_RSA             "RSA"
# define SSL_TXT_ECDH            "ECDH"
# define SSL_TXT_EECDH           "EECDH"/* alias for ECDHE" */
# define SSL_TXT_ECDHE           "ECDHE"/* same as "kECDHE:-AECDH" */
# define SSL_TXT_AECDH           "AECDH"
# define SSL_TXT_ECDSA           "ECDSA"
# define SSL_TXT_PSK             "PSK"
# define SSL_TXT_SRP             "SRP"

# define SSL_TXT_DES             "DES"
# define SSL_TXT_3DES            "3DES"
# define SSL_TXT_RC4             "RC4"
# define SSL_TXT_RC2             "RC2"
# define SSL_TXT_IDEA            "IDEA"
# define SSL_TXT_SEED            "SEED"
# define SSL_TXT_AES128          "AES128"
# define SSL_TXT_AES256          "AES256"
# define SSL_TXT_AES             "AES"
# define SSL_TXT_AES_GCM         "AESGCM"
D
Dr. Stephen Henson 已提交
152
# define SSL_TXT_AES_CCM         "AESCCM"
D
Dr. Stephen Henson 已提交
153
# define SSL_TXT_AES_CCM_8       "AESCCM8"
154 155 156
# define SSL_TXT_CAMELLIA128     "CAMELLIA128"
# define SSL_TXT_CAMELLIA256     "CAMELLIA256"
# define SSL_TXT_CAMELLIA        "CAMELLIA"
A
Andy Polyakov 已提交
157
# define SSL_TXT_CHACHA20        "CHACHA20"
158
# define SSL_TXT_GOST            "GOST89"
159 160 161 162 163

# define SSL_TXT_MD5             "MD5"
# define SSL_TXT_SHA1            "SHA1"
# define SSL_TXT_SHA             "SHA"/* same as "SHA1" */
# define SSL_TXT_GOST94          "GOST94"
164 165 166
# define SSL_TXT_GOST89MAC       "GOST89MAC"
# define SSL_TXT_GOST12          "GOST12"
# define SSL_TXT_GOST89MAC12     "GOST89MAC12"
167 168 169 170 171 172 173 174 175
# define SSL_TXT_SHA256          "SHA256"
# define SSL_TXT_SHA384          "SHA384"

# define SSL_TXT_SSLV3           "SSLv3"
# define SSL_TXT_TLSV1           "TLSv1"
# define SSL_TXT_TLSV1_1         "TLSv1.1"
# define SSL_TXT_TLSV1_2         "TLSv1.2"

# define SSL_TXT_ALL             "ALL"
176

177
/*-
178 179 180 181 182 183 184 185 186 187 188 189 190
 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
 * ciphers normally not being used.
 * Example: "RC4" will activate all ciphers using RC4 including ciphers
 * without authentication, which would normally disabled by DEFAULT (due
 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
 * will make sure that it is also disabled in the specific selection.
 * COMPLEMENTOF* identifiers are portable between version, as adjustments
 * to the default cipher setup will also be included here.
 *
 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
 * DEFAULT gets, as only selection is being done and no sorting as needed
 * for DEFAULT.
 */
191 192 193 194 195 196 197
# define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
# define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"

/*
 * The following cipher list is used by default. It also is substituted when
 * an application-defined cipher list string starts with 'DEFAULT'.
 */
198
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
199 200
/*
 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
201
 * starts with a reasonable order, and all we have to do for DEFAULT is
202 203
 * throwing out anonymous and unencrypted ciphersuites! (The latter are not
 * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
204
 */
205

206
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
207 208
# define SSL_SENT_SHUTDOWN       1
# define SSL_RECEIVED_SHUTDOWN   2
209

210 211 212 213 214 215 216 217
#ifdef __cplusplus
}
#endif

#ifdef  __cplusplus
extern "C" {
#endif

218 219
# define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
# define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
220

221 222 223 224
/*
 * This is needed to stop compilers complaining about the 'struct ssl_st *'
 * function parameters used to prototype callbacks in SSL_CTX.
 */
225
typedef struct ssl_st *ssl_crock_st;
D
Dr. Stephen Henson 已提交
226
typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
227 228 229
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;
230
typedef struct tls_sigalgs_st TLS_SIGALGS;
231
typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
232
typedef struct ssl_comp_st SSL_COMP;
233

234 235
STACK_OF(SSL_CIPHER);
STACK_OF(SSL_COMP);
236

B
Ben Laurie 已提交
237
/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
238 239 240 241
typedef struct srtp_protection_profile_st {
    const char *name;
    unsigned long id;
} SRTP_PROTECTION_PROFILE;
B
Ben Laurie 已提交
242

243
DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
B
Ben Laurie 已提交
244

245 246 247 248 249 250
typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s,
                                             const unsigned char *data,
                                             int len, void *arg);
typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret,
                                         int *secret_len,
                                         STACK_OF(SSL_CIPHER) *peer_ciphers,
251
                                         const SSL_CIPHER **cipher, void *arg);
252

253
/* Typedefs for handling custom extensions */
D
Dr. Stephen Henson 已提交
254

255 256 257
typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type,
                                  const unsigned char **out,
                                  size_t *outlen, int *al, void *add_arg);
258

259 260
typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type,
                                    const unsigned char *out, void *add_arg);
D
Dr. Stephen Henson 已提交
261

262 263 264
typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
                                    const unsigned char *in,
                                    size_t inlen, int *al, void *parse_arg);
265

R
Rich Salz 已提交
266
/* Typedef for verification callback */
R
Rich Salz 已提交
267
typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
R
Rich Salz 已提交
268

269
/* Allow initial connection to servers that don't support RI */
D
Dr. Stephen Henson 已提交
270
# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U
271
/* Removed from OpenSSL 0.9.8q and 1.0.0c */
272
/* Dead forever, see CVE-2010-4180. */
D
Dr. Stephen Henson 已提交
273 274
# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0U
# define SSL_OP_TLSEXT_PADDING                           0x00000010U
275
# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0U
D
Dr. Stephen Henson 已提交
276
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
277 278
/* Ancient SSLeay version, retained for compatibility */
# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
279
# define SSL_OP_TLS_D5_BUG                               0x0U
280
/* Removed from OpenSSL 1.1.0 */
D
Dr. Stephen Henson 已提交
281
# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0U
282

283
/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
284
# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
285
/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
286
# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
K
Kurt Roeckx 已提交
287
/* Related to removed SSLv2 */
288 289 290 291 292 293 294 295 296 297
# define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x0
# define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x0

/*
 * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
 * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
 * workaround is not needed.  Unfortunately some broken SSL/TLS
 * implementations cannot handle it at all, which is why we include it in
 * SSL_OP_ALL.
 */
298
/* added in 0.9.6e */
D
Dr. Stephen Henson 已提交
299
# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800U
300

301 302 303 304
/*
 * SSL_OP_ALL: various bug workarounds that should be rather harmless.  This
 * used to be 0x000FFFFFL before 0.9.7.
 */
D
Dr. Stephen Henson 已提交
305
# define SSL_OP_ALL                                      0x80000BFFU
306

B
Ben Laurie 已提交
307
/* DTLS options */
D
Dr. Stephen Henson 已提交
308
# define SSL_OP_NO_QUERY_MTU                 0x00001000U
B
Ben Laurie 已提交
309
/* Turn on Cookie Exchange (on relevant for servers) */
D
Dr. Stephen Henson 已提交
310
# define SSL_OP_COOKIE_EXCHANGE              0x00002000U
311
/* Don't use RFC4507 ticket extension */
D
Dr. Stephen Henson 已提交
312
# define SSL_OP_NO_TICKET                    0x00004000U
313 314 315 316 317
# ifndef OPENSSL_NO_DTLS1_METHOD
/* Use Cisco's "speshul" version of DTLS_BAD_VER
 * (only with deprecated DTLSv1_client_method())  */
#  define SSL_OP_CISCO_ANYCONNECT             0x00008000U
# endif
B
Ben Laurie 已提交
318

319
/* As server, disallow session resumption on renegotiation */
D
Dr. Stephen Henson 已提交
320
# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000U
321
/* Don't use compression even if supported */
D
Dr. Stephen Henson 已提交
322
# define SSL_OP_NO_COMPRESSION                           0x00020000U
323
/* Permit unsafe legacy renegotiation */
D
Dr. Stephen Henson 已提交
324
# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000U
D
David Woodhouse 已提交
325 326
/* Disable encrypt-then-mac */
# define SSL_OP_NO_ENCRYPT_THEN_MAC                      0x00080000U
327 328
/* Does nothing: retained for compatibility */
# define SSL_OP_SINGLE_ECDH_USE                          0x0
329 330
/* Does nothing: retained for compatibility */
# define SSL_OP_SINGLE_DH_USE                            0x0
F
FdaSilvaYY 已提交
331
/* Does nothing: retained for compatibility */
332 333 334 335
# define SSL_OP_EPHEMERAL_RSA                            0x0
/*
 * Set on servers to choose the cipher according to the server's preferences
 */
D
Dr. Stephen Henson 已提交
336
# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000U
337 338 339
/*
 * If set, a server will allow a client to issue a SSLv3.0 version number as
 * latest version supported in the premaster secret, even when TLSv1.0
340
 * (version 3.1) was announced in the client hello. Normally this is
341 342
 * forbidden to prevent version rollback attacks.
 */
D
Dr. Stephen Henson 已提交
343
# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000U
344

D
Dr. Stephen Henson 已提交
345 346 347 348 349
# define SSL_OP_NO_SSLv2                                 0x00000000U
# define SSL_OP_NO_SSLv3                                 0x02000000U
# define SSL_OP_NO_TLSv1                                 0x04000000U
# define SSL_OP_NO_TLSv1_2                               0x08000000U
# define SSL_OP_NO_TLSv1_1                               0x10000000U
350
# define SSL_OP_NO_TLSv1_3                               0x20000000U
351

D
Dr. Stephen Henson 已提交
352 353
# define SSL_OP_NO_DTLSv1                                0x04000000U
# define SSL_OP_NO_DTLSv1_2                              0x08000000U
D
Dr. Stephen Henson 已提交
354

355
# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
356
        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)
357 358
# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)

359

R
Rich Salz 已提交
360
/* Removed from previous versions */
361 362
# define SSL_OP_PKCS1_CHECK_1                            0x0
# define SSL_OP_PKCS1_CHECK_2                            0x0
363
# define SSL_OP_NETSCAPE_CA_DN_BUG                       0x0
D
Dr. Stephen Henson 已提交
364
# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x0U
365 366 367 368 369
/*
 * Make server add server-hello extension from early version of cryptopro
 * draft, when GOST ciphersuite is negotiated. Required for interoperability
 * with CryptoPro CSP 3.x
 */
D
Dr. Stephen Henson 已提交
370
# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000U
371 372 373 374

/*
 * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
 * when just a single record has been written):
375
 */
D
Dr. Stephen Henson 已提交
376
# define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001U
377 378 379 380 381 382
/*
 * Make it possible to retry SSL_write() with changed buffer location (buffer
 * contents must stay the same!); this is not the default to avoid the
 * misconception that non-blocking SSL_write() behaves like non-blocking
 * write():
 */
D
Dr. Stephen Henson 已提交
383
# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U
384 385 386
/*
 * Never bother the application with retries if the transport is blocking:
 */
D
Dr. Stephen Henson 已提交
387
# define SSL_MODE_AUTO_RETRY 0x00000004U
388
/* Don't attempt to automatically build certificate chain */
D
Dr. Stephen Henson 已提交
389
# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U
390 391 392 393 394
/*
 * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
 * TLS only.) "Released" buffers are put onto a free-list in the context or
 * just freed (depending on the context's setting for freelist_max_len).
 */
D
Dr. Stephen Henson 已提交
395
# define SSL_MODE_RELEASE_BUFFERS 0x00000010U
396 397
/*
 * Send the current time in the Random fields of the ClientHello and
398 399 400
 * ServerHello records for compatibility with hypothetical implementations
 * that require it.
 */
D
Dr. Stephen Henson 已提交
401 402
# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U
# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U
403 404 405 406 407 408 409
/*
 * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
 * that reconnect with a downgraded protocol version; see
 * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
 * application attempts a normal handshake. Only use this in explicit
 * fallback retries, following the guidance in
 * draft-ietf-tls-downgrade-scsv-00.
410
 */
D
Dr. Stephen Henson 已提交
411
# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U
M
Matt Caswell 已提交
412 413 414 415
/*
 * Support Asynchronous operation
 */
# define SSL_MODE_ASYNC 0x00000100U
416

417
/* Cert related flags */
418 419
/*
 * Many implementations ignore some aspects of the TLS standards such as
F
FdaSilvaYY 已提交
420
 * enforcing certificate chain algorithms. When this is set we enforce them.
421
 */
D
Dr. Stephen Henson 已提交
422
# define SSL_CERT_FLAG_TLS_STRICT                0x00000001U
423 424

/* Suite B modes, takes same values as certificate verify flags */
425
# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY       0x10000
426
/* Suite B 192 bit only mode */
427
# define SSL_CERT_FLAG_SUITEB_192_LOS            0x20000
428
/* Suite B 128 bit mode allowing 192 bit algorithms */
429
# define SSL_CERT_FLAG_SUITEB_128_LOS            0x30000
430

431
/* Perform all sorts of protocol violations for testing purposes */
432
# define SSL_CERT_FLAG_BROKEN_PROTOCOL           0x10000000
433

434 435
/* Flags for building certificate chains */
/* Treat any existing certificates as untrusted CAs */
436
# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED          0x1
D
typo  
Dr. Stephen Henson 已提交
437
/* Don't include root CA in chain */
438
# define SSL_BUILD_CHAIN_FLAG_NO_ROOT            0x2
D
Dr. Stephen Henson 已提交
439
/* Just check certificates already there */
440
# define SSL_BUILD_CHAIN_FLAG_CHECK              0x4
D
Dr. Stephen Henson 已提交
441
/* Ignore verification errors */
442
# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR       0x8
443
/* Clear verification errors from queue */
444
# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR        0x10
445

446 447
/* Flags returned by SSL_check_chain */
/* Certificate can be used with this session */
448
# define CERT_PKEY_VALID         0x1
449
/* Certificate can also be used for signing */
450
# define CERT_PKEY_SIGN          0x2
451
/* EE certificate signing algorithm OK */
452
# define CERT_PKEY_EE_SIGNATURE  0x10
453
/* CA signature algorithms OK */
454
# define CERT_PKEY_CA_SIGNATURE  0x20
455
/* EE certificate parameters OK */
456
# define CERT_PKEY_EE_PARAM      0x40
457
/* CA certificate parameters OK */
458
# define CERT_PKEY_CA_PARAM      0x80
459
/* Signing explicitly allowed as opposed to SHA1 fallback */
460
# define CERT_PKEY_EXPLICIT_SIGN 0x100
461
/* Client CA issuer names match (always set for server cert) */
462
# define CERT_PKEY_ISSUER_NAME   0x200
463
/* Cert type matches client types (always set for server cert) */
464
# define CERT_PKEY_CERT_TYPE     0x400
465
/* Cert chain suitable to Suite B */
466 467 468 469 470 471 472 473
# define CERT_PKEY_SUITEB        0x800

# define SSL_CONF_FLAG_CMDLINE           0x1
# define SSL_CONF_FLAG_FILE              0x2
# define SSL_CONF_FLAG_CLIENT            0x4
# define SSL_CONF_FLAG_SERVER            0x8
# define SSL_CONF_FLAG_SHOW_ERRORS       0x10
# define SSL_CONF_FLAG_CERTIFICATE       0x20
474
# define SSL_CONF_FLAG_REQUIRE_PRIVATE   0x40
D
Dr. Stephen Henson 已提交
475
/* Configuration value types */
476 477 478 479
# define SSL_CONF_TYPE_UNKNOWN           0x0
# define SSL_CONF_TYPE_STRING            0x1
# define SSL_CONF_TYPE_FILE              0x2
# define SSL_CONF_TYPE_DIR               0x3
480
# define SSL_CONF_TYPE_NONE              0x4
481 482 483 484 485 486

/*
 * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
 * cannot be used to clear bits.
 */

487 488 489 490 491 492
unsigned long SSL_CTX_get_options(const SSL_CTX *ctx);
unsigned long SSL_get_options(const SSL* s);
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
unsigned long SSL_clear_options(SSL *s, unsigned long op);
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
unsigned long SSL_set_options(SSL *s, unsigned long op);
493

494 495 496 497 498 499 500 501 502 503 504
# define SSL_CTX_set_mode(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
# define SSL_CTX_clear_mode(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
# define SSL_CTX_get_mode(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
# define SSL_clear_mode(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
# define SSL_set_mode(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
# define SSL_get_mode(ssl) \
505
        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
506
# define SSL_set_mtu(ssl, mtu) \
B
Ben Laurie 已提交
507
        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
508
# define DTLS_set_link_mtu(ssl, mtu) \
509
        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
510
# define DTLS_get_link_min_mtu(ssl) \
511
        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
512

513 514
# define SSL_get_secure_renegotiation_support(ssl) \
        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
515

516 517 518 519 520
# ifndef OPENSSL_NO_HEARTBEATS
#  define SSL_heartbeat(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
# endif

521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540
# define SSL_CTX_set_cert_flags(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
# define SSL_set_cert_flags(s,op) \
        SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL)
# define SSL_CTX_clear_cert_flags(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
# define SSL_clear_cert_flags(s,op) \
        SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)

void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
                              void (*cb) (int write_p, int version,
                                          int content_type, const void *buf,
                                          size_t len, SSL *ssl, void *arg));
void SSL_set_msg_callback(SSL *ssl,
                          void (*cb) (int write_p, int version,
                                      int content_type, const void *buf,
                                      size_t len, SSL *ssl, void *arg));
# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

541 542 543
# define SSL_get_extms_support(s) \
        SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)

544 545
# ifndef OPENSSL_NO_SRP

B
Ben Laurie 已提交
546
/* see tls_srp.c */
M
Matt Caswell 已提交
547 548
__owur int SSL_SRP_CTX_init(SSL *s);
__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
B
Ben Laurie 已提交
549 550
int SSL_SRP_CTX_free(SSL *ctx);
int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
M
Matt Caswell 已提交
551 552
__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
__owur int SRP_Calc_A_param(SSL *s);
B
Ben Laurie 已提交
553

554
# endif
555

556 557
/* 100k max cert list */
# define SSL_MAX_CERT_LIST_DEFAULT 1024*100
558

559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574
# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)

/*
 * This callback type is used inside SSL_CTX, SSL, and in the functions that
 * set them. It is used to override the generation of SSL/TLS session IDs in
 * a server. Return value should be zero on an error, non-zero to proceed.
 * Also, callbacks should themselves check if the id they generate is unique
 * otherwise the SSL handshake will fail with an error - callbacks can do
 * this using the 'ssl' value they're passed by;
 * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
 * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32
 * bytes. The callback can alter this length to be less if desired. It is
 * also an error for the callback to set the size to zero.
 */
typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,
                               unsigned int *id_len);
575

576 577 578 579 580
# define SSL_SESS_CACHE_OFF                      0x0000
# define SSL_SESS_CACHE_CLIENT                   0x0001
# define SSL_SESS_CACHE_SERVER                   0x0002
# define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
# define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
581
/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
582 583 584 585
# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
# define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
# define SSL_SESS_CACHE_NO_INTERNAL \
        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
586

B
Ben Laurie 已提交
587
LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627
# define SSL_CTX_sess_number(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
# define SSL_CTX_sess_connect(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
# define SSL_CTX_sess_connect_good(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
# define SSL_CTX_sess_connect_renegotiate(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
# define SSL_CTX_sess_accept(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
# define SSL_CTX_sess_accept_renegotiate(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
# define SSL_CTX_sess_accept_good(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
# define SSL_CTX_sess_hits(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
# define SSL_CTX_sess_cb_hits(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
# define SSL_CTX_sess_misses(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
# define SSL_CTX_sess_timeouts(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
# define SSL_CTX_sess_cache_full(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)

void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
                             int (*new_session_cb) (struct ssl_st *ssl,
                                                    SSL_SESSION *sess));
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
                                              SSL_SESSION *sess);
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
                                void (*remove_session_cb) (struct ssl_ctx_st
                                                           *ctx,
                                                           SSL_SESSION
                                                           *sess));
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
                                                  SSL_SESSION *sess);
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
                             SSL_SESSION *(*get_session_cb) (struct ssl_st
                                                             *ssl,
E
Emilia Kasper 已提交
628
                                                             const unsigned char
629 630 631
                                                             *data, int len,
                                                             int *copy));
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
E
Emilia Kasper 已提交
632
                                                       const unsigned char *data,
633 634 635 636 637 638 639 640 641 642 643 644
                                                       int len, int *copy);
void SSL_CTX_set_info_callback(SSL_CTX *ctx,
                               void (*cb) (const SSL *ssl, int type,
                                           int val));
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
                                                 int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
                                                       EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
                                                 EVP_PKEY **pkey);
# ifndef OPENSSL_NO_ENGINE
M
Matt Caswell 已提交
645
__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
646 647 648 649 650 651 652 653 654
# endif
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
                                    int (*app_gen_cookie_cb) (SSL *ssl,
                                                              unsigned char
                                                              *cookie,
                                                              unsigned int
                                                              *cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
                                  int (*app_verify_cookie_cb) (SSL *ssl,
E
Emilia Kasper 已提交
655
                                                               const unsigned char
656 657 658 659
                                                               *cookie,
                                                               unsigned int
                                                               cookie_len));
# ifndef OPENSSL_NO_NEXTPROTONEG
660 661 662 663 664

typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl,
                                              const unsigned char **out,
                                              unsigned int *outlen,
                                              void *arg);
B
Ben Laurie 已提交
665
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
666 667 668 669 670 671 672 673 674 675
                                   SSL_CTX_npn_advertised_cb_func cb,
                                   void *arg);
#  define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb

typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s,
                                          unsigned char **out,
                                          unsigned char *outlen,
                                          const unsigned char *in,
                                          unsigned int inlen,
                                          void *arg);
B
Ben Laurie 已提交
676
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
677
                                      SSL_CTX_npn_select_cb_func cb,
R
Rich Salz 已提交
678
                                      void *arg);
679 680
#  define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb

681
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
682
                                    unsigned *len);
683
#  define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
684
# endif
B
Ben Laurie 已提交
685

M
Matt Caswell 已提交
686
__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
687 688 689
                          const unsigned char *in, unsigned int inlen,
                          const unsigned char *client,
                          unsigned int client_len);
B
Ben Laurie 已提交
690

691 692 693 694
# define OPENSSL_NPN_UNSUPPORTED 0
# define OPENSSL_NPN_NEGOTIATED  1
# define OPENSSL_NPN_NO_OVERLAP  2

M
Matt Caswell 已提交
695
__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
T
Todd Short 已提交
696
                                   unsigned int protos_len);
M
Matt Caswell 已提交
697
__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
T
Todd Short 已提交
698
                               unsigned int protos_len);
699
typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl,
700 701 702 703
                                           const unsigned char **out,
                                           unsigned char *outlen,
                                           const unsigned char *in,
                                           unsigned int inlen,
704 705 706 707
                                           void *arg);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
                                SSL_CTX_alpn_select_cb_func cb,
                                void *arg);
A
Adam Langley 已提交
708
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
T
Todd Short 已提交
709
                            unsigned int *len);
710 711 712 713 714 715 716 717

# ifndef OPENSSL_NO_PSK
/*
 * the maximum length of the buffer given to callbacks containing the
 * resulting identity/psk
 */
#  define PSK_MAX_IDENTITY_LEN 128
#  define PSK_MAX_PSK_LEN 256
718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733
typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
                                               const char *hint,
                                               char *identity,
                                               unsigned int max_identity_len,
                                               unsigned char *psk,
                                               unsigned int max_psk_len);
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);

typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
                                               const char *identity,
                                               unsigned char *psk,
                                               unsigned int max_psk_len);
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);

M
Matt Caswell 已提交
734 735
__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
736 737
const char *SSL_get_psk_identity_hint(const SSL *s);
const char *SSL_get_psk_identity(const SSL *s);
738
# endif
739

740 741
/* Register callbacks to handle custom TLS Extensions for client or server. */

742 743 744
__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx,
                                         unsigned int ext_type);

M
Matt Caswell 已提交
745
__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
746 747 748 749 750
                                  custom_ext_add_cb add_cb,
                                  custom_ext_free_cb free_cb,
                                  void *add_arg,
                                  custom_ext_parse_cb parse_cb,
                                  void *parse_arg);
751

M
Matt Caswell 已提交
752
__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
753 754 755 756 757
                                  custom_ext_add_cb add_cb,
                                  custom_ext_free_cb free_cb,
                                  void *add_arg,
                                  custom_ext_parse_cb parse_cb,
                                  void *parse_arg);
758

M
Matt Caswell 已提交
759
__owur int SSL_extension_supported(unsigned int ext_type);
760

M
Matt Caswell 已提交
761 762 763 764 765
# define SSL_NOTHING            1
# define SSL_WRITING            2
# define SSL_READING            3
# define SSL_X509_LOOKUP        4
# define SSL_ASYNC_PAUSED       5
M
Matt Caswell 已提交
766
# define SSL_ASYNC_NO_JOBS      6
B
Benjamin Kaduk 已提交
767
# define SSL_EARLY_WORK         7
768 769

/* These will only be used when doing non-blocking IO */
770 771 772 773
# define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
# define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
# define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
M
Matt Caswell 已提交
774
# define SSL_want_async(s)       (SSL_want(s) == SSL_ASYNC_PAUSED)
M
Matt Caswell 已提交
775
# define SSL_want_async_job(s)   (SSL_want(s) == SSL_ASYNC_NO_JOBS)
B
Benjamin Kaduk 已提交
776
# define SSL_want_early(s)       (SSL_want(s) == SSL_EARLY_WORK)
777

778 779
# define SSL_MAC_FLAG_READ_MAC_STREAM 1
# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
780

781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799
/*
 * A callback for logging out TLS key material. This callback should log out
 * |line| followed by a newline.
 */
typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);

/*
 * SSL_CTX_set_keylog_callback configures a callback to log key material. This
 * is intended for debugging use with tools like Wireshark. The cb function
 * should log line followed by a newline.
 */
void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);

/*
 * SSL_CTX_get_keylog_callback returns the callback configured by
 * SSL_CTX_set_keylog_callback.
 */
SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);

800 801 802 803
#ifdef __cplusplus
}
#endif

804 805 806 807 808
# include <openssl/ssl2.h>
# include <openssl/ssl3.h>
# include <openssl/tls1.h>      /* This is mostly sslv3 with a few tweaks */
# include <openssl/dtls1.h>     /* Datagram TLS */
# include <openssl/srtp.h>      /* Support for the use_srtp extension */
809

810 811 812 813
#ifdef  __cplusplus
extern "C" {
#endif

814 815 816 817 818 819 820
/*
 * These need to be after the above set of includes due to a compiler bug
 * in VisualStudio 2015
 */
DEFINE_STACK_OF_CONST(SSL_CIPHER)
DEFINE_STACK_OF(SSL_COMP)

U
Ulf Möller 已提交
821
/* compatibility */
822 823 824 825 826 827
# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
# define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
# define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
# define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
R
Rich Salz 已提交
828
DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
829

830
/* TLSv1.3 KeyUpdate message types */
831 832 833 834 835
/* -1 used so that this is an invalid value for the on-the-wire protocol */
#define SSL_KEY_UPDATE_NONE             -1
/* Values as defined for the on-the-wire protocol */
#define SSL_KEY_UPDATE_NOT_REQUESTED     0
#define SSL_KEY_UPDATE_REQUESTED         1
M
Matt Caswell 已提交
836 837 838 839 840 841 842 843 844 845 846 847 848

/*
 * The valid handshake states (one for each type message sent and one for each
 * type of message received). There are also two "special" states:
 * TLS = TLS or DTLS state
 * DTLS = DTLS specific state
 * CR/SR = Client Read/Server Read
 * CW/SW = Client Write/Server Write
 *
 * The "special" states are:
 * TLS_ST_BEFORE = No handshake has been initiated yet
 * TLS_ST_OK = A handshake has been successfully completed
 */
849
typedef enum {
M
Matt Caswell 已提交
850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885
    TLS_ST_BEFORE,
    TLS_ST_OK,
    DTLS_ST_CR_HELLO_VERIFY_REQUEST,
    TLS_ST_CR_SRVR_HELLO,
    TLS_ST_CR_CERT,
    TLS_ST_CR_CERT_STATUS,
    TLS_ST_CR_KEY_EXCH,
    TLS_ST_CR_CERT_REQ,
    TLS_ST_CR_SRVR_DONE,
    TLS_ST_CR_SESSION_TICKET,
    TLS_ST_CR_CHANGE,
    TLS_ST_CR_FINISHED,
    TLS_ST_CW_CLNT_HELLO,
    TLS_ST_CW_CERT,
    TLS_ST_CW_KEY_EXCH,
    TLS_ST_CW_CERT_VRFY,
    TLS_ST_CW_CHANGE,
    TLS_ST_CW_NEXT_PROTO,
    TLS_ST_CW_FINISHED,
    TLS_ST_SW_HELLO_REQ,
    TLS_ST_SR_CLNT_HELLO,
    DTLS_ST_SW_HELLO_VERIFY_REQUEST,
    TLS_ST_SW_SRVR_HELLO,
    TLS_ST_SW_CERT,
    TLS_ST_SW_KEY_EXCH,
    TLS_ST_SW_CERT_REQ,
    TLS_ST_SW_SRVR_DONE,
    TLS_ST_SR_CERT,
    TLS_ST_SR_KEY_EXCH,
    TLS_ST_SR_CERT_VRFY,
    TLS_ST_SR_NEXT_PROTO,
    TLS_ST_SR_CHANGE,
    TLS_ST_SR_FINISHED,
    TLS_ST_SW_SESSION_TICKET,
    TLS_ST_SW_CERT_STATUS,
    TLS_ST_SW_CHANGE,
M
Matt Caswell 已提交
886 887
    TLS_ST_SW_FINISHED,
    TLS_ST_SW_ENCRYPTED_EXTENSIONS,
888 889
    TLS_ST_CR_ENCRYPTED_EXTENSIONS,
    TLS_ST_CR_CERT_VRFY,
890
    TLS_ST_SW_CERT_VRFY,
891
    TLS_ST_CR_HELLO_REQ,
892
    TLS_ST_SW_HELLO_RETRY_REQUEST,
893 894
    TLS_ST_CR_HELLO_RETRY_REQUEST,
    TLS_ST_SW_KEY_UPDATE,
895 896 897
    TLS_ST_CW_KEY_UPDATE,
    TLS_ST_SR_KEY_UPDATE,
    TLS_ST_CR_KEY_UPDATE
898
} OSSL_HANDSHAKE_STATE;
M
Matt Caswell 已提交
899

900
/*
M
Matt Caswell 已提交
901 902 903 904 905
 * Most of the following state values are no longer used and are defined to be
 * the closest equivalent value in the current state machine code. Not all
 * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT
 * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP,
 * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT.
906 907 908 909
 */

# define SSL_ST_CONNECT                  0x1000
# define SSL_ST_ACCEPT                   0x2000
M
Matt Caswell 已提交
910

911 912 913 914 915 916 917 918 919 920 921 922 923 924 925
# define SSL_ST_MASK                     0x0FFF

# define SSL_CB_LOOP                     0x01
# define SSL_CB_EXIT                     0x02
# define SSL_CB_READ                     0x04
# define SSL_CB_WRITE                    0x08
# define SSL_CB_ALERT                    0x4000/* used in callback */
# define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
# define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
# define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
# define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
# define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
# define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
# define SSL_CB_HANDSHAKE_START          0x10
# define SSL_CB_HANDSHAKE_DONE           0x20
926 927

/* Is the SSL_connection established? */
928 929
# define SSL_in_connect_init(a)          (SSL_in_init(a) && !SSL_is_server(a))
# define SSL_in_accept_init(a)           (SSL_in_init(a) && SSL_is_server(a))
M
Matt Caswell 已提交
930 931 932
int SSL_in_init(SSL *s);
int SSL_in_before(SSL *s);
int SSL_is_init_finished(SSL *s);
933 934

/*
935 936
 * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
 * should not need these
937 938 939 940
 */
# define SSL_ST_READ_HEADER                      0xF0
# define SSL_ST_READ_BODY                        0xF1
# define SSL_ST_READ_DONE                        0xF2
941

942 943
/*-
 * Obtain latest Finished message
944 945
 *   -- that we sent (SSL_get_finished)
 *   -- that we expected from peer (SSL_get_peer_finished).
946 947
 * Returns length (0 == no Finished so far), copies up to 'count' bytes.
 */
B
Ben Laurie 已提交
948 949
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
950

951 952 953 954 955 956 957 958
/*
 * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
 * 'ored' with SSL_VERIFY_PEER if they are desired
 */
# define SSL_VERIFY_NONE                 0x00
# define SSL_VERIFY_PEER                 0x01
# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
# define SSL_VERIFY_CLIENT_ONCE          0x04
959

960
# define OpenSSL_add_ssl_algorithms()    SSL_library_init()
961 962 963
# if OPENSSL_API_COMPAT < 0x10100000L
#  define SSLeay_add_ssl_algorithms()    SSL_library_init()
# endif
964

U
Ulf Möller 已提交
965
/* More backward compatibility */
966 967 968 969 970 971 972 973 974 975 976 977 978 979 980
# define SSL_get_cipher(s) \
                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
# define SSL_get_cipher_bits(s,np) \
                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
# define SSL_get_cipher_version(s) \
                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
# define SSL_get_cipher_name(s) \
                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
# define SSL_get_time(a)         SSL_SESSION_get_time(a)
# define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
# define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
# define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))

# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
D
Dr. Stephen Henson 已提交
981 982

DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
983 984
# define SSL_AD_REASON_OFFSET            1000/* offset to get SSL_R_... value
                                              * from SSL_AD_... */
985
/* These alert types are for SSLv3 and TLSv1 */
986
# define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
987
/* fatal */
988
# define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE
989
/* fatal */
990 991 992
# define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC
# define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
# define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
993
/* fatal */
994
# define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE
995
/* fatal */
996
# define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE
997
/* Not for TLS */
998 999 1000 1001 1002 1003
# define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE
# define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
# define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
# define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
# define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
# define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
1004
/* fatal */
1005
# define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER
1006
/* fatal */
1007
# define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA
1008
/* fatal */
1009
# define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED
1010
/* fatal */
1011 1012
# define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR
# define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
1013
/* fatal */
1014
# define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION
1015
/* fatal */
1016
# define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION
1017
/* fatal */
1018
# define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY
1019
/* fatal */
1020 1021 1022
# define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR
# define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
# define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
1023
# define SSL_AD_MISSING_EXTENSION        TLS13_AD_MISSING_EXTENSION
1024 1025 1026 1027 1028
# define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
# define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1029
/* fatal */
1030
# define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
1031
/* fatal */
1032
# define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK
1033
# define SSL_AD_NO_APPLICATION_PROTOCOL  TLS1_AD_NO_APPLICATION_PROTOCOL
1034 1035 1036 1037 1038 1039 1040 1041 1042 1043
# define SSL_ERROR_NONE                  0
# define SSL_ERROR_SSL                   1
# define SSL_ERROR_WANT_READ             2
# define SSL_ERROR_WANT_WRITE            3
# define SSL_ERROR_WANT_X509_LOOKUP      4
# define SSL_ERROR_SYSCALL               5/* look at error stack/return
                                           * value/errno */
# define SSL_ERROR_ZERO_RETURN           6
# define SSL_ERROR_WANT_CONNECT          7
# define SSL_ERROR_WANT_ACCEPT           8
M
Matt Caswell 已提交
1044
# define SSL_ERROR_WANT_ASYNC            9
M
Matt Caswell 已提交
1045
# define SSL_ERROR_WANT_ASYNC_JOB       10
B
Benjamin Kaduk 已提交
1046
# define SSL_ERROR_WANT_EARLY           11
1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057
# define SSL_CTRL_SET_TMP_DH                     3
# define SSL_CTRL_SET_TMP_ECDH                   4
# define SSL_CTRL_SET_TMP_DH_CB                  6
# define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
# define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
# define SSL_CTRL_GET_FLAGS                      13
# define SSL_CTRL_EXTRA_CHAIN_CERT               14
# define SSL_CTRL_SET_MSG_CALLBACK               15
# define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
B
Ben Laurie 已提交
1058
/* only applies to datagram connections */
1059
# define SSL_CTRL_SET_MTU                17
1060
/* Stats */
1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082
# define SSL_CTRL_SESS_NUMBER                    20
# define SSL_CTRL_SESS_CONNECT                   21
# define SSL_CTRL_SESS_CONNECT_GOOD              22
# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
# define SSL_CTRL_SESS_ACCEPT                    24
# define SSL_CTRL_SESS_ACCEPT_GOOD               25
# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
# define SSL_CTRL_SESS_HIT                       27
# define SSL_CTRL_SESS_CB_HIT                    28
# define SSL_CTRL_SESS_MISSES                    29
# define SSL_CTRL_SESS_TIMEOUTS                  30
# define SSL_CTRL_SESS_CACHE_FULL                31
# define SSL_CTRL_MODE                           33
# define SSL_CTRL_GET_READ_AHEAD                 40
# define SSL_CTRL_SET_READ_AHEAD                 41
# define SSL_CTRL_SET_SESS_CACHE_SIZE            42
# define SSL_CTRL_GET_SESS_CACHE_SIZE            43
# define SSL_CTRL_SET_SESS_CACHE_MODE            44
# define SSL_CTRL_GET_SESS_CACHE_MODE            45
# define SSL_CTRL_GET_MAX_CERT_LIST              50
# define SSL_CTRL_SET_MAX_CERT_LIST              51
# define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
B
Bodo Möller 已提交
1083
/* see tls1.h for macros based on these */
1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110
# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
# define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
# define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60 */
/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
# define SSL_CTRL_SET_SRP_ARG            78
# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
1111 1112 1113 1114 1115
# ifndef OPENSSL_NO_HEARTBEATS
#  define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT               85
#  define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING        86
#  define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS    87
# endif
1116 1117 1118 1119 1120 1121 1122 1123 1124
# define DTLS_CTRL_GET_TIMEOUT           73
# define DTLS_CTRL_HANDLE_TIMEOUT        74
# define SSL_CTRL_GET_RI_SUPPORT                 76
# define SSL_CTRL_CLEAR_MODE                     78
# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB      79
# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
# define SSL_CTRL_CHAIN                          88
# define SSL_CTRL_CHAIN_CERT                     89
1125 1126 1127 1128
# define SSL_CTRL_GET_GROUPS                     90
# define SSL_CTRL_SET_GROUPS                     91
# define SSL_CTRL_SET_GROUPS_LIST                92
# define SSL_CTRL_GET_SHARED_GROUP               93
1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149
# define SSL_CTRL_SET_SIGALGS                    97
# define SSL_CTRL_SET_SIGALGS_LIST               98
# define SSL_CTRL_CERT_FLAGS                     99
# define SSL_CTRL_CLEAR_CERT_FLAGS               100
# define SSL_CTRL_SET_CLIENT_SIGALGS             101
# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST        102
# define SSL_CTRL_GET_CLIENT_CERT_TYPES          103
# define SSL_CTRL_SET_CLIENT_CERT_TYPES          104
# define SSL_CTRL_BUILD_CERT_CHAIN               105
# define SSL_CTRL_SET_VERIFY_CERT_STORE          106
# define SSL_CTRL_SET_CHAIN_CERT_STORE           107
# define SSL_CTRL_GET_PEER_SIGNATURE_NID         108
# define SSL_CTRL_GET_SERVER_TMP_KEY             109
# define SSL_CTRL_GET_RAW_CIPHERLIST             110
# define SSL_CTRL_GET_EC_POINT_FORMATS           111
# define SSL_CTRL_GET_CHAIN_CERTS                115
# define SSL_CTRL_SELECT_CURRENT_CERT            116
# define SSL_CTRL_SET_CURRENT_CERT               117
# define SSL_CTRL_SET_DH_AUTO                    118
# define DTLS_CTRL_SET_LINK_MTU                  120
# define DTLS_CTRL_GET_LINK_MIN_MTU              121
1150
# define SSL_CTRL_GET_EXTMS_SUPPORT              122
1151 1152
# define SSL_CTRL_SET_MIN_PROTO_VERSION          123
# define SSL_CTRL_SET_MAX_PROTO_VERSION          124
1153 1154
# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT        125
# define SSL_CTRL_SET_MAX_PIPELINES              126
1155
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE     127
1156 1157
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB       128
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG   129
1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242
# define SSL_CERT_SET_FIRST                      1
# define SSL_CERT_SET_NEXT                       2
# define SSL_CERT_SET_SERVER                     3
# define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
# define DTLSv1_handle_timeout(ssl) \
        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
# define SSL_num_renegotiations(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
# define SSL_clear_num_renegotiations(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
# define SSL_total_renegotiations(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
# define SSL_CTX_set_tmp_dh(ctx,dh) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
# define SSL_CTX_set_dh_auto(ctx, onoff) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_set_dh_auto(s, onoff) \
        SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_set_tmp_dh(ssl,dh) \
        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
# define SSL_set_tmp_ecdh(ssl,ecdh) \
        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
# define SSL_CTX_clear_extra_chain_certs(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
# define SSL_CTX_set0_chain(ctx,sk) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
# define SSL_CTX_set1_chain(ctx,sk) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
# define SSL_CTX_add0_chain_cert(ctx,x509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
# define SSL_CTX_add1_chain_cert(ctx,x509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
# define SSL_CTX_get0_chain_certs(ctx,px509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
# define SSL_CTX_clear_chain_certs(ctx) \
        SSL_CTX_set0_chain(ctx,NULL)
# define SSL_CTX_build_cert_chain(ctx, flags) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
# define SSL_CTX_select_current_cert(ctx,x509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
# define SSL_CTX_set_current_cert(ctx, op) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
# define SSL_CTX_set0_verify_cert_store(ctx,st) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
# define SSL_CTX_set1_verify_cert_store(ctx,st) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
# define SSL_CTX_set0_chain_cert_store(ctx,st) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
# define SSL_CTX_set1_chain_cert_store(ctx,st) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)
# define SSL_set0_chain(ctx,sk) \
        SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
# define SSL_set1_chain(ctx,sk) \
        SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
# define SSL_add0_chain_cert(ctx,x509) \
        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
# define SSL_add1_chain_cert(ctx,x509) \
        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
# define SSL_get0_chain_certs(ctx,px509) \
        SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
# define SSL_clear_chain_certs(ctx) \
        SSL_set0_chain(ctx,NULL)
# define SSL_build_cert_chain(s, flags) \
        SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
# define SSL_select_current_cert(ctx,x509) \
        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
# define SSL_set_current_cert(ctx,op) \
        SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
# define SSL_set0_verify_cert_store(s,st) \
        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
# define SSL_set1_verify_cert_store(s,st) \
        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
# define SSL_set0_chain_cert_store(s,st) \
        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
# define SSL_set1_chain_cert_store(s,st) \
        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)
1243 1244
# define SSL_get1_groups(ctx, s) \
        SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)s)
1245
# define SSL_get1_curves(ctx, s) \
1246 1247 1248 1249 1250
        SSL_get1_groups((ctx), (s))
# define SSL_CTX_set1_groups(ctx, glist, glistlen) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)glist)
# define SSL_CTX_set1_groups_list(ctx, s) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)s)
1251
# define SSL_CTX_set1_curves(ctx, clist, clistlen) \
1252
        SSL_CTX_set1_groups((ctx), (clist), (clistlen))
1253
# define SSL_CTX_set1_curves_list(ctx, s) \
1254 1255 1256 1257 1258
        SSL_CTX_set1_groups_list((ctx), (s))
# define SSL_set1_groups(ctx, glist, glistlen) \
        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)glist)
# define SSL_set1_groups_list(ctx, s) \
        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)s)
1259
# define SSL_set1_curves(ctx, clist, clistlen) \
1260
        SSL_set1_groups((ctx), (clist), (clistlen))
1261
# define SSL_set1_curves_list(ctx, s) \
1262 1263 1264
        SSL_set1_groups_list((ctx), (s))
# define SSL_get_shared_group(s, n) \
        SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL)
1265
# define SSL_get_shared_curve(s, n) \
1266
        SSL_get_shared_group((s), (n))
1267 1268 1269 1270 1271
# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
# define SSL_CTX_set1_sigalgs_list(ctx, s) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_set1_sigalgs(ctx, slist, slistlen) \
M
Matt Caswell 已提交
1272
        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296
# define SSL_set1_sigalgs_list(ctx, s) \
        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist)
# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist)
# define SSL_set1_client_sigalgs_list(ctx, s) \
        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
# define SSL_get0_certificate_types(s, clist) \
        SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist)
# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
# define SSL_set1_client_certificate_types(s, clist, clistlen) \
        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
# define SSL_get_peer_signature_nid(s, pn) \
        SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
# define SSL_get_server_tmp_key(s, pk) \
        SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
# define SSL_get0_raw_cipherlist(s, plst) \
        SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
# define SSL_get0_ec_point_formats(s, plst) \
        SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
1297 1298 1299 1300 1301 1302 1303 1304 1305
#define SSL_CTX_set_min_proto_version(ctx, version) \
        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
#define SSL_CTX_set_max_proto_version(ctx, version) \
        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
#define SSL_set_min_proto_version(s, version) \
        SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
#define SSL_set_max_proto_version(s, version) \
        SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)

1306 1307 1308 1309 1310 1311
#if OPENSSL_API_COMPAT < 0x10100000L
/* Provide some compatibility macros for removed functionality. */
# define SSL_CTX_need_tmp_RSA(ctx)                0
# define SSL_CTX_set_tmp_rsa(ctx,rsa)             1
# define SSL_need_tmp_RSA(ssl)                    0
# define SSL_set_tmp_rsa(ssl,rsa)                 1
1312 1313
# define SSL_CTX_set_ecdh_auto(dummy, onoff)      ((onoff) != 0)
# define SSL_set_ecdh_auto(dummy, onoff)          ((onoff) != 0)
1314
/*
V
Viktor Szakats 已提交
1315
 * We "pretend" to call the callback to avoid warnings about unused static
1316 1317 1318 1319 1320
 * functions.
 */
# define SSL_CTX_set_tmp_rsa_callback(ctx, cb)    while(0) (cb)(NULL, 0, 0)
# define SSL_set_tmp_rsa_callback(ssl, cb)        while(0) (cb)(NULL, 0, 0)
#endif
1321

1322
__owur const BIO_METHOD *BIO_f_ssl(void);
M
Matt Caswell 已提交
1323 1324 1325 1326
__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from);
1327 1328
void BIO_ssl_shutdown(BIO *ssl_bio);

M
Matt Caswell 已提交
1329 1330
__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1331
int SSL_CTX_up_ref(SSL_CTX *ctx);
1332
void SSL_CTX_free(SSL_CTX *);
M
Matt Caswell 已提交
1333 1334 1335
__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1336
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
T
Todd Short 已提交
1337
void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *);
M
Matt Caswell 已提交
1338 1339
__owur int SSL_want(const SSL *s);
__owur int SSL_clear(SSL *s);
1340

1341
void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
1342

M
Matt Caswell 已提交
1343
__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1344
__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
1345
__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
M
Matt Caswell 已提交
1346
__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
1347
__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
T
Todd Short 已提交
1348 1349 1350
__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
M
Matt Caswell 已提交
1351 1352 1353 1354 1355 1356 1357 1358

__owur int SSL_get_fd(const SSL *s);
__owur int SSL_get_rfd(const SSL *s);
__owur int SSL_get_wfd(const SSL *s);
__owur const char *SSL_get_cipher_list(const SSL *s, int n);
__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
__owur int SSL_get_read_ahead(const SSL *s);
__owur int SSL_pending(const SSL *s);
M
Matt Caswell 已提交
1359
__owur int SSL_has_pending(const SSL *s);
1360
# ifndef OPENSSL_NO_SOCK
M
Matt Caswell 已提交
1361 1362 1363
__owur int SSL_set_fd(SSL *s, int fd);
__owur int SSL_set_rfd(SSL *s, int fd);
__owur int SSL_set_wfd(SSL *s, int fd);
1364
# endif
1365 1366
void SSL_set0_rbio(SSL *s, BIO *rbio);
void SSL_set0_wbio(SSL *s, BIO *wbio);
1367
void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
M
Matt Caswell 已提交
1368 1369 1370
__owur BIO *SSL_get_rbio(const SSL *s);
__owur BIO *SSL_get_wbio(const SSL *s);
__owur int SSL_set_cipher_list(SSL *s, const char *str);
1371
void SSL_set_read_ahead(SSL *s, int yes);
M
Matt Caswell 已提交
1372 1373
__owur int SSL_get_verify_mode(const SSL *s);
__owur int SSL_get_verify_depth(const SSL *s);
R
Rich Salz 已提交
1374 1375
__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
1376 1377 1378
void SSL_set_verify_depth(SSL *s, int depth);
void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
# ifndef OPENSSL_NO_RSA
M
Matt Caswell 已提交
1379 1380
__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
D
Dr. Stephen Henson 已提交
1381
# endif
M
Matt Caswell 已提交
1382 1383
__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
1384
                            long len);
M
Matt Caswell 已提交
1385 1386
__owur int SSL_use_certificate(SSL *ssl, X509 *x);
__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1387

1388
/* Set serverinfo data for the current active cert. */
M
Matt Caswell 已提交
1389
__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
1390
                           size_t serverinfo_length);
M
Matt Caswell 已提交
1391
__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
B
Ben Laurie 已提交
1392

D
Dr. Stephen Henson 已提交
1393
#ifndef OPENSSL_NO_RSA
M
Matt Caswell 已提交
1394
__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
D
Dr. Stephen Henson 已提交
1395 1396
#endif

M
Matt Caswell 已提交
1397 1398
__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
D
Dr. Stephen Henson 已提交
1399 1400

#ifndef OPENSSL_NO_RSA
M
Matt Caswell 已提交
1401
__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
D
Dr. Stephen Henson 已提交
1402
#endif
M
Matt Caswell 已提交
1403 1404
__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1405
/* PEM type */
M
Matt Caswell 已提交
1406
__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
1407
__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
M
Matt Caswell 已提交
1408 1409
__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1410 1411 1412
                                        const char *file);
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
                                       const char *dir);
1413

1414 1415 1416 1417 1418
#if OPENSSL_API_COMPAT < 0x10100000L
# define SSL_load_error_strings() \
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
#endif
M
Matt Caswell 已提交
1419

M
Matt Caswell 已提交
1420 1421 1422 1423 1424 1425 1426 1427
__owur const char *SSL_state_string(const SSL *s);
__owur const char *SSL_rstate_string(const SSL *s);
__owur const char *SSL_state_string_long(const SSL *s);
__owur const char *SSL_rstate_string_long(const SSL *s);
__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1428
__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
L
Lyon Chen 已提交
1429
__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
R
Rich Salz 已提交
1430
__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
M
Matt Caswell 已提交
1431 1432
__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
1433
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
1434
                            size_t *len);
M
Matt Caswell 已提交
1435
__owur int SSL_copy_session_id(SSL *to, const SSL *from);
M
Matt Caswell 已提交
1436 1437
__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1438
                                unsigned int sid_ctx_len);
1439 1440
__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
                               unsigned int sid_len);
1441

M
Matt Caswell 已提交
1442
__owur SSL_SESSION *SSL_SESSION_new(void);
B
Ben Laurie 已提交
1443
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1444
                                        unsigned int *len);
1445 1446
const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
                                                unsigned int *len);
M
Matt Caswell 已提交
1447
__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
1448 1449 1450 1451 1452
# ifndef OPENSSL_NO_STDIO
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
# endif
int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
1453
int SSL_SESSION_up_ref(SSL_SESSION *ses);
1454
void SSL_SESSION_free(SSL_SESSION *ses);
M
Matt Caswell 已提交
1455 1456 1457
__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1458
int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
M
Matt Caswell 已提交
1459 1460 1461
__owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
__owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
__owur int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1462 1463 1464 1465 1466
                                unsigned int id_len);
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                             long length);

# ifdef HEADER_X509_H
M
Matt Caswell 已提交
1467
__owur X509 *SSL_get_peer_certificate(const SSL *s);
1468
# endif
1469

M
Matt Caswell 已提交
1470
__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1471

M
Matt Caswell 已提交
1472 1473
__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
R
Rich Salz 已提交
1474 1475
__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback);
1476 1477 1478 1479 1480 1481 1482
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
                                      int (*cb) (X509_STORE_CTX *, void *),
                                      void *arg);
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
                         void *arg);
# ifndef OPENSSL_NO_RSA
M
Matt Caswell 已提交
1483 1484
__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
1485
                                   long len);
D
Dr. Stephen Henson 已提交
1486
# endif
M
Matt Caswell 已提交
1487 1488
__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
1489
                                const unsigned char *d, long len);
M
Matt Caswell 已提交
1490 1491
__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
1492
                                 const unsigned char *d);
1493

1494 1495
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1496 1497
pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
M
Matt Caswell 已提交
1498 1499
void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
1500 1501
pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
void *SSL_get_default_passwd_cb_userdata(SSL *s);
1502

M
Matt Caswell 已提交
1503 1504
__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);
__owur int SSL_check_private_key(const SSL *ctx);
1505

M
Matt Caswell 已提交
1506
__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
1507
                                   unsigned int sid_ctx_len);
1508

1509
SSL *SSL_new(SSL_CTX *ctx);
1510
int SSL_up_ref(SSL *s);
R
Rich Salz 已提交
1511
int SSL_is_dtls(const SSL *s);
M
Matt Caswell 已提交
1512
__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
1513
                               unsigned int sid_ctx_len);
1514

M
Matt Caswell 已提交
1515 1516 1517 1518
__owur int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
__owur int SSL_set_purpose(SSL *s, int purpose);
__owur int SSL_CTX_set_trust(SSL_CTX *s, int trust);
__owur int SSL_set_trust(SSL *s, int trust);
1519

1520 1521
__owur int SSL_set1_host(SSL *s, const char *hostname);
__owur int SSL_add1_host(SSL *s, const char *hostname);
1522
__owur const char *SSL_get0_peername(SSL *s);
1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538
void SSL_set_hostflags(SSL *s, unsigned int flags);

__owur int SSL_CTX_dane_enable(SSL_CTX *ctx);
__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
                                  uint8_t mtype, uint8_t ord);
__owur int SSL_dane_enable(SSL *s, const char *basedomain);
__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
                             uint8_t mtype, unsigned char *data, size_t dlen);
__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
                              uint8_t *mtype, unsigned const char **data,
                              size_t *dlen);
/*
 * Bridge opacity barrier between libcrypt and libssl, also needed to support
 * offline testing in test/danetest.c
 */
1539
SSL_DANE *SSL_get0_dane(SSL *ssl);
1540 1541 1542 1543 1544 1545 1546
/*
 * DANE flags
 */
unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
1547

M
Matt Caswell 已提交
1548 1549
__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
D
Dr. Stephen Henson 已提交
1550

M
Matt Caswell 已提交
1551 1552
__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
1553

1554 1555 1556
# ifndef OPENSSL_NO_SRP
int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
B
Ben Laurie 已提交
1557 1558
int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
1559
                                        char *(*cb) (SSL *, void *));
B
Ben Laurie 已提交
1560
int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
1561
                                          int (*cb) (SSL *, void *));
B
Ben Laurie 已提交
1562
int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
1563
                                      int (*cb) (SSL *, int *, void *));
B
Ben Laurie 已提交
1564 1565 1566
int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);

int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
1567
                             BIGNUM *sa, BIGNUM *v, char *info);
B
Ben Laurie 已提交
1568
int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
1569
                                const char *grp);
B
Ben Laurie 已提交
1570

M
Matt Caswell 已提交
1571 1572
__owur BIGNUM *SSL_get_srp_g(SSL *s);
__owur BIGNUM *SSL_get_srp_N(SSL *s);
B
Ben Laurie 已提交
1573

M
Matt Caswell 已提交
1574 1575
__owur char *SSL_get_srp_username(SSL *s);
__owur char *SSL_get_srp_userinfo(SSL *s);
1576
# endif
B
Ben Laurie 已提交
1577

B
Benjamin Kaduk 已提交
1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591
/*
 * Early callback and helpers.
 */
typedef int (*SSL_early_cb_fn) (SSL *s, int *al, void *arg);
void SSL_CTX_set_early_cb(SSL_CTX *c, SSL_early_cb_fn cb, void *arg);
int SSL_early_isv2(SSL *s);
unsigned int SSL_early_get0_legacy_version(SSL *s);
size_t SSL_early_get0_random(SSL *s, const unsigned char **out);
size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out);
size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out);
size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out);
int SSL_early_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
                       size_t *outlen);

1592 1593
void SSL_certs_clear(SSL *s);
void SSL_free(SSL *ssl);
1594 1595
# ifdef OSSL_ASYNC_FD
/*
F
FdaSilvaYY 已提交
1596
 * Windows application developer has to include windows.h to use these.
1597
 */
M
Matt Caswell 已提交
1598
__owur int SSL_waiting_for_async(SSL *s);
M
Matt Caswell 已提交
1599 1600 1601 1602
__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
                                     size_t *numaddfds, OSSL_ASYNC_FD *delfd,
                                     size_t *numdelfds);
1603
# endif
M
Matt Caswell 已提交
1604 1605 1606
__owur int SSL_accept(SSL *ssl);
__owur int SSL_connect(SSL *ssl);
__owur int SSL_read(SSL *ssl, void *buf, int num);
1607
__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
M
Matt Caswell 已提交
1608
__owur int SSL_peek(SSL *ssl, void *buf, int num);
1609
__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
M
Matt Caswell 已提交
1610
__owur int SSL_write(SSL *ssl, const void *buf, int num);
M
Matt Caswell 已提交
1611
__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
1612 1613 1614 1615 1616
long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
long SSL_callback_ctrl(SSL *, int, void (*)(void));
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));

M
Matt Caswell 已提交
1617 1618
__owur int SSL_get_error(const SSL *s, int ret_code);
__owur const char *SSL_get_version(const SSL *s);
1619 1620

/* This sets the 'default' SSL version that SSL_new() will create */
M
Matt Caswell 已提交
1621
__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1622

1623
# ifndef OPENSSL_NO_SSL3_METHOD
1624 1625 1626
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) /* SSLv3 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */
1627
# endif
1628

1629 1630
#define SSLv23_method           TLS_method
#define SSLv23_server_method    TLS_server_method
1631
#define SSLv23_client_method    TLS_client_method
1632

1633 1634 1635
/* Negotiate highest available SSL/TLS version */
__owur const SSL_METHOD *TLS_method(void);
__owur const SSL_METHOD *TLS_server_method(void);
1636
__owur const SSL_METHOD *TLS_client_method(void);
1637

K
Kurt Roeckx 已提交
1638
# ifndef OPENSSL_NO_TLS1_METHOD
1639 1640 1641
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */
K
Kurt Roeckx 已提交
1642
# endif
1643

K
Kurt Roeckx 已提交
1644
# ifndef OPENSSL_NO_TLS1_1_METHOD
1645 1646 1647
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */
K
Kurt Roeckx 已提交
1648
# endif
1649

K
Kurt Roeckx 已提交
1650
# ifndef OPENSSL_NO_TLS1_2_METHOD
1651 1652 1653
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */
K
Kurt Roeckx 已提交
1654
# endif
1655

K
Kurt Roeckx 已提交
1656
# ifndef OPENSSL_NO_DTLS1_METHOD
1657 1658 1659
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) /* DTLSv1.0 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) /* DTLSv1.0 */
K
Kurt Roeckx 已提交
1660
# endif
B
Ben Laurie 已提交
1661

K
Kurt Roeckx 已提交
1662
# ifndef OPENSSL_NO_DTLS1_2_METHOD
1663 1664 1665
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) /* DTLSv1.2 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) /* DTLSv1.2 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) /* DTLSv1.2 */
K
Kurt Roeckx 已提交
1666
#endif
1667

M
Matt Caswell 已提交
1668 1669 1670
__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
D
Dr. Stephen Henson 已提交
1671

D
David Woodhouse 已提交
1672 1673
__owur size_t DTLS_get_data_mtu(const SSL *s);

M
Matt Caswell 已提交
1674
__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
K
Kazuki Yamaguchi 已提交
1675
__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
1676
__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
M
Matt Caswell 已提交
1677
__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
1678

M
Matt Caswell 已提交
1679
__owur int SSL_do_handshake(SSL *s);
1680 1681
int SSL_key_update(SSL *s, int updatetype);
int SSL_get_key_update_type(SSL *s);
1682
int SSL_renegotiate(SSL *s);
1683
int SSL_renegotiate_abbreviated(SSL *s);
M
Matt Caswell 已提交
1684
__owur int SSL_renegotiate_pending(SSL *s);
1685 1686
int SSL_shutdown(SSL *s);

M
Matt Caswell 已提交
1687 1688 1689 1690 1691 1692 1693
__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s);
__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
__owur const char *SSL_alert_type_string_long(int value);
__owur const char *SSL_alert_type_string(int value);
__owur const char *SSL_alert_desc_string_long(int value);
__owur const char *SSL_alert_desc_string(int value);
1694

1695 1696
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
M
Matt Caswell 已提交
1697 1698 1699 1700
__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
__owur int SSL_add_client_CA(SSL *ssl, X509 *x);
__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
1701 1702 1703 1704

void SSL_set_connect_state(SSL *s);
void SSL_set_accept_state(SSL *s);

M
Matt Caswell 已提交
1705
__owur long SSL_get_default_timeout(const SSL *s);
1706

1707 1708 1709
#if OPENSSL_API_COMPAT < 0x10100000L
# define SSL_library_init() OPENSSL_init_ssl(0, NULL)
#endif
1710

M
Matt Caswell 已提交
1711 1712
__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1713

M
Matt Caswell 已提交
1714
__owur SSL *SSL_dup(SSL *ssl);
1715

M
Matt Caswell 已提交
1716
__owur X509 *SSL_get_certificate(const SSL *ssl);
1717 1718 1719
/*
 * EVP_PKEY
 */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
1720

M
Matt Caswell 已提交
1721 1722
__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
1723

1724
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
M
Matt Caswell 已提交
1725
__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
1726
void SSL_set_quiet_shutdown(SSL *ssl, int mode);
M
Matt Caswell 已提交
1727
__owur int SSL_get_quiet_shutdown(const SSL *ssl);
1728
void SSL_set_shutdown(SSL *ssl, int mode);
M
Matt Caswell 已提交
1729 1730
__owur int SSL_get_shutdown(const SSL *ssl);
__owur int SSL_version(const SSL *ssl);
1731
__owur int SSL_client_version(const SSL *s);
M
Matt Caswell 已提交
1732
__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1733 1734
__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
M
Matt Caswell 已提交
1735
__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1736 1737
                                  const char *CApath);
# define SSL_get0_session SSL_get_session/* just peek at pointer */
M
Matt Caswell 已提交
1738 1739 1740
__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1741
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
B
Ben Laurie 已提交
1742
void SSL_set_info_callback(SSL *ssl,
1743 1744 1745
                           void (*cb) (const SSL *ssl, int type, int val));
void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
                                               int val);
M
Matt Caswell 已提交
1746
__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
1747

1748
void SSL_set_verify_result(SSL *ssl, long v);
M
Matt Caswell 已提交
1749
__owur long SSL_get_verify_result(const SSL *ssl);
1750
__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
1751

1752 1753 1754 1755 1756 1757
__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
                                    size_t outlen);
__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
                                    size_t outlen);
__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl,
                                         unsigned char *out, size_t outlen);
1758

1759
#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \
T
Todd Short 已提交
1760
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
M
Matt Caswell 已提交
1761
__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
1762
void *SSL_get_ex_data(const SSL *ssl, int idx);
1763
#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \
T
Todd Short 已提交
1764
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef)
M
Matt Caswell 已提交
1765
__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
1766
void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
1767
#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
T
Todd Short 已提交
1768
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
M
Matt Caswell 已提交
1769
__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
1770 1771
void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);

M
Matt Caswell 已提交
1772
__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801

# define SSL_CTX_sess_set_cache_size(ctx,t) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
# define SSL_CTX_sess_get_cache_size(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
# define SSL_CTX_set_session_cache_mode(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
# define SSL_CTX_get_session_cache_mode(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)

# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
# define SSL_CTX_get_read_ahead(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
# define SSL_CTX_set_read_ahead(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
# define SSL_CTX_get_max_cert_list(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
# define SSL_CTX_set_max_cert_list(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
# define SSL_get_max_cert_list(ssl) \
        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
# define SSL_set_max_cert_list(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)

# define SSL_CTX_set_max_send_fragment(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
# define SSL_set_max_send_fragment(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1802 1803 1804 1805 1806 1807 1808 1809
# define SSL_CTX_set_split_send_fragment(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
# define SSL_set_split_send_fragment(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
# define SSL_CTX_set_max_pipelines(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
# define SSL_set_max_pipelines(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
1810

1811 1812 1813
void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
void SSL_set_default_read_buffer_len(SSL *s, size_t len);

1814
# ifndef OPENSSL_NO_DH
F
FdaSilvaYY 已提交
1815
/* NB: the |keylength| is only applicable when is_export is true */
1816
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1817 1818
                                 DH *(*dh) (SSL *ssl, int is_export,
                                            int keylength));
1819
void SSL_set_tmp_dh_callback(SSL *ssl,
1820 1821 1822
                             DH *(*dh) (SSL *ssl, int is_export,
                                        int keylength));
# endif
1823

M
Matt Caswell 已提交
1824 1825 1826
__owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
M
Matt Caswell 已提交
1827 1828
__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp);
__owur int SSL_COMP_get_id(const SSL_COMP *comp);
M
Matt Caswell 已提交
1829
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
M
Matt Caswell 已提交
1830
__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
1831
                                                      *meths);
1832
#if OPENSSL_API_COMPAT < 0x10100000L
M
Matt Caswell 已提交
1833
# define SSL_COMP_free_compression_methods() while(0) continue
1834
#endif
M
Matt Caswell 已提交
1835
__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
1836

1837
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
1838 1839
int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
1840 1841 1842
int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
                             STACK_OF(SSL_CIPHER) **scsvs);
1843

D
Dr. Stephen Henson 已提交
1844
/* TLS extensions functions */
M
Matt Caswell 已提交
1845
__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
D
Dr. Stephen Henson 已提交
1846

M
Matt Caswell 已提交
1847
__owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1848
                                  void *arg);
D
Dr. Stephen Henson 已提交
1849 1850

/* Pre-shared secret session resumption functions */
M
Matt Caswell 已提交
1851
__owur int SSL_set_session_secret_cb(SSL *s,
1852 1853
                              tls_session_secret_cb_fn tls_session_secret_cb,
                              void *arg);
D
Dr. Stephen Henson 已提交
1854

1855
void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
1856 1857 1858
                                                int (*cb) (SSL *ssl,
                                                           int
                                                           is_forward_secure));
1859 1860

void SSL_set_not_resumable_session_callback(SSL *ssl,
1861 1862 1863
                                            int (*cb) (SSL *ssl,
                                                       int
                                                       is_forward_secure));
1864 1865 1866
# if OPENSSL_API_COMPAT < 0x10100000L
#  define SSL_cache_hit(s) SSL_session_reused(s)
# endif
1867

1868
__owur int SSL_session_reused(SSL *s);
M
Matt Caswell 已提交
1869
__owur int SSL_is_server(SSL *s);
D
Dr. Stephen Henson 已提交
1870

M
Matt Caswell 已提交
1871
__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void);
D
Dr. Stephen Henson 已提交
1872
int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
1873 1874
void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
M
Matt Caswell 已提交
1875 1876
__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
1877 1878 1879 1880

void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);

M
Matt Caswell 已提交
1881 1882 1883
__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
1884

1885 1886 1887 1888
void SSL_add_ssl_module(void);
int SSL_config(SSL *s, const char *name);
int SSL_CTX_config(SSL_CTX *ctx, const char *name);

1889
# ifndef OPENSSL_NO_SSL_TRACE
1890
void SSL_trace(int write_p, int version, int content_type,
1891
               const void *buf, size_t len, SSL *ssl, void *arg);
M
Matt Caswell 已提交
1892
__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
1893
# endif
1894

M
Matt Caswell 已提交
1895
# ifndef OPENSSL_NO_SOCK
1896
int DTLSv1_listen(SSL *s, BIO_ADDR *client);
M
Matt Caswell 已提交
1897
# endif
1898

1899 1900
# ifndef OPENSSL_NO_CT

1901 1902 1903 1904 1905 1906 1907 1908 1909
/*
 * A callback for verifying that the received SCTs are sufficient.
 * Expected to return 1 if they are sufficient, otherwise 0.
 * May return a negative integer if an error occurs.
 * A connection should be aborted if the SCTs are deemed insufficient.
 */
typedef int(*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
                                   const STACK_OF(SCT) *scts, void *arg);

1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921
/*
 * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate
 * the received SCTs.
 * If the callback returns a non-positive result, the connection is terminated.
 * Call this function before beginning a handshake.
 * If a NULL |callback| is provided, SCT validation is disabled.
 * |arg| is arbitrary userdata that will be passed to the callback whenever it
 * is invoked. Ownership of |arg| remains with the caller.
 *
 * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response
 *       will be requested.
 */
1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952
int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
                                   void *arg);
int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
                                       ssl_ct_validation_cb callback,
                                       void *arg);
#define SSL_disable_ct(s) \
        ((void) SSL_set_validation_callback((s), NULL, NULL))
#define SSL_CTX_disable_ct(ctx) \
        ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL))

/*
 * The validation type enumerates the available behaviours of the built-in SSL
 * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct().
 * The underlying callback is a static function in libssl.
 */
enum {
    SSL_CT_VALIDATION_PERMISSIVE = 0,
    SSL_CT_VALIDATION_STRICT
};

/*
 * Enable CT by setting up a callback that implements one of the built-in
 * validation variants.  The SSL_CT_VALIDATION_PERMISSIVE variant always
 * continues the handshake, the application can make appropriate decisions at
 * handshake completion.  The SSL_CT_VALIDATION_STRICT variant requires at
 * least one valid SCT, or else handshake termination will be requested.  The
 * handshake may continue anyway if SSL_VERIFY_NONE is in effect.
 */
int SSL_enable_ct(SSL *s, int validation_mode);
int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);

1953
/*
1954
 * Report whether a non-NULL callback is enabled.
1955
 */
1956 1957
int SSL_ct_is_enabled(const SSL *s);
int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
1958 1959 1960 1961

/* Gets the SCTs received from a connection */
const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);

R
Rob Percival 已提交
1962 1963 1964 1965 1966 1967 1968
/*
 * Loads the CT log list from the default location.
 * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
 * the log information loaded from this file will be appended to the
 * CTLOG_STORE.
 * Returns 1 on success, 0 otherwise.
 */
1969
int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
R
Rob Percival 已提交
1970 1971 1972 1973 1974 1975 1976 1977

/*
 * Loads the CT log list from the specified file path.
 * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
 * the log information loaded from this file will be appended to the
 * CTLOG_STORE.
 * Returns 1 on success, 0 otherwise.
 */
1978 1979
int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);

R
Rob Percival 已提交
1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994
/*
 * Sets the CT log list used by all SSL connections created from this SSL_CTX.
 * Ownership of the CTLOG_STORE is transferred to the SSL_CTX.
 */
void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs);

/*
 * Gets the CT log list used by all SSL connections created from this SSL_CTX.
 * This will be NULL unless one of the following functions has been called:
 * - SSL_CTX_set_default_ctlog_list_file
 * - SSL_CTX_set_ctlog_list_file
 * - SSL_CTX_set_ctlog_store
 */
const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx);

1995 1996
# endif /* OPENSSL_NO_CT */

D
Dr. Stephen Henson 已提交
1997 1998
/* What the "other" parameter contains in security callback */
/* Mask for type */
1999 2000 2001 2002 2003 2004 2005 2006
# define SSL_SECOP_OTHER_TYPE    0xffff0000
# define SSL_SECOP_OTHER_NONE    0
# define SSL_SECOP_OTHER_CIPHER  (1 << 16)
# define SSL_SECOP_OTHER_CURVE   (2 << 16)
# define SSL_SECOP_OTHER_DH      (3 << 16)
# define SSL_SECOP_OTHER_PKEY    (4 << 16)
# define SSL_SECOP_OTHER_SIGALG  (5 << 16)
# define SSL_SECOP_OTHER_CERT    (6 << 16)
D
Dr. Stephen Henson 已提交
2007 2008

/* Indicated operation refers to peer key or certificate */
2009
# define SSL_SECOP_PEER          0x1000
D
Dr. Stephen Henson 已提交
2010 2011 2012 2013 2014

/* Values for "op" parameter in security callback */

/* Called to filter ciphers */
/* Ciphers client supports */
2015
# define SSL_SECOP_CIPHER_SUPPORTED      (1 | SSL_SECOP_OTHER_CIPHER)
D
Dr. Stephen Henson 已提交
2016
/* Cipher shared by client/server */
2017
# define SSL_SECOP_CIPHER_SHARED         (2 | SSL_SECOP_OTHER_CIPHER)
D
Dr. Stephen Henson 已提交
2018
/* Sanity check of cipher server selects */
2019
# define SSL_SECOP_CIPHER_CHECK          (3 | SSL_SECOP_OTHER_CIPHER)
D
Dr. Stephen Henson 已提交
2020
/* Curves supported by client */
2021
# define SSL_SECOP_CURVE_SUPPORTED       (4 | SSL_SECOP_OTHER_CURVE)
D
Dr. Stephen Henson 已提交
2022
/* Curves shared by client/server */
2023
# define SSL_SECOP_CURVE_SHARED          (5 | SSL_SECOP_OTHER_CURVE)
D
Dr. Stephen Henson 已提交
2024
/* Sanity check of curve server selects */
2025
# define SSL_SECOP_CURVE_CHECK           (6 | SSL_SECOP_OTHER_CURVE)
D
Dr. Stephen Henson 已提交
2026
/* Temporary DH key */
2027
# define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_PKEY)
D
Dr. Stephen Henson 已提交
2028
/* SSL/TLS version */
2029
# define SSL_SECOP_VERSION               (9 | SSL_SECOP_OTHER_NONE)
D
Dr. Stephen Henson 已提交
2030
/* Session tickets */
2031
# define SSL_SECOP_TICKET                (10 | SSL_SECOP_OTHER_NONE)
D
Dr. Stephen Henson 已提交
2032
/* Supported signature algorithms sent to peer */
2033
# define SSL_SECOP_SIGALG_SUPPORTED      (11 | SSL_SECOP_OTHER_SIGALG)
D
Dr. Stephen Henson 已提交
2034
/* Shared signature algorithm */
2035
# define SSL_SECOP_SIGALG_SHARED         (12 | SSL_SECOP_OTHER_SIGALG)
D
Dr. Stephen Henson 已提交
2036
/* Sanity check signature algorithm allowed */
2037
# define SSL_SECOP_SIGALG_CHECK          (13 | SSL_SECOP_OTHER_SIGALG)
D
Dr. Stephen Henson 已提交
2038
/* Used to get mask of supported public key signature algorithms */
2039
# define SSL_SECOP_SIGALG_MASK           (14 | SSL_SECOP_OTHER_SIGALG)
D
Dr. Stephen Henson 已提交
2040
/* Use to see if compression is allowed */
2041
# define SSL_SECOP_COMPRESSION           (15 | SSL_SECOP_OTHER_NONE)
D
Dr. Stephen Henson 已提交
2042
/* EE key in certificate */
2043
# define SSL_SECOP_EE_KEY                (16 | SSL_SECOP_OTHER_CERT)
D
Dr. Stephen Henson 已提交
2044
/* CA key in certificate */
2045
# define SSL_SECOP_CA_KEY                (17 | SSL_SECOP_OTHER_CERT)
D
Dr. Stephen Henson 已提交
2046
/* CA digest algorithm in certificate */
2047
# define SSL_SECOP_CA_MD                 (18 | SSL_SECOP_OTHER_CERT)
D
Dr. Stephen Henson 已提交
2048
/* Peer EE key in certificate */
2049
# define SSL_SECOP_PEER_EE_KEY           (SSL_SECOP_EE_KEY | SSL_SECOP_PEER)
D
Dr. Stephen Henson 已提交
2050
/* Peer CA key in certificate */
2051
# define SSL_SECOP_PEER_CA_KEY           (SSL_SECOP_CA_KEY | SSL_SECOP_PEER)
D
Dr. Stephen Henson 已提交
2052
/* Peer CA digest algorithm in certificate */
2053
# define SSL_SECOP_PEER_CA_MD            (SSL_SECOP_CA_MD | SSL_SECOP_PEER)
D
Dr. Stephen Henson 已提交
2054 2055

void SSL_set_security_level(SSL *s, int level);
M
Matt Caswell 已提交
2056
__owur int SSL_get_security_level(const SSL *s);
2057
void SSL_set_security_callback(SSL *s,
K
Kurt Roeckx 已提交
2058
                               int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
2059 2060
                                          int bits, int nid, void *other,
                                          void *ex));
K
Kurt Roeckx 已提交
2061
int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op,
2062 2063
                                                int bits, int nid,
                                                void *other, void *ex);
D
Dr. Stephen Henson 已提交
2064
void SSL_set0_security_ex_data(SSL *s, void *ex);
M
Matt Caswell 已提交
2065
__owur void *SSL_get0_security_ex_data(const SSL *s);
D
Dr. Stephen Henson 已提交
2066 2067

void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
M
Matt Caswell 已提交
2068
__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx);
2069
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
K
Kurt Roeckx 已提交
2070
                                   int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
2071 2072
                                              int bits, int nid, void *other,
                                              void *ex));
K
Kurt Roeckx 已提交
2073 2074
int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
                                                          const SSL_CTX *ctx,
2075 2076 2077 2078
                                                          int op, int bits,
                                                          int nid,
                                                          void *other,
                                                          void *ex);
D
Dr. Stephen Henson 已提交
2079
void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
M
Matt Caswell 已提交
2080
__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
D
Dr. Stephen Henson 已提交
2081

2082 2083 2084
/* OPENSSL_INIT flag 0x010000 reserved for internal use */
#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS    0x00100000L
#define OPENSSL_INIT_LOAD_SSL_STRINGS       0x00200000L
2085 2086 2087 2088

#define OPENSSL_INIT_SSL_DEFAULT \
        (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS)

2089
int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
2090

2091
# ifndef OPENSSL_NO_UNIT_TEST
M
Matt Caswell 已提交
2092
__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
2093
# endif
2094

2095 2096
extern const char SSL_version_str[];

2097
/* BEGIN ERROR CODES */
2098 2099
/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
2100 2101
 * made after this point may be overwritten when the script is next run.
 */
R
Rich Salz 已提交
2102

2103
int ERR_load_SSL_strings(void);
2104

2105 2106 2107
/* Error codes for the SSL functions. */

/* Function codes. */
2108
# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT                   438
2109
# define SSL_F_ADD_KEY_SHARE                              512
2110
# define SSL_F_BYTES_TO_CIPHER_LIST                       519
2111
# define SSL_F_CHECK_SUITEB_CIPHER_LIST                   331
2112
# define SSL_F_CT_MOVE_SCTS                               345
V
Viktor Dukhovni 已提交
2113
# define SSL_F_CT_STRICT                                  349
2114
# define SSL_F_D2I_SSL_SESSION                            103
2115 2116 2117
# define SSL_F_DANE_CTX_ENABLE                            347
# define SSL_F_DANE_MTYPE_SET                             393
# define SSL_F_DANE_TLSA_ADD                              394
2118
# define SSL_F_DERIVE_SECRET_KEY_AND_IV                   514
2119 2120 2121 2122
# define SSL_F_DO_DTLS1_WRITE                             245
# define SSL_F_DO_SSL3_WRITE                              104
# define SSL_F_DTLS1_BUFFER_RECORD                        247
# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    318
2123
# define SSL_F_DTLS1_HEARTBEAT                            305
2124
# define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
M
Matt Caswell 已提交
2125
# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS             424
2126 2127
# define SSL_F_DTLS1_PROCESS_RECORD                       257
# define SSL_F_DTLS1_READ_BYTES                           258
2128 2129
# define SSL_F_DTLS1_READ_FAILED                          339
# define SSL_F_DTLS1_RETRANSMIT_MESSAGE                   390
2130
# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
2131
# define SSL_F_DTLSV1_LISTEN                              350
2132
# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC          371
2133
# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST        385
2134
# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE               370
2135
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY                  386
M
Matt Caswell 已提交
2136 2137
# define SSL_F_FINAL_EC_PT_FORMATS                        485
# define SSL_F_FINAL_EMS                                  486
2138
# define SSL_F_FINAL_KEY_SHARE                            503
M
Matt Caswell 已提交
2139
# define SSL_F_FINAL_RENEGOTIATE                          483
2140
# define SSL_F_FINAL_SIG_ALGS                             497
2141
# define SSL_F_NSS_KEYLOG_INT                             500
R
Rich Salz 已提交
2142
# define SSL_F_OPENSSL_INIT_SSL                           342
2143
# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION       436
2144
# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE       430
R
Richard Levitte 已提交
2145
# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION         417
2146
# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION       437
2147
# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE       431
R
Richard Levitte 已提交
2148
# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION         418
2149
# define SSL_F_PROCESS_KEY_SHARE_EXT                      439
2150
# define SSL_F_READ_STATE_MACHINE                         352
2151 2152 2153 2154 2155 2156
# define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
# define SSL_F_SSL3_CTRL                                  213
# define SSL_F_SSL3_CTX_CTRL                              133
# define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
D
Dr. Stephen Henson 已提交
2157
# define SSL_F_SSL3_FINAL_FINISH_MAC                      285
2158
# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
2159
# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388
2160
# define SSL_F_SSL3_GET_RECORD                            143
R
Rich Salz 已提交
2161
# define SSL_F_SSL3_INIT_FINISHED_MAC                     397
2162 2163 2164 2165 2166 2167 2168 2169 2170 2171
# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
# define SSL_F_SSL3_READ_BYTES                            148
# define SSL_F_SSL3_READ_N                                149
# define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
# define SSL_F_SSL3_SETUP_READ_BUFFER                     156
# define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
# define SSL_F_SSL3_WRITE_BYTES                           158
# define SSL_F_SSL3_WRITE_PENDING                         159
# define SSL_F_SSL_ADD_CERT_CHAIN                         316
# define SSL_F_SSL_ADD_CERT_TO_BUF                        319
2172
# define SSL_F_SSL_ADD_CERT_TO_WPACKET                    493
2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183
# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
# define SSL_F_SSL_BAD_METHOD                             160
# define SSL_F_SSL_BUILD_CERT_CHAIN                       332
# define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
2184
# define SSL_F_SSL_CACHE_CIPHERLIST                       520
2185
# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT                   346
2186 2187 2188 2189 2190 2191
# define SSL_F_SSL_CERT_DUP                               221
# define SSL_F_SSL_CERT_NEW                               162
# define SSL_F_SSL_CERT_SET0_CHAIN                        340
# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
2192
# define SSL_F_SSL_CIPHER_LIST_TO_BYTES                   425
2193 2194 2195 2196 2197 2198 2199 2200
# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
# define SSL_F_SSL_CLEAR                                  164
# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
# define SSL_F_SSL_CONF_CMD                               334
# define SSL_F_SSL_CREATE_CIPHER_LIST                     166
# define SSL_F_SSL_CTRL                                   232
# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
V
Viktor Dukhovni 已提交
2201
# define SSL_F_SSL_CTX_ENABLE_CT                          398
2202 2203
# define SSL_F_SSL_CTX_MAKE_PROFILES                      309
# define SSL_F_SSL_CTX_NEW                                169
2204
# define SSL_F_SSL_CTX_SET_ALPN_PROTOS                    343
2205 2206
# define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
2207
# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK         396
2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221
# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
# define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
# define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
# define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
# define SSL_F_SSL_CTX_USE_SERVERINFO                     336
# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE                337
V
Viktor Dukhovni 已提交
2222
# define SSL_F_SSL_DANE_DUP                               403
2223
# define SSL_F_SSL_DANE_ENABLE                            395
D
Dr. Stephen Henson 已提交
2224
# define SSL_F_SSL_DO_CONFIG                              391
2225
# define SSL_F_SSL_DO_HANDSHAKE                           180
2226
# define SSL_F_SSL_DUP_CA_LIST                            408
V
Viktor Dukhovni 已提交
2227
# define SSL_F_SSL_ENABLE_CT                              402
2228 2229 2230 2231 2232
# define SSL_F_SSL_GET_NEW_SESSION                        181
# define SSL_F_SSL_GET_PREV_SESSION                       217
# define SSL_F_SSL_GET_SERVER_CERT_INDEX                  322
# define SSL_F_SSL_GET_SIGN_PKEY                          183
# define SSL_F_SSL_INIT_WBIO_BUFFER                       184
2233
# define SSL_F_SSL_KEY_UPDATE                             515
2234
# define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
2235 2236
# define SSL_F_SSL_LOG_MASTER_SECRET                      498
# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE            499
D
Dr. Stephen Henson 已提交
2237
# define SSL_F_SSL_MODULE_INIT                            392
2238 2239 2240 2241 2242 2243 2244 2245
# define SSL_F_SSL_NEW                                    186
# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
# define SSL_F_SSL_PEEK                                   270
2246
# define SSL_F_SSL_PEEK_EX                                432
K
Kurt Roeckx 已提交
2247
# define SSL_F_SSL_PEEK_INTERNAL                          522
2248
# define SSL_F_SSL_READ                                   223
2249
# define SSL_F_SSL_READ_EX                                434
K
Kurt Roeckx 已提交
2250
# define SSL_F_SSL_READ_INTERNAL                          523
2251
# define SSL_F_SSL_RENEGOTIATE                            516
2252 2253
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321
2254
# define SSL_F_SSL_SESSION_DUP                            348
2255 2256
# define SSL_F_SSL_SESSION_NEW                            189
# define SSL_F_SSL_SESSION_PRINT_FP                       190
2257
# define SSL_F_SSL_SESSION_SET1_ID                        423
2258
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
2259
# define SSL_F_SSL_SET_ALPN_PROTOS                        344
2260 2261
# define SSL_F_SSL_SET_CERT                               191
# define SSL_F_SSL_SET_CIPHER_LIST                        271
2262
# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK             399
2263 2264 2265 2266 2267 2268 2269 2270 2271
# define SSL_F_SSL_SET_FD                                 192
# define SSL_F_SSL_SET_PKEY                               193
# define SSL_F_SSL_SET_RFD                                194
# define SSL_F_SSL_SET_SESSION                            195
# define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
# define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
# define SSL_F_SSL_SET_WFD                                196
# define SSL_F_SSL_SHUTDOWN                               224
# define SSL_F_SSL_SRP_CTX_INIT                           313
M
Matt Caswell 已提交
2272
# define SSL_F_SSL_START_ASYNC_JOB                        389
2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284
# define SSL_F_SSL_UNDEFINED_FUNCTION                     197
# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
# define SSL_F_SSL_USE_CERTIFICATE                        198
# define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
# define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
# define SSL_F_SSL_USE_PRIVATEKEY                         201
# define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
# define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
# define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
# define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
2285
# define SSL_F_SSL_VALIDATE_CT                            400
2286 2287
# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
# define SSL_F_SSL_WRITE                                  208
2288
# define SSL_F_SSL_WRITE_EX                               433
K
Kurt Roeckx 已提交
2289
# define SSL_F_SSL_WRITE_INTERNAL                         524
2290
# define SSL_F_STATE_MACHINE                              353
2291
# define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
2292 2293
# define SSL_F_TLS13_CHANGE_CIPHER_STATE                  440
# define SSL_F_TLS13_SETUP_KEY_BLOCK                      441
2294
# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
E
Emilia Kasper 已提交
2295
# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS            341
2296
# define SSL_F_TLS1_ENC                                   401
2297 2298 2299 2300 2301
# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
# define SSL_F_TLS1_GET_CURVELIST                         338
# define SSL_F_TLS1_PRF                                   284
# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
# define SSL_F_TLS1_SET_SERVER_SIGALGS                    335
M
Matt Caswell 已提交
2302
# define SSL_F_TLS_CHOOSE_SIGALG                          513
2303
# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK          354
2304
# define SSL_F_TLS_COLLECT_EXTENSIONS                     435
M
Matt Caswell 已提交
2305
# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST          372
2306
# define SSL_F_TLS_CONSTRUCT_CERT_STATUS                  429
2307
# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY             494
2308
# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY                  496
2309
# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC           427
2310 2311 2312 2313 2314 2315
# define SSL_F_TLS_CONSTRUCT_CKE_DHE                      404
# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE                    405
# define SSL_F_TLS_CONSTRUCT_CKE_GOST                     406
# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE             407
# define SSL_F_TLS_CONSTRUCT_CKE_RSA                      409
# define SSL_F_TLS_CONSTRUCT_CKE_SRP                      410
M
Matt Caswell 已提交
2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329
# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE           484
# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO                 487
# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE          488
# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY                489
# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN                    466
# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE             355
# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS           467
# define SSL_F_TLS_CONSTRUCT_CTOS_EMS                     468
# define SSL_F_TLS_CONSTRUCT_CTOS_ETM                     469
# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO                   356
# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE            357
# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE               470
# define SSL_F_TLS_CONSTRUCT_CTOS_NPN                     471
# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING                 472
2330
# define SSL_F_TLS_CONSTRUCT_CTOS_PSK                     501
D
Dr. Stephen Henson 已提交
2331
# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES           509
M
Matt Caswell 已提交
2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342
# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE             473
# define SSL_F_TLS_CONSTRUCT_CTOS_SCT                     474
# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME             475
# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET          476
# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS                477
# define SSL_F_TLS_CONSTRUCT_CTOS_SRP                     478
# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST          479
# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS        480
# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS      481
# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP                482
# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY                  358
M
Matt Caswell 已提交
2343
# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS         443
M
Matt Caswell 已提交
2344
# define SSL_F_TLS_CONSTRUCT_EXTENSIONS                   447
2345
# define SSL_F_TLS_CONSTRUCT_FINISHED                     359
M
Matt Caswell 已提交
2346
# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST                373
2347
# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST          510
2348
# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE                   517
2349
# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET           428
2350
# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO                   426
M
Matt Caswell 已提交
2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364
# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE           490
# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO                 491
# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE          492
# define SSL_F_TLS_CONSTRUCT_STOC_ALPN                    451
# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE             374
# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG           452
# define SSL_F_TLS_CONSTRUCT_STOC_DONE                    375
# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS           453
# define SSL_F_TLS_CONSTRUCT_STOC_EMS                     454
# define SSL_F_TLS_CONSTRUCT_STOC_ETM                     455
# define SSL_F_TLS_CONSTRUCT_STOC_HELLO                   376
# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE            377
# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE               456
# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG          457
2365
# define SSL_F_TLS_CONSTRUCT_STOC_PSK                     504
M
Matt Caswell 已提交
2366 2367 2368 2369 2370
# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE             458
# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME             459
# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET          460
# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST          461
# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP                462
B
Benjamin Kaduk 已提交
2371
# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO        521
M
Matt Caswell 已提交
2372
# define SSL_F_TLS_GET_MESSAGE_BODY                       351
M
Matt Caswell 已提交
2373
# define SSL_F_TLS_GET_MESSAGE_HEADER                     387
M
Matt Caswell 已提交
2374
# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT               449
M
Matt Caswell 已提交
2375
# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE                   463
2376
# define SSL_F_TLS_PARSE_CTOS_PSK                         505
M
Matt Caswell 已提交
2377 2378 2379
# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE                 464
# define SSL_F_TLS_PARSE_CTOS_USE_SRTP                    465
# define SSL_F_TLS_PARSE_STOC_KEY_SHARE                   445
2380
# define SSL_F_TLS_PARSE_STOC_PSK                         502
M
Matt Caswell 已提交
2381 2382
# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE                 448
# define SSL_F_TLS_PARSE_STOC_USE_SRTP                    446
M
Matt Caswell 已提交
2383
# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO              378
2384
# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE       384
2385 2386 2387
# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE             360
# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST            361
# define SSL_F_TLS_PROCESS_CERT_STATUS                    362
2388
# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY               495
M
Matt Caswell 已提交
2389
# define SSL_F_TLS_PROCESS_CERT_VERIFY                    379
2390
# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC             363
2391 2392 2393 2394 2395 2396
# define SSL_F_TLS_PROCESS_CKE_DHE                        411
# define SSL_F_TLS_PROCESS_CKE_ECDHE                      412
# define SSL_F_TLS_PROCESS_CKE_GOST                       413
# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE               414
# define SSL_F_TLS_PROCESS_CKE_RSA                        415
# define SSL_F_TLS_PROCESS_CKE_SRP                        416
M
Matt Caswell 已提交
2397 2398 2399
# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE             380
# define SSL_F_TLS_PROCESS_CLIENT_HELLO                   381
# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE            382
M
Matt Caswell 已提交
2400
# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS           444
2401
# define SSL_F_TLS_PROCESS_FINISHED                       364
2402
# define SSL_F_TLS_PROCESS_HELLO_REQ                      507
2403
# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST            511
2404
# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT          442
2405
# define SSL_F_TLS_PROCESS_KEY_EXCHANGE                   365
M
Matt Caswell 已提交
2406
# define SSL_F_TLS_PROCESS_KEY_UPDATE                     518
2407
# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET             366
M
Matt Caswell 已提交
2408
# define SSL_F_TLS_PROCESS_NEXT_PROTO                     383
2409 2410 2411
# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE             367
# define SSL_F_TLS_PROCESS_SERVER_DONE                    368
# define SSL_F_TLS_PROCESS_SERVER_HELLO                   369
2412 2413 2414 2415
# define SSL_F_TLS_PROCESS_SKE_DHE                        419
# define SSL_F_TLS_PROCESS_SKE_ECDHE                      420
# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE               421
# define SSL_F_TLS_PROCESS_SKE_SRP                        422
2416
# define SSL_F_TLS_PSK_DO_BINDER                          506
M
Matt Caswell 已提交
2417
# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT                450
2418
# define SSL_F_TLS_SETUP_HANDSHAKE                        508
M
Matt Caswell 已提交
2419
# define SSL_F_USE_CERTIFICATE_CHAIN_FILE                 220
D
Dr. Stephen Henson 已提交
2420

2421
/* Reason codes. */
2422 2423
# define SSL_R_APP_DATA_IN_HANDSHAKE                      100
# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
2424 2425
# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE       143
# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
2426 2427 2428 2429
# define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
# define SSL_R_BAD_DATA                                   390
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
# define SSL_R_BAD_DECOMPRESSION                          107
2430
# define SSL_R_BAD_DH_VALUE                               102
2431 2432 2433
# define SSL_R_BAD_DIGEST_LENGTH                          111
# define SSL_R_BAD_ECC_CERT                               304
# define SSL_R_BAD_ECPOINT                                306
2434
# define SSL_R_BAD_EXTENSION                              110
2435 2436
# define SSL_R_BAD_HANDSHAKE_LENGTH                       332
# define SSL_R_BAD_HELLO_REQUEST                          105
2437
# define SSL_R_BAD_KEY_SHARE                              108
2438
# define SSL_R_BAD_KEY_UPDATE                             122
2439 2440 2441
# define SSL_R_BAD_LENGTH                                 271
# define SSL_R_BAD_PACKET_LENGTH                          115
# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
2442
# define SSL_R_BAD_PSK_IDENTITY                           114
2443
# define SSL_R_BAD_RECORD_TYPE                            443
2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455
# define SSL_R_BAD_RSA_ENCRYPT                            119
# define SSL_R_BAD_SIGNATURE                              123
# define SSL_R_BAD_SRP_A_LENGTH                           347
# define SSL_R_BAD_SRP_PARAMETERS                         371
# define SSL_R_BAD_SRTP_MKI_VALUE                         352
# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
# define SSL_R_BAD_SSL_FILETYPE                           124
# define SSL_R_BAD_VALUE                                  384
# define SSL_R_BAD_WRITE_RETRY                            127
# define SSL_R_BIO_NOT_SET                                128
# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
# define SSL_R_BN_LIB                                     130
2456
# define SSL_R_CANNOT_CHANGE_CIPHER                       109
2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472
# define SSL_R_CA_DN_LENGTH_MISMATCH                      131
# define SSL_R_CA_KEY_TOO_SMALL                           397
# define SSL_R_CA_MD_TOO_WEAK                             398
# define SSL_R_CCS_RECEIVED_EARLY                         133
# define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
# define SSL_R_CERT_CB_ERROR                              377
# define SSL_R_CERT_LENGTH_MISMATCH                       135
# define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
# define SSL_R_CLIENTHELLO_TLSEXT                         226
# define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
# define SSL_R_COMPRESSION_DISABLED                       343
# define SSL_R_COMPRESSION_FAILURE                        141
# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
# define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
# define SSL_R_CONNECTION_TYPE_NOT_SET                    144
2473
# define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
M
Matt Caswell 已提交
2474
# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
2475
# define SSL_R_COOKIE_MISMATCH                            308
2476
# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED       206
2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487
# define SSL_R_DANE_ALREADY_ENABLED                       172
# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL            173
# define SSL_R_DANE_NOT_ENABLED                           175
# define SSL_R_DANE_TLSA_BAD_CERTIFICATE                  180
# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE            184
# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH                  189
# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH                192
# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE                200
# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY                   201
# define SSL_R_DANE_TLSA_BAD_SELECTOR                     202
# define SSL_R_DANE_TLSA_NULL_DATA                        203
2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502
# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
# define SSL_R_DATA_LENGTH_TOO_LONG                       146
# define SSL_R_DECRYPTION_FAILED                          147
# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
# define SSL_R_DH_KEY_TOO_SMALL                           394
# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
# define SSL_R_DIGEST_CHECK_FAILED                        149
# define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
# define SSL_R_DUPLICATE_COMPRESSION_ID                   309
# define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
# define SSL_R_EE_KEY_TOO_SMALL                           399
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
2503
# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
2504 2505
# define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
# define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
2506
# define SSL_R_EXT_LENGTH_MISMATCH                        162
M
Matt Caswell 已提交
2507
# define SSL_R_FAILED_TO_INIT_ASYNC                       405
M
Matt Caswell 已提交
2508
# define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
2509 2510 2511
# define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
# define SSL_R_HTTPS_PROXY_REQUEST                        155
# define SSL_R_HTTP_REQUEST                               156
2512
# define SSL_R_ILLEGAL_POINT_COMPRESSION                  162
2513 2514 2515
# define SSL_R_ILLEGAL_SUITEB_DIGEST                      380
# define SSL_R_INAPPROPRIATE_FALLBACK                     373
# define SSL_R_INCONSISTENT_COMPRESSION                   340
D
Dr. Stephen Henson 已提交
2516
# define SSL_R_INCONSISTENT_EXTMS                         104
2517 2518
# define SSL_R_INVALID_COMMAND                            280
# define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
D
Dr. Stephen Henson 已提交
2519
# define SSL_R_INVALID_CONFIGURATION_NAME                 113
V
Viktor Dukhovni 已提交
2520
# define SSL_R_INVALID_CT_VALIDATION_TYPE                 212
2521
# define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
2522
# define SSL_R_INVALID_NULL_CMD_NAME                      385
M
Matt Caswell 已提交
2523
# define SSL_R_INVALID_SEQUENCE_NUMBER                    402
2524 2525 2526 2527 2528
# define SSL_R_INVALID_SERVERINFO_DATA                    388
# define SSL_R_INVALID_SRP_USERNAME                       357
# define SSL_R_INVALID_STATUS_RESPONSE                    328
# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
# define SSL_R_LENGTH_MISMATCH                            159
M
Matt Caswell 已提交
2529
# define SSL_R_LENGTH_TOO_LONG                            404
2530
# define SSL_R_LENGTH_TOO_SHORT                           160
2531 2532 2533 2534 2535 2536 2537
# define SSL_R_LIBRARY_BUG                                274
# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
# define SSL_R_MISSING_DSA_SIGNING_CERT                   165
# define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
# define SSL_R_MISSING_RSA_CERTIFICATE                    168
# define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
# define SSL_R_MISSING_RSA_SIGNING_CERT                   170
2538
# define SSL_R_MISSING_SIGALGS_EXTENSION                  112
2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557
# define SSL_R_MISSING_SRP_PARAM                          358
# define SSL_R_MISSING_TMP_DH_KEY                         171
# define SSL_R_MISSING_TMP_ECDH_KEY                       311
# define SSL_R_NO_CERTIFICATES_RETURNED                   176
# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
# define SSL_R_NO_CERTIFICATE_SET                         179
# define SSL_R_NO_CIPHERS_AVAILABLE                       181
# define SSL_R_NO_CIPHERS_SPECIFIED                       183
# define SSL_R_NO_CIPHER_MATCH                            185
# define SSL_R_NO_CLIENT_CERT_METHOD                      331
# define SSL_R_NO_COMPRESSION_SPECIFIED                   187
# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
# define SSL_R_NO_METHOD_SPECIFIED                        188
# define SSL_R_NO_PEM_EXTENSIONS                          389
# define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
# define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
# define SSL_R_NO_RENEGOTIATION                           339
# define SSL_R_NO_REQUIRED_DIGEST                         324
# define SSL_R_NO_SHARED_CIPHER                           193
2558
# define SSL_R_NO_SHARED_GROUPS                           410
F
FdaSilvaYY 已提交
2559
# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
2560
# define SSL_R_NO_SRTP_PROFILES                           359
2561
# define SSL_R_NO_SUITABLE_KEY_SHARE                      101
D
Dr. Stephen Henson 已提交
2562
# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
V
Viktor Dukhovni 已提交
2563
# define SSL_R_NO_VALID_SCTS                              216
M
Matt Caswell 已提交
2564
# define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
2565 2566 2567 2568 2569 2570 2571 2572 2573 2574
# define SSL_R_NULL_SSL_CTX                               195
# define SSL_R_NULL_SSL_METHOD_PASSED                     196
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
# define SSL_R_PACKET_LENGTH_TOO_LONG                     198
# define SSL_R_PARSE_TLSEXT                               227
# define SSL_R_PATH_TOO_LONG                              270
# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
# define SSL_R_PEM_NAME_BAD_PREFIX                        391
# define SSL_R_PEM_NAME_TOO_SHORT                         392
2575
# define SSL_R_PIPELINE_FAILURE                           406
2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587
# define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
# define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
# define SSL_R_PSK_NO_CLIENT_CB                           224
# define SSL_R_PSK_NO_SERVER_CB                           225
# define SSL_R_READ_BIO_NOT_SET                           211
# define SSL_R_READ_TIMEOUT_EXPIRED                       312
# define SSL_R_RECORD_LENGTH_MISMATCH                     213
# define SSL_R_RECORD_TOO_SMALL                           298
# define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
# define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
# define SSL_R_RENEGOTIATION_MISMATCH                     337
# define SSL_R_REQUIRED_CIPHER_MISSING                    215
F
FdaSilvaYY 已提交
2588
# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
2589
# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
2590
# define SSL_R_SCT_VERIFICATION_FAILED                    208
2591 2592
# define SSL_R_SERVERHELLO_TLSEXT                         275
# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
2593
# define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
2594 2595 2596 2597 2598 2599 2600 2601 2602
# define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
# define SSL_R_SRP_A_CALC                                 361
# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613
# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
D
Dr. Stephen Henson 已提交
2614 2615
# define SSL_R_SSL_COMMAND_SECTION_EMPTY                  117
# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND              125
2616 2617 2618 2619
# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
# define SSL_R_SSL_HANDSHAKE_FAILURE                      229
# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
# define SSL_R_SSL_NEGATIVE_LENGTH                        372
D
Dr. Stephen Henson 已提交
2620 2621
# define SSL_R_SSL_SECTION_EMPTY                          126
# define SSL_R_SSL_SECTION_NOT_FOUND                      136
2622 2623 2624 2625
# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
# define SSL_R_SSL_SESSION_ID_CONFLICT                    302
# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
2626
# define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
2627
# define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
2628
# define SSL_R_STILL_IN_INIT                              121
2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646
# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
2647 2648
# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
# define SSL_R_TLS_HEARTBEAT_PENDING                      366
2649 2650
# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
2651
# define SSL_R_TOO_MANY_KEY_UPDATES                       132
2652
# define SSL_R_TOO_MANY_WARN_ALERTS                       409
2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664
# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
# define SSL_R_UNEXPECTED_MESSAGE                         244
# define SSL_R_UNEXPECTED_RECORD                          245
# define SSL_R_UNINITIALIZED                              276
# define SSL_R_UNKNOWN_ALERT_TYPE                         246
# define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
# define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
# define SSL_R_UNKNOWN_CIPHER_TYPE                        249
# define SSL_R_UNKNOWN_CMD_NAME                           386
D
Dr. Stephen Henson 已提交
2665
# define SSL_R_UNKNOWN_COMMAND                            139
2666 2667 2668 2669 2670 2671 2672 2673 2674 2675 2676 2677 2678
# define SSL_R_UNKNOWN_DIGEST                             368
# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
# define SSL_R_UNKNOWN_PKEY_TYPE                          251
# define SSL_R_UNKNOWN_PROTOCOL                           252
# define SSL_R_UNKNOWN_SSL_VERSION                        254
# define SSL_R_UNKNOWN_STATE                              255
# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
# define SSL_R_UNSUPPORTED_PROTOCOL                       258
# define SSL_R_UNSUPPORTED_SSL_VERSION                    259
# define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
# define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
2679
# define SSL_R_VERSION_TOO_HIGH                           166
2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690
# define SSL_R_VERSION_TOO_LOW                            396
# define SSL_R_WRONG_CERTIFICATE_TYPE                     383
# define SSL_R_WRONG_CIPHER_RETURNED                      261
# define SSL_R_WRONG_CURVE                                378
# define SSL_R_WRONG_SIGNATURE_LENGTH                     264
# define SSL_R_WRONG_SIGNATURE_SIZE                       265
# define SSL_R_WRONG_SIGNATURE_TYPE                       370
# define SSL_R_WRONG_SSL_VERSION                          266
# define SSL_R_WRONG_VERSION_NUMBER                       267
# define SSL_R_X509_LIB                                   268
# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
D
Dr. Stephen Henson 已提交
2691

R
Rich Salz 已提交
2692
# ifdef  __cplusplus
2693
}
R
Rich Salz 已提交
2694
# endif
2695
#endif