ssl.h 120.5 KB
Newer Older
1
/* ssl/ssl.h */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
58
/* ====================================================================
59
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
B
Bodo Möller 已提交
111 112 113 114 115
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * ECC cipher suite support in OpenSSL originally developed by 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */
142 143 144 145

#ifndef HEADER_SSL_H 
#define HEADER_SSL_H 

146
#include <openssl/e_os2.h>
147

148
#ifndef OPENSSL_NO_COMP
149 150
#include <openssl/comp.h>
#endif
151
#ifndef OPENSSL_NO_BIO
152 153
#include <openssl/bio.h>
#endif
154
#ifndef OPENSSL_NO_DEPRECATED
155
#ifndef OPENSSL_NO_X509
156 157
#include <openssl/x509.h>
#endif
158 159 160 161 162
#include <openssl/crypto.h>
#include <openssl/lhash.h>
#include <openssl/buffer.h>
#endif
#include <openssl/pem.h>
D
Dr. Stephen Henson 已提交
163
#include <openssl/hmac.h>
164

165
#include <openssl/kssl.h>
166
#include <openssl/safestack.h>
167
#include <openssl/symhacks.h>
168

169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190
#ifdef  __cplusplus
extern "C" {
#endif

/* SSLeay version number for ASN.1 encoding of the session information */
/* Version 0 - initial version
 * Version 1 - added the optional peer certificate
 */
#define SSL_SESSION_ASN1_VERSION 0x0001

/* text strings for the ciphers */
#define SSL_TXT_NULL_WITH_MD5		SSL2_TXT_NULL_WITH_MD5			
#define SSL_TXT_RC4_128_WITH_MD5	SSL2_TXT_RC4_128_WITH_MD5		
#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	
#define SSL_TXT_RC2_128_CBC_WITH_MD5	SSL2_TXT_RC2_128_CBC_WITH_MD5		
#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	
#define SSL_TXT_IDEA_128_CBC_WITH_MD5	SSL2_TXT_IDEA_128_CBC_WITH_MD5		
#define SSL_TXT_DES_64_CBC_WITH_MD5	SSL2_TXT_DES_64_CBC_WITH_MD5		
#define SSL_TXT_DES_64_CBC_WITH_SHA	SSL2_TXT_DES_64_CBC_WITH_SHA		
#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	
#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	

191 192
/*    VRS Additional Kerberos5 entries
 */
193 194 195 196 197
#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
R
Typo  
Richard Levitte 已提交
198
#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
199
#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
R
Typo  
Richard Levitte 已提交
200
#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
201 202 203 204 205 206 207 208

#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
#define SSL_TXT_KRB5_RC4_40_SHA	      SSL3_TXT_KRB5_RC4_40_SHA
#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
#define SSL_TXT_KRB5_RC4_40_MD5	      SSL3_TXT_KRB5_RC4_40_MD5

209 210 211 212 213 214
#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
215
#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
216

217
#define SSL_MAX_SSL_SESSION_ID_LENGTH		32
B
Ben Laurie 已提交
218
#define SSL_MAX_SID_CTX_LENGTH			32
219 220 221 222 223

#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES	(512/8)
#define SSL_MAX_KEY_ARG_LENGTH			8
#define SSL_MAX_MASTER_KEY_LENGTH		48

224

225
/* These are used to specify which ciphers to use and not to use */
226 227 228

#define SSL_TXT_EXP40		"EXPORT40"
#define SSL_TXT_EXP56		"EXPORT56"
229 230 231
#define SSL_TXT_LOW		"LOW"
#define SSL_TXT_MEDIUM		"MEDIUM"
#define SSL_TXT_HIGH		"HIGH"
232
#define SSL_TXT_FIPS		"FIPS"
233

234 235 236 237
#define SSL_TXT_kFZA		"kFZA" /* unused! */
#define	SSL_TXT_aFZA		"aFZA" /* unused! */
#define SSL_TXT_eFZA		"eFZA" /* unused! */
#define SSL_TXT_FZA		"FZA"  /* unused! */
238 239 240 241 242 243

#define	SSL_TXT_aNULL		"aNULL"
#define	SSL_TXT_eNULL		"eNULL"
#define	SSL_TXT_NULL		"NULL"

#define SSL_TXT_kRSA		"kRSA"
244 245 246
#define SSL_TXT_kDHr		"kDHr" 
#define SSL_TXT_kDHd		"kDHd"
#define SSL_TXT_kDH 		"kDH"
247
#define SSL_TXT_kEDH		"kEDH"
248 249 250 251 252 253
#define SSL_TXT_kKRB5     	"kKRB5"
#define SSL_TXT_kECDHr		"kECDHr"
#define SSL_TXT_kECDHe		"kECDHe"
#define SSL_TXT_kECDH		"kECDH"
#define SSL_TXT_kEECDH		"kEECDH"
#define SSL_TXT_kPSK            "kPSK"
254
#define SSL_TXT_kGOST		"kGOST"
B
Ben Laurie 已提交
255
#define SSL_TXT_kSRP		"kSRP"
256

257 258
#define	SSL_TXT_aRSA		"aRSA"
#define	SSL_TXT_aDSS		"aDSS"
259
#define	SSL_TXT_aDH		"aDH"
260 261 262 263
#define	SSL_TXT_aECDH		"aECDH"
#define SSL_TXT_aKRB5     	"aKRB5"
#define SSL_TXT_aECDSA		"aECDSA"
#define SSL_TXT_aPSK            "aPSK"
264 265 266
#define SSL_TXT_aGOST94	"aGOST94"
#define SSL_TXT_aGOST01 "aGOST01"
#define SSL_TXT_aGOST  "aGOST"
267

268 269
#define	SSL_TXT_DSS		"DSS"
#define SSL_TXT_DH		"DH"
270
#define SSL_TXT_EDH		"EDH" /* same as "kEDH:-ADH" */
271 272
#define SSL_TXT_ADH		"ADH"
#define SSL_TXT_RSA		"RSA"
273 274 275 276
#define SSL_TXT_ECDH		"ECDH"
#define SSL_TXT_EECDH		"EECDH" /* same as "kEECDH:-AECDH" */
#define SSL_TXT_AECDH		"AECDH"
#define SSL_TXT_ECDSA		"ECDSA"
277 278
#define SSL_TXT_KRB5      	"KRB5"
#define SSL_TXT_PSK             "PSK"
B
Ben Laurie 已提交
279
#define SSL_TXT_SRP		"SRP"
280

281 282 283 284 285
#define SSL_TXT_DES		"DES"
#define SSL_TXT_3DES		"3DES"
#define SSL_TXT_RC4		"RC4"
#define SSL_TXT_RC2		"RC2"
#define SSL_TXT_IDEA		"IDEA"
B
Bodo Möller 已提交
286
#define SSL_TXT_SEED		"SEED"
287 288
#define SSL_TXT_AES128		"AES128"
#define SSL_TXT_AES256		"AES256"
289
#define SSL_TXT_AES		"AES"
290
#define SSL_TXT_AES_GCM		"AESGCM"
291 292
#define SSL_TXT_CAMELLIA128	"CAMELLIA128"
#define SSL_TXT_CAMELLIA256	"CAMELLIA256"
293
#define SSL_TXT_CAMELLIA	"CAMELLIA"
294

295 296
#define SSL_TXT_MD5		"MD5"
#define SSL_TXT_SHA1		"SHA1"
297
#define SSL_TXT_SHA		"SHA" /* same as "SHA1" */
298 299
#define SSL_TXT_GOST94		"GOST94" 
#define SSL_TXT_GOST89MAC		"GOST89MAC" 
300
#define SSL_TXT_SHA256		"SHA256"
301
#define SSL_TXT_SHA384		"SHA384"
302

303 304
#define SSL_TXT_SSLV2		"SSLv2"
#define SSL_TXT_SSLV3		"SSLv3"
305
#define SSL_TXT_TLSV1		"TLSv1"
306
#define SSL_TXT_TLSV1_1		"TLSv1.1"
307
#define SSL_TXT_TLSV1_2		"TLSv1.2"
308 309 310

#define SSL_TXT_EXP		"EXP"
#define SSL_TXT_EXPORT		"EXPORT"
311 312

#define SSL_TXT_ALL		"ALL"
313

314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330
/*
 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
 * ciphers normally not being used.
 * Example: "RC4" will activate all ciphers using RC4 including ciphers
 * without authentication, which would normally disabled by DEFAULT (due
 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
 * will make sure that it is also disabled in the specific selection.
 * COMPLEMENTOF* identifiers are portable between version, as adjustments
 * to the default cipher setup will also be included here.
 *
 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
 * DEFAULT gets, as only selection is being done and no sorting as needed
 * for DEFAULT.
 */
#define SSL_TXT_CMPALL		"COMPLEMENTOFALL"
#define SSL_TXT_CMPDEF		"COMPLEMENTOFDEFAULT"

331 332 333
/* The following cipher list is used by default.
 * It also is substituted when an application-defined cipher list string
 * starts with 'DEFAULT'. */
D
Typo.  
Dr. Stephen Henson 已提交
334
#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2"
D
Dr. Stephen Henson 已提交
335
/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
336 337 338 339 340
 * starts with a reasonable order, and all we have to do for DEFAULT is
 * throwing out anonymous and unencrypted ciphersuites!
 * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
 * some of them.)
 */
341

342
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
343 344 345
#define SSL_SENT_SHUTDOWN	1
#define SSL_RECEIVED_SHUTDOWN	2

346 347 348 349 350 351 352 353
#ifdef __cplusplus
}
#endif

#ifdef  __cplusplus
extern "C" {
#endif

354 355
#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
#define OPENSSL_NO_SSL2
356 357
#endif

358 359 360
#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM

361 362 363
/* This is needed to stop compilers complaining about the
 * 'struct ssl_st *' function parameters used to prototype callbacks
 * in SSL_CTX. */
364
typedef struct ssl_st *ssl_crock_st;
D
Dr. Stephen Henson 已提交
365
typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
366 367 368
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;
369
typedef struct tls_sigalgs_st TLS_SIGALGS;
370
typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
371 372 373

DECLARE_STACK_OF(SSL_CIPHER)

B
Ben Laurie 已提交
374 375 376 377 378 379 380 381 382
/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
typedef struct srtp_protection_profile_st
       {
       const char *name;
       unsigned long id;
       } SRTP_PROTECTION_PROFILE;

DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)

383 384 385
typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);

386 387 388 389 390 391 392 393 394
#ifndef OPENSSL_NO_TLSEXT
/* Callbacks and structures for handling custom TLS Extensions: 
 *   cli_ext_first_cb  - sends data for ClientHello TLS Extension
 *   cli_ext_second_cb - receives data from ServerHello TLS Extension
 *   srv_ext_first_cb  - receives data from ClientHello TLS Extension
 *   srv_ext_second_cb - sends data for ServerHello TLS Extension
 *
 *   All these functions return nonzero on success.  Zero will terminate
 *   the handshake (and return a specific TLS Fatal alert, if the function
T
Trevor 已提交
395 396
 *   declaration has an "al" parameter).  -1 for the "sending" functions
 *   will cause the TLS Extension to be omitted.
397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435
 * 
 *   "ext_type" is a TLS "ExtensionType" from 0-65535.
 *   "in" is a pointer to TLS "extension_data" being provided to the cb.
 *   "out" is used by the callback to return a pointer to "extension data"
 *     which OpenSSL will later copy into the TLS handshake.  The contents
 *     of this buffer should not be changed until the handshake is complete.
 *   "inlen" and "outlen" are TLS Extension lengths from 0-65535.
 *   "al" is a TLS "AlertDescription" from 0-255 which WILL be sent as a 
 *     fatal TLS alert, if the callback returns zero.
 */
typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
					  const unsigned char **out,
					  unsigned short *outlen, void *arg);
typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
					   const unsigned char *in,
					   unsigned short inlen, int *al,
					   void *arg); 

typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
					  const unsigned char *in,
					  unsigned short inlen, int *al,
					  void *arg);
typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
					   const unsigned char **out,
					   unsigned short *outlen, void *arg); 

typedef struct {
	unsigned short ext_type;
	custom_cli_ext_first_cb_fn fn1; 
	custom_cli_ext_second_cb_fn fn2; 
	void *arg;
} custom_cli_ext_record;

typedef struct {
	unsigned short ext_type;
	custom_srv_ext_first_cb_fn fn1; 
	custom_srv_ext_second_cb_fn fn2; 
	void *arg;
} custom_srv_ext_record;
436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487

/* Callbacks and structures for handling Supplemental Data:
 *   srv_supp_data_first_cb_fn  - server sends Supplemental Data
 *   srv_supp_data_second_cb_fn - server receives Supplemental Data
 *   cli_supp_data_first_cb_fn  - client receives Supplemental Data
 *   cli_supp_data_second_cb_fn - client sends Supplemental Data
 *
 *   All these functions return nonzero on success.  Zero will terminate
 *   the handshake (and return a specific TLS Fatal alert, if the function
 *   declaration has an "al" parameter).  -1 for the "sending" functions
 *   will result in no supplemental data entry being added to the
 *   supplemental data message for the provided supplemental data type.
 *
 *   "supp_data_type" is a Supplemental Data Type from 0-65535.
 *   "in" is a pointer to TLS "supplemental_data_entry" being provided to the cb.
 *   "out" is used by the callback to return a pointer to "supplemental data"
 *     which OpenSSL will later copy into the TLS handshake.  The contents
 *     of this buffer should not be changed until the handshake is complete.
 *   "inlen" and "outlen" are Supplemental Data lengths from 0-65535.
 *   "al" is a TLS "AlertDescription" from 0-255 which WILL be sent as a
 *     fatal TLS alert, if the callback returns zero.
 */
typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
	     const unsigned char **out,
	     unsigned short *outlen, void *arg);
typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
	     const unsigned char *in,
	     unsigned short inlen, int *al,
	     void *arg);

typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
	     const unsigned char *in,
	     unsigned short inlen, int *al,
	     void *arg);
typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
	     const unsigned char **out,
	     unsigned short *outlen, void *arg);

typedef struct {
	unsigned short supp_data_type;
	srv_supp_data_first_cb_fn fn1;
	srv_supp_data_second_cb_fn fn2;
	void *arg;
} srv_supp_data_record;

typedef struct {
	unsigned short supp_data_type;
	cli_supp_data_first_cb_fn fn1;
	cli_supp_data_second_cb_fn fn2;
	void *arg;
} cli_supp_data_record;

488
#endif
489 490

#ifndef OPENSSL_NO_SSL_INTERN
491 492

/* used to hold info on the particular ciphers used */
493
struct ssl_cipher_st
494 495
	{
	int valid;
B
Ben Laurie 已提交
496
	const char *name;		/* text name */
497
	unsigned long id;		/* id, 4 bytes, first is version */
498 499 500 501 502 503 504 505

	/* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
	unsigned long algorithm_mkey;	/* key exchange algorithm */
	unsigned long algorithm_auth;	/* server authentication */
	unsigned long algorithm_enc;	/* symmetric encryption */
	unsigned long algorithm_mac;	/* symmetric authentication */
	unsigned long algorithm_ssl;	/* (major) protocol version */

506
	unsigned long algo_strength;	/* strength and export flags */
507
	unsigned long algorithm2;	/* Extra flags */
508 509
	int strength_bits;		/* Number of bits really used */
	int alg_bits;			/* Number of bits for algorithm */
510
	};
B
Ben Laurie 已提交
511

D
Dr. Stephen Henson 已提交
512

513
/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
514
struct ssl_method_st
515 516
	{
	int version;
B
Ben Laurie 已提交
517 518 519 520 521
	int (*ssl_new)(SSL *s);
	void (*ssl_clear)(SSL *s);
	void (*ssl_free)(SSL *s);
	int (*ssl_accept)(SSL *s);
	int (*ssl_connect)(SSL *s);
B
Ben Laurie 已提交
522
	int (*ssl_read)(SSL *s,void *buf,int len);
523
	int (*ssl_peek)(SSL *s,void *buf,int len);
B
Ben Laurie 已提交
524
	int (*ssl_write)(SSL *s,const void *buf,int len);
B
Ben Laurie 已提交
525 526 527
	int (*ssl_shutdown)(SSL *s);
	int (*ssl_renegotiate)(SSL *s);
	int (*ssl_renegotiate_check)(SSL *s);
B
Ben Laurie 已提交
528 529 530 531 532 533
	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
		max, int *ok);
	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
		int peek);
	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
	int (*ssl_dispatch_alert)(SSL *s);
534 535
	long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
536
	const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
B
Ben Laurie 已提交
537
	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
B
Ben Laurie 已提交
538
	int (*ssl_pending)(const SSL *s);
B
Ben Laurie 已提交
539
	int (*num_ciphers)(void);
540
	const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
541
	const struct ssl_method_st *(*get_ssl_method)(int version);
B
Ben Laurie 已提交
542
	long (*get_timeout)(void);
543
	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
544 545 546
	int (*ssl_version)(void);
	long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
	long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
547
	};
548 549 550 551 552

/* Lets make this into an ASN.1 type structure as follows
 * SSL_SESSION_ID ::= SEQUENCE {
 *	version 		INTEGER,	-- structure version number
 *	SSLversion 		INTEGER,	-- SSL version number
N
Nils Larsch 已提交
553 554 555 556 557
 *	Cipher 			OCTET STRING,	-- the 3 byte cipher ID
 *	Session_ID 		OCTET STRING,	-- the Session ID
 *	Master_key 		OCTET STRING,	-- the master key
 *	KRB5_principal		OCTET STRING	-- optional Kerberos principal
 *	Key_Arg [ 0 ] IMPLICIT	OCTET STRING,	-- the optional Key argument
558 559 560
 *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time
 *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds
 *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate
N
Nils Larsch 已提交
561
 *	Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
562
 *	Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
N
Nils Larsch 已提交
563
 *	HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension 
B
Bodo Möller 已提交
564 565 566 567 568 569
 *	PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
 *	PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
 *	Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
 *	Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
 *	Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
 *	SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
570 571 572 573
 *	}
 * Look in ssl/ssl_asn1.c for more details
 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
 */
574
struct ssl_session_st
575 576 577 578 579 580 581 582 583 584 585 586
	{
	int ssl_version;	/* what ssl version session info is
				 * being kept in here? */

	/* only really used in SSLv2 */
	unsigned int key_arg_length;
	unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
	int master_key_length;
	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
	/* session_id - valid? */
	unsigned int session_id_length;
	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
B
Ben Laurie 已提交
587 588 589 590 591
	/* this is used to determine whether the session is being reused in
	 * the appropriate context. It is up to the application to set this,
	 * via SSL_new */
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
592

593 594 595 596
#ifndef OPENSSL_NO_KRB5
        unsigned int krb5_client_princ_len;
        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
#endif /* OPENSSL_NO_KRB5 */
597 598 599 600
#ifndef OPENSSL_NO_PSK
	char *psk_identity_hint;
	char *psk_identity;
#endif
601 602 603
	/* Used to indicate that session resumption is not allowed.
	 * Applications can also set this bit for a new session via
	 * not_resumable_session_cb to disable session caching and tickets. */
604 605 606
	int not_resumable;

	/* The cert is the certificate used to establish this connection */
607
	struct sess_cert_st /* SESS_CERT */ *sess_cert;
608

609
	/* This is the cert for the other end.
610
	 * On clients, it will be the same as sess_cert->peer_key->x509
611 612
	 * (the latter is not enough as sess_cert is not retained
	 * in the external representation of sessions, see ssl_asn1.c). */
613
	X509 *peer;
614 615 616
	/* when app_verify_callback accepts a session where the peer's certificate
	 * is not ok, we must remember the error for session reuse: */
	long verify_result; /* only for servers */
617 618 619 620 621

	int references;
	long timeout;
	long time;

622
	unsigned int compress_meth;	/* Need to lookup the method */
623

624
	const SSL_CIPHER *cipher;
625 626 627 628
	unsigned long cipher_id;	/* when ASN.1 loaded, this
					 * needs to be used to load
					 * the 'cipher' structure */

B
Ben Laurie 已提交
629
	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
630

631 632 633 634 635
	CRYPTO_EX_DATA ex_data; /* application specific data */

	/* These are used to make removal of session-ids more
	 * efficient and to implement a maximum cache size. */
	struct ssl_session_st *prev,*next;
636 637
#ifndef OPENSSL_NO_TLSEXT
	char *tlsext_hostname;
638
#ifndef OPENSSL_NO_EC
B
Bodo Möller 已提交
639 640
	size_t tlsext_ecpointformatlist_length;
	unsigned char *tlsext_ecpointformatlist; /* peer's list */
641 642
	size_t tlsext_ellipticcurvelist_length;
	unsigned char *tlsext_ellipticcurvelist; /* peer's list */
643
#endif /* OPENSSL_NO_EC */
644 645
	/* RFC4507 info */
	unsigned char *tlsext_tick;	/* Session ticket */
B
Ben Laurie 已提交
646
	size_t tlsext_ticklen;		/* Session ticket length */
647
	long tlsext_tick_lifetime_hint;	/* Session lifetime hint in seconds */
B
Ben Laurie 已提交
648 649 650
#endif
#ifndef OPENSSL_NO_SRP
	char *srp_username;
651
#endif
652
	};
653

654
#endif
655

656 657
#define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
658 659
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
660 661 662
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
663
#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x00000040L
664
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
665
#define SSL_OP_TLS_D5_BUG				0x00000100L
666
#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
667

668 669 670 671 672 673 674 675 676
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
 * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
 * the workaround is not needed.  Unfortunately some broken SSL/TLS
 * implementations cannot handle it at all, which is why we include
 * it in SSL_OP_ALL. */
#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */

/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
 *             This used to be 0x000FFFFFL before 0.9.7. */
677
#define SSL_OP_ALL					0x80000BFFL
678

B
Ben Laurie 已提交
679 680 681 682
/* DTLS options */
#define SSL_OP_NO_QUERY_MTU                 0x00001000L
/* Turn on Cookie Exchange (on relevant for servers) */
#define SSL_OP_COOKIE_EXCHANGE              0x00002000L
683 684
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET	            0x00004000L
685 686
/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
#define SSL_OP_CISCO_ANYCONNECT		    0x00008000L
B
Ben Laurie 已提交
687

688 689
/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
690 691
/* Don't use compression even if supported */
#define SSL_OP_NO_COMPRESSION				0x00020000L
692 693
/* Permit unsafe legacy renegotiation */
#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00040000L
B
Bodo Möller 已提交
694 695
/* If set, always create a new key when using tmp_ecdh parameters */
#define SSL_OP_SINGLE_ECDH_USE				0x00080000L
B
Bodo Möller 已提交
696
/* If set, always create a new key when using tmp_dh parameters */
697
#define SSL_OP_SINGLE_DH_USE				0x00100000L
698 699
/* Set to always use the tmp_rsa key when doing RSA operations,
 * even when this violates protocol specs */
700
#define SSL_OP_EPHEMERAL_RSA				0x00200000L
701 702 703
/* Set on servers to choose the cipher according to the server's
 * preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L
704 705 706 707 708
/* If set, a server will allow a client to issue a SSLv3.0 version number
 * as latest version supported in the premaster secret, even when TLSv1.0
 * (version 3.1) was announced in the client hello. Normally this is
 * forbidden to prevent version rollback attacks. */
#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L
709 710 711 712

#define SSL_OP_NO_SSLv2					0x01000000L
#define SSL_OP_NO_SSLv3					0x02000000L
#define SSL_OP_NO_TLSv1					0x04000000L
713
#define SSL_OP_NO_TLSv1_2				0x08000000L
714
#define SSL_OP_NO_TLSv1_1				0x10000000L
715

D
Dr. Stephen Henson 已提交
716 717 718
#define SSL_OP_NO_DTLSv1				0x04000000L
#define SSL_OP_NO_DTLSv1_2				0x08000000L

719 720 721
#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\
	SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)

722 723 724
/* These next two were never actually used for anything since SSLeay
 * zap so we have some more flags.
 */
B
Bodo Möller 已提交
725
/* The next flag deliberately changes the ciphertest, this is a check
726
 * for the PKCS#1 attack */
727 728 729
#define SSL_OP_PKCS1_CHECK_1				0x0
#define SSL_OP_PKCS1_CHECK_2				0x0

730
#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
L
Lutz Jänicke 已提交
731
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
732 733 734 735 736
/* Make server add server-hello extension from early version of
 * cryptopro draft, when GOST ciphersuite is negotiated. 
 * Required for interoperability with CryptoPro CSP 3.x 
 */
#define SSL_OP_CRYPTOPRO_TLSEXT_BUG			0x80000000L
737 738 739 740 741 742 743 744 745

/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
 * when just a single record has been written): */
#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
/* Make it possible to retry SSL_write() with changed buffer location
 * (buffer contents must stay the same!); this is not the default to avoid
 * the misconception that non-blocking SSL_write() behaves like
 * non-blocking write(): */
#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
746 747 748
/* Never bother the application with retries if the transport
 * is blocking: */
#define SSL_MODE_AUTO_RETRY 0x00000004L
749 750
/* Don't attempt to automatically build certificate chain */
#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
B
Ben Laurie 已提交
751 752 753 754
/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
 * TLS only.)  "Released" buffers are put onto a free-list in the context
 * or just freed (depending on the context's setting for freelist_max_len). */
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
755

756 757 758 759
/* Cert related flags */
/* Many implementations ignore some aspects of the TLS standards such as
 * enforcing certifcate chain algorithms. When this is set we enforce them.
 */
760 761 762 763 764 765 766 767 768
#define SSL_CERT_FLAG_TLS_STRICT		0x00000001L

/* Suite B modes, takes same values as certificate verify flags */
#define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY	0x10000
/* Suite B 192 bit only mode */
#define SSL_CERT_FLAG_SUITEB_192_LOS		0x20000
/* Suite B 128 bit mode allowing 192 bit algorithms */
#define SSL_CERT_FLAG_SUITEB_128_LOS		0x30000

769
/* Perform all sorts of protocol violations for testing purposes */
D
Dr. Stephen Henson 已提交
770
#define SSL_CERT_FLAG_BROKEN_PROTOCOL		0x10000000
771

772 773 774
/* Flags for building certificate chains */
/* Treat any existing certificates as untrusted CAs */
#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED	0x1
D
typo  
Dr. Stephen Henson 已提交
775
/* Don't include root CA in chain */
776 777
#define SSL_BUILD_CHAIN_FLAG_NO_ROOT	0x2

778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796
/* Flags returned by SSL_check_chain */
/* Certificate can be used with this session */
#define CERT_PKEY_VALID		0x1
/* Certificate can also be used for signing */
#define CERT_PKEY_SIGN		0x2
/* EE certificate signing algorithm OK */
#define CERT_PKEY_EE_SIGNATURE	0x10
/* CA signature algorithms OK */
#define CERT_PKEY_CA_SIGNATURE	0x20
/* EE certificate parameters OK */
#define CERT_PKEY_EE_PARAM	0x40
/* CA certificate parameters OK */
#define CERT_PKEY_CA_PARAM	0x80
/* Signing explicitly allowed as opposed to SHA1 fallback */
#define CERT_PKEY_EXPLICIT_SIGN	0x100
/* Client CA issuer names match (always set for server cert) */
#define CERT_PKEY_ISSUER_NAME	0x200
/* Cert type matches client types (always set for server cert) */
#define CERT_PKEY_CERT_TYPE	0x400
797 798
/* Cert chain suitable to Suite B */
#define CERT_PKEY_SUITEB	0x800
799

800 801 802 803 804 805
#define SSL_CONF_FLAG_CMDLINE		0x1
#define SSL_CONF_FLAG_FILE		0x2
#define SSL_CONF_FLAG_CLIENT		0x4
#define SSL_CONF_FLAG_SERVER		0x8
#define SSL_CONF_FLAG_SHOW_ERRORS	0x10

806 807 808
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
 * they cannot be used to clear bits. */

809
#define SSL_CTX_set_options(ctx,op) \
810
	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
811 812
#define SSL_CTX_clear_options(ctx,op) \
	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
813
#define SSL_CTX_get_options(ctx) \
814
	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
815
#define SSL_set_options(ssl,op) \
816
	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
817 818
#define SSL_clear_options(ssl,op) \
	SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
819
#define SSL_get_options(ssl) \
820
        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
821

822
#define SSL_CTX_set_mode(ctx,op) \
823
	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
824 825
#define SSL_CTX_clear_mode(ctx,op) \
	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
826
#define SSL_CTX_get_mode(ctx) \
827
	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
828 829
#define SSL_clear_mode(ssl,op) \
	SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
830
#define SSL_set_mode(ssl,op) \
831
	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
832
#define SSL_get_mode(ssl) \
833
        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
B
Ben Laurie 已提交
834 835
#define SSL_set_mtu(ssl, mtu) \
        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
836

837 838
#define SSL_get_secure_renegotiation_support(ssl) \
	SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
839

D
Dr. Stephen Henson 已提交
840 841 842 843 844
#ifndef OPENSSL_NO_HEARTBEATS
#define SSL_heartbeat(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
#endif

845 846 847 848 849 850 851 852 853
#define SSL_CTX_set_cert_flags(ctx,op) \
	SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
#define SSL_set_cert_flags(s,op) \
	SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL)
#define SSL_CTX_clear_cert_flags(ctx,op) \
	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
#define SSL_clear_cert_flags(s,op) \
	SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)

854 855 856 857 858
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

B
Ben Laurie 已提交
859
#ifndef OPENSSL_NO_SRP
860

861 862
#ifndef OPENSSL_NO_SSL_INTERN

B
Ben Laurie 已提交
863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882
typedef struct srp_ctx_st
	{
	/* param for all the callbacks */
	void *SRP_cb_arg;
	/* set client Hello login callback */
	int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
	/* set SRP N/g param callback for verification */
	int (*SRP_verify_param_callback)(SSL *, void *);
	/* set SRP client passwd callback */
	char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);

	char *login;
	BIGNUM *N,*g,*s,*B,*A;
	BIGNUM *a,*b,*v;
	char *info;
	int strength;

	unsigned long srp_Mask;
	} SRP_CTX;

883 884
#endif

B
Ben Laurie 已提交
885 886 887 888 889 890 891 892 893 894 895
/* see tls_srp.c */
int SSL_SRP_CTX_init(SSL *s);
int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
int SSL_SRP_CTX_free(SSL *ctx);
int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
int SSL_srp_server_param_with_username(SSL *s, int *ad);
int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
int SRP_Calc_A_param(SSL *s);
int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);

#endif
896

897 898 899 900 901 902
#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
#else
#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
#endif

903 904
#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)

905 906 907 908 909 910
/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
 * them. It is used to override the generation of SSL/TLS session IDs in a
 * server. Return value should be zero on an error, non-zero to proceed. Also,
 * callbacks should themselves check if the id they generate is unique otherwise
 * the SSL handshake will fail with an error - callbacks can do this using the
 * 'ssl' value they're passed by;
911
 *      SSL_has_matching_session_id(ssl, id, *id_len)
912 913 914 915 916 917 918 919 920
 * The length value passed in is set at the maximum size the session ID can be.
 * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
 * can alter this length to be less if desired, but under SSLv2 session IDs are
 * supposed to be fixed at 16 bytes so the id will be padded after the callback
 * returns in this case. It is also an error for the callback to set the size to
 * zero. */
typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
				unsigned int *id_len);

921 922 923 924 925
typedef struct ssl_comp_st SSL_COMP;

#ifndef OPENSSL_NO_SSL_INTERN

struct ssl_comp_st
R
Richard Levitte 已提交
926 927
	{
	int id;
928
	const char *name;
929
#ifndef OPENSSL_NO_COMP
R
Richard Levitte 已提交
930
	COMP_METHOD *method;
931
#else
R
Richard Levitte 已提交
932
	char *method;
933
#endif
934
	};
935

B
Ben Laurie 已提交
936
DECLARE_STACK_OF(SSL_COMP)
B
Ben Laurie 已提交
937
DECLARE_LHASH_OF(SSL_SESSION);
B
Ben Laurie 已提交
938

B
Ben Laurie 已提交
939
struct ssl_ctx_st
940
	{
941
	const SSL_METHOD *method;
942

B
Ben Laurie 已提交
943
	STACK_OF(SSL_CIPHER) *cipher_list;
944
	/* same as above but sorted for lookup */
B
Ben Laurie 已提交
945
	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
946 947

	struct x509_store_st /* X509_STORE */ *cert_store;
B
Ben Laurie 已提交
948
	LHASH_OF(SSL_SESSION) *sessions;
949
	/* Most session-ids that will be cached, default is
B
Bodo Möller 已提交
950
	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
951 952 953
	unsigned long session_cache_size;
	struct ssl_session_st *session_cache_head;
	struct ssl_session_st *session_cache_tail;
954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972

	/* This can have one of 2 values, ored together,
	 * SSL_SESS_CACHE_CLIENT,
	 * SSL_SESS_CACHE_SERVER,
	 * Default is SSL_SESSION_CACHE_SERVER, which means only
	 * SSL_accept which cache SSL_SESSIONS. */
	int session_cache_mode;

	/* If timeout is not 0, it is the default timeout value set
	 * when SSL_new() is called.  This has been put in to make
	 * life easier to set things up */
	long session_timeout;

	/* If this callback is not null, it will be called each
	 * time a session id is added to the cache.  If this function
	 * returns 1, it means that the callback will do a
	 * SSL_SESSION_free() when it has finished using it.  Otherwise,
	 * on 0, it means the callback has finished with it.
	 * If remove_session_cb is not null, it will be called when
R
Richard Levitte 已提交
973 974
	 * a session-id is removed from the cache.  After the call,
	 * OpenSSL will SSL_SESSION_free() it. */
975 976 977 978
	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
		unsigned char *data,int len,int *copy);
979

980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998
	struct
		{
		int sess_connect;	/* SSL new conn - started */
		int sess_connect_renegotiate;/* SSL reneg - requested */
		int sess_connect_good;	/* SSL new conne/reneg - finished */
		int sess_accept;	/* SSL new accept - started */
		int sess_accept_renegotiate;/* SSL reneg - requested */
		int sess_accept_good;	/* SSL accept/reneg - finished */
		int sess_miss;		/* session lookup misses  */
		int sess_timeout;	/* reuse attempt on timeouted session */
		int sess_cache_full;	/* session removed due to full cache */
		int sess_hit;		/* session reuse actually done */
		int sess_cb_hit;	/* session-id that was not
					 * in the cache was
					 * passed back via the callback.  This
					 * indicates that the application is
					 * supplying session-id's from other
					 * processes - spooky :-) */
		} stats;
999 1000 1001 1002

	int references;

	/* if defined, these override the X509_verify_cert() calls */
1003 1004 1005 1006
	int (*app_verify_callback)(X509_STORE_CTX *, void *);
	void *app_verify_arg;
	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
	 * ('app_verify_callback' was called with just one argument) */
1007

1008
	/* Default password callback. */
1009
	pem_password_cb *default_passwd_callback;
1010

1011
	/* Default password callback user data. */
1012
	void *default_passwd_callback_userdata;
1013

1014
	/* get client cert callback */
B
Ben Laurie 已提交
1015
	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
1016

B
Ben Laurie 已提交
1017 1018 1019 1020 1021 1022 1023 1024
    /* cookie generate callback */
    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
        unsigned int *cookie_len);

    /* verify cookie callback */
    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
        unsigned int cookie_len);

1025 1026
	CRYPTO_EX_DATA ex_data;

B
Ben Laurie 已提交
1027 1028 1029
	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
1030

B
Ben Laurie 已提交
1031
	STACK_OF(X509) *extra_certs;
1032 1033 1034 1035 1036
	STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */


	/* Default values used when no per-SSL value is defined follow */

B
Ben Laurie 已提交
1037
	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052

	/* what we put in client cert requests */
	STACK_OF(X509_NAME) *client_CA;


	/* Default values to use in SSL structures follow (these are copied by SSL_new) */

	unsigned long options;
	unsigned long mode;
	long max_cert_list;

	struct cert_st /* CERT */ *cert;
	int read_ahead;

	/* callback that allows applications to peek at protocol messages */
1053
	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
1054 1055 1056 1057 1058 1059 1060 1061 1062 1063
	void *msg_callback_arg;

	int verify_mode;
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */

	/* Default generate session ID callback. */
	GEN_SESSION_CB generate_session_id;

1064 1065 1066
	X509_VERIFY_PARAM *param;

#if 0
1067 1068
	int purpose;		/* Purpose setting */
	int trust;		/* Trust setting */
1069
#endif
1070 1071

	int quiet_shutdown;
1072 1073 1074 1075 1076

	/* Maximum amount of data to send in one fragment.
	 * actual record size can be more than this due to
	 * padding and MAC overheads.
	 */
D
Dr. Stephen Henson 已提交
1077
	unsigned int max_send_fragment;
1078

1079 1080 1081 1082 1083 1084
#ifndef OPENSSL_ENGINE
	/* Engine to pass requests for client certs to
	 */
	ENGINE *client_cert_engine;
#endif

1085
#ifndef OPENSSL_NO_TLSEXT
1086
	/* TLS extensions servername callback */
1087 1088
	int (*tlsext_servername_callback)(SSL*, int *, void *);
	void *tlsext_servername_arg;
1089 1090 1091 1092
	/* RFC 4507 session ticket keys */
	unsigned char tlsext_tick_key_name[16];
	unsigned char tlsext_tick_hmac_key[16];
	unsigned char tlsext_tick_aes_key[16];
D
Dr. Stephen Henson 已提交
1093 1094 1095 1096 1097
	/* Callback to support customisation of ticket key setting */
	int (*tlsext_ticket_key_cb)(SSL *ssl,
					unsigned char *name, unsigned char *iv,
					EVP_CIPHER_CTX *ectx,
 					HMAC_CTX *hctx, int enc);
1098

1099 1100 1101 1102 1103
	/* certificate status request info */
	/* Callback for status request */
	int (*tlsext_status_cb)(SSL *ssl, void *arg);
	void *tlsext_status_arg;

1104 1105 1106
	/* draft-rescorla-tls-opaque-prf-input-00.txt information */
	int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
	void *tlsext_opaque_prf_input_callback_arg;
1107
#endif
1108

1109 1110 1111 1112 1113 1114 1115
#ifndef OPENSSL_NO_PSK
	char *psk_identity_hint;
	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
		unsigned int max_identity_len, unsigned char *psk,
		unsigned int max_psk_len);
	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
		unsigned char *psk, unsigned int max_psk_len);
1116
#endif
B
Ben Laurie 已提交
1117

1118
#ifndef OPENSSL_NO_BUF_FREELISTS
B
Ben Laurie 已提交
1119 1120 1121 1122
#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
	unsigned int freelist_max_len;
	struct ssl3_buf_freelist_st *wbuf_freelist;
	struct ssl3_buf_freelist_st *rbuf_freelist;
B
Ben Laurie 已提交
1123 1124 1125
#endif
#ifndef OPENSSL_NO_SRP
	SRP_CTX srp_ctx; /* ctx for SRP authentication */
B
Ben Laurie 已提交
1126
#endif
B
Ben Laurie 已提交
1127 1128

#ifndef OPENSSL_NO_TLSEXT
D
Dr. Stephen Henson 已提交
1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147

# ifndef OPENSSL_NO_NEXTPROTONEG
	/* Next protocol negotiation information */
	/* (for experimental NPN extension). */

	/* For a server, this contains a callback function by which the set of
	 * advertised protocols can be provided. */
	int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
			                 unsigned int *len, void *arg);
	void *next_protos_advertised_cb_arg;
	/* For a client, this contains a callback function that selects the
	 * next protocol from the list provided by the server. */
	int (*next_proto_select_cb)(SSL *s, unsigned char **out,
				    unsigned char *outlen,
				    const unsigned char *in,
				    unsigned int inlen,
				    void *arg);
	void *next_proto_select_cb_arg;
# endif
A
Adam Langley 已提交
1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172

	/* ALPN information
	 * (we are in the process of transitioning from NPN to ALPN.) */

	/* For a server, this contains a callback function that allows the
	 * server to select the protocol for the connection.
	 *   out: on successful return, this must point to the raw protocol
	 *        name (without the length prefix).
	 *   outlen: on successful return, this contains the length of |*out|.
	 *   in: points to the client's list of supported protocols in
	 *       wire-format.
	 *   inlen: the length of |in|. */
	int (*alpn_select_cb)(SSL *s,
			      const unsigned char **out,
			      unsigned char *outlen,
			      const unsigned char* in,
			      unsigned int inlen,
			      void *arg);
	void *alpn_select_cb_arg;

	/* For a client, this contains the list of supported protocols in wire
	 * format. */
	unsigned char* alpn_client_proto_list;
	unsigned alpn_client_proto_list_len;

B
Ben Laurie 已提交
1173
        /* SRTP profiles we are willing to do from RFC 5764 */
B
Ben Laurie 已提交
1174
	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
B
Ben Laurie 已提交
1175
#endif
D
Dr. Stephen Henson 已提交
1176 1177 1178
	/* Callback for disabling session caching and ticket support
	 * on a session basis, depending on the chosen cipher. */
	int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure);
1179
# ifndef OPENSSL_NO_EC
1180 1181 1182 1183 1184
	/* EC extension values inherited by SSL structure */
	size_t tlsext_ecpointformatlist_length;
	unsigned char *tlsext_ecpointformatlist;
	size_t tlsext_ellipticcurvelist_length;
	unsigned char *tlsext_ellipticcurvelist;
1185
# endif /* OPENSSL_NO_EC */
1186 1187 1188 1189 1190
	/* Arrays containing the callbacks for custom TLS Extensions. */
	custom_cli_ext_record *custom_cli_ext_records;
	size_t custom_cli_ext_records_count;
	custom_srv_ext_record *custom_srv_ext_records;
	size_t custom_srv_ext_records_count;
1191

B
Ben Laurie 已提交
1192 1193 1194 1195 1196
 	/* Arrays containing the callbacks for Supplemental Data. */
 	cli_supp_data_record *cli_supp_data_records;
	size_t cli_supp_data_records_count;
	srv_supp_data_record *srv_supp_data_records;
	size_t srv_supp_data_records_count;
B
Ben Laurie 已提交
1197
	};
1198

1199 1200
#endif

1201 1202 1203
#define SSL_SESS_CACHE_OFF			0x0000
#define SSL_SESS_CACHE_CLIENT			0x0001
#define SSL_SESS_CACHE_SERVER			0x0002
1204
#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
1205
#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
1206
/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
1207
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
1208 1209 1210
#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
#define SSL_SESS_CACHE_NO_INTERNAL \
	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
1211

B
Ben Laurie 已提交
1212
LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236
#define SSL_CTX_sess_number(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
#define SSL_CTX_sess_connect(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
#define SSL_CTX_sess_connect_good(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
#define SSL_CTX_sess_connect_renegotiate(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
#define SSL_CTX_sess_accept(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
#define SSL_CTX_sess_accept_renegotiate(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
#define SSL_CTX_sess_accept_good(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
#define SSL_CTX_sess_hits(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
#define SSL_CTX_sess_cb_hits(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
#define SSL_CTX_sess_misses(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
#define SSL_CTX_sess_timeouts(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
#define SSL_CTX_sess_cache_full(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
1237

N
Nils Larsch 已提交
1238 1239 1240 1241 1242 1243 1244 1245 1246 1247
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
1248
#ifndef OPENSSL_NO_ENGINE
1249
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
1250
#endif
N
Nils Larsch 已提交
1251 1252
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
B
Ben Laurie 已提交
1253
#ifndef OPENSSL_NO_NEXTPROTONEG
B
Ben Laurie 已提交
1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
					   int (*cb) (SSL *ssl,
						      const unsigned char **out,
						      unsigned int *outlen,
						      void *arg), void *arg);
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
				      int (*cb) (SSL *ssl, unsigned char **out,
						 unsigned char *outlen,
						 const unsigned char *in,
						 unsigned int inlen, void *arg),
				      void *arg);

int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
			  const unsigned char *in, unsigned int inlen,
			  const unsigned char *client, unsigned int client_len);
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
				    unsigned *len);

#define OPENSSL_NPN_UNSUPPORTED	0
#define OPENSSL_NPN_NEGOTIATED	1
#define OPENSSL_NPN_NO_OVERLAP	2

#endif
1277

A
Adam Langley 已提交
1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
			    unsigned protos_len);
int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
			unsigned protos_len);
void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
				int (*cb) (SSL *ssl,
					   const unsigned char **out,
					   unsigned char *outlen,
					   const unsigned char *in,
					   unsigned int inlen,
					   void *arg),
				void *arg);
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
			    unsigned *len);

1293 1294 1295 1296
#ifndef OPENSSL_NO_PSK
/* the maximum length of the buffer given to callbacks containing the
 * resulting identity/psk */
#define PSK_MAX_IDENTITY_LEN 128
1297
#define PSK_MAX_PSK_LEN 256
N
Nils Larsch 已提交
1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 
	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
		char *identity, unsigned int max_identity_len, unsigned char *psk,
		unsigned int max_psk_len));
void SSL_set_psk_client_callback(SSL *ssl, 
	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
		char *identity, unsigned int max_identity_len, unsigned char *psk,
		unsigned int max_psk_len));
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 
	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
		unsigned char *psk, unsigned int max_psk_len));
void SSL_set_psk_server_callback(SSL *ssl,
	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
		unsigned char *psk, unsigned int max_psk_len));
1312 1313 1314 1315 1316 1317
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
const char *SSL_get_psk_identity_hint(const SSL *s);
const char *SSL_get_psk_identity(const SSL *s);
#endif

1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331
#ifndef OPENSSL_NO_TLSEXT
/* Register callbacks to handle custom TLS Extensions as client or server.
 * 
 * Returns nonzero on success.  You cannot register twice for the same 
 * extension number, and registering for an extension number already 
 * handled by OpenSSL will succeed, but the callbacks will not be invoked.
 *
 * NULL can be registered for any callback function.  For the client
 * functions, a NULL custom_cli_ext_first_cb_fn sends an empty ClientHello
 * Extension, and a NULL custom_cli_ext_second_cb_fn ignores the ServerHello
 * response (if any).
 *
 * For the server functions, a NULL custom_srv_ext_first_cb_fn means the
 * ClientHello extension's data will be ignored, but the extension will still
T
Trevor 已提交
1332 1333
 * be noted and custom_srv_ext_second_cb_fn will still be invoked.  A NULL
 * custom_srv_ext_second_cb doesn't send a ServerHello extension.
1334 1335 1336 1337 1338 1339 1340 1341
 */
int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned short ext_type,
			       custom_cli_ext_first_cb_fn fn1, 
			       custom_cli_ext_second_cb_fn fn2, void *arg);

int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type,
			       custom_srv_ext_first_cb_fn fn1, 
			       custom_srv_ext_second_cb_fn fn2, void *arg);
1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366

/* Register callbacks to handle Supplemental Data as client or server.
 *
 * For SSL_CTX_set_srv_supp_data, a NULL srv_supp_data_first_cb_fn results in no supplemental data
 * being sent by the server for that TLS extension.
 * A NULL srv_supp_data_second_cb_fn results in no supplemental data
 * being received by the server for that TLS extension.
 *
 * For SSL_CTX_set_cli_supp_data, a NULL cli_supp_data_first_cb_fn results in no supplemental data
 * being received by the client for that TLS extension.
 * A NULL cli_supp_data_second_cb_fn results in no supplemental data
 * being sent by the client for that TLS extension.
 *
 * Returns nonzero on success.  You cannot register twice for the same supp_data_type.
 */
int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx,
			      unsigned short supp_data_type,
			      srv_supp_data_first_cb_fn fn1,
			      srv_supp_data_second_cb_fn fn2, void *arg);

int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx,
			      unsigned short supp_data_type,
			      cli_supp_data_first_cb_fn fn1,
			      cli_supp_data_second_cb_fn fn2, void *arg);

1367 1368
#endif

1369 1370 1371 1372 1373 1374
#define SSL_NOTHING	1
#define SSL_WRITING	2
#define SSL_READING	3
#define SSL_X509_LOOKUP	4

/* These will only be used when doing non-blocking IO */
1375 1376 1377 1378
#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)
#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)
#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)
1379

1380 1381 1382
#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2

1383 1384
#ifndef OPENSSL_NO_SSL_INTERN

B
Ben Laurie 已提交
1385
struct ssl_st
1386
	{
1387
	/* protocol version
B
Ben Laurie 已提交
1388
	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
1389
	 */
1390 1391 1392
	int version;
	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */

1393
	const SSL_METHOD *method; /* SSLv3 */
1394 1395 1396 1397 1398

	/* There are 2 BIO's even though they are normally both the
	 * same.  This is so data can be read and written to different
	 * handlers */

1399
#ifndef OPENSSL_NO_BIO
1400 1401
	BIO *rbio; /* used by SSL_read */
	BIO *wbio; /* used by SSL_write */
1402
	BIO *bbio; /* used during session-id reuse to concatenate
1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416
		    * messages */
#else
	char *rbio; /* used by SSL_read */
	char *wbio; /* used by SSL_write */
	char *bbio;
#endif
	/* This holds a variable that indicates what we were doing
	 * when a 0 or -1 is returned.  This is needed for
	 * non-blocking IO so we know what request needs re-doing when
	 * in SSL_accept or SSL_connect */
	int rwstate;

	/* true when we are actually in SSL_accept() or SSL_connect() */
	int in_handshake;
1417
	int (*handshake_func)(SSL *);
1418

B
Bodo Möller 已提交
1419 1420 1421 1422 1423 1424
	/* Imagine that here's a boolean member "init" that is
	 * switched as soon as SSL_set_{accept/connect}_state
	 * is called for the first time, so that "state" and
	 * "handshake_func" are properly initialized.  But as
	 * handshake_func is == 0 until then, we use this
	 * test instead of an "init" member.
1425 1426
	 */

1427
	int server;	/* are we the server side? - mostly used by SSL_clear*/
1428

D
Dr. Stephen Henson 已提交
1429
	int new_session;/* Generate a new session or reuse an old one.
B
Bodo Möller 已提交
1430 1431 1432
	                 * NB: For servers, the 'new' session may actually be a previously
	                 * cached session or even the previous session unless
	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
1433 1434 1435 1436 1437 1438 1439
	int quiet_shutdown;/* don't send shutdown packets */
	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
			 * for received */
	int state;	/* where we are */
	int rstate;	/* where we are when reading */

	BUF_MEM *init_buf;	/* buffer used during init */
1440
	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */
1441 1442 1443 1444 1445 1446 1447
	int init_num;		/* amount read/written */
	int init_off;		/* amount read/written */

	/* used internally to point at a raw packet */
	unsigned char *packet;
	unsigned int packet_length;

1448 1449
	struct ssl2_state_st *s2; /* SSLv2 variables */
	struct ssl3_state_st *s3; /* SSLv3 variables */
B
Ben Laurie 已提交
1450
	struct dtls1_state_st *d1; /* DTLSv1 variables */
1451

1452 1453
	int read_ahead;		/* Read as many input bytes as possible
	               	 	 * (for non-blocking reads) */
1454 1455

	/* callback that allows applications to peek at protocol messages */
1456
	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
1457 1458
	void *msg_callback_arg;

1459 1460
	int hit;		/* reusing a previous session */

1461 1462 1463
	X509_VERIFY_PARAM *param;

#if 0
1464 1465
	int purpose;		/* Purpose setting */
	int trust;		/* Trust setting */
1466
#endif
1467

1468
	/* crypto */
B
Ben Laurie 已提交
1469 1470
	STACK_OF(SSL_CIPHER) *cipher_list;
	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1471

1472
	/* These are the ones being used, the ones in SSL_SESSION are
1473
	 * the ones to be 'copied' into these ones */
1474
	int mac_flags; 
1475
	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
1476
	EVP_MD_CTX *read_hash;		/* used for mac generation */
1477
#ifndef OPENSSL_NO_COMP
1478 1479 1480 1481
	COMP_CTX *expand;			/* uncompress */
#else
	char *expand;
#endif
1482 1483

	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
1484
	EVP_MD_CTX *write_hash;		/* used for mac generation */
1485
#ifndef OPENSSL_NO_COMP
1486 1487 1488 1489
	COMP_CTX *compress;			/* compression */
#else
	char *compress;	
#endif
1490 1491 1492 1493 1494 1495 1496

	/* session info */

	/* client cert? */
	/* This is used to hold the server certificate used */
	struct cert_st /* CERT */ *cert;

B
Ben Laurie 已提交
1497 1498 1499 1500 1501
	/* the session_id_context is used to ensure sessions are only reused
	 * in the appropriate context */
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

1502 1503 1504
	/* This can also be in the session once a session is established */
	SSL_SESSION *session;

1505 1506 1507
	/* Default generate session ID callback. */
	GEN_SESSION_CB generate_session_id;

1508 1509 1510
	/* Used in SSL2 and SSL3 */
	int verify_mode;	/* 0 don't care about verify failure.
				 * 1 fail if verify fails */
B
Ben Laurie 已提交
1511
	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
1512

B
Ben Laurie 已提交
1513
	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
1514 1515 1516 1517

	int error;		/* error bytes to be written */
	int error_code;		/* actual code */

1518
#ifndef OPENSSL_NO_KRB5
1519
	KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
1520
#endif	/* OPENSSL_NO_KRB5 */
1521

1522 1523 1524 1525 1526 1527 1528 1529
#ifndef OPENSSL_NO_PSK
	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
		unsigned int max_identity_len, unsigned char *psk,
		unsigned int max_psk_len);
	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
		unsigned char *psk, unsigned int max_psk_len);
#endif

1530 1531 1532 1533 1534 1535
	SSL_CTX *ctx;
	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
	 * and SSL_write() calls, good for nbio debuging :-) */
	int debug;	

	/* extra application data */
1536 1537
	long verify_result;
	CRYPTO_EX_DATA ex_data;
1538 1539

	/* for server side, keep the list of CA_dn we can use */
B
Ben Laurie 已提交
1540
	STACK_OF(X509_NAME) *client_CA;
1541

1542
	int references;
1543 1544
	unsigned long options; /* protocol behaviour */
	unsigned long mode; /* API behaviour */
1545
	long max_cert_list;
1546
	int first_packet;
1547
	int client_version;	/* what was passed, used for
U
Ulf Möller 已提交
1548
				 * SSLv3/TLS rollback check */
D
Dr. Stephen Henson 已提交
1549
	unsigned int max_send_fragment;
1550
#ifndef OPENSSL_NO_TLSEXT
1551 1552 1553 1554 1555
	/* TLS extension debug callback */
	void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
					unsigned char *data, int len,
					void *arg);
	void *tlsext_debug_arg;
1556
	char *tlsext_hostname;
1557 1558 1559 1560 1561
	int servername_done;   /* no further mod of servername 
	                          0 : call the servername extension callback.
	                          1 : prepare 2, allow last ack just after in server callback.
	                          2 : don't call servername callback, no ack in server hello
	                       */
1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573
	/* certificate status request info */
	/* Status type or -1 if no status type */
	int tlsext_status_type;
	/* Expect OCSP CertificateStatus message */
	int tlsext_status_expected;
	/* OCSP status request only */
	STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
	X509_EXTENSIONS *tlsext_ocsp_exts;
	/* OCSP response received or to be sent */
	unsigned char *tlsext_ocsp_resp;
	int tlsext_ocsp_resplen;

1574 1575
	/* RFC4507 session ticket expected to be received or sent */
	int tlsext_ticket_expected;
1576
#ifndef OPENSSL_NO_EC
B
Bodo Möller 已提交
1577 1578
	size_t tlsext_ecpointformatlist_length;
	unsigned char *tlsext_ecpointformatlist; /* our list */
1579 1580
	size_t tlsext_ellipticcurvelist_length;
	unsigned char *tlsext_ellipticcurvelist; /* our list */
1581
#endif /* OPENSSL_NO_EC */
1582 1583 1584 1585 1586

	/* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
	void *tlsext_opaque_prf_input;
	size_t tlsext_opaque_prf_input_len;

D
Dr. Stephen Henson 已提交
1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597
	/* TLS Session Ticket extension override */
	TLS_SESSION_TICKET_EXT *tlsext_session_ticket;

	/* TLS Session Ticket extension callback */
	tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
	void *tls_session_ticket_ext_cb_arg;

	/* TLS pre-shared secret session resumption */
	tls_session_secret_cb_fn tls_session_secret_cb;
	void *tls_session_secret_cb_arg;

1598
	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
B
Ben Laurie 已提交
1599

B
Ben Laurie 已提交
1600
#ifndef OPENSSL_NO_NEXTPROTONEG
B
Ben Laurie 已提交
1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611
	/* Next protocol negotiation. For the client, this is the protocol that
	 * we sent in NextProtocol and is set when handling ServerHello
	 * extensions.
	 *
	 * For a server, this is the client's selected_protocol from
	 * NextProtocol and is set when handling the NextProtocol message,
	 * before the Finished message. */
	unsigned char *next_proto_negotiated;
	unsigned char next_proto_negotiated_len;
#endif

B
Bodo Möller 已提交
1612
#define session_ctx initial_ctx
B
Ben Laurie 已提交
1613

D
Dr. Stephen Henson 已提交
1614 1615 1616 1617 1618 1619 1620 1621 1622 1623
	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
	SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */

	unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
	                                   0: disabled
	                                   1: enabled
	                                   2: enabled, but not allowed to send Requests
	                                 */
	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
	unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
A
Adam Langley 已提交
1624 1625 1626 1627 1628

	/* For a client, this contains the list of supported protocols in wire
	 * format. */
	unsigned char* alpn_client_proto_list;
	unsigned alpn_client_proto_list_len;
B
Bodo Möller 已提交
1629 1630
#else
#define session_ctx ctx
1631
#endif /* OPENSSL_NO_TLSEXT */
D
Dr. Stephen Henson 已提交
1632

D
Dr. Stephen Henson 已提交
1633 1634 1635
	int renegotiate;/* 1 if we are renegotiating.
	                 * 2 if we are a server and are inside a handshake
	                 * (i.e. not just sending a HelloRequest) */
1636

D
Dr. Stephen Henson 已提交
1637 1638 1639 1640
#ifndef OPENSSL_NO_SRP
	SRP_CTX srp_ctx; /* ctx for SRP authentication */
#endif

D
Dr. Stephen Henson 已提交
1641 1642 1643
	/* Callback for disabling session caching and ticket support
	 * on a session basis, depending on the chosen cipher. */
	int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure);
B
Ben Laurie 已提交
1644
	};
1645

1646 1647
#endif

1648 1649 1650 1651
#ifdef __cplusplus
}
#endif

1652 1653 1654
#include <openssl/ssl2.h>
#include <openssl/ssl3.h>
#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
B
Ben Laurie 已提交
1655
#include <openssl/dtls1.h> /* Datagram TLS */
1656
#include <openssl/ssl23.h>
B
Ben Laurie 已提交
1657
#include <openssl/srtp.h>  /* Support for the use_srtp extension */
1658

1659 1660 1661 1662
#ifdef  __cplusplus
extern "C" {
#endif

U
Ulf Möller 已提交
1663
/* compatibility */
1664 1665 1666 1667 1668 1669
#define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))
#define SSL_get_app_data(s)		(SSL_get_ex_data(s,0))
#define SSL_SESSION_set_app_data(s,a)	(SSL_SESSION_set_ex_data(s,0,(char *)a))
#define SSL_SESSION_get_app_data(s)	(SSL_SESSION_get_ex_data(s,0))
#define SSL_CTX_get_app_data(ctx)	(SSL_CTX_get_ex_data(ctx,0))
#define SSL_CTX_set_app_data(ctx,arg)	(SSL_CTX_set_ex_data(ctx,0,(char *)arg))
1670 1671

/* The following are the possible values for ssl->state are are
U
Ulf Möller 已提交
1672
 * used to indicate where we are up to in the SSL connection establishment.
1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700
 * The macros that follow are about the only things you should need to use
 * and even then, only when using non-blocking IO.
 * It can also be useful to work out where you were when the connection
 * failed */

#define SSL_ST_CONNECT			0x1000
#define SSL_ST_ACCEPT			0x2000
#define SSL_ST_MASK			0x0FFF
#define SSL_ST_INIT			(SSL_ST_CONNECT|SSL_ST_ACCEPT)
#define SSL_ST_BEFORE			0x4000
#define SSL_ST_OK			0x03
#define SSL_ST_RENEGOTIATE		(0x04|SSL_ST_INIT)

#define SSL_CB_LOOP			0x01
#define SSL_CB_EXIT			0x02
#define SSL_CB_READ			0x04
#define SSL_CB_WRITE			0x08
#define SSL_CB_ALERT			0x4000 /* used in callback */
#define SSL_CB_READ_ALERT		(SSL_CB_ALERT|SSL_CB_READ)
#define SSL_CB_WRITE_ALERT		(SSL_CB_ALERT|SSL_CB_WRITE)
#define SSL_CB_ACCEPT_LOOP		(SSL_ST_ACCEPT|SSL_CB_LOOP)
#define SSL_CB_ACCEPT_EXIT		(SSL_ST_ACCEPT|SSL_CB_EXIT)
#define SSL_CB_CONNECT_LOOP		(SSL_ST_CONNECT|SSL_CB_LOOP)
#define SSL_CB_CONNECT_EXIT		(SSL_ST_CONNECT|SSL_CB_EXIT)
#define SSL_CB_HANDSHAKE_START		0x10
#define SSL_CB_HANDSHAKE_DONE		0x20

/* Is the SSL_connection established? */
1701 1702 1703 1704 1705 1706
#define SSL_get_state(a)		SSL_state(a)
#define SSL_is_init_finished(a)		(SSL_state(a) == SSL_ST_OK)
#define SSL_in_init(a)			(SSL_state(a)&SSL_ST_INIT)
#define SSL_in_before(a)		(SSL_state(a)&SSL_ST_BEFORE)
#define SSL_in_connect_init(a)		(SSL_state(a)&SSL_ST_CONNECT)
#define SSL_in_accept_init(a)		(SSL_state(a)&SSL_ST_ACCEPT)
1707 1708 1709 1710 1711 1712 1713

/* The following 2 states are kept in ssl->rstate when reads fail,
 * you should not need these */
#define SSL_ST_READ_HEADER			0xF0
#define SSL_ST_READ_BODY			0xF1
#define SSL_ST_READ_DONE			0xF2

1714 1715 1716 1717
/* Obtain latest Finished message
 *   -- that we sent (SSL_get_finished)
 *   -- that we expected from peer (SSL_get_peer_finished).
 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
B
Ben Laurie 已提交
1718 1719
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1720

1721 1722 1723 1724 1725 1726 1727
/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
 * are 'ored' with SSL_VERIFY_PEER if they are desired */
#define SSL_VERIFY_NONE			0x00
#define SSL_VERIFY_PEER			0x01
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02
#define SSL_VERIFY_CLIENT_ONCE		0x04

1728
#define OpenSSL_add_ssl_algorithms()	SSL_library_init()
1729 1730
#define SSLeay_add_ssl_algorithms()	SSL_library_init()

U
Ulf Möller 已提交
1731
/* this is for backward compatibility */
1732 1733 1734 1735 1736 1737 1738
#if 0 /* NEW_SSLEAY */
#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
#define SSL_set_pref_cipher(c,n)	SSL_set_cipher_list(c,n)
#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
#define SSL_remove_session(a,b)		SSL_CTX_remove_session((a),(b))
#define SSL_flush_sessions(a,b)		SSL_CTX_flush_sessions((a),(b))
#endif
U
Ulf Möller 已提交
1739
/* More backward compatibility */
1740 1741 1742 1743 1744 1745 1746 1747
#define SSL_get_cipher(s) \
		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
#define SSL_get_cipher_bits(s,np) \
		SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
#define SSL_get_cipher_version(s) \
		SSL_CIPHER_get_version(SSL_get_current_cipher(s))
#define SSL_get_cipher_name(s) \
		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1748 1749 1750 1751
#define SSL_get_time(a)		SSL_SESSION_get_time(a)
#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))
#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))
1752

1753 1754
#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
D
Dr. Stephen Henson 已提交
1755 1756

DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1757

B
Bodo Möller 已提交
1758
#define SSL_AD_REASON_OFFSET		1000 /* offset to get SSL_R_... value from SSL_AD_... */
1759

1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778
/* These alert types are for SSLv3 and TLSv1 */
#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */
#define SSL_AD_DECRYPTION_FAILED	TLS1_AD_DECRYPTION_FAILED
#define SSL_AD_RECORD_OVERFLOW		TLS1_AD_RECORD_OVERFLOW
#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
#define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE/* fatal */
#define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE /* Not for TLS */
#define SSL_AD_BAD_CERTIFICATE		SSL3_AD_BAD_CERTIFICATE
#define SSL_AD_UNSUPPORTED_CERTIFICATE	SSL3_AD_UNSUPPORTED_CERTIFICATE
#define SSL_AD_CERTIFICATE_REVOKED	SSL3_AD_CERTIFICATE_REVOKED
#define SSL_AD_CERTIFICATE_EXPIRED	SSL3_AD_CERTIFICATE_EXPIRED
#define SSL_AD_CERTIFICATE_UNKNOWN	SSL3_AD_CERTIFICATE_UNKNOWN
#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA	/* fatal */
#define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */
#define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */
#define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR
U
Ulf Möller 已提交
1779
#define SSL_AD_EXPORT_RESTRICTION	TLS1_AD_EXPORT_RESTRICTION/* fatal */
1780 1781 1782
#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */
#define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
#define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */
U
Ulf Möller 已提交
1783
#define SSL_AD_USER_CANCELLED		TLS1_AD_USER_CANCELLED
1784
#define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION
1785 1786
#define SSL_AD_UNSUPPORTED_EXTENSION	TLS1_AD_UNSUPPORTED_EXTENSION
#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1787
#define SSL_AD_UNRECOGNIZED_NAME	TLS1_AD_UNRECOGNIZED_NAME
1788 1789
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1790
#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
1791

1792 1793 1794 1795 1796
#define SSL_ERROR_NONE			0
#define SSL_ERROR_SSL			1
#define SSL_ERROR_WANT_READ		2
#define SSL_ERROR_WANT_WRITE		3
#define SSL_ERROR_WANT_X509_LOOKUP	4
B
Bodo Möller 已提交
1797
#define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */
1798 1799
#define SSL_ERROR_ZERO_RETURN		6
#define SSL_ERROR_WANT_CONNECT		7
1800
#define SSL_ERROR_WANT_ACCEPT		8
1801

1802 1803 1804
#define SSL_CTRL_NEED_TMP_RSA			1
#define SSL_CTRL_SET_TMP_RSA			2
#define SSL_CTRL_SET_TMP_DH			3
B
Bodo Möller 已提交
1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819
#define SSL_CTRL_SET_TMP_ECDH			4
#define SSL_CTRL_SET_TMP_RSA_CB			5
#define SSL_CTRL_SET_TMP_DH_CB			6
#define SSL_CTRL_SET_TMP_ECDH_CB		7

#define SSL_CTRL_GET_SESSION_REUSED		8
#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	9
#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		10
#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	11
#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	12
#define SSL_CTRL_GET_FLAGS			13
#define SSL_CTRL_EXTRA_CHAIN_CERT		14

#define SSL_CTRL_SET_MSG_CALLBACK               15
#define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
1820

B
Ben Laurie 已提交
1821 1822
/* only applies to datagram connections */
#define SSL_CTRL_SET_MTU                17
1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836
/* Stats */
#define SSL_CTRL_SESS_NUMBER			20
#define SSL_CTRL_SESS_CONNECT			21
#define SSL_CTRL_SESS_CONNECT_GOOD		22
#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE	23
#define SSL_CTRL_SESS_ACCEPT			24
#define SSL_CTRL_SESS_ACCEPT_GOOD		25
#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE	26
#define SSL_CTRL_SESS_HIT			27
#define SSL_CTRL_SESS_CB_HIT			28
#define SSL_CTRL_SESS_MISSES			29
#define SSL_CTRL_SESS_TIMEOUTS			30
#define SSL_CTRL_SESS_CACHE_FULL		31
#define SSL_CTRL_OPTIONS			32
1837
#define SSL_CTRL_MODE				33
1838 1839 1840 1841 1842 1843 1844

#define SSL_CTRL_GET_READ_AHEAD			40
#define SSL_CTRL_SET_READ_AHEAD			41
#define SSL_CTRL_SET_SESS_CACHE_SIZE		42
#define SSL_CTRL_GET_SESS_CACHE_SIZE		43
#define SSL_CTRL_SET_SESS_CACHE_MODE		44
#define SSL_CTRL_GET_SESS_CACHE_MODE		45
1845

1846 1847 1848
#define SSL_CTRL_GET_MAX_CERT_LIST		50
#define SSL_CTRL_SET_MAX_CERT_LIST		51

1849 1850
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT		52

B
Bodo Möller 已提交
1851
/* see tls1.h for macros based on these */
1852
#ifndef OPENSSL_NO_TLSEXT
1853 1854 1855
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB	53
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG	54
#define SSL_CTRL_SET_TLSEXT_HOSTNAME		55
1856 1857
#define SSL_CTRL_SET_TLSEXT_DEBUG_CB		56
#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG		57
1858 1859
#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS		58
#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS		59
1860 1861 1862
#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT	60
#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB	61
#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
1863 1864 1865 1866 1867 1868 1869 1870 1871
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB	63
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG	64
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE	65
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS	66
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS	67
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS	68
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS	69
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP	70
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP	71
D
Dr. Stephen Henson 已提交
1872 1873

#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB	72
B
Ben Laurie 已提交
1874 1875 1876 1877

#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB	75
#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB		76
#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB		77
D
Dr. Stephen Henson 已提交
1878 1879 1880 1881 1882

#define SSL_CTRL_SET_SRP_ARG		78
#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME		79
#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH		80
#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD		81
D
Dr. Stephen Henson 已提交
1883 1884 1885 1886 1887
#ifndef OPENSSL_NO_HEARTBEATS
#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT				85
#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING		86
#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS	87
#endif
B
Ben Laurie 已提交
1888
#endif /* OPENSSL_NO_TLSEXT */
1889

D
Dr. Stephen Henson 已提交
1890 1891
#define DTLS_CTRL_GET_TIMEOUT		73
#define DTLS_CTRL_HANDLE_TIMEOUT	74
D
Dr. Stephen Henson 已提交
1892
#define DTLS_CTRL_LISTEN			75
D
Dr. Stephen Henson 已提交
1893

1894 1895 1896
#define SSL_CTRL_GET_RI_SUPPORT			76
#define SSL_CTRL_CLEAR_OPTIONS			77
#define SSL_CTRL_CLEAR_MODE			78
1897
#define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB	79
1898

1899 1900 1901
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83

1902 1903 1904
#define SSL_CTRL_CHAIN				88
#define SSL_CTRL_CHAIN_CERT			89

1905 1906 1907 1908
#define SSL_CTRL_GET_CURVES			90
#define SSL_CTRL_SET_CURVES			91
#define SSL_CTRL_SET_CURVES_LIST		92
#define SSL_CTRL_GET_SHARED_CURVE		93
1909
#define SSL_CTRL_SET_ECDH_AUTO			94
1910 1911
#define SSL_CTRL_SET_SIGALGS			97
#define SSL_CTRL_SET_SIGALGS_LIST		98
1912 1913
#define SSL_CTRL_CERT_FLAGS			99
#define SSL_CTRL_CLEAR_CERT_FLAGS		100
1914 1915
#define SSL_CTRL_SET_CLIENT_SIGALGS		101
#define SSL_CTRL_SET_CLIENT_SIGALGS_LIST	102
1916 1917
#define SSL_CTRL_GET_CLIENT_CERT_TYPES		103
#define SSL_CTRL_SET_CLIENT_CERT_TYPES		104
1918 1919 1920
#define SSL_CTRL_BUILD_CERT_CHAIN		105
#define SSL_CTRL_SET_VERIFY_CERT_STORE		106
#define SSL_CTRL_SET_CHAIN_CERT_STORE		107
1921
#define SSL_CTRL_GET_PEER_SIGNATURE_NID		108
1922
#define SSL_CTRL_GET_SERVER_TMP_KEY		109
1923
#define SSL_CTRL_GET_RAW_CIPHERLIST		110
1924
#define SSL_CTRL_GET_EC_POINT_FORMATS		111
1925

D
Dr. Stephen Henson 已提交
1926 1927 1928 1929
#define DTLSv1_get_timeout(ssl, arg) \
	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
	SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
D
Dr. Stephen Henson 已提交
1930 1931
#define DTLSv1_listen(ssl, peer) \
	SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
D
Dr. Stephen Henson 已提交
1932

1933 1934 1935 1936 1937 1938 1939 1940
#define SSL_session_reused(ssl) \
	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
#define SSL_num_renegotiations(ssl) \
	SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
#define SSL_clear_num_renegotiations(ssl) \
	SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
#define SSL_total_renegotiations(ssl) \
	SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
1941 1942 1943 1944 1945 1946 1947

#define SSL_CTX_need_tmp_RSA(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
#define SSL_CTX_set_tmp_dh(ctx,dh) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
B
Bodo Möller 已提交
1948 1949
#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1950

1951 1952 1953 1954 1955 1956
#define SSL_need_tmp_RSA(ssl) \
	SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
#define SSL_set_tmp_rsa(ssl,rsa) \
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
#define SSL_set_tmp_dh(ssl,dh) \
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
B
Bodo Möller 已提交
1957 1958
#define SSL_set_tmp_ecdh(ssl,ecdh) \
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1959

1960 1961
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
D
typo  
Dr. Stephen Henson 已提交
1962 1963 1964 1965
#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
#define SSL_CTX_clear_extra_chain_certs(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
1966

1967 1968 1969 1970 1971 1972 1973 1974
#define SSL_CTX_set0_chain(ctx,sk) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
#define SSL_CTX_set1_chain(ctx,sk) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
#define SSL_CTX_add0_chain_cert(ctx,x509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
#define SSL_CTX_add1_chain_cert(ctx,x509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985
#define SSL_CTX_build_cert_chain(ctx, flags) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)

#define SSL_CTX_set0_verify_cert_store(ctx,st) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
#define SSL_CTX_set1_verify_cert_store(ctx,st) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
#define SSL_CTX_set0_chain_cert_store(ctx,st) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
#define SSL_CTX_set1_chain_cert_store(ctx,st) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)
1986 1987 1988 1989 1990 1991 1992 1993 1994

#define SSL_set0_chain(ctx,sk) \
	SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
#define SSL_set1_chain(ctx,sk) \
	SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
#define SSL_add0_chain_cert(ctx,x509) \
	SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
#define SSL_add1_chain_cert(ctx,x509) \
	SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005
#define SSL_build_cert_chain(s, flags) \
	SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
#define SSL_set0_verify_cert_store(s,st) \
	SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
#define SSL_set1_verify_cert_store(s,st) \
	SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
#define SSL_set0_chain_cert_store(s,st) \
	SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
#define SSL_set1_chain_cert_store(s,st) \
	SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
#define SSL_get1_curves(ctx, s) \
	SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s)
#define SSL_CTX_set1_curves(ctx, clist, clistlen) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist)
#define SSL_CTX_set1_curves_list(ctx, s) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s)
#define SSL_set1_curves(ctx, clist, clistlen) \
	SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist)
#define SSL_set1_curves_list(ctx, s) \
	SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s)
#define SSL_get_shared_curve(s, n) \
	SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL)
2018 2019 2020 2021
#define SSL_CTX_set_ecdh_auto(ctx, onoff) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
#define SSL_set_ecdh_auto(s, onoff) \
	SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
2022

2023 2024 2025 2026 2027 2028 2029 2030 2031
#define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
#define SSL_CTX_set1_sigalgs_list(ctx, s) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
#define SSL_set1_sigalgs(ctx, slist, slistlen) \
	SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
#define SSL_set1_sigalgs_list(ctx, s) \
	SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)

2032 2033 2034 2035 2036 2037 2038 2039 2040
#define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist)
#define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
#define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
	SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist)
#define SSL_set1_client_sigalgs_list(ctx, s) \
	SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)

2041 2042 2043 2044 2045 2046 2047 2048
#define SSL_get0_certificate_types(s, clist) \
	SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist)

#define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
#define SSL_set1_client_certificate_types(s, clist, clistlen) \
	SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)

2049 2050 2051
#define SSL_get_peer_signature_nid(s, pn) \
	SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)

2052 2053 2054
#define SSL_get_server_tmp_key(s, pk) \
	SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)

2055 2056 2057
#define SSL_get0_raw_cipherlist(s, plst) \
	SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)

2058 2059 2060
#define SSL_get0_ec_point_formats(s, plst) \
	SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)

2061
#ifndef OPENSSL_NO_BIO
2062 2063
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
2064 2065
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
2066 2067 2068 2069 2070
int BIO_ssl_copy_session_id(BIO *to,BIO *from);
void BIO_ssl_shutdown(BIO *ssl_bio);

#endif

2071
int	SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
2072
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
2073
void	SSL_CTX_free(SSL_CTX *);
2074
long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
B
Ben Laurie 已提交
2075 2076
long SSL_CTX_get_timeout(const SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
2077
void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
B
Ben Laurie 已提交
2078
int SSL_want(const SSL *s);
2079 2080
int	SSL_clear(SSL *s);

2081 2082
void	SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);

2083
const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
B
Ben Laurie 已提交
2084 2085 2086
int	SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
char *	SSL_CIPHER_get_version(const SSL_CIPHER *c);
const char *	SSL_CIPHER_get_name(const SSL_CIPHER *c);
2087
unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
B
Ben Laurie 已提交
2088 2089 2090 2091 2092 2093 2094 2095

int	SSL_get_fd(const SSL *s);
int	SSL_get_rfd(const SSL *s);
int	SSL_get_wfd(const SSL *s);
const char  * SSL_get_cipher_list(const SSL *s,int n);
char *	SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
int	SSL_get_read_ahead(const SSL * s);
int	SSL_pending(const SSL *s);
2096
#ifndef OPENSSL_NO_SOCK
2097 2098 2099 2100
int	SSL_set_fd(SSL *s, int fd);
int	SSL_set_rfd(SSL *s, int fd);
int	SSL_set_wfd(SSL *s, int fd);
#endif
2101
#ifndef OPENSSL_NO_BIO
2102
void	SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
B
Ben Laurie 已提交
2103 2104
BIO *	SSL_get_rbio(const SSL *s);
BIO *	SSL_get_wbio(const SSL *s);
2105
#endif
2106
int	SSL_set_cipher_list(SSL *s, const char *str);
2107
void	SSL_set_read_ahead(SSL *s, int yes);
B
Ben Laurie 已提交
2108 2109 2110
int	SSL_get_verify_mode(const SSL *s);
int	SSL_get_verify_depth(const SSL *s);
int	(*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
B
Ben Laurie 已提交
2111 2112
void	SSL_set_verify(SSL *s, int mode,
		       int (*callback)(int ok,X509_STORE_CTX *ctx));
2113
void	SSL_set_verify_depth(SSL *s, int depth);
2114
void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg);
2115
#ifndef OPENSSL_NO_RSA
2116
int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
2117
#endif
2118 2119
int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
2120
int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
2121
int	SSL_use_certificate(SSL *ssl, X509 *x);
2122
int	SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
2123

B
Ben Laurie 已提交
2124
#ifndef OPENSSL_NO_TLSEXT
2125 2126 2127 2128 2129 2130 2131
/* Set serverinfo data for the current active cert. */
int	SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
			       size_t serverinfo_length);
#ifndef OPENSSL_NO_STDIO
int	SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
#endif /* NO_STDIO */

B
Ben Laurie 已提交
2132 2133
#endif

2134
#ifndef OPENSSL_NO_STDIO
2135 2136 2137 2138 2139 2140
int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
2141
int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
B
Ben Laurie 已提交
2142
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
B
Ben Laurie 已提交
2143
int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
B
Ben Laurie 已提交
2144
					    const char *file);
2145
#ifndef OPENSSL_SYS_VMS
2146
#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
B
Ben Laurie 已提交
2147
int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
B
Ben Laurie 已提交
2148
					   const char *dir);
2149
#endif
2150 2151 2152
#endif

#endif
2153

2154
void	SSL_load_error_strings(void );
B
Ben Laurie 已提交
2155 2156 2157 2158
const char *SSL_state_string(const SSL *s);
const char *SSL_rstate_string(const SSL *s);
const char *SSL_state_string_long(const SSL *s);
const char *SSL_rstate_string_long(const SSL *s);
B
Ben Laurie 已提交
2159
long	SSL_SESSION_get_time(const SSL_SESSION *s);
2160
long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
B
Ben Laurie 已提交
2161
long	SSL_SESSION_get_timeout(const SSL_SESSION *s);
2162
long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
B
Ben Laurie 已提交
2163
void	SSL_copy_session_id(SSL *to,const SSL *from);
2164 2165 2166
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
			       unsigned int sid_ctx_len);
2167 2168

SSL_SESSION *SSL_SESSION_new(void);
B
Ben Laurie 已提交
2169 2170
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
					unsigned int *len);
2171
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
2172
#ifndef OPENSSL_NO_FP_API
B
Ben Laurie 已提交
2173
int	SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
2174
#endif
2175
#ifndef OPENSSL_NO_BIO
B
Ben Laurie 已提交
2176
int	SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
2177 2178 2179 2180 2181 2182
#endif
void	SSL_SESSION_free(SSL_SESSION *ses);
int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
int	SSL_set_session(SSL *to, SSL_SESSION *session);
int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
2183 2184
int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
2185
int	SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
2186
					unsigned int id_len);
2187
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
2188
			     long length);
2189 2190

#ifdef HEADER_X509_H
B
Ben Laurie 已提交
2191
X509 *	SSL_get_peer_certificate(const SSL *s);
2192 2193
#endif

B
Ben Laurie 已提交
2194
STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
2195

B
Ben Laurie 已提交
2196 2197 2198
int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
B
Ben Laurie 已提交
2199 2200
void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
			int (*callback)(int, X509_STORE_CTX *));
2201
void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
2202
void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
2203
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg);
2204
#ifndef OPENSSL_NO_RSA
2205
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
2206
#endif
2207
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
2208 2209
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
2210
	const unsigned char *d, long len);
2211
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
2212
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
2213

2214 2215
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
2216

B
Ben Laurie 已提交
2217 2218
int SSL_CTX_check_private_key(const SSL_CTX *ctx);
int SSL_check_private_key(const SSL *ctx);
2219

2220 2221 2222
int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
				       unsigned int sid_ctx_len);

2223
SSL *	SSL_new(SSL_CTX *ctx);
B
Ben Laurie 已提交
2224 2225
int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
				   unsigned int sid_ctx_len);
2226 2227 2228 2229 2230 2231

int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
int SSL_set_purpose(SSL *s, int purpose);
int SSL_CTX_set_trust(SSL_CTX *s, int trust);
int SSL_set_trust(SSL *s, int trust);

D
Dr. Stephen Henson 已提交
2232 2233 2234
int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);

B
Ben Laurie 已提交
2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258
#ifndef OPENSSL_NO_SRP
int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
					char *(*cb)(SSL *,void *));
int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
					  int (*cb)(SSL *,void *));
int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
				      int (*cb)(SSL *,int *,void *));
int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);

int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
			     BIGNUM *sa, BIGNUM *v, char *info);
int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
				const char *grp);

BIGNUM *SSL_get_srp_g(SSL *s);
BIGNUM *SSL_get_srp_N(SSL *s);

char *SSL_get_srp_username(SSL *s);
char *SSL_get_srp_userinfo(SSL *s);
#endif

2259
void	SSL_certs_clear(SSL *s);
2260 2261 2262
void	SSL_free(SSL *ssl);
int 	SSL_accept(SSL *ssl);
int 	SSL_connect(SSL *ssl);
2263 2264 2265
int 	SSL_read(SSL *ssl,void *buf,int num);
int 	SSL_peek(SSL *ssl,void *buf,int num);
int 	SSL_write(SSL *ssl,const void *buf,int num);
2266
long	SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
2267
long	SSL_callback_ctrl(SSL *, int, void (*)(void));
2268
long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
2269
long	SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
2270

B
Ben Laurie 已提交
2271 2272
int	SSL_get_error(const SSL *s,int ret_code);
const char *SSL_get_version(const SSL *s);
2273 2274

/* This sets the 'default' SSL version that SSL_new() will create */
2275
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
2276

D
Dr. Stephen Henson 已提交
2277
#ifndef OPENSSL_NO_SSL2
2278 2279 2280
const SSL_METHOD *SSLv2_method(void);		/* SSLv2 */
const SSL_METHOD *SSLv2_server_method(void);	/* SSLv2 */
const SSL_METHOD *SSLv2_client_method(void);	/* SSLv2 */
D
Dr. Stephen Henson 已提交
2281
#endif
2282

2283 2284 2285
const SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void);	/* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void);	/* SSLv3 */
2286

2287 2288 2289
const SSL_METHOD *SSLv23_method(void);	/* SSLv3 but can rollback to v2 */
const SSL_METHOD *SSLv23_server_method(void);	/* SSLv3 but can rollback to v2 */
const SSL_METHOD *SSLv23_client_method(void);	/* SSLv3 but can rollback to v2 */
2290

2291 2292 2293
const SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */
const SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */
2294

2295 2296 2297 2298
const SSL_METHOD *TLSv1_1_method(void);		/* TLSv1.1 */
const SSL_METHOD *TLSv1_1_server_method(void);	/* TLSv1.1 */
const SSL_METHOD *TLSv1_1_client_method(void);	/* TLSv1.1 */

2299 2300 2301 2302 2303
const SSL_METHOD *TLSv1_2_method(void);		/* TLSv1.2 */
const SSL_METHOD *TLSv1_2_server_method(void);	/* TLSv1.2 */
const SSL_METHOD *TLSv1_2_client_method(void);	/* TLSv1.2 */


2304 2305 2306
const SSL_METHOD *DTLSv1_method(void);		/* DTLSv1.0 */
const SSL_METHOD *DTLSv1_server_method(void);	/* DTLSv1.0 */
const SSL_METHOD *DTLSv1_client_method(void);	/* DTLSv1.0 */
B
Ben Laurie 已提交
2307

2308 2309 2310 2311
const SSL_METHOD *DTLSv1_2_method(void);	/* DTLSv1.2 */
const SSL_METHOD *DTLSv1_2_server_method(void);	/* DTLSv1.2 */
const SSL_METHOD *DTLSv1_2_client_method(void);	/* DTLSv1.2 */

D
Dr. Stephen Henson 已提交
2312 2313 2314 2315
const SSL_METHOD *DTLS_method(void);		/* DTLS 1.0 and 1.2 */
const SSL_METHOD *DTLS_server_method(void);	/* DTLS 1.0 and 1.2 */
const SSL_METHOD *DTLS_client_method(void);	/* DTLS 1.0 and 1.2 */

B
Ben Laurie 已提交
2316
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
2317 2318 2319

int SSL_do_handshake(SSL *s);
int SSL_renegotiate(SSL *s);
D
Dr. Stephen Henson 已提交
2320
int SSL_renegotiate_abbreviated(SSL *s);
2321
int SSL_renegotiate_pending(SSL *s);
2322 2323
int SSL_shutdown(SSL *s);

2324 2325
const SSL_METHOD *SSL_get_ssl_method(SSL *s);
int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
L
Lutz Jänicke 已提交
2326 2327 2328 2329
const char *SSL_alert_type_string_long(int value);
const char *SSL_alert_type_string(int value);
const char *SSL_alert_desc_string_long(int value);
const char *SSL_alert_desc_string(int value);
2330

2331 2332
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
B
Ben Laurie 已提交
2333 2334
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
2335 2336 2337 2338 2339 2340
int SSL_add_client_CA(SSL *ssl,X509 *x);
int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);

void SSL_set_connect_state(SSL *s);
void SSL_set_accept_state(SSL *s);

B
Ben Laurie 已提交
2341
long SSL_get_default_timeout(const SSL *s);
2342

2343
int SSL_library_init(void );
2344

D
Dr. Stephen Henson 已提交
2345
char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
B
Ben Laurie 已提交
2346
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
2347 2348 2349

SSL *SSL_dup(SSL *ssl);

B
Ben Laurie 已提交
2350
X509 *SSL_get_certificate(const SSL *ssl);
2351 2352
/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);

2353
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
B
Ben Laurie 已提交
2354
int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
2355
void SSL_set_quiet_shutdown(SSL *ssl,int mode);
B
Ben Laurie 已提交
2356
int SSL_get_quiet_shutdown(const SSL *ssl);
2357
void SSL_set_shutdown(SSL *ssl,int mode);
B
Ben Laurie 已提交
2358 2359
int SSL_get_shutdown(const SSL *ssl);
int SSL_version(const SSL *ssl);
2360
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
2361 2362
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
	const char *CApath);
2363
#define SSL_get0_session SSL_get_session /* just peek at pointer */
B
Ben Laurie 已提交
2364
SSL_SESSION *SSL_get_session(const SSL *ssl);
2365
SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
B
Ben Laurie 已提交
2366
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
2367
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
B
Ben Laurie 已提交
2368 2369
void SSL_set_info_callback(SSL *ssl,
			   void (*cb)(const SSL *ssl,int type,int val));
B
Ben Laurie 已提交
2370 2371
void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
int SSL_state(const SSL *ssl);
2372
void SSL_set_state(SSL *ssl, int state);
2373 2374

void SSL_set_verify_result(SSL *ssl,long v);
B
Ben Laurie 已提交
2375
long SSL_get_verify_result(const SSL *ssl);
2376

2377
int SSL_set_ex_data(SSL *ssl,int idx,void *data);
B
Ben Laurie 已提交
2378
void *SSL_get_ex_data(const SSL *ssl,int idx);
D
 
Dr. Stephen Henson 已提交
2379 2380
int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
2381

2382
int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
B
Ben Laurie 已提交
2383
void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
D
 
Dr. Stephen Henson 已提交
2384 2385
int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
2386

2387
int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
B
Ben Laurie 已提交
2388
void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
D
 
Dr. Stephen Henson 已提交
2389 2390
int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
2391

2392 2393
int SSL_get_ex_data_X509_STORE_CTX_idx(void );

2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407
#define SSL_CTX_sess_set_cache_size(ctx,t) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
#define SSL_CTX_sess_get_cache_size(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
#define SSL_CTX_set_session_cache_mode(ctx,m) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
#define SSL_CTX_get_session_cache_mode(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)

#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
#define SSL_CTX_get_read_ahead(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
#define SSL_CTX_set_read_ahead(ctx,m) \
B
Bodo Möller 已提交
2408
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
2409 2410 2411 2412 2413 2414 2415 2416
#define SSL_CTX_get_max_cert_list(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
#define SSL_CTX_set_max_cert_list(ctx,m) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
#define SSL_get_max_cert_list(ssl) \
	SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
#define SSL_set_max_cert_list(ssl,m) \
	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
2417

2418 2419 2420 2421 2422
#define SSL_CTX_set_max_send_fragment(ctx,m) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
#define SSL_set_max_send_fragment(ssl,m) \
	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)

U
Ulf Möller 已提交
2423
     /* NB: the keylength is only applicable when is_export is true */
2424
#ifndef OPENSSL_NO_RSA
2425
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
U
Ulf Möller 已提交
2426
				  RSA *(*cb)(SSL *ssl,int is_export,
2427
					     int keylength));
2428

2429
void SSL_set_tmp_rsa_callback(SSL *ssl,
U
Ulf Möller 已提交
2430
				  RSA *(*cb)(SSL *ssl,int is_export,
2431
					     int keylength));
2432
#endif
2433
#ifndef OPENSSL_NO_DH
2434
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
U
Ulf Möller 已提交
2435 2436
				 DH *(*dh)(SSL *ssl,int is_export,
					   int keylength));
2437
void SSL_set_tmp_dh_callback(SSL *ssl,
U
Ulf Möller 已提交
2438 2439
				 DH *(*dh)(SSL *ssl,int is_export,
					   int keylength));
2440
#endif
B
Bodo Möller 已提交
2441 2442 2443 2444 2445 2446 2447 2448
#ifndef OPENSSL_NO_ECDH
void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
					   int keylength));
void SSL_set_tmp_ecdh_callback(SSL *ssl,
				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
					   int keylength));
#endif
2449

2450
#ifndef OPENSSL_NO_COMP
2451 2452 2453
const COMP_METHOD *SSL_get_current_compression(SSL *s);
const COMP_METHOD *SSL_get_current_expansion(SSL *s);
const char *SSL_COMP_get_name(const COMP_METHOD *comp);
2454
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
2455 2456
int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
#else
2457 2458 2459
const void *SSL_get_current_compression(SSL *s);
const void *SSL_get_current_expansion(SSL *s);
const char *SSL_COMP_get_name(const void *comp);
2460
void *SSL_COMP_get_compression_methods(void);
2461
int SSL_COMP_add_compression_method(int id,void *cm);
2462 2463
#endif

2464 2465
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);

D
Dr. Stephen Henson 已提交
2466 2467 2468 2469 2470 2471 2472 2473 2474
/* TLS extensions functions */
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);

int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
				  void *arg);

/* Pre-shared secret session resumption functions */
int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);

2475 2476 2477 2478 2479 2480
void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
	int (*cb)(SSL *ssl, int is_forward_secure));

void SSL_set_not_resumable_session_callback(SSL *ssl,
	int (*cb)(SSL *ssl, int is_forward_secure));

2481 2482
void SSL_set_debug(SSL *s, int debug);
int SSL_cache_hit(SSL *s);
2483
int SSL_is_server(SSL *s);
D
Dr. Stephen Henson 已提交
2484

2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496
SSL_CONF_CTX *SSL_CONF_CTX_new(void);
void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);

void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);

int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);

2497 2498 2499
#ifndef OPENSSL_NO_SSL_TRACE
void SSL_trace(int write_p, int version, int content_type,
		const void *buf, size_t len, SSL *ssl, void *arg);
2500
const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
2501 2502
#endif

2503
/* BEGIN ERROR CODES */
2504 2505 2506
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
B
Bodo Möller 已提交
2507
void ERR_load_SSL_strings(void);
2508

2509 2510 2511
/* Error codes for the SSL functions. */

/* Function codes. */
2512
#define SSL_F_CHECK_SUITEB_CIPHER_LIST			 335
2513
#define SSL_F_CLIENT_CERTIFICATE			 100
2514
#define SSL_F_CLIENT_FINISHED				 167
2515 2516 2517
#define SSL_F_CLIENT_HELLO				 101
#define SSL_F_CLIENT_MASTER_KEY				 102
#define SSL_F_D2I_SSL_SESSION				 103
2518
#define SSL_F_DO_DTLS1_WRITE				 245
2519
#define SSL_F_DO_SSL3_WRITE				 104
2520
#define SSL_F_DTLS1_ACCEPT				 246
D
Dr. Stephen Henson 已提交
2521
#define SSL_F_DTLS1_ADD_CERT_TO_BUF			 295
2522
#define SSL_F_DTLS1_BUFFER_RECORD			 247
D
Dr. Stephen Henson 已提交
2523
#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM			 318
2524 2525 2526 2527 2528 2529 2530
#define SSL_F_DTLS1_CLIENT_HELLO			 248
#define SSL_F_DTLS1_CONNECT				 249
#define SSL_F_DTLS1_ENC					 250
#define SSL_F_DTLS1_GET_HELLO_VERIFY			 251
#define SSL_F_DTLS1_GET_MESSAGE				 252
#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT		 253
#define SSL_F_DTLS1_GET_RECORD				 254
2531
#define SSL_F_DTLS1_HANDLE_TIMEOUT			 297
D
Dr. Stephen Henson 已提交
2532
#define SSL_F_DTLS1_HEARTBEAT				 305
2533
#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN			 255
A
Andy Polyakov 已提交
2534
#define SSL_F_DTLS1_PREPROCESS_FRAGMENT			 288
2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547
#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE		 256
#define SSL_F_DTLS1_PROCESS_RECORD			 257
#define SSL_F_DTLS1_READ_BYTES				 258
#define SSL_F_DTLS1_READ_FAILED				 259
#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST		 260
#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE		 261
#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE		 262
#define SSL_F_DTLS1_SEND_CLIENT_VERIFY			 263
#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST		 264
#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE		 265
#define SSL_F_DTLS1_SEND_SERVER_HELLO			 266
#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE		 267
#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES		 268
2548 2549 2550 2551 2552 2553 2554 2555 2556
#define SSL_F_GET_CLIENT_FINISHED			 105
#define SSL_F_GET_CLIENT_HELLO				 106
#define SSL_F_GET_CLIENT_MASTER_KEY			 107
#define SSL_F_GET_SERVER_FINISHED			 108
#define SSL_F_GET_SERVER_HELLO				 109
#define SSL_F_GET_SERVER_VERIFY				 110
#define SSL_F_I2D_SSL_SESSION				 111
#define SSL_F_READ_N					 112
#define SSL_F_REQUEST_CERTIFICATE			 113
B
Bodo Möller 已提交
2557
#define SSL_F_SERVER_FINISH				 239
2558
#define SSL_F_SERVER_HELLO				 114
B
Bodo Möller 已提交
2559
#define SSL_F_SERVER_VERIFY				 240
2560 2561 2562 2563 2564
#define SSL_F_SSL23_ACCEPT				 115
#define SSL_F_SSL23_CLIENT_HELLO			 116
#define SSL_F_SSL23_CONNECT				 117
#define SSL_F_SSL23_GET_CLIENT_HELLO			 118
#define SSL_F_SSL23_GET_SERVER_HELLO			 119
B
Bodo Möller 已提交
2565
#define SSL_F_SSL23_PEEK				 237
2566 2567 2568 2569 2570
#define SSL_F_SSL23_READ				 120
#define SSL_F_SSL23_WRITE				 121
#define SSL_F_SSL2_ACCEPT				 122
#define SSL_F_SSL2_CONNECT				 123
#define SSL_F_SSL2_ENC_INIT				 124
B
Bodo Möller 已提交
2571
#define SSL_F_SSL2_GENERATE_KEY_MATERIAL		 241
B
Bodo Möller 已提交
2572
#define SSL_F_SSL2_PEEK					 234
2573
#define SSL_F_SSL2_READ					 125
B
Bodo Möller 已提交
2574
#define SSL_F_SSL2_READ_INTERNAL			 236
2575 2576 2577
#define SSL_F_SSL2_SET_CERTIFICATE			 126
#define SSL_F_SSL2_WRITE				 127
#define SSL_F_SSL3_ACCEPT				 128
D
Dr. Stephen Henson 已提交
2578
#define SSL_F_SSL3_ADD_CERT_TO_BUF			 296
2579
#define SSL_F_SSL3_CALLBACK_CTRL			 233
2580 2581
#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
D
Dr. Stephen Henson 已提交
2582
#define SSL_F_SSL3_CHECK_CLIENT_HELLO			 304
2583 2584
#define SSL_F_SSL3_CLIENT_HELLO				 131
#define SSL_F_SSL3_CONNECT				 132
2585
#define SSL_F_SSL3_CTRL					 213
2586
#define SSL_F_SSL3_CTX_CTRL				 133
D
Dr. Stephen Henson 已提交
2587
#define SSL_F_SSL3_DIGEST_CACHED_RECORDS		 293
B
Bodo Möller 已提交
2588
#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC		 292
2589
#define SSL_F_SSL3_ENC					 134
B
Bodo Möller 已提交
2590
#define SSL_F_SSL3_GENERATE_KEY_BLOCK			 238
2591
#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
D
Dr. Stephen Henson 已提交
2592
#define SSL_F_SSL3_GET_CERT_STATUS			 289
2593 2594 2595 2596 2597 2598 2599
#define SSL_F_SSL3_GET_CERT_VERIFY			 136
#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
#define SSL_F_SSL3_GET_CLIENT_HELLO			 138
#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139
#define SSL_F_SSL3_GET_FINISHED				 140
#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141
#define SSL_F_SSL3_GET_MESSAGE				 142
2600
#define SSL_F_SSL3_GET_NEW_SESSION_TICKET		 283
D
Dr. Stephen Henson 已提交
2601
#define SSL_F_SSL3_GET_NEXT_PROTO			 306
2602 2603 2604 2605
#define SSL_F_SSL3_GET_RECORD				 143
#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144
#define SSL_F_SSL3_GET_SERVER_DONE			 145
#define SSL_F_SSL3_GET_SERVER_HELLO			 146
B
Bodo Möller 已提交
2606
#define SSL_F_SSL3_HANDSHAKE_MAC			 285
B
Ben Laurie 已提交
2607
#define SSL_F_SSL3_NEW_SESSION_TICKET			 287
2608
#define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
B
Bodo Möller 已提交
2609
#define SSL_F_SSL3_PEEK					 235
2610 2611 2612 2613 2614 2615 2616
#define SSL_F_SSL3_READ_BYTES				 148
#define SSL_F_SSL3_READ_N				 149
#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151
#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
#define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
B
Bodo Möller 已提交
2617
#define SSL_F_SSL3_SEND_SERVER_HELLO			 242
2618 2619
#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
#define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
2620 2621
#define SSL_F_SSL3_SETUP_READ_BUFFER			 156
#define SSL_F_SSL3_SETUP_WRITE_BUFFER			 291
2622 2623
#define SSL_F_SSL3_WRITE_BYTES				 158
#define SSL_F_SSL3_WRITE_PENDING			 159
2624 2625
#define SSL_F_SSL_ADD_CERT_CHAIN			 316
#define SSL_F_SSL_ADD_CERT_TO_BUF			 317
2626
#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT	 298
B
Bodo Möller 已提交
2627
#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT		 277
B
Ben Laurie 已提交
2628
#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT		 307
B
Ben Laurie 已提交
2629 2630
#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215
#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216
2631
#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT	 299
B
Bodo Möller 已提交
2632
#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT		 278
B
Ben Laurie 已提交
2633
#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT		 308
2634
#define SSL_F_SSL_BAD_METHOD				 160
2635
#define SSL_F_SSL_BUILD_CERT_CHAIN			 332
2636
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
2637 2638
#define SSL_F_SSL_CERT_DUP				 221
#define SSL_F_SSL_CERT_INST				 222
2639
#define SSL_F_SSL_CERT_INSTANTIATE			 214
2640 2641
#define SSL_F_SSL_CERT_NEW				 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
B
Bodo Möller 已提交
2642
#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT		 280
2643
#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG		 279
2644 2645
#define SSL_F_SSL_CIPHER_PROCESS_RULESTR		 230
#define SSL_F_SSL_CIPHER_STRENGTH_SORT			 231
2646 2647
#define SSL_F_SSL_CLEAR					 164
#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD		 165
2648
#define SSL_F_SSL_CONF_CMD				 334
2649
#define SSL_F_SSL_CREATE_CIPHER_LIST			 166
R
Richard Levitte 已提交
2650
#define SSL_F_SSL_CTRL					 232
2651
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
B
Ben Laurie 已提交
2652
#define SSL_F_SSL_CTX_MAKE_PROFILES			 309
2653
#define SSL_F_SSL_CTX_NEW				 169
2654
#define SSL_F_SSL_CTX_SET_CIPHER_LIST			 269
D
Dr. Stephen Henson 已提交
2655
#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE		 290
2656
#define SSL_F_SSL_CTX_SET_PURPOSE			 226
2657
#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
2658
#define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
2659
#define SSL_F_SSL_CTX_SET_TRUST				 229
2660 2661
#define SSL_F_SSL_CTX_USE_CERTIFICATE			 171
#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172
2662
#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220
2663 2664 2665 2666
#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173
#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 176
2667
#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT		 272
2668 2669 2670
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 177
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 178
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 179
2671 2672
#define SSL_F_SSL_CTX_USE_SERVERINFO			 336
#define SSL_F_SSL_CTX_USE_SERVERINFO_FILE		 337
2673 2674
#define SSL_F_SSL_DO_HANDSHAKE				 180
#define SSL_F_SSL_GET_NEW_SESSION			 181
B
Ben Laurie 已提交
2675
#define SSL_F_SSL_GET_PREV_SESSION			 217
D
Dr. Stephen Henson 已提交
2676
#define SSL_F_SSL_GET_SERVER_CERT_INDEX			 331
D
Dr. Stephen Henson 已提交
2677
#define SSL_F_SSL_GET_SERVER_SEND_PKEY			 182
2678 2679 2680 2681
#define SSL_F_SSL_GET_SIGN_PKEY				 183
#define SSL_F_SSL_INIT_WBIO_BUFFER			 184
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
#define SSL_F_SSL_NEW					 186
2682
#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT	 300
2683
#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT		 302
B
Ben Laurie 已提交
2684
#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT	 310
2685
#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT	 301
2686
#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT		 303
B
Ben Laurie 已提交
2687
#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT	 311
2688
#define SSL_F_SSL_PEEK					 270
B
Bodo Möller 已提交
2689 2690
#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT		 281
#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT		 282
2691
#define SSL_F_SSL_READ					 223
2692 2693
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
D
Dr. Stephen Henson 已提交
2694
#define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT		 319
2695
#define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT		 320
2696 2697
#define SSL_F_SSL_SESSION_NEW				 189
#define SSL_F_SSL_SESSION_PRINT_FP			 190
D
Dr. Stephen Henson 已提交
2698
#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT		 312
2699
#define SSL_F_SSL_SESS_CERT_NEW				 225
2700
#define SSL_F_SSL_SET_CERT				 191
2701
#define SSL_F_SSL_SET_CIPHER_LIST			 271
2702 2703
#define SSL_F_SSL_SET_FD				 192
#define SSL_F_SSL_SET_PKEY				 193
2704
#define SSL_F_SSL_SET_PURPOSE				 227
2705 2706
#define SSL_F_SSL_SET_RFD				 194
#define SSL_F_SSL_SET_SESSION				 195
B
Ben Laurie 已提交
2707
#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218
2708
#define SSL_F_SSL_SET_SESSION_TICKET_EXT		 294
2709
#define SSL_F_SSL_SET_TRUST				 228
2710
#define SSL_F_SSL_SET_WFD				 196
2711
#define SSL_F_SSL_SHUTDOWN				 224
D
Dr. Stephen Henson 已提交
2712
#define SSL_F_SSL_SRP_CTX_INIT				 313
B
Ben Laurie 已提交
2713
#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION		 243
2714
#define SSL_F_SSL_UNDEFINED_FUNCTION			 197
2715
#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION		 244
2716 2717 2718 2719 2720 2721
#define SSL_F_SSL_USE_CERTIFICATE			 198
#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199
#define SSL_F_SSL_USE_CERTIFICATE_FILE			 200
#define SSL_F_SSL_USE_PRIVATEKEY			 201
#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202
#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 203
2722
#define SSL_F_SSL_USE_PSK_IDENTITY_HINT			 273
2723 2724 2725 2726 2727
#define SSL_F_SSL_USE_RSAPRIVATEKEY			 204
#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 205
#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206
#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207
#define SSL_F_SSL_WRITE					 208
2728
#define SSL_F_TLS12_CHECK_PEER_SIGALG			 333
B
Bodo Möller 已提交
2729
#define SSL_F_TLS1_CERT_VERIFY_MAC			 286
2730
#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209
2731
#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT		 274
2732
#define SSL_F_TLS1_ENC					 210
D
Dr. Stephen Henson 已提交
2733
#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL		 314
B
Ben Laurie 已提交
2734
#define SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA		 326
2735
#define SSL_F_TLS1_GET_CLIENT_SUPPLEMENTAL_DATA		 336
D
Dr. Stephen Henson 已提交
2736
#define SSL_F_TLS1_HEARTBEAT				 315
2737 2738
#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT		 275
#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT		 276
B
Bodo Möller 已提交
2739
#define SSL_F_TLS1_PRF					 284
B
Ben Laurie 已提交
2740
#define SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA	 327
2741
#define SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA	 333
2742 2743
#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211
#define SSL_F_WRITE_PENDING				 212
D
Dr. Stephen Henson 已提交
2744

2745 2746
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE			 100
B
Ben Laurie 已提交
2747
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758
#define SSL_R_BAD_ALERT_RECORD				 101
#define SSL_R_BAD_AUTHENTICATION_TYPE			 102
#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103
#define SSL_R_BAD_CHECKSUM				 104
#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106
#define SSL_R_BAD_DECOMPRESSION				 107
#define SSL_R_BAD_DH_G_LENGTH				 108
#define SSL_R_BAD_DH_PUB_KEY_LENGTH			 109
#define SSL_R_BAD_DH_P_LENGTH				 110
#define SSL_R_BAD_DIGEST_LENGTH				 111
#define SSL_R_BAD_DSA_SIGNATURE				 112
2759 2760 2761
#define SSL_R_BAD_ECC_CERT				 304
#define SSL_R_BAD_ECDSA_SIGNATURE			 305
#define SSL_R_BAD_ECPOINT				 306
2762
#define SSL_R_BAD_HANDSHAKE_LENGTH			 332
2763
#define SSL_R_BAD_HELLO_REQUEST				 105
B
Ben Laurie 已提交
2764
#define SSL_R_BAD_LENGTH				 271
2765
#define SSL_R_BAD_MAC_DECODE				 113
2766
#define SSL_R_BAD_MAC_LENGTH				 333
2767 2768
#define SSL_R_BAD_MESSAGE_TYPE				 114
#define SSL_R_BAD_PACKET_LENGTH				 115
2769
#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
2770
#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH		 316
2771 2772 2773 2774 2775 2776 2777
#define SSL_R_BAD_RESPONSE_ARGUMENT			 117
#define SSL_R_BAD_RSA_DECRYPT				 118
#define SSL_R_BAD_RSA_ENCRYPT				 119
#define SSL_R_BAD_RSA_E_LENGTH				 120
#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121
#define SSL_R_BAD_RSA_SIGNATURE				 122
#define SSL_R_BAD_SIGNATURE				 123
D
Dr. Stephen Henson 已提交
2778 2779 2780 2781 2782 2783 2784
#define SSL_R_BAD_SRP_A_LENGTH				 347
#define SSL_R_BAD_SRP_B_LENGTH				 348
#define SSL_R_BAD_SRP_G_LENGTH				 349
#define SSL_R_BAD_SRP_N_LENGTH				 350
#define SSL_R_BAD_SRP_S_LENGTH				 351
#define SSL_R_BAD_SRTP_MKI_VALUE			 352
#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST		 353
2785 2786 2787
#define SSL_R_BAD_SSL_FILETYPE				 124
#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125
#define SSL_R_BAD_STATE					 126
2788
#define SSL_R_BAD_VALUE					 384
2789 2790 2791 2792 2793 2794 2795 2796
#define SSL_R_BAD_WRITE_RETRY				 127
#define SSL_R_BIO_NOT_SET				 128
#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
#define SSL_R_BN_LIB					 130
#define SSL_R_CA_DN_LENGTH_MISMATCH			 131
#define SSL_R_CA_DN_TOO_LONG				 132
#define SSL_R_CCS_RECEIVED_EARLY			 133
#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
2797
#define SSL_R_CERT_CB_ERROR				 377
2798 2799 2800 2801 2802
#define SSL_R_CERT_LENGTH_MISMATCH			 135
#define SSL_R_CHALLENGE_IS_DIFFERENT			 136
#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
2803
#define SSL_R_CLIENTHELLO_TLSEXT			 226
2804
#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
2805
#define SSL_R_COMPRESSION_DISABLED			 343
2806
#define SSL_R_COMPRESSION_FAILURE			 141
2807
#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE	 307
2808 2809 2810
#define SSL_R_COMPRESSION_LIBRARY_ERROR			 142
#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143
#define SSL_R_CONNECTION_TYPE_NOT_SET			 144
2811
#define SSL_R_COOKIE_MISMATCH				 308
2812 2813 2814
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
#define SSL_R_DATA_LENGTH_TOO_LONG			 146
#define SSL_R_DECRYPTION_FAILED				 147
2815
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 281
2816 2817
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
#define SSL_R_DIGEST_CHECK_FAILED			 149
2818
#define SSL_R_DTLS_MESSAGE_TOO_BIG			 334
2819
#define SSL_R_DUPLICATE_COMPRESSION_ID			 309
2820 2821 2822 2823
#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT		 317
#define SSL_R_ECC_CERT_NOT_FOR_SIGNING			 318
#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE	 322
#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE	 323
2824
#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310
D
Dr. Stephen Henson 已提交
2825
#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST	 354
2826
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
2827
#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282
2828 2829 2830 2831
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
#define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
D
Dr. Stephen Henson 已提交
2832 2833
#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS		 355
#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION		 356
2834 2835
#define SSL_R_HTTPS_PROXY_REQUEST			 155
#define SSL_R_HTTP_REQUEST				 156
2836
#define SSL_R_ILLEGAL_PADDING				 283
2837
#define SSL_R_ILLEGAL_SUITEB_DIGEST			 380
2838
#define SSL_R_INCONSISTENT_COMPRESSION			 340
2839
#define SSL_R_INVALID_CHALLENGE_LENGTH			 158
2840
#define SSL_R_INVALID_COMMAND				 280
2841
#define SSL_R_INVALID_COMPRESSION_ALGORITHM		 341
2842
#define SSL_R_INVALID_NULL_CMD_NAME			 385
2843
#define SSL_R_INVALID_PURPOSE				 278
D
Dr. Stephen Henson 已提交
2844
#define SSL_R_INVALID_SERVERINFO_DATA			 389
D
Dr. Stephen Henson 已提交
2845
#define SSL_R_INVALID_SRP_USERNAME			 357
2846
#define SSL_R_INVALID_STATUS_RESPONSE			 328
B
Bodo Möller 已提交
2847
#define SSL_R_INVALID_TICKET_KEYS_LENGTH		 325
2848
#define SSL_R_INVALID_TRUST				 279
2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860
#define SSL_R_KEY_ARG_TOO_LONG				 284
#define SSL_R_KRB5					 285
#define SSL_R_KRB5_C_CC_PRINC				 286
#define SSL_R_KRB5_C_GET_CRED				 287
#define SSL_R_KRB5_C_INIT				 288
#define SSL_R_KRB5_C_MK_REQ				 289
#define SSL_R_KRB5_S_BAD_TICKET				 290
#define SSL_R_KRB5_S_INIT				 291
#define SSL_R_KRB5_S_RD_REQ				 292
#define SSL_R_KRB5_S_TKT_EXPIRED			 293
#define SSL_R_KRB5_S_TKT_NYV				 294
#define SSL_R_KRB5_S_TKT_SKEW				 295
2861 2862
#define SSL_R_LENGTH_MISMATCH				 159
#define SSL_R_LENGTH_TOO_SHORT				 160
2863
#define SSL_R_LIBRARY_BUG				 274
2864
#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
2865
#define SSL_R_MESSAGE_TOO_LONG				 296
2866 2867 2868 2869
#define SSL_R_MISSING_DH_DSA_CERT			 162
#define SSL_R_MISSING_DH_KEY				 163
#define SSL_R_MISSING_DH_RSA_CERT			 164
#define SSL_R_MISSING_DSA_SIGNING_CERT			 165
2870 2871
#define SSL_R_MISSING_ECDH_CERT				 382
#define SSL_R_MISSING_ECDSA_SIGNING_CERT		 381
2872 2873 2874 2875 2876
#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 166
#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 167
#define SSL_R_MISSING_RSA_CERTIFICATE			 168
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169
#define SSL_R_MISSING_RSA_SIGNING_CERT			 170
D
Dr. Stephen Henson 已提交
2877
#define SSL_R_MISSING_SRP_PARAM				 358
2878
#define SSL_R_MISSING_TMP_DH_KEY			 171
2879
#define SSL_R_MISSING_TMP_ECDH_KEY			 311
2880 2881 2882
#define SSL_R_MISSING_TMP_RSA_KEY			 172
#define SSL_R_MISSING_TMP_RSA_PKEY			 173
#define SSL_R_MISSING_VERIFY_MESSAGE			 174
D
Dr. Stephen Henson 已提交
2883
#define SSL_R_MULTIPLE_SGC_RESTARTS			 346
2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894
#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
#define SSL_R_NO_CERTIFICATES_RETURNED			 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177
#define SSL_R_NO_CERTIFICATE_RETURNED			 178
#define SSL_R_NO_CERTIFICATE_SET			 179
#define SSL_R_NO_CERTIFICATE_SPECIFIED			 180
#define SSL_R_NO_CIPHERS_AVAILABLE			 181
#define SSL_R_NO_CIPHERS_PASSED				 182
#define SSL_R_NO_CIPHERS_SPECIFIED			 183
#define SSL_R_NO_CIPHER_LIST				 184
#define SSL_R_NO_CIPHER_MATCH				 185
D
Dr. Stephen Henson 已提交
2895
#define SSL_R_NO_CLIENT_CERT_METHOD			 331
2896 2897
#define SSL_R_NO_CLIENT_CERT_RECEIVED			 186
#define SSL_R_NO_COMPRESSION_SPECIFIED			 187
D
Dr. Stephen Henson 已提交
2898
#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER		 330
2899 2900 2901 2902 2903
#define SSL_R_NO_METHOD_SPECIFIED			 188
#define SSL_R_NO_PRIVATEKEY				 189
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
#define SSL_R_NO_PUBLICKEY				 192
2904
#define SSL_R_NO_RENEGOTIATION				 339
B
Bodo Möller 已提交
2905
#define SSL_R_NO_REQUIRED_DIGEST			 324
2906
#define SSL_R_NO_SHARED_CIPHER				 193
2907
#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS		 376
D
Dr. Stephen Henson 已提交
2908
#define SSL_R_NO_SRTP_PROFILES				 359
2909 2910 2911 2912
#define SSL_R_NO_VERIFY_CALLBACK			 194
#define SSL_R_NULL_SSL_CTX				 195
#define SSL_R_NULL_SSL_METHOD_PASSED			 196
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
2913
#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
2914
#define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE	 387
2915
#define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE	 379
2916
#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 297
2917
#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG			 327
2918
#define SSL_R_PACKET_LENGTH_TOO_LONG			 198
2919
#define SSL_R_PARSE_TLSEXT				 227
2920
#define SSL_R_PATH_TOO_LONG				 270
2921 2922 2923 2924 2925 2926 2927 2928 2929
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199
#define SSL_R_PEER_ERROR				 200
#define SSL_R_PEER_ERROR_CERTIFICATE			 201
#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202
#define SSL_R_PEER_ERROR_NO_CIPHER			 203
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206
#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207
2930 2931 2932
#define SSL_R_PSK_IDENTITY_NOT_FOUND			 223
#define SSL_R_PSK_NO_CLIENT_CB				 224
#define SSL_R_PSK_NO_SERVER_CB				 225
2933 2934 2935 2936
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 208
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 209
#define SSL_R_PUBLIC_KEY_NOT_RSA			 210
#define SSL_R_READ_BIO_NOT_SET				 211
2937
#define SSL_R_READ_TIMEOUT_EXPIRED			 312
2938 2939 2940
#define SSL_R_READ_WRONG_PACKET_TYPE			 212
#define SSL_R_RECORD_LENGTH_MISMATCH			 213
#define SSL_R_RECORD_TOO_LARGE				 214
2941
#define SSL_R_RECORD_TOO_SMALL				 298
2942 2943 2944
#define SSL_R_RENEGOTIATE_EXT_TOO_LONG			 335
#define SSL_R_RENEGOTIATION_ENCODING_ERR		 336
#define SSL_R_RENEGOTIATION_MISMATCH			 337
2945
#define SSL_R_REQUIRED_CIPHER_MISSING			 215
2946
#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING	 342
2947 2948 2949
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218
2950
#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345
2951
#define SSL_R_SERVERHELLO_TLSEXT			 275
2952
#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
2953
#define SSL_R_SHORT_READ				 219
D
Dr. Stephen Henson 已提交
2954
#define SSL_R_SIGNATURE_ALGORITHMS_ERROR		 360
2955
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
D
Dr. Stephen Henson 已提交
2956 2957 2958 2959
#define SSL_R_SRP_A_CALC				 361
#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES		 362
#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG	 363
#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE		 364
2960
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
2961
#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 299
2962
#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT		 321
2963 2964 2965
#define SSL_R_SSL3_EXT_INVALID_SERVERNAME		 319
#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE		 320
#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 300
2966
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		 1044
#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		 1046
#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE		 1030
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
2978 2979 2980
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228
#define SSL_R_SSL_HANDSHAKE_FAILURE			 229
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230
2981 2982
#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED		 301
#define SSL_R_SSL_SESSION_ID_CONFLICT			 302
B
Ben Laurie 已提交
2983
#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273
2984
#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH		 303
2985
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231
2986 2987 2988 2989
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
U
Ulf Möller 已提交
2990
#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060
2991 2992 2993 2994 2995 2996
#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048
U
Ulf Möller 已提交
2997
#define SSL_R_TLSV1_ALERT_USER_CANCELLED		 1090
2998 2999 3000 3001 3002
#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE		 1114
#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE	 1113
#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE		 1111
#define SSL_R_TLSV1_UNRECOGNIZED_NAME			 1112
#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION		 1110
3003
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232
D
Dr. Stephen Henson 已提交
3004 3005
#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT		 365
#define SSL_R_TLS_HEARTBEAT_PENDING			 366
B
Ben Laurie 已提交
3006
#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL		 367
3007
#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST		 157
3008 3009
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 234
3010
#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS			 388
3011 3012
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 235
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 236
3013
#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS		 313
3014 3015
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 237
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 238
3016
#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS		 314
3017 3018 3019 3020 3021 3022 3023
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 239
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 240
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 241
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 242
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243
#define SSL_R_UNEXPECTED_MESSAGE			 244
#define SSL_R_UNEXPECTED_RECORD				 245
3024
#define SSL_R_UNINITIALIZED				 276
3025 3026 3027 3028
#define SSL_R_UNKNOWN_ALERT_TYPE			 246
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247
#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248
#define SSL_R_UNKNOWN_CIPHER_TYPE			 249
3029
#define SSL_R_UNKNOWN_CMD_NAME				 386
D
Dr. Stephen Henson 已提交
3030
#define SSL_R_UNKNOWN_DIGEST				 368
3031 3032 3033 3034 3035 3036
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250
#define SSL_R_UNKNOWN_PKEY_TYPE				 251
#define SSL_R_UNKNOWN_PROTOCOL				 252
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253
#define SSL_R_UNKNOWN_SSL_VERSION			 254
#define SSL_R_UNKNOWN_STATE				 255
B
Ben Laurie 已提交
3037
#define SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE		 373
3038
#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED	 338
3039 3040
#define SSL_R_UNSUPPORTED_CIPHER			 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257
B
Bodo Möller 已提交
3041
#define SSL_R_UNSUPPORTED_DIGEST_TYPE			 326
3042
#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE		 315
3043 3044
#define SSL_R_UNSUPPORTED_PROTOCOL			 258
#define SSL_R_UNSUPPORTED_SSL_VERSION			 259
3045
#define SSL_R_UNSUPPORTED_STATUS_TYPE			 329
D
Dr. Stephen Henson 已提交
3046
#define SSL_R_USE_SRTP_NOT_NEGOTIATED			 369
3047
#define SSL_R_WRITE_BIO_NOT_SET				 260
3048
#define SSL_R_WRONG_CERTIFICATE_TYPE			 383
3049
#define SSL_R_WRONG_CIPHER_RETURNED			 261
3050
#define SSL_R_WRONG_CURVE				 378
3051 3052 3053 3054
#define SSL_R_WRONG_MESSAGE_TYPE			 262
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263
#define SSL_R_WRONG_SIGNATURE_LENGTH			 264
#define SSL_R_WRONG_SIGNATURE_SIZE			 265
D
Dr. Stephen Henson 已提交
3055
#define SSL_R_WRONG_SIGNATURE_TYPE			 370
3056 3057 3058 3059
#define SSL_R_WRONG_SSL_VERSION				 266
#define SSL_R_WRONG_VERSION_NUMBER			 267
#define SSL_R_X509_LIB					 268
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269
D
Dr. Stephen Henson 已提交
3060

3061 3062 3063 3064
#ifdef  __cplusplus
}
#endif
#endif