ssl.h 135.2 KB
Newer Older
R
Rich Salz 已提交
1 2
/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3
 *
R
Rich Salz 已提交
4 5 6 7
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
8
 */
R
Rich Salz 已提交
9

B
Bodo Möller 已提交
10 11
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
12
 * ECC cipher suite support in OpenSSL originally developed by
B
Bodo Möller 已提交
13 14
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */
41

42 43
#ifndef HEADER_SSL_H
# define HEADER_SSL_H
44

45
# include <openssl/e_os2.h>
46
# include <openssl/opensslconf.h>
R
Rich Salz 已提交
47
# include <openssl/comp.h>
48
# include <openssl/bio.h>
49
# if OPENSSL_API_COMPAT < 0x10100000L
50
#  include <openssl/x509.h>
51 52 53 54 55 56
#  include <openssl/crypto.h>
#  include <openssl/lhash.h>
#  include <openssl/buffer.h>
# endif
# include <openssl/pem.h>
# include <openssl/hmac.h>
M
Matt Caswell 已提交
57
# include <openssl/async.h>
58

59 60
# include <openssl/safestack.h>
# include <openssl/symhacks.h>
R
Rich Salz 已提交
61
# include <openssl/ct.h>
62

63 64 65 66
#ifdef  __cplusplus
extern "C" {
#endif

R
Rich Salz 已提交
67
/* OpenSSL version number for ASN.1 encoding of the session information */
68 69
/*-
 * Version 0 - initial version
70 71
 * Version 1 - added the optional peer certificate
 */
72
# define SSL_SESSION_ASN1_VERSION 0x0001
73

74 75 76 77 78
# define SSL_MAX_SSL_SESSION_ID_LENGTH           32
# define SSL_MAX_SID_CTX_LENGTH                  32

# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
# define SSL_MAX_KEY_ARG_LENGTH                  8
M
Matt Caswell 已提交
79 80
# define SSL_MAX_MASTER_KEY_LENGTH               48
# define TLS13_MAX_RESUMPTION_MASTER_LENGTH      64
81

82 83 84
/* The maximum number of encrypt/decrypt pipelines we can support */
# define SSL_MAX_PIPELINES  32

85 86
/* text strings for the ciphers */

87
/* These are used to specify which ciphers to use and not to use */
88

89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
# define SSL_TXT_LOW             "LOW"
# define SSL_TXT_MEDIUM          "MEDIUM"
# define SSL_TXT_HIGH            "HIGH"
# define SSL_TXT_FIPS            "FIPS"

# define SSL_TXT_aNULL           "aNULL"
# define SSL_TXT_eNULL           "eNULL"
# define SSL_TXT_NULL            "NULL"

# define SSL_TXT_kRSA            "kRSA"
# define SSL_TXT_kDHr            "kDHr"
# define SSL_TXT_kDHd            "kDHd"
# define SSL_TXT_kDH             "kDH"
# define SSL_TXT_kEDH            "kEDH"/* alias for kDHE */
# define SSL_TXT_kDHE            "kDHE"
# define SSL_TXT_kECDHr          "kECDHr"
# define SSL_TXT_kECDHe          "kECDHe"
# define SSL_TXT_kECDH           "kECDH"
# define SSL_TXT_kEECDH          "kEECDH"/* alias for kECDHE */
# define SSL_TXT_kECDHE          "kECDHE"
# define SSL_TXT_kPSK            "kPSK"
110 111 112
# define SSL_TXT_kRSAPSK         "kRSAPSK"
# define SSL_TXT_kECDHEPSK       "kECDHEPSK"
# define SSL_TXT_kDHEPSK         "kDHEPSK"
113 114 115 116 117 118 119 120 121
# define SSL_TXT_kGOST           "kGOST"
# define SSL_TXT_kSRP            "kSRP"

# define SSL_TXT_aRSA            "aRSA"
# define SSL_TXT_aDSS            "aDSS"
# define SSL_TXT_aDH             "aDH"
# define SSL_TXT_aECDH           "aECDH"
# define SSL_TXT_aECDSA          "aECDSA"
# define SSL_TXT_aPSK            "aPSK"
122 123 124 125
# define SSL_TXT_aGOST94         "aGOST94"
# define SSL_TXT_aGOST01         "aGOST01"
# define SSL_TXT_aGOST12         "aGOST12"
# define SSL_TXT_aGOST           "aGOST"
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151
# define SSL_TXT_aSRP            "aSRP"

# define SSL_TXT_DSS             "DSS"
# define SSL_TXT_DH              "DH"
# define SSL_TXT_DHE             "DHE"/* same as "kDHE:-ADH" */
# define SSL_TXT_EDH             "EDH"/* alias for DHE */
# define SSL_TXT_ADH             "ADH"
# define SSL_TXT_RSA             "RSA"
# define SSL_TXT_ECDH            "ECDH"
# define SSL_TXT_EECDH           "EECDH"/* alias for ECDHE" */
# define SSL_TXT_ECDHE           "ECDHE"/* same as "kECDHE:-AECDH" */
# define SSL_TXT_AECDH           "AECDH"
# define SSL_TXT_ECDSA           "ECDSA"
# define SSL_TXT_PSK             "PSK"
# define SSL_TXT_SRP             "SRP"

# define SSL_TXT_DES             "DES"
# define SSL_TXT_3DES            "3DES"
# define SSL_TXT_RC4             "RC4"
# define SSL_TXT_RC2             "RC2"
# define SSL_TXT_IDEA            "IDEA"
# define SSL_TXT_SEED            "SEED"
# define SSL_TXT_AES128          "AES128"
# define SSL_TXT_AES256          "AES256"
# define SSL_TXT_AES             "AES"
# define SSL_TXT_AES_GCM         "AESGCM"
D
Dr. Stephen Henson 已提交
152
# define SSL_TXT_AES_CCM         "AESCCM"
D
Dr. Stephen Henson 已提交
153
# define SSL_TXT_AES_CCM_8       "AESCCM8"
154 155 156
# define SSL_TXT_CAMELLIA128     "CAMELLIA128"
# define SSL_TXT_CAMELLIA256     "CAMELLIA256"
# define SSL_TXT_CAMELLIA        "CAMELLIA"
A
Andy Polyakov 已提交
157
# define SSL_TXT_CHACHA20        "CHACHA20"
158
# define SSL_TXT_GOST            "GOST89"
159 160 161 162 163

# define SSL_TXT_MD5             "MD5"
# define SSL_TXT_SHA1            "SHA1"
# define SSL_TXT_SHA             "SHA"/* same as "SHA1" */
# define SSL_TXT_GOST94          "GOST94"
164 165 166
# define SSL_TXT_GOST89MAC       "GOST89MAC"
# define SSL_TXT_GOST12          "GOST12"
# define SSL_TXT_GOST89MAC12     "GOST89MAC12"
167 168 169 170 171 172 173 174 175
# define SSL_TXT_SHA256          "SHA256"
# define SSL_TXT_SHA384          "SHA384"

# define SSL_TXT_SSLV3           "SSLv3"
# define SSL_TXT_TLSV1           "TLSv1"
# define SSL_TXT_TLSV1_1         "TLSv1.1"
# define SSL_TXT_TLSV1_2         "TLSv1.2"

# define SSL_TXT_ALL             "ALL"
176

177
/*-
178 179 180 181 182 183 184 185 186 187 188 189 190
 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
 * ciphers normally not being used.
 * Example: "RC4" will activate all ciphers using RC4 including ciphers
 * without authentication, which would normally disabled by DEFAULT (due
 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
 * will make sure that it is also disabled in the specific selection.
 * COMPLEMENTOF* identifiers are portable between version, as adjustments
 * to the default cipher setup will also be included here.
 *
 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
 * DEFAULT gets, as only selection is being done and no sorting as needed
 * for DEFAULT.
 */
191 192 193 194 195 196 197
# define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
# define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"

/*
 * The following cipher list is used by default. It also is substituted when
 * an application-defined cipher list string starts with 'DEFAULT'.
 */
198
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
199 200
/*
 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
201
 * starts with a reasonable order, and all we have to do for DEFAULT is
202 203
 * throwing out anonymous and unencrypted ciphersuites! (The latter are not
 * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
204
 */
205

206
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
207 208
# define SSL_SENT_SHUTDOWN       1
# define SSL_RECEIVED_SHUTDOWN   2
209

210 211 212 213 214 215 216 217
#ifdef __cplusplus
}
#endif

#ifdef  __cplusplus
extern "C" {
#endif

218 219
# define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
# define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
220

221 222 223 224
/*
 * This is needed to stop compilers complaining about the 'struct ssl_st *'
 * function parameters used to prototype callbacks in SSL_CTX.
 */
225
typedef struct ssl_st *ssl_crock_st;
D
Dr. Stephen Henson 已提交
226
typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
227 228 229
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;
230
typedef struct tls_sigalgs_st TLS_SIGALGS;
231
typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
232
typedef struct ssl_comp_st SSL_COMP;
233

234 235
STACK_OF(SSL_CIPHER);
STACK_OF(SSL_COMP);
236

B
Ben Laurie 已提交
237
/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
238 239 240 241
typedef struct srtp_protection_profile_st {
    const char *name;
    unsigned long id;
} SRTP_PROTECTION_PROFILE;
B
Ben Laurie 已提交
242

243
DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
B
Ben Laurie 已提交
244

245 246 247 248 249 250
typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s,
                                             const unsigned char *data,
                                             int len, void *arg);
typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret,
                                         int *secret_len,
                                         STACK_OF(SSL_CIPHER) *peer_ciphers,
251
                                         const SSL_CIPHER **cipher, void *arg);
252

253 254 255 256 257 258 259 260 261
/* Extension context codes */
/* This extension is only allowed in TLS */
#define SSL_EXT_TLS_ONLY                        0x0001
/* This extension is only allowed in DTLS */
#define SSL_EXT_DTLS_ONLY                       0x0002
/* Some extensions may be allowed in DTLS but we don't implement them for it */
#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
#define SSL_EXT_SSL3_ALLOWED                    0x0008
262
/* Extension is only defined for TLS1.2 and below */
263 264 265
#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
/* Extension is only defined for TLS1.3 and above */
#define SSL_EXT_TLS1_3_ONLY                     0x0020
266 267 268
/* Ignore this extension during parsing if we are resuming */
#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
#define SSL_EXT_CLIENT_HELLO                    0x0080
269
/* Really means TLS1.2 or below */
270 271 272 273 274 275 276
#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
277

278
/* Typedefs for handling custom extensions */
D
Dr. Stephen Henson 已提交
279

280 281 282
typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type,
                                  const unsigned char **out,
                                  size_t *outlen, int *al, void *add_arg);
283

284 285
typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type,
                                    const unsigned char *out, void *add_arg);
D
Dr. Stephen Henson 已提交
286

287 288 289
typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
                                    const unsigned char *in,
                                    size_t inlen, int *al, void *parse_arg);
290

291

292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309
typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type,
                                         unsigned int context,
                                         const unsigned char **out,
                                         size_t *outlen, X509 *x,
                                         size_t chainidx,
                                         int *al, void *add_arg);

typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type,
                                           unsigned int context,
                                           const unsigned char *out,
                                           void *add_arg);

typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type,
                                           unsigned int context,
                                           const unsigned char *in,
                                           size_t inlen, X509 *x,
                                           size_t chainidx,
                                           int *al, void *parse_arg);
310

R
Rich Salz 已提交
311
/* Typedef for verification callback */
R
Rich Salz 已提交
312
typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
R
Rich Salz 已提交
313

314
/* Allow initial connection to servers that don't support RI */
D
Dr. Stephen Henson 已提交
315
# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U
316
/* Removed from OpenSSL 0.9.8q and 1.0.0c */
317
/* Dead forever, see CVE-2010-4180. */
D
Dr. Stephen Henson 已提交
318 319
# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0U
# define SSL_OP_TLSEXT_PADDING                           0x00000010U
320
# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0U
D
Dr. Stephen Henson 已提交
321
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
322 323
/* Ancient SSLeay version, retained for compatibility */
# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
324
# define SSL_OP_TLS_D5_BUG                               0x0U
325
/* Removed from OpenSSL 1.1.0 */
D
Dr. Stephen Henson 已提交
326
# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0U
327

328
/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
329
# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
330
/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
331
# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
K
Kurt Roeckx 已提交
332
/* Related to removed SSLv2 */
333 334 335 336 337 338 339 340 341 342
# define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x0
# define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x0

/*
 * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
 * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
 * workaround is not needed.  Unfortunately some broken SSL/TLS
 * implementations cannot handle it at all, which is why we include it in
 * SSL_OP_ALL.
 */
343
/* added in 0.9.6e */
D
Dr. Stephen Henson 已提交
344
# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800U
345

346 347 348 349
/*
 * SSL_OP_ALL: various bug workarounds that should be rather harmless.  This
 * used to be 0x000FFFFFL before 0.9.7.
 */
D
Dr. Stephen Henson 已提交
350
# define SSL_OP_ALL                                      0x80000BFFU
351

B
Ben Laurie 已提交
352
/* DTLS options */
D
Dr. Stephen Henson 已提交
353
# define SSL_OP_NO_QUERY_MTU                 0x00001000U
B
Ben Laurie 已提交
354
/* Turn on Cookie Exchange (on relevant for servers) */
D
Dr. Stephen Henson 已提交
355
# define SSL_OP_COOKIE_EXCHANGE              0x00002000U
356
/* Don't use RFC4507 ticket extension */
D
Dr. Stephen Henson 已提交
357
# define SSL_OP_NO_TICKET                    0x00004000U
358 359 360 361 362
# ifndef OPENSSL_NO_DTLS1_METHOD
/* Use Cisco's "speshul" version of DTLS_BAD_VER
 * (only with deprecated DTLSv1_client_method())  */
#  define SSL_OP_CISCO_ANYCONNECT             0x00008000U
# endif
B
Ben Laurie 已提交
363

364
/* As server, disallow session resumption on renegotiation */
D
Dr. Stephen Henson 已提交
365
# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000U
366
/* Don't use compression even if supported */
D
Dr. Stephen Henson 已提交
367
# define SSL_OP_NO_COMPRESSION                           0x00020000U
368
/* Permit unsafe legacy renegotiation */
D
Dr. Stephen Henson 已提交
369
# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000U
D
David Woodhouse 已提交
370 371
/* Disable encrypt-then-mac */
# define SSL_OP_NO_ENCRYPT_THEN_MAC                      0x00080000U
372 373
/* Does nothing: retained for compatibility */
# define SSL_OP_SINGLE_ECDH_USE                          0x0
374 375
/* Does nothing: retained for compatibility */
# define SSL_OP_SINGLE_DH_USE                            0x0
F
FdaSilvaYY 已提交
376
/* Does nothing: retained for compatibility */
377 378 379 380
# define SSL_OP_EPHEMERAL_RSA                            0x0
/*
 * Set on servers to choose the cipher according to the server's preferences
 */
D
Dr. Stephen Henson 已提交
381
# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000U
382 383 384
/*
 * If set, a server will allow a client to issue a SSLv3.0 version number as
 * latest version supported in the premaster secret, even when TLSv1.0
385
 * (version 3.1) was announced in the client hello. Normally this is
386 387
 * forbidden to prevent version rollback attacks.
 */
D
Dr. Stephen Henson 已提交
388
# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000U
389

D
Dr. Stephen Henson 已提交
390 391 392 393 394
# define SSL_OP_NO_SSLv2                                 0x00000000U
# define SSL_OP_NO_SSLv3                                 0x02000000U
# define SSL_OP_NO_TLSv1                                 0x04000000U
# define SSL_OP_NO_TLSv1_2                               0x08000000U
# define SSL_OP_NO_TLSv1_1                               0x10000000U
395
# define SSL_OP_NO_TLSv1_3                               0x20000000U
396

D
Dr. Stephen Henson 已提交
397 398
# define SSL_OP_NO_DTLSv1                                0x04000000U
# define SSL_OP_NO_DTLSv1_2                              0x08000000U
D
Dr. Stephen Henson 已提交
399

400
# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
401
        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)
402 403
# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)

404

R
Rich Salz 已提交
405
/* Removed from previous versions */
406 407
# define SSL_OP_PKCS1_CHECK_1                            0x0
# define SSL_OP_PKCS1_CHECK_2                            0x0
408
# define SSL_OP_NETSCAPE_CA_DN_BUG                       0x0
D
Dr. Stephen Henson 已提交
409
# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x0U
410 411 412 413 414
/*
 * Make server add server-hello extension from early version of cryptopro
 * draft, when GOST ciphersuite is negotiated. Required for interoperability
 * with CryptoPro CSP 3.x
 */
D
Dr. Stephen Henson 已提交
415
# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000U
416 417 418 419

/*
 * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
 * when just a single record has been written):
420
 */
D
Dr. Stephen Henson 已提交
421
# define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001U
422 423 424 425 426 427
/*
 * Make it possible to retry SSL_write() with changed buffer location (buffer
 * contents must stay the same!); this is not the default to avoid the
 * misconception that non-blocking SSL_write() behaves like non-blocking
 * write():
 */
D
Dr. Stephen Henson 已提交
428
# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U
429 430 431
/*
 * Never bother the application with retries if the transport is blocking:
 */
D
Dr. Stephen Henson 已提交
432
# define SSL_MODE_AUTO_RETRY 0x00000004U
433
/* Don't attempt to automatically build certificate chain */
D
Dr. Stephen Henson 已提交
434
# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U
435 436 437 438 439
/*
 * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
 * TLS only.) "Released" buffers are put onto a free-list in the context or
 * just freed (depending on the context's setting for freelist_max_len).
 */
D
Dr. Stephen Henson 已提交
440
# define SSL_MODE_RELEASE_BUFFERS 0x00000010U
441 442
/*
 * Send the current time in the Random fields of the ClientHello and
443 444 445
 * ServerHello records for compatibility with hypothetical implementations
 * that require it.
 */
D
Dr. Stephen Henson 已提交
446 447
# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U
# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U
448 449 450 451 452 453 454
/*
 * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
 * that reconnect with a downgraded protocol version; see
 * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
 * application attempts a normal handshake. Only use this in explicit
 * fallback retries, following the guidance in
 * draft-ietf-tls-downgrade-scsv-00.
455
 */
D
Dr. Stephen Henson 已提交
456
# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U
M
Matt Caswell 已提交
457 458 459 460
/*
 * Support Asynchronous operation
 */
# define SSL_MODE_ASYNC 0x00000100U
461

462
/* Cert related flags */
463 464
/*
 * Many implementations ignore some aspects of the TLS standards such as
F
FdaSilvaYY 已提交
465
 * enforcing certificate chain algorithms. When this is set we enforce them.
466
 */
D
Dr. Stephen Henson 已提交
467
# define SSL_CERT_FLAG_TLS_STRICT                0x00000001U
468 469

/* Suite B modes, takes same values as certificate verify flags */
470
# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY       0x10000
471
/* Suite B 192 bit only mode */
472
# define SSL_CERT_FLAG_SUITEB_192_LOS            0x20000
473
/* Suite B 128 bit mode allowing 192 bit algorithms */
474
# define SSL_CERT_FLAG_SUITEB_128_LOS            0x30000
475

476
/* Perform all sorts of protocol violations for testing purposes */
477
# define SSL_CERT_FLAG_BROKEN_PROTOCOL           0x10000000
478

479 480
/* Flags for building certificate chains */
/* Treat any existing certificates as untrusted CAs */
481
# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED          0x1
D
typo  
Dr. Stephen Henson 已提交
482
/* Don't include root CA in chain */
483
# define SSL_BUILD_CHAIN_FLAG_NO_ROOT            0x2
D
Dr. Stephen Henson 已提交
484
/* Just check certificates already there */
485
# define SSL_BUILD_CHAIN_FLAG_CHECK              0x4
D
Dr. Stephen Henson 已提交
486
/* Ignore verification errors */
487
# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR       0x8
488
/* Clear verification errors from queue */
489
# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR        0x10
490

491 492
/* Flags returned by SSL_check_chain */
/* Certificate can be used with this session */
493
# define CERT_PKEY_VALID         0x1
494
/* Certificate can also be used for signing */
495
# define CERT_PKEY_SIGN          0x2
496
/* EE certificate signing algorithm OK */
497
# define CERT_PKEY_EE_SIGNATURE  0x10
498
/* CA signature algorithms OK */
499
# define CERT_PKEY_CA_SIGNATURE  0x20
500
/* EE certificate parameters OK */
501
# define CERT_PKEY_EE_PARAM      0x40
502
/* CA certificate parameters OK */
503
# define CERT_PKEY_CA_PARAM      0x80
504
/* Signing explicitly allowed as opposed to SHA1 fallback */
505
# define CERT_PKEY_EXPLICIT_SIGN 0x100
506
/* Client CA issuer names match (always set for server cert) */
507
# define CERT_PKEY_ISSUER_NAME   0x200
508
/* Cert type matches client types (always set for server cert) */
509
# define CERT_PKEY_CERT_TYPE     0x400
510
/* Cert chain suitable to Suite B */
511 512 513 514 515 516 517 518
# define CERT_PKEY_SUITEB        0x800

# define SSL_CONF_FLAG_CMDLINE           0x1
# define SSL_CONF_FLAG_FILE              0x2
# define SSL_CONF_FLAG_CLIENT            0x4
# define SSL_CONF_FLAG_SERVER            0x8
# define SSL_CONF_FLAG_SHOW_ERRORS       0x10
# define SSL_CONF_FLAG_CERTIFICATE       0x20
519
# define SSL_CONF_FLAG_REQUIRE_PRIVATE   0x40
D
Dr. Stephen Henson 已提交
520
/* Configuration value types */
521 522 523 524
# define SSL_CONF_TYPE_UNKNOWN           0x0
# define SSL_CONF_TYPE_STRING            0x1
# define SSL_CONF_TYPE_FILE              0x2
# define SSL_CONF_TYPE_DIR               0x3
525
# define SSL_CONF_TYPE_NONE              0x4
526 527 528 529 530 531

/*
 * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
 * cannot be used to clear bits.
 */

532 533 534 535 536 537
unsigned long SSL_CTX_get_options(const SSL_CTX *ctx);
unsigned long SSL_get_options(const SSL* s);
unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
unsigned long SSL_clear_options(SSL *s, unsigned long op);
unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
unsigned long SSL_set_options(SSL *s, unsigned long op);
538

539 540 541 542 543 544 545 546 547 548 549
# define SSL_CTX_set_mode(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
# define SSL_CTX_clear_mode(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
# define SSL_CTX_get_mode(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
# define SSL_clear_mode(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
# define SSL_set_mode(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
# define SSL_get_mode(ssl) \
550
        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
551
# define SSL_set_mtu(ssl, mtu) \
B
Ben Laurie 已提交
552
        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
553
# define DTLS_set_link_mtu(ssl, mtu) \
554
        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
555
# define DTLS_get_link_min_mtu(ssl) \
556
        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
557

558 559
# define SSL_get_secure_renegotiation_support(ssl) \
        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
560

561 562 563 564 565
# ifndef OPENSSL_NO_HEARTBEATS
#  define SSL_heartbeat(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
# endif

566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585
# define SSL_CTX_set_cert_flags(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
# define SSL_set_cert_flags(s,op) \
        SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL)
# define SSL_CTX_clear_cert_flags(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
# define SSL_clear_cert_flags(s,op) \
        SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)

void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
                              void (*cb) (int write_p, int version,
                                          int content_type, const void *buf,
                                          size_t len, SSL *ssl, void *arg));
void SSL_set_msg_callback(SSL *ssl,
                          void (*cb) (int write_p, int version,
                                      int content_type, const void *buf,
                                      size_t len, SSL *ssl, void *arg));
# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

586 587 588
# define SSL_get_extms_support(s) \
        SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)

589 590
# ifndef OPENSSL_NO_SRP

B
Ben Laurie 已提交
591
/* see tls_srp.c */
M
Matt Caswell 已提交
592 593
__owur int SSL_SRP_CTX_init(SSL *s);
__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
B
Ben Laurie 已提交
594 595
int SSL_SRP_CTX_free(SSL *ctx);
int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
M
Matt Caswell 已提交
596 597
__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
__owur int SRP_Calc_A_param(SSL *s);
B
Ben Laurie 已提交
598

599
# endif
600

601 602
/* 100k max cert list */
# define SSL_MAX_CERT_LIST_DEFAULT 1024*100
603

604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619
# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)

/*
 * This callback type is used inside SSL_CTX, SSL, and in the functions that
 * set them. It is used to override the generation of SSL/TLS session IDs in
 * a server. Return value should be zero on an error, non-zero to proceed.
 * Also, callbacks should themselves check if the id they generate is unique
 * otherwise the SSL handshake will fail with an error - callbacks can do
 * this using the 'ssl' value they're passed by;
 * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
 * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32
 * bytes. The callback can alter this length to be less if desired. It is
 * also an error for the callback to set the size to zero.
 */
typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,
                               unsigned int *id_len);
620

621 622 623 624 625
# define SSL_SESS_CACHE_OFF                      0x0000
# define SSL_SESS_CACHE_CLIENT                   0x0001
# define SSL_SESS_CACHE_SERVER                   0x0002
# define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
# define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
626
/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
627 628 629 630
# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
# define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
# define SSL_SESS_CACHE_NO_INTERNAL \
        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
631

B
Ben Laurie 已提交
632
LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672
# define SSL_CTX_sess_number(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
# define SSL_CTX_sess_connect(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
# define SSL_CTX_sess_connect_good(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
# define SSL_CTX_sess_connect_renegotiate(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
# define SSL_CTX_sess_accept(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
# define SSL_CTX_sess_accept_renegotiate(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
# define SSL_CTX_sess_accept_good(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
# define SSL_CTX_sess_hits(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
# define SSL_CTX_sess_cb_hits(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
# define SSL_CTX_sess_misses(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
# define SSL_CTX_sess_timeouts(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
# define SSL_CTX_sess_cache_full(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)

void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
                             int (*new_session_cb) (struct ssl_st *ssl,
                                                    SSL_SESSION *sess));
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
                                              SSL_SESSION *sess);
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
                                void (*remove_session_cb) (struct ssl_ctx_st
                                                           *ctx,
                                                           SSL_SESSION
                                                           *sess));
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
                                                  SSL_SESSION *sess);
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
                             SSL_SESSION *(*get_session_cb) (struct ssl_st
                                                             *ssl,
E
Emilia Kasper 已提交
673
                                                             const unsigned char
674 675 676
                                                             *data, int len,
                                                             int *copy));
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
E
Emilia Kasper 已提交
677
                                                       const unsigned char *data,
678 679 680 681 682 683 684 685 686 687 688 689
                                                       int len, int *copy);
void SSL_CTX_set_info_callback(SSL_CTX *ctx,
                               void (*cb) (const SSL *ssl, int type,
                                           int val));
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
                                                 int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
                                                       EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
                                                 EVP_PKEY **pkey);
# ifndef OPENSSL_NO_ENGINE
M
Matt Caswell 已提交
690
__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
691 692 693 694 695 696 697 698 699
# endif
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
                                    int (*app_gen_cookie_cb) (SSL *ssl,
                                                              unsigned char
                                                              *cookie,
                                                              unsigned int
                                                              *cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
                                  int (*app_verify_cookie_cb) (SSL *ssl,
E
Emilia Kasper 已提交
700
                                                               const unsigned char
701 702 703 704
                                                               *cookie,
                                                               unsigned int
                                                               cookie_len));
# ifndef OPENSSL_NO_NEXTPROTONEG
705 706 707 708 709

typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl,
                                              const unsigned char **out,
                                              unsigned int *outlen,
                                              void *arg);
B
Ben Laurie 已提交
710
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
711 712 713 714 715 716 717 718 719 720
                                   SSL_CTX_npn_advertised_cb_func cb,
                                   void *arg);
#  define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb

typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s,
                                          unsigned char **out,
                                          unsigned char *outlen,
                                          const unsigned char *in,
                                          unsigned int inlen,
                                          void *arg);
B
Ben Laurie 已提交
721
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
722
                                      SSL_CTX_npn_select_cb_func cb,
R
Rich Salz 已提交
723
                                      void *arg);
724 725
#  define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb

726
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
727
                                    unsigned *len);
728
#  define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
729
# endif
B
Ben Laurie 已提交
730

M
Matt Caswell 已提交
731
__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
732 733 734
                          const unsigned char *in, unsigned int inlen,
                          const unsigned char *client,
                          unsigned int client_len);
B
Ben Laurie 已提交
735

736 737 738 739
# define OPENSSL_NPN_UNSUPPORTED 0
# define OPENSSL_NPN_NEGOTIATED  1
# define OPENSSL_NPN_NO_OVERLAP  2

M
Matt Caswell 已提交
740
__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
T
Todd Short 已提交
741
                                   unsigned int protos_len);
M
Matt Caswell 已提交
742
__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
T
Todd Short 已提交
743
                               unsigned int protos_len);
744
typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl,
745 746 747 748
                                           const unsigned char **out,
                                           unsigned char *outlen,
                                           const unsigned char *in,
                                           unsigned int inlen,
749 750 751 752
                                           void *arg);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
                                SSL_CTX_alpn_select_cb_func cb,
                                void *arg);
A
Adam Langley 已提交
753
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
T
Todd Short 已提交
754
                            unsigned int *len);
755 756 757 758 759 760 761 762

# ifndef OPENSSL_NO_PSK
/*
 * the maximum length of the buffer given to callbacks containing the
 * resulting identity/psk
 */
#  define PSK_MAX_IDENTITY_LEN 128
#  define PSK_MAX_PSK_LEN 256
763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778
typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
                                               const char *hint,
                                               char *identity,
                                               unsigned int max_identity_len,
                                               unsigned char *psk,
                                               unsigned int max_psk_len);
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);

typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
                                               const char *identity,
                                               unsigned char *psk,
                                               unsigned int max_psk_len);
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);

M
Matt Caswell 已提交
779 780
__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
781 782
const char *SSL_get_psk_identity_hint(const SSL *s);
const char *SSL_get_psk_identity(const SSL *s);
783
# endif
784

785 786
/* Register callbacks to handle custom TLS Extensions for client or server. */

787 788 789
__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx,
                                         unsigned int ext_type);

M
Matt Caswell 已提交
790
__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
791 792 793 794 795
                                  custom_ext_add_cb add_cb,
                                  custom_ext_free_cb free_cb,
                                  void *add_arg,
                                  custom_ext_parse_cb parse_cb,
                                  void *parse_arg);
796

M
Matt Caswell 已提交
797
__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
798 799 800 801 802
                                  custom_ext_add_cb add_cb,
                                  custom_ext_free_cb free_cb,
                                  void *add_arg,
                                  custom_ext_parse_cb parse_cb,
                                  void *parse_arg);
803

804 805
__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
                                  unsigned int context,
806 807
                                  SSL_custom_ext_add_cb_ex add_cb,
                                  SSL_custom_ext_free_cb_ex free_cb,
808
                                  void *add_arg,
809
                                  SSL_custom_ext_parse_cb_ex parse_cb,
810 811
                                  void *parse_arg);

M
Matt Caswell 已提交
812
__owur int SSL_extension_supported(unsigned int ext_type);
813

M
Matt Caswell 已提交
814 815 816 817 818
# define SSL_NOTHING            1
# define SSL_WRITING            2
# define SSL_READING            3
# define SSL_X509_LOOKUP        4
# define SSL_ASYNC_PAUSED       5
M
Matt Caswell 已提交
819
# define SSL_ASYNC_NO_JOBS      6
B
Benjamin Kaduk 已提交
820
# define SSL_EARLY_WORK         7
821 822

/* These will only be used when doing non-blocking IO */
823 824 825 826
# define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
# define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
# define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
M
Matt Caswell 已提交
827
# define SSL_want_async(s)       (SSL_want(s) == SSL_ASYNC_PAUSED)
M
Matt Caswell 已提交
828
# define SSL_want_async_job(s)   (SSL_want(s) == SSL_ASYNC_NO_JOBS)
B
Benjamin Kaduk 已提交
829
# define SSL_want_early(s)       (SSL_want(s) == SSL_EARLY_WORK)
830

831 832
# define SSL_MAC_FLAG_READ_MAC_STREAM 1
# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
833

834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852
/*
 * A callback for logging out TLS key material. This callback should log out
 * |line| followed by a newline.
 */
typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);

/*
 * SSL_CTX_set_keylog_callback configures a callback to log key material. This
 * is intended for debugging use with tools like Wireshark. The cb function
 * should log line followed by a newline.
 */
void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);

/*
 * SSL_CTX_get_keylog_callback returns the callback configured by
 * SSL_CTX_set_keylog_callback.
 */
SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);

853
int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
854
uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
855
int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
856
uint32_t SSL_get_max_early_data(const SSL *s);
857

858 859 860 861
#ifdef __cplusplus
}
#endif

862 863 864 865 866
# include <openssl/ssl2.h>
# include <openssl/ssl3.h>
# include <openssl/tls1.h>      /* This is mostly sslv3 with a few tweaks */
# include <openssl/dtls1.h>     /* Datagram TLS */
# include <openssl/srtp.h>      /* Support for the use_srtp extension */
867

868 869 870 871
#ifdef  __cplusplus
extern "C" {
#endif

872 873 874 875 876 877 878
/*
 * These need to be after the above set of includes due to a compiler bug
 * in VisualStudio 2015
 */
DEFINE_STACK_OF_CONST(SSL_CIPHER)
DEFINE_STACK_OF(SSL_COMP)

U
Ulf Möller 已提交
879
/* compatibility */
880
# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)(arg)))
881
# define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
882 883
# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0, \
                                                                  (char *)(a)))
884 885
# define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
# define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
886 887
# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0, \
                                                              (char *)(arg)))
R
Rich Salz 已提交
888
DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
889

890
/* TLSv1.3 KeyUpdate message types */
891 892 893 894 895
/* -1 used so that this is an invalid value for the on-the-wire protocol */
#define SSL_KEY_UPDATE_NONE             -1
/* Values as defined for the on-the-wire protocol */
#define SSL_KEY_UPDATE_NOT_REQUESTED     0
#define SSL_KEY_UPDATE_REQUESTED         1
M
Matt Caswell 已提交
896 897 898 899 900 901 902 903 904 905 906 907 908

/*
 * The valid handshake states (one for each type message sent and one for each
 * type of message received). There are also two "special" states:
 * TLS = TLS or DTLS state
 * DTLS = DTLS specific state
 * CR/SR = Client Read/Server Read
 * CW/SW = Client Write/Server Write
 *
 * The "special" states are:
 * TLS_ST_BEFORE = No handshake has been initiated yet
 * TLS_ST_OK = A handshake has been successfully completed
 */
909
typedef enum {
M
Matt Caswell 已提交
910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945
    TLS_ST_BEFORE,
    TLS_ST_OK,
    DTLS_ST_CR_HELLO_VERIFY_REQUEST,
    TLS_ST_CR_SRVR_HELLO,
    TLS_ST_CR_CERT,
    TLS_ST_CR_CERT_STATUS,
    TLS_ST_CR_KEY_EXCH,
    TLS_ST_CR_CERT_REQ,
    TLS_ST_CR_SRVR_DONE,
    TLS_ST_CR_SESSION_TICKET,
    TLS_ST_CR_CHANGE,
    TLS_ST_CR_FINISHED,
    TLS_ST_CW_CLNT_HELLO,
    TLS_ST_CW_CERT,
    TLS_ST_CW_KEY_EXCH,
    TLS_ST_CW_CERT_VRFY,
    TLS_ST_CW_CHANGE,
    TLS_ST_CW_NEXT_PROTO,
    TLS_ST_CW_FINISHED,
    TLS_ST_SW_HELLO_REQ,
    TLS_ST_SR_CLNT_HELLO,
    DTLS_ST_SW_HELLO_VERIFY_REQUEST,
    TLS_ST_SW_SRVR_HELLO,
    TLS_ST_SW_CERT,
    TLS_ST_SW_KEY_EXCH,
    TLS_ST_SW_CERT_REQ,
    TLS_ST_SW_SRVR_DONE,
    TLS_ST_SR_CERT,
    TLS_ST_SR_KEY_EXCH,
    TLS_ST_SR_CERT_VRFY,
    TLS_ST_SR_NEXT_PROTO,
    TLS_ST_SR_CHANGE,
    TLS_ST_SR_FINISHED,
    TLS_ST_SW_SESSION_TICKET,
    TLS_ST_SW_CERT_STATUS,
    TLS_ST_SW_CHANGE,
M
Matt Caswell 已提交
946 947
    TLS_ST_SW_FINISHED,
    TLS_ST_SW_ENCRYPTED_EXTENSIONS,
948 949
    TLS_ST_CR_ENCRYPTED_EXTENSIONS,
    TLS_ST_CR_CERT_VRFY,
950
    TLS_ST_SW_CERT_VRFY,
951
    TLS_ST_CR_HELLO_REQ,
952
    TLS_ST_SW_HELLO_RETRY_REQUEST,
953 954
    TLS_ST_CR_HELLO_RETRY_REQUEST,
    TLS_ST_SW_KEY_UPDATE,
955 956
    TLS_ST_CW_KEY_UPDATE,
    TLS_ST_SR_KEY_UPDATE,
957
    TLS_ST_CR_KEY_UPDATE,
958
    TLS_ST_EARLY_DATA,
959 960 961
    TLS_ST_PENDING_EARLY_DATA_END,
    TLS_ST_CW_END_OF_EARLY_DATA,
    TLS_ST_SR_END_OF_EARLY_DATA
962
} OSSL_HANDSHAKE_STATE;
M
Matt Caswell 已提交
963

964
/*
M
Matt Caswell 已提交
965 966 967 968 969
 * Most of the following state values are no longer used and are defined to be
 * the closest equivalent value in the current state machine code. Not all
 * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT
 * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP,
 * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT.
970 971 972 973
 */

# define SSL_ST_CONNECT                  0x1000
# define SSL_ST_ACCEPT                   0x2000
M
Matt Caswell 已提交
974

975 976 977 978 979 980 981 982 983 984 985 986 987 988 989
# define SSL_ST_MASK                     0x0FFF

# define SSL_CB_LOOP                     0x01
# define SSL_CB_EXIT                     0x02
# define SSL_CB_READ                     0x04
# define SSL_CB_WRITE                    0x08
# define SSL_CB_ALERT                    0x4000/* used in callback */
# define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
# define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
# define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
# define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
# define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
# define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
# define SSL_CB_HANDSHAKE_START          0x10
# define SSL_CB_HANDSHAKE_DONE           0x20
990 991

/* Is the SSL_connection established? */
992 993
# define SSL_in_connect_init(a)          (SSL_in_init(a) && !SSL_is_server(a))
# define SSL_in_accept_init(a)           (SSL_in_init(a) && SSL_is_server(a))
M
Matt Caswell 已提交
994 995 996
int SSL_in_init(SSL *s);
int SSL_in_before(SSL *s);
int SSL_is_init_finished(SSL *s);
997 998

/*
999 1000
 * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
 * should not need these
1001 1002 1003 1004
 */
# define SSL_ST_READ_HEADER                      0xF0
# define SSL_ST_READ_BODY                        0xF1
# define SSL_ST_READ_DONE                        0xF2
1005

1006 1007
/*-
 * Obtain latest Finished message
1008 1009
 *   -- that we sent (SSL_get_finished)
 *   -- that we expected from peer (SSL_get_peer_finished).
1010 1011
 * Returns length (0 == no Finished so far), copies up to 'count' bytes.
 */
B
Ben Laurie 已提交
1012 1013
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1014

1015 1016 1017 1018 1019 1020 1021 1022
/*
 * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
 * 'ored' with SSL_VERIFY_PEER if they are desired
 */
# define SSL_VERIFY_NONE                 0x00
# define SSL_VERIFY_PEER                 0x01
# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
# define SSL_VERIFY_CLIENT_ONCE          0x04
1023

1024
# define OpenSSL_add_ssl_algorithms()    SSL_library_init()
1025 1026 1027
# if OPENSSL_API_COMPAT < 0x10100000L
#  define SSLeay_add_ssl_algorithms()    SSL_library_init()
# endif
1028

U
Ulf Möller 已提交
1029
/* More backward compatibility */
1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044
# define SSL_get_cipher(s) \
                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
# define SSL_get_cipher_bits(s,np) \
                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
# define SSL_get_cipher_version(s) \
                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
# define SSL_get_cipher_name(s) \
                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
# define SSL_get_time(a)         SSL_SESSION_get_time(a)
# define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
# define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
# define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))

# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
D
Dr. Stephen Henson 已提交
1045 1046

DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1047 1048
# define SSL_AD_REASON_OFFSET            1000/* offset to get SSL_R_... value
                                              * from SSL_AD_... */
1049
/* These alert types are for SSLv3 and TLSv1 */
1050
# define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
1051
/* fatal */
1052
# define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE
1053
/* fatal */
1054 1055 1056
# define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC
# define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
# define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
1057
/* fatal */
1058
# define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE
1059
/* fatal */
1060
# define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE
1061
/* Not for TLS */
1062 1063 1064 1065 1066 1067
# define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE
# define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
# define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
# define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
# define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
# define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
1068
/* fatal */
1069
# define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER
1070
/* fatal */
1071
# define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA
1072
/* fatal */
1073
# define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED
1074
/* fatal */
1075 1076
# define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR
# define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
1077
/* fatal */
1078
# define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION
1079
/* fatal */
1080
# define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION
1081
/* fatal */
1082
# define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY
1083
/* fatal */
1084 1085 1086
# define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR
# define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
# define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
1087
# define SSL_AD_MISSING_EXTENSION        TLS13_AD_MISSING_EXTENSION
1088
# define SSL_AD_CERTIFICATE_REQUIRED     TLS13_AD_CERTIFICATE_REQUIRED
1089 1090 1091 1092 1093
# define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
# define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1094
/* fatal */
1095
# define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
1096
/* fatal */
1097
# define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK
1098
# define SSL_AD_NO_APPLICATION_PROTOCOL  TLS1_AD_NO_APPLICATION_PROTOCOL
1099 1100 1101 1102 1103 1104 1105 1106 1107 1108
# define SSL_ERROR_NONE                  0
# define SSL_ERROR_SSL                   1
# define SSL_ERROR_WANT_READ             2
# define SSL_ERROR_WANT_WRITE            3
# define SSL_ERROR_WANT_X509_LOOKUP      4
# define SSL_ERROR_SYSCALL               5/* look at error stack/return
                                           * value/errno */
# define SSL_ERROR_ZERO_RETURN           6
# define SSL_ERROR_WANT_CONNECT          7
# define SSL_ERROR_WANT_ACCEPT           8
M
Matt Caswell 已提交
1109
# define SSL_ERROR_WANT_ASYNC            9
M
Matt Caswell 已提交
1110
# define SSL_ERROR_WANT_ASYNC_JOB       10
B
Benjamin Kaduk 已提交
1111
# define SSL_ERROR_WANT_EARLY           11
1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122
# define SSL_CTRL_SET_TMP_DH                     3
# define SSL_CTRL_SET_TMP_ECDH                   4
# define SSL_CTRL_SET_TMP_DH_CB                  6
# define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
# define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
# define SSL_CTRL_GET_FLAGS                      13
# define SSL_CTRL_EXTRA_CHAIN_CERT               14
# define SSL_CTRL_SET_MSG_CALLBACK               15
# define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
B
Ben Laurie 已提交
1123
/* only applies to datagram connections */
1124
# define SSL_CTRL_SET_MTU                17
1125
/* Stats */
1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147
# define SSL_CTRL_SESS_NUMBER                    20
# define SSL_CTRL_SESS_CONNECT                   21
# define SSL_CTRL_SESS_CONNECT_GOOD              22
# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
# define SSL_CTRL_SESS_ACCEPT                    24
# define SSL_CTRL_SESS_ACCEPT_GOOD               25
# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
# define SSL_CTRL_SESS_HIT                       27
# define SSL_CTRL_SESS_CB_HIT                    28
# define SSL_CTRL_SESS_MISSES                    29
# define SSL_CTRL_SESS_TIMEOUTS                  30
# define SSL_CTRL_SESS_CACHE_FULL                31
# define SSL_CTRL_MODE                           33
# define SSL_CTRL_GET_READ_AHEAD                 40
# define SSL_CTRL_SET_READ_AHEAD                 41
# define SSL_CTRL_SET_SESS_CACHE_SIZE            42
# define SSL_CTRL_GET_SESS_CACHE_SIZE            43
# define SSL_CTRL_SET_SESS_CACHE_MODE            44
# define SSL_CTRL_GET_SESS_CACHE_MODE            45
# define SSL_CTRL_GET_MAX_CERT_LIST              50
# define SSL_CTRL_SET_MAX_CERT_LIST              51
# define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
B
Bodo Möller 已提交
1148
/* see tls1.h for macros based on these */
1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175
# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
# define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
# define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60 */
/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
# define SSL_CTRL_SET_SRP_ARG            78
# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
1176 1177 1178 1179 1180
# ifndef OPENSSL_NO_HEARTBEATS
#  define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT               85
#  define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING        86
#  define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS    87
# endif
1181 1182 1183 1184 1185 1186 1187 1188 1189
# define DTLS_CTRL_GET_TIMEOUT           73
# define DTLS_CTRL_HANDLE_TIMEOUT        74
# define SSL_CTRL_GET_RI_SUPPORT                 76
# define SSL_CTRL_CLEAR_MODE                     78
# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB      79
# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
# define SSL_CTRL_CHAIN                          88
# define SSL_CTRL_CHAIN_CERT                     89
1190 1191 1192 1193
# define SSL_CTRL_GET_GROUPS                     90
# define SSL_CTRL_SET_GROUPS                     91
# define SSL_CTRL_SET_GROUPS_LIST                92
# define SSL_CTRL_GET_SHARED_GROUP               93
1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214
# define SSL_CTRL_SET_SIGALGS                    97
# define SSL_CTRL_SET_SIGALGS_LIST               98
# define SSL_CTRL_CERT_FLAGS                     99
# define SSL_CTRL_CLEAR_CERT_FLAGS               100
# define SSL_CTRL_SET_CLIENT_SIGALGS             101
# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST        102
# define SSL_CTRL_GET_CLIENT_CERT_TYPES          103
# define SSL_CTRL_SET_CLIENT_CERT_TYPES          104
# define SSL_CTRL_BUILD_CERT_CHAIN               105
# define SSL_CTRL_SET_VERIFY_CERT_STORE          106
# define SSL_CTRL_SET_CHAIN_CERT_STORE           107
# define SSL_CTRL_GET_PEER_SIGNATURE_NID         108
# define SSL_CTRL_GET_SERVER_TMP_KEY             109
# define SSL_CTRL_GET_RAW_CIPHERLIST             110
# define SSL_CTRL_GET_EC_POINT_FORMATS           111
# define SSL_CTRL_GET_CHAIN_CERTS                115
# define SSL_CTRL_SELECT_CURRENT_CERT            116
# define SSL_CTRL_SET_CURRENT_CERT               117
# define SSL_CTRL_SET_DH_AUTO                    118
# define DTLS_CTRL_SET_LINK_MTU                  120
# define DTLS_CTRL_GET_LINK_MIN_MTU              121
1215
# define SSL_CTRL_GET_EXTMS_SUPPORT              122
1216 1217
# define SSL_CTRL_SET_MIN_PROTO_VERSION          123
# define SSL_CTRL_SET_MAX_PROTO_VERSION          124
1218 1219
# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT        125
# define SSL_CTRL_SET_MAX_PIPELINES              126
1220
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE     127
1221 1222
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB       128
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG   129
1223 1224 1225 1226
# define SSL_CERT_SET_FIRST                      1
# define SSL_CERT_SET_NEXT                       2
# define SSL_CERT_SET_SERVER                     3
# define DTLSv1_get_timeout(ssl, arg) \
1227
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg))
1228 1229 1230 1231 1232 1233 1234 1235 1236
# define DTLSv1_handle_timeout(ssl) \
        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
# define SSL_num_renegotiations(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
# define SSL_clear_num_renegotiations(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
# define SSL_total_renegotiations(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
# define SSL_CTX_set_tmp_dh(ctx,dh) \
1237
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
1238
# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
1239
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
1240 1241 1242 1243 1244
# define SSL_CTX_set_dh_auto(ctx, onoff) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_set_dh_auto(s, onoff) \
        SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
# define SSL_set_tmp_dh(ssl,dh) \
1245
        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
1246
# define SSL_set_tmp_ecdh(ssl,ecdh) \
1247
        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
1248
# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
1249
        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509))
1250 1251 1252 1253 1254 1255 1256
# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
# define SSL_CTX_clear_extra_chain_certs(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
# define SSL_CTX_set0_chain(ctx,sk) \
1257
        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
1258
# define SSL_CTX_set1_chain(ctx,sk) \
1259
        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
1260
# define SSL_CTX_add0_chain_cert(ctx,x509) \
1261
        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
1262
# define SSL_CTX_add1_chain_cert(ctx,x509) \
1263
        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
1264 1265 1266 1267 1268 1269 1270
# define SSL_CTX_get0_chain_certs(ctx,px509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
# define SSL_CTX_clear_chain_certs(ctx) \
        SSL_CTX_set0_chain(ctx,NULL)
# define SSL_CTX_build_cert_chain(ctx, flags) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
# define SSL_CTX_select_current_cert(ctx,x509) \
1271
        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
1272 1273 1274
# define SSL_CTX_set_current_cert(ctx, op) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
# define SSL_CTX_set0_verify_cert_store(ctx,st) \
1275
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
1276
# define SSL_CTX_set1_verify_cert_store(ctx,st) \
1277
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
1278
# define SSL_CTX_set0_chain_cert_store(ctx,st) \
1279
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
1280
# define SSL_CTX_set1_chain_cert_store(ctx,st) \
1281
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
1282
# define SSL_set0_chain(ctx,sk) \
1283
        SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
1284
# define SSL_set1_chain(ctx,sk) \
1285
        SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
1286
# define SSL_add0_chain_cert(ctx,x509) \
1287
        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
1288
# define SSL_add1_chain_cert(ctx,x509) \
1289
        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
1290 1291 1292 1293 1294 1295 1296
# define SSL_get0_chain_certs(ctx,px509) \
        SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
# define SSL_clear_chain_certs(ctx) \
        SSL_set0_chain(ctx,NULL)
# define SSL_build_cert_chain(s, flags) \
        SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
# define SSL_select_current_cert(ctx,x509) \
1297
        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
1298 1299 1300
# define SSL_set_current_cert(ctx,op) \
        SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
# define SSL_set0_verify_cert_store(s,st) \
1301
        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
1302
# define SSL_set1_verify_cert_store(s,st) \
1303
        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
1304
# define SSL_set0_chain_cert_store(s,st) \
1305
        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
1306
# define SSL_set1_chain_cert_store(s,st) \
1307
        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
1308
# define SSL_get1_groups(ctx, s) \
1309
        SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)(s))
1310
# define SSL_get1_curves(ctx, s) \
1311 1312
        SSL_get1_groups((ctx), (s))
# define SSL_CTX_set1_groups(ctx, glist, glistlen) \
1313
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
1314
# define SSL_CTX_set1_groups_list(ctx, s) \
1315
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
1316
# define SSL_CTX_set1_curves(ctx, clist, clistlen) \
1317
        SSL_CTX_set1_groups((ctx), (clist), (clistlen))
1318
# define SSL_CTX_set1_curves_list(ctx, s) \
1319 1320
        SSL_CTX_set1_groups_list((ctx), (s))
# define SSL_set1_groups(ctx, glist, glistlen) \
1321
        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
1322
# define SSL_set1_groups_list(ctx, s) \
1323
        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
1324
# define SSL_set1_curves(ctx, clist, clistlen) \
1325
        SSL_set1_groups((ctx), (clist), (clistlen))
1326
# define SSL_set1_curves_list(ctx, s) \
1327 1328 1329
        SSL_set1_groups_list((ctx), (s))
# define SSL_get_shared_group(s, n) \
        SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL)
1330
# define SSL_get_shared_curve(s, n) \
1331
        SSL_get_shared_group((s), (n))
1332
# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
1333
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
1334
# define SSL_CTX_set1_sigalgs_list(ctx, s) \
1335
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
1336
# define SSL_set1_sigalgs(ctx, slist, slistlen) \
1337
        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
1338
# define SSL_set1_sigalgs_list(ctx, s) \
1339
        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
1340
# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
1341
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist))
1342
# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
1343
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
1344
# define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
1345
        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)(slist))
1346
# define SSL_set1_client_sigalgs_list(ctx, s) \
1347
        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
1348
# define SSL_get0_certificate_types(s, clist) \
1349
        SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist))
1350
# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
1351 1352
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \
                     (char *)(clist))
1353
# define SSL_set1_client_certificate_types(s, clist, clistlen) \
1354
        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist))
1355 1356 1357 1358 1359 1360 1361 1362
# define SSL_get_peer_signature_nid(s, pn) \
        SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
# define SSL_get_server_tmp_key(s, pk) \
        SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
# define SSL_get0_raw_cipherlist(s, plst) \
        SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
# define SSL_get0_ec_point_formats(s, plst) \
        SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
1363 1364 1365 1366 1367 1368 1369 1370 1371
#define SSL_CTX_set_min_proto_version(ctx, version) \
        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
#define SSL_CTX_set_max_proto_version(ctx, version) \
        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
#define SSL_set_min_proto_version(s, version) \
        SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
#define SSL_set_max_proto_version(s, version) \
        SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)

1372 1373 1374 1375 1376 1377
#if OPENSSL_API_COMPAT < 0x10100000L
/* Provide some compatibility macros for removed functionality. */
# define SSL_CTX_need_tmp_RSA(ctx)                0
# define SSL_CTX_set_tmp_rsa(ctx,rsa)             1
# define SSL_need_tmp_RSA(ssl)                    0
# define SSL_set_tmp_rsa(ssl,rsa)                 1
1378 1379
# define SSL_CTX_set_ecdh_auto(dummy, onoff)      ((onoff) != 0)
# define SSL_set_ecdh_auto(dummy, onoff)          ((onoff) != 0)
1380
/*
V
Viktor Szakats 已提交
1381
 * We "pretend" to call the callback to avoid warnings about unused static
1382 1383 1384 1385 1386
 * functions.
 */
# define SSL_CTX_set_tmp_rsa_callback(ctx, cb)    while(0) (cb)(NULL, 0, 0)
# define SSL_set_tmp_rsa_callback(ssl, cb)        while(0) (cb)(NULL, 0, 0)
#endif
1387

1388
__owur const BIO_METHOD *BIO_f_ssl(void);
M
Matt Caswell 已提交
1389 1390 1391 1392
__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from);
1393 1394
void BIO_ssl_shutdown(BIO *ssl_bio);

M
Matt Caswell 已提交
1395 1396
__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1397
int SSL_CTX_up_ref(SSL_CTX *ctx);
1398
void SSL_CTX_free(SSL_CTX *);
M
Matt Caswell 已提交
1399 1400 1401
__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1402
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
T
Todd Short 已提交
1403
void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *);
M
Matt Caswell 已提交
1404 1405
__owur int SSL_want(const SSL *s);
__owur int SSL_clear(SSL *s);
1406

1407
void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
1408

M
Matt Caswell 已提交
1409
__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1410
__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
1411
__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
M
Matt Caswell 已提交
1412
__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
1413
__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
T
Todd Short 已提交
1414 1415 1416
__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
M
Matt Caswell 已提交
1417 1418 1419 1420 1421 1422 1423 1424

__owur int SSL_get_fd(const SSL *s);
__owur int SSL_get_rfd(const SSL *s);
__owur int SSL_get_wfd(const SSL *s);
__owur const char *SSL_get_cipher_list(const SSL *s, int n);
__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
__owur int SSL_get_read_ahead(const SSL *s);
__owur int SSL_pending(const SSL *s);
M
Matt Caswell 已提交
1425
__owur int SSL_has_pending(const SSL *s);
1426
# ifndef OPENSSL_NO_SOCK
M
Matt Caswell 已提交
1427 1428 1429
__owur int SSL_set_fd(SSL *s, int fd);
__owur int SSL_set_rfd(SSL *s, int fd);
__owur int SSL_set_wfd(SSL *s, int fd);
1430
# endif
1431 1432
void SSL_set0_rbio(SSL *s, BIO *rbio);
void SSL_set0_wbio(SSL *s, BIO *wbio);
1433
void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
M
Matt Caswell 已提交
1434 1435 1436
__owur BIO *SSL_get_rbio(const SSL *s);
__owur BIO *SSL_get_wbio(const SSL *s);
__owur int SSL_set_cipher_list(SSL *s, const char *str);
1437
void SSL_set_read_ahead(SSL *s, int yes);
M
Matt Caswell 已提交
1438 1439
__owur int SSL_get_verify_mode(const SSL *s);
__owur int SSL_get_verify_depth(const SSL *s);
R
Rich Salz 已提交
1440 1441
__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
1442 1443 1444
void SSL_set_verify_depth(SSL *s, int depth);
void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
# ifndef OPENSSL_NO_RSA
M
Matt Caswell 已提交
1445 1446
__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
D
Dr. Stephen Henson 已提交
1447
# endif
M
Matt Caswell 已提交
1448 1449
__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
1450
                            long len);
M
Matt Caswell 已提交
1451 1452
__owur int SSL_use_certificate(SSL *ssl, X509 *x);
__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1453

1454 1455

/* serverinfo file format versions */
1456 1457
# define SSL_SERVERINFOV1   1
# define SSL_SERVERINFOV2   2
1458

1459
/* Set serverinfo data for the current active cert. */
M
Matt Caswell 已提交
1460
__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
1461
                           size_t serverinfo_length);
1462 1463 1464
__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
                                     const unsigned char *serverinfo,
                                     size_t serverinfo_length);
M
Matt Caswell 已提交
1465
__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
B
Ben Laurie 已提交
1466

D
Dr. Stephen Henson 已提交
1467
#ifndef OPENSSL_NO_RSA
M
Matt Caswell 已提交
1468
__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
D
Dr. Stephen Henson 已提交
1469 1470
#endif

M
Matt Caswell 已提交
1471 1472
__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
D
Dr. Stephen Henson 已提交
1473 1474

#ifndef OPENSSL_NO_RSA
M
Matt Caswell 已提交
1475
__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
D
Dr. Stephen Henson 已提交
1476
#endif
M
Matt Caswell 已提交
1477 1478
__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1479
/* PEM type */
M
Matt Caswell 已提交
1480
__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
1481
__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
M
Matt Caswell 已提交
1482 1483
__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1484 1485 1486
                                        const char *file);
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
                                       const char *dir);
1487

1488 1489 1490 1491 1492
#if OPENSSL_API_COMPAT < 0x10100000L
# define SSL_load_error_strings() \
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
#endif
M
Matt Caswell 已提交
1493

M
Matt Caswell 已提交
1494 1495 1496 1497 1498 1499 1500 1501
__owur const char *SSL_state_string(const SSL *s);
__owur const char *SSL_rstate_string(const SSL *s);
__owur const char *SSL_state_string_long(const SSL *s);
__owur const char *SSL_rstate_string_long(const SSL *s);
__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1502
__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
L
Lyon Chen 已提交
1503
__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
R
Rich Salz 已提交
1504
__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
M
Matt Caswell 已提交
1505 1506
__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
1507
void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
1508
                            size_t *len);
1509
__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s);
M
Matt Caswell 已提交
1510
__owur int SSL_copy_session_id(SSL *to, const SSL *from);
M
Matt Caswell 已提交
1511 1512
__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1513
                                unsigned int sid_ctx_len);
1514 1515
__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
                               unsigned int sid_len);
1516
__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s);
1517

M
Matt Caswell 已提交
1518
__owur SSL_SESSION *SSL_SESSION_new(void);
B
Ben Laurie 已提交
1519
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1520
                                        unsigned int *len);
1521 1522
const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
                                                unsigned int *len);
M
Matt Caswell 已提交
1523
__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
1524 1525 1526 1527 1528
# ifndef OPENSSL_NO_STDIO
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
# endif
int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
1529
int SSL_SESSION_up_ref(SSL_SESSION *ses);
1530
void SSL_SESSION_free(SSL_SESSION *ses);
M
Matt Caswell 已提交
1531 1532 1533
__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1534
int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
M
Matt Caswell 已提交
1535 1536 1537
__owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
__owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
__owur int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1538 1539 1540 1541 1542
                                unsigned int id_len);
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                             long length);

# ifdef HEADER_X509_H
M
Matt Caswell 已提交
1543
__owur X509 *SSL_get_peer_certificate(const SSL *s);
1544
# endif
1545

M
Matt Caswell 已提交
1546
__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1547

M
Matt Caswell 已提交
1548 1549
__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
R
Rich Salz 已提交
1550 1551
__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback);
1552 1553 1554 1555 1556 1557 1558
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
                                      int (*cb) (X509_STORE_CTX *, void *),
                                      void *arg);
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
                         void *arg);
# ifndef OPENSSL_NO_RSA
M
Matt Caswell 已提交
1559 1560
__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
1561
                                   long len);
D
Dr. Stephen Henson 已提交
1562
# endif
M
Matt Caswell 已提交
1563 1564
__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
1565
                                const unsigned char *d, long len);
M
Matt Caswell 已提交
1566 1567
__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
1568
                                 const unsigned char *d);
1569

1570 1571
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1572 1573
pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
M
Matt Caswell 已提交
1574 1575
void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
1576 1577
pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
void *SSL_get_default_passwd_cb_userdata(SSL *s);
1578

M
Matt Caswell 已提交
1579 1580
__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);
__owur int SSL_check_private_key(const SSL *ctx);
1581

M
Matt Caswell 已提交
1582
__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
1583
                                   unsigned int sid_ctx_len);
1584

1585
SSL *SSL_new(SSL_CTX *ctx);
1586
int SSL_up_ref(SSL *s);
R
Rich Salz 已提交
1587
int SSL_is_dtls(const SSL *s);
M
Matt Caswell 已提交
1588
__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
1589
                               unsigned int sid_ctx_len);
1590

M
Matt Caswell 已提交
1591 1592 1593 1594
__owur int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
__owur int SSL_set_purpose(SSL *s, int purpose);
__owur int SSL_CTX_set_trust(SSL_CTX *s, int trust);
__owur int SSL_set_trust(SSL *s, int trust);
1595

1596 1597
__owur int SSL_set1_host(SSL *s, const char *hostname);
__owur int SSL_add1_host(SSL *s, const char *hostname);
1598
__owur const char *SSL_get0_peername(SSL *s);
1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614
void SSL_set_hostflags(SSL *s, unsigned int flags);

__owur int SSL_CTX_dane_enable(SSL_CTX *ctx);
__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
                                  uint8_t mtype, uint8_t ord);
__owur int SSL_dane_enable(SSL *s, const char *basedomain);
__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
                             uint8_t mtype, unsigned char *data, size_t dlen);
__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
                              uint8_t *mtype, unsigned const char **data,
                              size_t *dlen);
/*
 * Bridge opacity barrier between libcrypt and libssl, also needed to support
 * offline testing in test/danetest.c
 */
1615
SSL_DANE *SSL_get0_dane(SSL *ssl);
1616 1617 1618 1619 1620 1621 1622
/*
 * DANE flags
 */
unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
1623

M
Matt Caswell 已提交
1624 1625
__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
D
Dr. Stephen Henson 已提交
1626

M
Matt Caswell 已提交
1627 1628
__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
1629

1630 1631 1632
# ifndef OPENSSL_NO_SRP
int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
B
Ben Laurie 已提交
1633 1634
int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
1635
                                        char *(*cb) (SSL *, void *));
B
Ben Laurie 已提交
1636
int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
1637
                                          int (*cb) (SSL *, void *));
B
Ben Laurie 已提交
1638
int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
1639
                                      int (*cb) (SSL *, int *, void *));
B
Ben Laurie 已提交
1640 1641 1642
int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);

int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
1643
                             BIGNUM *sa, BIGNUM *v, char *info);
B
Ben Laurie 已提交
1644
int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
1645
                                const char *grp);
B
Ben Laurie 已提交
1646

M
Matt Caswell 已提交
1647 1648
__owur BIGNUM *SSL_get_srp_g(SSL *s);
__owur BIGNUM *SSL_get_srp_N(SSL *s);
B
Ben Laurie 已提交
1649

M
Matt Caswell 已提交
1650 1651
__owur char *SSL_get_srp_username(SSL *s);
__owur char *SSL_get_srp_userinfo(SSL *s);
1652
# endif
B
Ben Laurie 已提交
1653

B
Benjamin Kaduk 已提交
1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667
/*
 * Early callback and helpers.
 */
typedef int (*SSL_early_cb_fn) (SSL *s, int *al, void *arg);
void SSL_CTX_set_early_cb(SSL_CTX *c, SSL_early_cb_fn cb, void *arg);
int SSL_early_isv2(SSL *s);
unsigned int SSL_early_get0_legacy_version(SSL *s);
size_t SSL_early_get0_random(SSL *s, const unsigned char **out);
size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out);
size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out);
size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out);
int SSL_early_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
                       size_t *outlen);

1668 1669
void SSL_certs_clear(SSL *s);
void SSL_free(SSL *ssl);
1670 1671
# ifdef OSSL_ASYNC_FD
/*
F
FdaSilvaYY 已提交
1672
 * Windows application developer has to include windows.h to use these.
1673
 */
M
Matt Caswell 已提交
1674
__owur int SSL_waiting_for_async(SSL *s);
M
Matt Caswell 已提交
1675 1676 1677 1678
__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
                                     size_t *numaddfds, OSSL_ASYNC_FD *delfd,
                                     size_t *numdelfds);
1679
# endif
M
Matt Caswell 已提交
1680 1681 1682
__owur int SSL_accept(SSL *ssl);
__owur int SSL_connect(SSL *ssl);
__owur int SSL_read(SSL *ssl, void *buf, int num);
1683
__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
1684

1685 1686 1687
# define SSL_READ_EARLY_DATA_ERROR   0
# define SSL_READ_EARLY_DATA_SUCCESS 1
# define SSL_READ_EARLY_DATA_FINISH  2
1688

1689 1690
__owur int SSL_read_early_data(SSL *s, void *buf, size_t num,
                               size_t *readbytes);
M
Matt Caswell 已提交
1691
__owur int SSL_peek(SSL *ssl, void *buf, int num);
1692
__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
M
Matt Caswell 已提交
1693
__owur int SSL_write(SSL *ssl, const void *buf, int num);
M
Matt Caswell 已提交
1694
__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
1695 1696
__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num,
                                size_t *written);
1697 1698 1699 1700 1701
long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
long SSL_callback_ctrl(SSL *, int, void (*)(void));
long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));

1702 1703 1704 1705
# define SSL_EARLY_DATA_NOT_SENT    0
# define SSL_EARLY_DATA_REJECTED    1
# define SSL_EARLY_DATA_ACCEPTED    2

1706
__owur int SSL_get_early_data_status(const SSL *s);
1707

M
Matt Caswell 已提交
1708 1709
__owur int SSL_get_error(const SSL *s, int ret_code);
__owur const char *SSL_get_version(const SSL *s);
1710 1711

/* This sets the 'default' SSL version that SSL_new() will create */
M
Matt Caswell 已提交
1712
__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1713

1714
# ifndef OPENSSL_NO_SSL3_METHOD
1715 1716 1717
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) /* SSLv3 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */
1718
# endif
1719

1720 1721
#define SSLv23_method           TLS_method
#define SSLv23_server_method    TLS_server_method
1722
#define SSLv23_client_method    TLS_client_method
1723

1724 1725 1726
/* Negotiate highest available SSL/TLS version */
__owur const SSL_METHOD *TLS_method(void);
__owur const SSL_METHOD *TLS_server_method(void);
1727
__owur const SSL_METHOD *TLS_client_method(void);
1728

K
Kurt Roeckx 已提交
1729
# ifndef OPENSSL_NO_TLS1_METHOD
1730 1731 1732
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */
K
Kurt Roeckx 已提交
1733
# endif
1734

K
Kurt Roeckx 已提交
1735
# ifndef OPENSSL_NO_TLS1_1_METHOD
1736 1737 1738
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */
K
Kurt Roeckx 已提交
1739
# endif
1740

K
Kurt Roeckx 已提交
1741
# ifndef OPENSSL_NO_TLS1_2_METHOD
1742 1743 1744
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */
K
Kurt Roeckx 已提交
1745
# endif
1746

K
Kurt Roeckx 已提交
1747
# ifndef OPENSSL_NO_DTLS1_METHOD
1748 1749 1750
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) /* DTLSv1.0 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) /* DTLSv1.0 */
K
Kurt Roeckx 已提交
1751
# endif
B
Ben Laurie 已提交
1752

K
Kurt Roeckx 已提交
1753
# ifndef OPENSSL_NO_DTLS1_2_METHOD
1754 1755 1756
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) /* DTLSv1.2 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) /* DTLSv1.2 */
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) /* DTLSv1.2 */
K
Kurt Roeckx 已提交
1757
#endif
1758

M
Matt Caswell 已提交
1759 1760 1761
__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
D
Dr. Stephen Henson 已提交
1762

D
David Woodhouse 已提交
1763 1764
__owur size_t DTLS_get_data_mtu(const SSL *s);

M
Matt Caswell 已提交
1765
__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
K
Kazuki Yamaguchi 已提交
1766
__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
1767
__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
M
Matt Caswell 已提交
1768
__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
1769

M
Matt Caswell 已提交
1770
__owur int SSL_do_handshake(SSL *s);
1771 1772
int SSL_key_update(SSL *s, int updatetype);
int SSL_get_key_update_type(SSL *s);
1773
int SSL_renegotiate(SSL *s);
1774
int SSL_renegotiate_abbreviated(SSL *s);
M
Matt Caswell 已提交
1775
__owur int SSL_renegotiate_pending(SSL *s);
1776 1777
int SSL_shutdown(SSL *s);

M
Matt Caswell 已提交
1778 1779 1780 1781 1782 1783 1784
__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s);
__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
__owur const char *SSL_alert_type_string_long(int value);
__owur const char *SSL_alert_type_string(int value);
__owur const char *SSL_alert_desc_string_long(int value);
__owur const char *SSL_alert_desc_string(int value);
1785

1786 1787 1788 1789 1790 1791 1792 1793
void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
__owur int SSL_add1_CA_list(SSL *ssl, const X509 *x);
__owur int SSL_CTX_add1_CA_list(SSL_CTX *ctx, const X509 *x);
__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);

1794 1795
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
M
Matt Caswell 已提交
1796 1797 1798 1799
__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
__owur int SSL_add_client_CA(SSL *ssl, X509 *x);
__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
1800 1801 1802 1803

void SSL_set_connect_state(SSL *s);
void SSL_set_accept_state(SSL *s);

M
Matt Caswell 已提交
1804
__owur long SSL_get_default_timeout(const SSL *s);
1805

1806 1807 1808
#if OPENSSL_API_COMPAT < 0x10100000L
# define SSL_library_init() OPENSSL_init_ssl(0, NULL)
#endif
1809

M
Matt Caswell 已提交
1810
__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
D
Dr. Stephen Henson 已提交
1811
__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
1812

M
Matt Caswell 已提交
1813
__owur SSL *SSL_dup(SSL *ssl);
1814

M
Matt Caswell 已提交
1815
__owur X509 *SSL_get_certificate(const SSL *ssl);
1816 1817 1818
/*
 * EVP_PKEY
 */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
1819

M
Matt Caswell 已提交
1820 1821
__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
1822

1823
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
M
Matt Caswell 已提交
1824
__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
1825
void SSL_set_quiet_shutdown(SSL *ssl, int mode);
M
Matt Caswell 已提交
1826
__owur int SSL_get_quiet_shutdown(const SSL *ssl);
1827
void SSL_set_shutdown(SSL *ssl, int mode);
M
Matt Caswell 已提交
1828 1829
__owur int SSL_get_shutdown(const SSL *ssl);
__owur int SSL_version(const SSL *ssl);
1830
__owur int SSL_client_version(const SSL *s);
M
Matt Caswell 已提交
1831
__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1832 1833
__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
M
Matt Caswell 已提交
1834
__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1835 1836
                                  const char *CApath);
# define SSL_get0_session SSL_get_session/* just peek at pointer */
M
Matt Caswell 已提交
1837 1838 1839
__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1840
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
B
Ben Laurie 已提交
1841
void SSL_set_info_callback(SSL *ssl,
1842 1843 1844
                           void (*cb) (const SSL *ssl, int type, int val));
void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
                                               int val);
M
Matt Caswell 已提交
1845
__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
1846

1847
void SSL_set_verify_result(SSL *ssl, long v);
M
Matt Caswell 已提交
1848
__owur long SSL_get_verify_result(const SSL *ssl);
1849
__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
1850

1851 1852 1853 1854 1855 1856
__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
                                    size_t outlen);
__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
                                    size_t outlen);
__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl,
                                         unsigned char *out, size_t outlen);
1857

1858
#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \
T
Todd Short 已提交
1859
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
M
Matt Caswell 已提交
1860
__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
1861
void *SSL_get_ex_data(const SSL *ssl, int idx);
1862
#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \
T
Todd Short 已提交
1863
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef)
M
Matt Caswell 已提交
1864
__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
1865
void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
1866
#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
T
Todd Short 已提交
1867
    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
M
Matt Caswell 已提交
1868
__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
1869 1870
void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);

M
Matt Caswell 已提交
1871
__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900

# define SSL_CTX_sess_set_cache_size(ctx,t) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
# define SSL_CTX_sess_get_cache_size(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
# define SSL_CTX_set_session_cache_mode(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
# define SSL_CTX_get_session_cache_mode(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)

# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
# define SSL_CTX_get_read_ahead(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
# define SSL_CTX_set_read_ahead(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
# define SSL_CTX_get_max_cert_list(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
# define SSL_CTX_set_max_cert_list(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
# define SSL_get_max_cert_list(ssl) \
        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
# define SSL_set_max_cert_list(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)

# define SSL_CTX_set_max_send_fragment(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
# define SSL_set_max_send_fragment(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1901 1902 1903 1904 1905 1906 1907 1908
# define SSL_CTX_set_split_send_fragment(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
# define SSL_set_split_send_fragment(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
# define SSL_CTX_set_max_pipelines(ctx,m) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
# define SSL_set_max_pipelines(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
1909

1910 1911 1912
void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
void SSL_set_default_read_buffer_len(SSL *s, size_t len);

1913
# ifndef OPENSSL_NO_DH
F
FdaSilvaYY 已提交
1914
/* NB: the |keylength| is only applicable when is_export is true */
1915
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1916 1917
                                 DH *(*dh) (SSL *ssl, int is_export,
                                            int keylength));
1918
void SSL_set_tmp_dh_callback(SSL *ssl,
1919 1920 1921
                             DH *(*dh) (SSL *ssl, int is_export,
                                        int keylength));
# endif
1922

M
Matt Caswell 已提交
1923 1924 1925
__owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
M
Matt Caswell 已提交
1926 1927
__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp);
__owur int SSL_COMP_get_id(const SSL_COMP *comp);
M
Matt Caswell 已提交
1928
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
M
Matt Caswell 已提交
1929
__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
1930
                                                      *meths);
1931
#if OPENSSL_API_COMPAT < 0x10100000L
M
Matt Caswell 已提交
1932
# define SSL_COMP_free_compression_methods() while(0) continue
1933
#endif
M
Matt Caswell 已提交
1934
__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
1935

1936
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
1937 1938
int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
1939 1940 1941
int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
                             STACK_OF(SSL_CIPHER) **scsvs);
1942

D
Dr. Stephen Henson 已提交
1943
/* TLS extensions functions */
M
Matt Caswell 已提交
1944
__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
D
Dr. Stephen Henson 已提交
1945

M
Matt Caswell 已提交
1946
__owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1947
                                  void *arg);
D
Dr. Stephen Henson 已提交
1948 1949

/* Pre-shared secret session resumption functions */
M
Matt Caswell 已提交
1950
__owur int SSL_set_session_secret_cb(SSL *s,
1951 1952
                              tls_session_secret_cb_fn tls_session_secret_cb,
                              void *arg);
D
Dr. Stephen Henson 已提交
1953

1954
void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
1955 1956 1957
                                                int (*cb) (SSL *ssl,
                                                           int
                                                           is_forward_secure));
1958 1959

void SSL_set_not_resumable_session_callback(SSL *ssl,
1960 1961 1962
                                            int (*cb) (SSL *ssl,
                                                       int
                                                       is_forward_secure));
T
Todd Short 已提交
1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977

void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
                                         size_t (*cb) (SSL *ssl, int type,
                                                       size_t len, void *arg));
void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx);
int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);

void SSL_set_record_padding_callback(SSL *ssl,
                                    size_t (*cb) (SSL *ssl, int type,
                                                  size_t len, void *arg));
void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
void *SSL_get_record_padding_callback_arg(SSL *ssl);
int SSL_set_block_padding(SSL *ssl, size_t block_size);

1978 1979 1980
# if OPENSSL_API_COMPAT < 0x10100000L
#  define SSL_cache_hit(s) SSL_session_reused(s)
# endif
1981

1982
__owur int SSL_session_reused(SSL *s);
M
Matt Caswell 已提交
1983
__owur int SSL_is_server(SSL *s);
D
Dr. Stephen Henson 已提交
1984

M
Matt Caswell 已提交
1985
__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void);
D
Dr. Stephen Henson 已提交
1986
int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
1987 1988
void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
M
Matt Caswell 已提交
1989 1990
__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
1991 1992 1993 1994

void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);

M
Matt Caswell 已提交
1995 1996 1997
__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
1998

1999 2000 2001 2002
void SSL_add_ssl_module(void);
int SSL_config(SSL *s, const char *name);
int SSL_CTX_config(SSL_CTX *ctx, const char *name);

2003
# ifndef OPENSSL_NO_SSL_TRACE
2004
void SSL_trace(int write_p, int version, int content_type,
2005
               const void *buf, size_t len, SSL *ssl, void *arg);
M
Matt Caswell 已提交
2006
__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
2007
# endif
2008

M
Matt Caswell 已提交
2009
# ifndef OPENSSL_NO_SOCK
2010
int DTLSv1_listen(SSL *s, BIO_ADDR *client);
M
Matt Caswell 已提交
2011
# endif
2012

2013 2014
# ifndef OPENSSL_NO_CT

2015 2016 2017 2018 2019 2020 2021 2022 2023
/*
 * A callback for verifying that the received SCTs are sufficient.
 * Expected to return 1 if they are sufficient, otherwise 0.
 * May return a negative integer if an error occurs.
 * A connection should be aborted if the SCTs are deemed insufficient.
 */
typedef int(*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
                                   const STACK_OF(SCT) *scts, void *arg);

2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035
/*
 * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate
 * the received SCTs.
 * If the callback returns a non-positive result, the connection is terminated.
 * Call this function before beginning a handshake.
 * If a NULL |callback| is provided, SCT validation is disabled.
 * |arg| is arbitrary userdata that will be passed to the callback whenever it
 * is invoked. Ownership of |arg| remains with the caller.
 *
 * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response
 *       will be requested.
 */
2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066
int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
                                   void *arg);
int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
                                       ssl_ct_validation_cb callback,
                                       void *arg);
#define SSL_disable_ct(s) \
        ((void) SSL_set_validation_callback((s), NULL, NULL))
#define SSL_CTX_disable_ct(ctx) \
        ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL))

/*
 * The validation type enumerates the available behaviours of the built-in SSL
 * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct().
 * The underlying callback is a static function in libssl.
 */
enum {
    SSL_CT_VALIDATION_PERMISSIVE = 0,
    SSL_CT_VALIDATION_STRICT
};

/*
 * Enable CT by setting up a callback that implements one of the built-in
 * validation variants.  The SSL_CT_VALIDATION_PERMISSIVE variant always
 * continues the handshake, the application can make appropriate decisions at
 * handshake completion.  The SSL_CT_VALIDATION_STRICT variant requires at
 * least one valid SCT, or else handshake termination will be requested.  The
 * handshake may continue anyway if SSL_VERIFY_NONE is in effect.
 */
int SSL_enable_ct(SSL *s, int validation_mode);
int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);

2067
/*
2068
 * Report whether a non-NULL callback is enabled.
2069
 */
2070 2071
int SSL_ct_is_enabled(const SSL *s);
int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
2072 2073 2074 2075

/* Gets the SCTs received from a connection */
const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);

R
Rob Percival 已提交
2076 2077 2078 2079 2080 2081 2082
/*
 * Loads the CT log list from the default location.
 * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
 * the log information loaded from this file will be appended to the
 * CTLOG_STORE.
 * Returns 1 on success, 0 otherwise.
 */
2083
int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
R
Rob Percival 已提交
2084 2085 2086 2087 2088 2089 2090 2091

/*
 * Loads the CT log list from the specified file path.
 * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
 * the log information loaded from this file will be appended to the
 * CTLOG_STORE.
 * Returns 1 on success, 0 otherwise.
 */
2092 2093
int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);

R
Rob Percival 已提交
2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108
/*
 * Sets the CT log list used by all SSL connections created from this SSL_CTX.
 * Ownership of the CTLOG_STORE is transferred to the SSL_CTX.
 */
void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs);

/*
 * Gets the CT log list used by all SSL connections created from this SSL_CTX.
 * This will be NULL unless one of the following functions has been called:
 * - SSL_CTX_set_default_ctlog_list_file
 * - SSL_CTX_set_ctlog_list_file
 * - SSL_CTX_set_ctlog_store
 */
const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx);

2109 2110
# endif /* OPENSSL_NO_CT */

D
Dr. Stephen Henson 已提交
2111 2112
/* What the "other" parameter contains in security callback */
/* Mask for type */
2113 2114 2115 2116 2117 2118 2119 2120
# define SSL_SECOP_OTHER_TYPE    0xffff0000
# define SSL_SECOP_OTHER_NONE    0
# define SSL_SECOP_OTHER_CIPHER  (1 << 16)
# define SSL_SECOP_OTHER_CURVE   (2 << 16)
# define SSL_SECOP_OTHER_DH      (3 << 16)
# define SSL_SECOP_OTHER_PKEY    (4 << 16)
# define SSL_SECOP_OTHER_SIGALG  (5 << 16)
# define SSL_SECOP_OTHER_CERT    (6 << 16)
D
Dr. Stephen Henson 已提交
2121 2122

/* Indicated operation refers to peer key or certificate */
2123
# define SSL_SECOP_PEER          0x1000
D
Dr. Stephen Henson 已提交
2124 2125 2126 2127 2128

/* Values for "op" parameter in security callback */

/* Called to filter ciphers */
/* Ciphers client supports */
2129
# define SSL_SECOP_CIPHER_SUPPORTED      (1 | SSL_SECOP_OTHER_CIPHER)
D
Dr. Stephen Henson 已提交
2130
/* Cipher shared by client/server */
2131
# define SSL_SECOP_CIPHER_SHARED         (2 | SSL_SECOP_OTHER_CIPHER)
D
Dr. Stephen Henson 已提交
2132
/* Sanity check of cipher server selects */
2133
# define SSL_SECOP_CIPHER_CHECK          (3 | SSL_SECOP_OTHER_CIPHER)
D
Dr. Stephen Henson 已提交
2134
/* Curves supported by client */
2135
# define SSL_SECOP_CURVE_SUPPORTED       (4 | SSL_SECOP_OTHER_CURVE)
D
Dr. Stephen Henson 已提交
2136
/* Curves shared by client/server */
2137
# define SSL_SECOP_CURVE_SHARED          (5 | SSL_SECOP_OTHER_CURVE)
D
Dr. Stephen Henson 已提交
2138
/* Sanity check of curve server selects */
2139
# define SSL_SECOP_CURVE_CHECK           (6 | SSL_SECOP_OTHER_CURVE)
D
Dr. Stephen Henson 已提交
2140
/* Temporary DH key */
2141
# define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_PKEY)
D
Dr. Stephen Henson 已提交
2142
/* SSL/TLS version */
2143
# define SSL_SECOP_VERSION               (9 | SSL_SECOP_OTHER_NONE)
D
Dr. Stephen Henson 已提交
2144
/* Session tickets */
2145
# define SSL_SECOP_TICKET                (10 | SSL_SECOP_OTHER_NONE)
D
Dr. Stephen Henson 已提交
2146
/* Supported signature algorithms sent to peer */
2147
# define SSL_SECOP_SIGALG_SUPPORTED      (11 | SSL_SECOP_OTHER_SIGALG)
D
Dr. Stephen Henson 已提交
2148
/* Shared signature algorithm */
2149
# define SSL_SECOP_SIGALG_SHARED         (12 | SSL_SECOP_OTHER_SIGALG)
D
Dr. Stephen Henson 已提交
2150
/* Sanity check signature algorithm allowed */
2151
# define SSL_SECOP_SIGALG_CHECK          (13 | SSL_SECOP_OTHER_SIGALG)
D
Dr. Stephen Henson 已提交
2152
/* Used to get mask of supported public key signature algorithms */
2153
# define SSL_SECOP_SIGALG_MASK           (14 | SSL_SECOP_OTHER_SIGALG)
D
Dr. Stephen Henson 已提交
2154
/* Use to see if compression is allowed */
2155
# define SSL_SECOP_COMPRESSION           (15 | SSL_SECOP_OTHER_NONE)
D
Dr. Stephen Henson 已提交
2156
/* EE key in certificate */
2157
# define SSL_SECOP_EE_KEY                (16 | SSL_SECOP_OTHER_CERT)
D
Dr. Stephen Henson 已提交
2158
/* CA key in certificate */
2159
# define SSL_SECOP_CA_KEY                (17 | SSL_SECOP_OTHER_CERT)
D
Dr. Stephen Henson 已提交
2160
/* CA digest algorithm in certificate */
2161
# define SSL_SECOP_CA_MD                 (18 | SSL_SECOP_OTHER_CERT)
D
Dr. Stephen Henson 已提交
2162
/* Peer EE key in certificate */
2163
# define SSL_SECOP_PEER_EE_KEY           (SSL_SECOP_EE_KEY | SSL_SECOP_PEER)
D
Dr. Stephen Henson 已提交
2164
/* Peer CA key in certificate */
2165
# define SSL_SECOP_PEER_CA_KEY           (SSL_SECOP_CA_KEY | SSL_SECOP_PEER)
D
Dr. Stephen Henson 已提交
2166
/* Peer CA digest algorithm in certificate */
2167
# define SSL_SECOP_PEER_CA_MD            (SSL_SECOP_CA_MD | SSL_SECOP_PEER)
D
Dr. Stephen Henson 已提交
2168 2169

void SSL_set_security_level(SSL *s, int level);
M
Matt Caswell 已提交
2170
__owur int SSL_get_security_level(const SSL *s);
2171
void SSL_set_security_callback(SSL *s,
K
Kurt Roeckx 已提交
2172
                               int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
2173 2174
                                          int bits, int nid, void *other,
                                          void *ex));
K
Kurt Roeckx 已提交
2175
int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op,
2176 2177
                                                int bits, int nid,
                                                void *other, void *ex);
D
Dr. Stephen Henson 已提交
2178
void SSL_set0_security_ex_data(SSL *s, void *ex);
M
Matt Caswell 已提交
2179
__owur void *SSL_get0_security_ex_data(const SSL *s);
D
Dr. Stephen Henson 已提交
2180 2181

void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
M
Matt Caswell 已提交
2182
__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx);
2183
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
K
Kurt Roeckx 已提交
2184
                                   int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
2185 2186
                                              int bits, int nid, void *other,
                                              void *ex));
K
Kurt Roeckx 已提交
2187 2188
int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
                                                          const SSL_CTX *ctx,
2189 2190 2191 2192
                                                          int op, int bits,
                                                          int nid,
                                                          void *other,
                                                          void *ex);
D
Dr. Stephen Henson 已提交
2193
void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
M
Matt Caswell 已提交
2194
__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
D
Dr. Stephen Henson 已提交
2195

2196 2197 2198
/* OPENSSL_INIT flag 0x010000 reserved for internal use */
#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS    0x00100000L
#define OPENSSL_INIT_LOAD_SSL_STRINGS       0x00200000L
2199 2200 2201 2202

#define OPENSSL_INIT_SSL_DEFAULT \
        (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS)

2203
int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
2204

2205
# ifndef OPENSSL_NO_UNIT_TEST
M
Matt Caswell 已提交
2206
__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
2207
# endif
2208

2209 2210
extern const char SSL_version_str[];

2211
/* BEGIN ERROR CODES */
2212 2213
/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
2214 2215
 * made after this point may be overwritten when the script is next run.
 */
R
Rich Salz 已提交
2216

2217
int ERR_load_SSL_strings(void);
2218

2219 2220 2221
/* Error codes for the SSL functions. */

/* Function codes. */
2222
# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT                   438
2223
# define SSL_F_ADD_KEY_SHARE                              512
2224
# define SSL_F_BYTES_TO_CIPHER_LIST                       519
2225
# define SSL_F_CHECK_SUITEB_CIPHER_LIST                   331
2226
# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH              539
2227
# define SSL_F_CT_MOVE_SCTS                               345
V
Viktor Dukhovni 已提交
2228
# define SSL_F_CT_STRICT                                  349
2229
# define SSL_F_D2I_SSL_SESSION                            103
2230 2231 2232
# define SSL_F_DANE_CTX_ENABLE                            347
# define SSL_F_DANE_MTYPE_SET                             393
# define SSL_F_DANE_TLSA_ADD                              394
2233
# define SSL_F_DERIVE_SECRET_KEY_AND_IV                   514
2234 2235 2236 2237
# define SSL_F_DO_DTLS1_WRITE                             245
# define SSL_F_DO_SSL3_WRITE                              104
# define SSL_F_DTLS1_BUFFER_RECORD                        247
# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    318
2238
# define SSL_F_DTLS1_HEARTBEAT                            305
2239
# define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
M
Matt Caswell 已提交
2240
# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS             424
2241 2242
# define SSL_F_DTLS1_PROCESS_RECORD                       257
# define SSL_F_DTLS1_READ_BYTES                           258
2243 2244
# define SSL_F_DTLS1_READ_FAILED                          339
# define SSL_F_DTLS1_RETRANSMIT_MESSAGE                   390
2245
# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
2246
# define SSL_F_DTLSV1_LISTEN                              350
2247
# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC          371
2248
# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST        385
2249
# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE               370
2250
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY                  386
2251
# define SSL_F_EARLY_DATA_COUNT_OK                        532
M
Matt Caswell 已提交
2252 2253
# define SSL_F_FINAL_EC_PT_FORMATS                        485
# define SSL_F_FINAL_EMS                                  486
2254
# define SSL_F_FINAL_KEY_SHARE                            503
M
Matt Caswell 已提交
2255
# define SSL_F_FINAL_RENEGOTIATE                          483
2256
# define SSL_F_FINAL_SIG_ALGS                             497
2257
# define SSL_F_NSS_KEYLOG_INT                             500
R
Rich Salz 已提交
2258
# define SSL_F_OPENSSL_INIT_SSL                           342
2259
# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION       436
2260
# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE       430
R
Richard Levitte 已提交
2261
# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION         417
2262
# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION       437
2263
# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE       431
R
Richard Levitte 已提交
2264
# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION         418
2265
# define SSL_F_PARSE_CA_NAMES                             541
2266
# define SSL_F_PROCESS_KEY_SHARE_EXT                      439
2267
# define SSL_F_READ_STATE_MACHINE                         352
2268
# define SSL_F_SET_CLIENT_CIPHERSUITE                     540
2269 2270 2271 2272 2273 2274
# define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
# define SSL_F_SSL3_CTRL                                  213
# define SSL_F_SSL3_CTX_CTRL                              133
# define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
D
Dr. Stephen Henson 已提交
2275
# define SSL_F_SSL3_FINAL_FINISH_MAC                      285
2276
# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
2277
# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388
2278
# define SSL_F_SSL3_GET_RECORD                            143
R
Rich Salz 已提交
2279
# define SSL_F_SSL3_INIT_FINISHED_MAC                     397
2280 2281 2282 2283 2284 2285 2286 2287 2288 2289
# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
# define SSL_F_SSL3_READ_BYTES                            148
# define SSL_F_SSL3_READ_N                                149
# define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
# define SSL_F_SSL3_SETUP_READ_BUFFER                     156
# define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
# define SSL_F_SSL3_WRITE_BYTES                           158
# define SSL_F_SSL3_WRITE_PENDING                         159
# define SSL_F_SSL_ADD_CERT_CHAIN                         316
# define SSL_F_SSL_ADD_CERT_TO_BUF                        319
2290
# define SSL_F_SSL_ADD_CERT_TO_WPACKET                    493
2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301
# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
# define SSL_F_SSL_BAD_METHOD                             160
# define SSL_F_SSL_BUILD_CERT_CHAIN                       332
# define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
2302
# define SSL_F_SSL_CACHE_CIPHERLIST                       520
2303
# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT                   346
2304 2305 2306 2307 2308 2309
# define SSL_F_SSL_CERT_DUP                               221
# define SSL_F_SSL_CERT_NEW                               162
# define SSL_F_SSL_CERT_SET0_CHAIN                        340
# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
2310
# define SSL_F_SSL_CIPHER_LIST_TO_BYTES                   425
2311 2312 2313 2314 2315 2316 2317 2318
# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
# define SSL_F_SSL_CLEAR                                  164
# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
# define SSL_F_SSL_CONF_CMD                               334
# define SSL_F_SSL_CREATE_CIPHER_LIST                     166
# define SSL_F_SSL_CTRL                                   232
# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
V
Viktor Dukhovni 已提交
2319
# define SSL_F_SSL_CTX_ENABLE_CT                          398
2320 2321
# define SSL_F_SSL_CTX_MAKE_PROFILES                      309
# define SSL_F_SSL_CTX_NEW                                169
2322
# define SSL_F_SSL_CTX_SET_ALPN_PROTOS                    343
2323 2324
# define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
2325
# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK         396
2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338
# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
# define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
# define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
# define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
# define SSL_F_SSL_CTX_USE_SERVERINFO                     336
2339
# define SSL_F_SSL_CTX_USE_SERVERINFO_EX                  543
2340
# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE                337
V
Viktor Dukhovni 已提交
2341
# define SSL_F_SSL_DANE_DUP                               403
2342
# define SSL_F_SSL_DANE_ENABLE                            395
D
Dr. Stephen Henson 已提交
2343
# define SSL_F_SSL_DO_CONFIG                              391
2344
# define SSL_F_SSL_DO_HANDSHAKE                           180
2345
# define SSL_F_SSL_DUP_CA_LIST                            408
V
Viktor Dukhovni 已提交
2346
# define SSL_F_SSL_ENABLE_CT                              402
2347 2348 2349 2350 2351
# define SSL_F_SSL_GET_NEW_SESSION                        181
# define SSL_F_SSL_GET_PREV_SESSION                       217
# define SSL_F_SSL_GET_SERVER_CERT_INDEX                  322
# define SSL_F_SSL_GET_SIGN_PKEY                          183
# define SSL_F_SSL_INIT_WBIO_BUFFER                       184
2352
# define SSL_F_SSL_KEY_UPDATE                             515
2353
# define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
2354 2355
# define SSL_F_SSL_LOG_MASTER_SECRET                      498
# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE            499
D
Dr. Stephen Henson 已提交
2356
# define SSL_F_SSL_MODULE_INIT                            392
2357 2358 2359 2360 2361 2362 2363 2364
# define SSL_F_SSL_NEW                                    186
# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
# define SSL_F_SSL_PEEK                                   270
2365
# define SSL_F_SSL_PEEK_EX                                432
K
Kurt Roeckx 已提交
2366
# define SSL_F_SSL_PEEK_INTERNAL                          522
2367
# define SSL_F_SSL_READ                                   223
2368
# define SSL_F_SSL_READ_EARLY_DATA                        529
2369
# define SSL_F_SSL_READ_EX                                434
K
Kurt Roeckx 已提交
2370
# define SSL_F_SSL_READ_INTERNAL                          523
2371
# define SSL_F_SSL_RENEGOTIATE                            516
2372 2373
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321
2374
# define SSL_F_SSL_SESSION_DUP                            348
2375 2376
# define SSL_F_SSL_SESSION_NEW                            189
# define SSL_F_SSL_SESSION_PRINT_FP                       190
2377
# define SSL_F_SSL_SESSION_SET1_ID                        423
2378
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
2379
# define SSL_F_SSL_SET_ALPN_PROTOS                        344
2380 2381
# define SSL_F_SSL_SET_CERT                               191
# define SSL_F_SSL_SET_CIPHER_LIST                        271
2382
# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK             399
2383 2384 2385 2386 2387 2388 2389 2390 2391
# define SSL_F_SSL_SET_FD                                 192
# define SSL_F_SSL_SET_PKEY                               193
# define SSL_F_SSL_SET_RFD                                194
# define SSL_F_SSL_SET_SESSION                            195
# define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
# define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
# define SSL_F_SSL_SET_WFD                                196
# define SSL_F_SSL_SHUTDOWN                               224
# define SSL_F_SSL_SRP_CTX_INIT                           313
M
Matt Caswell 已提交
2392
# define SSL_F_SSL_START_ASYNC_JOB                        389
2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404
# define SSL_F_SSL_UNDEFINED_FUNCTION                     197
# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
# define SSL_F_SSL_USE_CERTIFICATE                        198
# define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
# define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
# define SSL_F_SSL_USE_PRIVATEKEY                         201
# define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
# define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
# define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
# define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
2405
# define SSL_F_SSL_VALIDATE_CT                            400
2406 2407
# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
# define SSL_F_SSL_WRITE                                  208
2408
# define SSL_F_SSL_WRITE_EARLY_DATA                       526
2409
# define SSL_F_SSL_WRITE_EARLY_FINISH                     527
2410
# define SSL_F_SSL_WRITE_EX                               433
K
Kurt Roeckx 已提交
2411
# define SSL_F_SSL_WRITE_INTERNAL                         524
2412
# define SSL_F_STATE_MACHINE                              353
2413
# define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
2414
# define SSL_F_TLS12_COPY_SIGALGS                         533
2415 2416
# define SSL_F_TLS13_CHANGE_CIPHER_STATE                  440
# define SSL_F_TLS13_SETUP_KEY_BLOCK                      441
2417
# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
E
Emilia Kasper 已提交
2418
# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS            341
2419
# define SSL_F_TLS1_ENC                                   401
2420 2421 2422 2423 2424
# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
# define SSL_F_TLS1_GET_CURVELIST                         338
# define SSL_F_TLS1_PRF                                   284
# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
# define SSL_F_TLS1_SET_SERVER_SIGALGS                    335
M
Matt Caswell 已提交
2425
# define SSL_F_TLS_CHOOSE_SIGALG                          513
2426
# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK          354
2427
# define SSL_F_TLS_COLLECT_EXTENSIONS                     435
2428
# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES      542
M
Matt Caswell 已提交
2429
# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST          372
2430
# define SSL_F_TLS_CONSTRUCT_CERT_STATUS                  429
2431
# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY             494
2432
# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY                  496
2433
# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC           427
2434 2435 2436 2437 2438 2439
# define SSL_F_TLS_CONSTRUCT_CKE_DHE                      404
# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE                    405
# define SSL_F_TLS_CONSTRUCT_CKE_GOST                     406
# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE             407
# define SSL_F_TLS_CONSTRUCT_CKE_RSA                      409
# define SSL_F_TLS_CONSTRUCT_CKE_SRP                      410
M
Matt Caswell 已提交
2440 2441 2442 2443 2444 2445
# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE           484
# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO                 487
# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE          488
# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY                489
# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN                    466
# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE             355
M
Matt Caswell 已提交
2446
# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE                  535
2447
# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA              530
M
Matt Caswell 已提交
2448 2449 2450 2451 2452 2453 2454 2455
# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS           467
# define SSL_F_TLS_CONSTRUCT_CTOS_EMS                     468
# define SSL_F_TLS_CONSTRUCT_CTOS_ETM                     469
# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO                   356
# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE            357
# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE               470
# define SSL_F_TLS_CONSTRUCT_CTOS_NPN                     471
# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING                 472
2456
# define SSL_F_TLS_CONSTRUCT_CTOS_PSK                     501
D
Dr. Stephen Henson 已提交
2457
# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES           509
M
Matt Caswell 已提交
2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468
# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE             473
# define SSL_F_TLS_CONSTRUCT_CTOS_SCT                     474
# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME             475
# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET          476
# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS                477
# define SSL_F_TLS_CONSTRUCT_CTOS_SRP                     478
# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST          479
# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS        480
# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS      481
# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP                482
# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY                  358
M
Matt Caswell 已提交
2469
# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS         443
2470
# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA            536
M
Matt Caswell 已提交
2471
# define SSL_F_TLS_CONSTRUCT_EXTENSIONS                   447
2472
# define SSL_F_TLS_CONSTRUCT_FINISHED                     359
M
Matt Caswell 已提交
2473
# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST                373
2474
# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST          510
2475
# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE                   517
2476
# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET           428
2477
# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO                   426
M
Matt Caswell 已提交
2478 2479 2480 2481 2482 2483 2484
# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE           490
# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO                 491
# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE          492
# define SSL_F_TLS_CONSTRUCT_STOC_ALPN                    451
# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE             374
# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG           452
# define SSL_F_TLS_CONSTRUCT_STOC_DONE                    375
2485
# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA              531
2486
# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO         525
M
Matt Caswell 已提交
2487 2488 2489 2490 2491 2492 2493
# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS           453
# define SSL_F_TLS_CONSTRUCT_STOC_EMS                     454
# define SSL_F_TLS_CONSTRUCT_STOC_ETM                     455
# define SSL_F_TLS_CONSTRUCT_STOC_HELLO                   376
# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE            377
# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE               456
# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG          457
2494
# define SSL_F_TLS_CONSTRUCT_STOC_PSK                     504
M
Matt Caswell 已提交
2495 2496 2497 2498
# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE             458
# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME             459
# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET          460
# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST          461
2499
# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS        544
M
Matt Caswell 已提交
2500
# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP                462
B
Benjamin Kaduk 已提交
2501
# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO        521
M
Matt Caswell 已提交
2502
# define SSL_F_TLS_GET_MESSAGE_BODY                       351
M
Matt Caswell 已提交
2503
# define SSL_F_TLS_GET_MESSAGE_HEADER                     387
M
Matt Caswell 已提交
2504
# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT               449
M
Matt Caswell 已提交
2505
# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE                   463
2506
# define SSL_F_TLS_PARSE_CTOS_PSK                         505
M
Matt Caswell 已提交
2507 2508
# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE                 464
# define SSL_F_TLS_PARSE_CTOS_USE_SRTP                    465
M
Matt Caswell 已提交
2509
# define SSL_F_TLS_PARSE_STOC_COOKIE                      534
2510
# define SSL_F_TLS_PARSE_STOC_EARLY_DATA                  538
2511
# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO             528
M
Matt Caswell 已提交
2512
# define SSL_F_TLS_PARSE_STOC_KEY_SHARE                   445
2513
# define SSL_F_TLS_PARSE_STOC_PSK                         502
M
Matt Caswell 已提交
2514 2515
# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE                 448
# define SSL_F_TLS_PARSE_STOC_USE_SRTP                    446
M
Matt Caswell 已提交
2516
# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO              378
2517
# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE       384
2518 2519 2520
# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE             360
# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST            361
# define SSL_F_TLS_PROCESS_CERT_STATUS                    362
2521
# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY               495
M
Matt Caswell 已提交
2522
# define SSL_F_TLS_PROCESS_CERT_VERIFY                    379
2523
# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC             363
2524 2525 2526 2527 2528 2529
# define SSL_F_TLS_PROCESS_CKE_DHE                        411
# define SSL_F_TLS_PROCESS_CKE_ECDHE                      412
# define SSL_F_TLS_PROCESS_CKE_GOST                       413
# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE               414
# define SSL_F_TLS_PROCESS_CKE_RSA                        415
# define SSL_F_TLS_PROCESS_CKE_SRP                        416
M
Matt Caswell 已提交
2530 2531 2532
# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE             380
# define SSL_F_TLS_PROCESS_CLIENT_HELLO                   381
# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE            382
M
Matt Caswell 已提交
2533
# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS           444
2534
# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA              537
2535
# define SSL_F_TLS_PROCESS_FINISHED                       364
2536
# define SSL_F_TLS_PROCESS_HELLO_REQ                      507
2537
# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST            511
2538
# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT          442
2539
# define SSL_F_TLS_PROCESS_KEY_EXCHANGE                   365
M
Matt Caswell 已提交
2540
# define SSL_F_TLS_PROCESS_KEY_UPDATE                     518
2541
# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET             366
M
Matt Caswell 已提交
2542
# define SSL_F_TLS_PROCESS_NEXT_PROTO                     383
2543 2544 2545
# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE             367
# define SSL_F_TLS_PROCESS_SERVER_DONE                    368
# define SSL_F_TLS_PROCESS_SERVER_HELLO                   369
2546 2547 2548 2549
# define SSL_F_TLS_PROCESS_SKE_DHE                        419
# define SSL_F_TLS_PROCESS_SKE_ECDHE                      420
# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE               421
# define SSL_F_TLS_PROCESS_SKE_SRP                        422
2550
# define SSL_F_TLS_PSK_DO_BINDER                          506
M
Matt Caswell 已提交
2551
# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT                450
2552
# define SSL_F_TLS_SETUP_HANDSHAKE                        508
M
Matt Caswell 已提交
2553
# define SSL_F_USE_CERTIFICATE_CHAIN_FILE                 220
D
Dr. Stephen Henson 已提交
2554

2555
/* Reason codes. */
2556 2557
# define SSL_R_APP_DATA_IN_HANDSHAKE                      100
# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
2558 2559
# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE       143
# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
2560
# define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
2561
# define SSL_R_BAD_CIPHER                                 186
2562 2563 2564
# define SSL_R_BAD_DATA                                   390
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
# define SSL_R_BAD_DECOMPRESSION                          107
2565
# define SSL_R_BAD_DH_VALUE                               102
2566 2567 2568
# define SSL_R_BAD_DIGEST_LENGTH                          111
# define SSL_R_BAD_ECC_CERT                               304
# define SSL_R_BAD_ECPOINT                                306
2569
# define SSL_R_BAD_EXTENSION                              110
2570 2571
# define SSL_R_BAD_HANDSHAKE_LENGTH                       332
# define SSL_R_BAD_HELLO_REQUEST                          105
2572
# define SSL_R_BAD_KEY_SHARE                              108
2573
# define SSL_R_BAD_KEY_UPDATE                             122
2574 2575 2576
# define SSL_R_BAD_LENGTH                                 271
# define SSL_R_BAD_PACKET_LENGTH                          115
# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
2577
# define SSL_R_BAD_PSK_IDENTITY                           114
2578
# define SSL_R_BAD_RECORD_TYPE                            443
2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590
# define SSL_R_BAD_RSA_ENCRYPT                            119
# define SSL_R_BAD_SIGNATURE                              123
# define SSL_R_BAD_SRP_A_LENGTH                           347
# define SSL_R_BAD_SRP_PARAMETERS                         371
# define SSL_R_BAD_SRTP_MKI_VALUE                         352
# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
# define SSL_R_BAD_SSL_FILETYPE                           124
# define SSL_R_BAD_VALUE                                  384
# define SSL_R_BAD_WRITE_RETRY                            127
# define SSL_R_BIO_NOT_SET                                128
# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
# define SSL_R_BN_LIB                                     130
2591
# define SSL_R_CANNOT_CHANGE_CIPHER                       109
2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607
# define SSL_R_CA_DN_LENGTH_MISMATCH                      131
# define SSL_R_CA_KEY_TOO_SMALL                           397
# define SSL_R_CA_MD_TOO_WEAK                             398
# define SSL_R_CCS_RECEIVED_EARLY                         133
# define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
# define SSL_R_CERT_CB_ERROR                              377
# define SSL_R_CERT_LENGTH_MISMATCH                       135
# define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
# define SSL_R_CLIENTHELLO_TLSEXT                         226
# define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
# define SSL_R_COMPRESSION_DISABLED                       343
# define SSL_R_COMPRESSION_FAILURE                        141
# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
# define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
# define SSL_R_CONNECTION_TYPE_NOT_SET                    144
2608
# define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
M
Matt Caswell 已提交
2609
# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
2610
# define SSL_R_COOKIE_MISMATCH                            308
2611
# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED       206
2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622
# define SSL_R_DANE_ALREADY_ENABLED                       172
# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL            173
# define SSL_R_DANE_NOT_ENABLED                           175
# define SSL_R_DANE_TLSA_BAD_CERTIFICATE                  180
# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE            184
# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH                  189
# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH                192
# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE                200
# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY                   201
# define SSL_R_DANE_TLSA_BAD_SELECTOR                     202
# define SSL_R_DANE_TLSA_NULL_DATA                        203
2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637
# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
# define SSL_R_DATA_LENGTH_TOO_LONG                       146
# define SSL_R_DECRYPTION_FAILED                          147
# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
# define SSL_R_DH_KEY_TOO_SMALL                           394
# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
# define SSL_R_DIGEST_CHECK_FAILED                        149
# define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
# define SSL_R_DUPLICATE_COMPRESSION_ID                   309
# define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
# define SSL_R_EE_KEY_TOO_SMALL                           399
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
2638
# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
2639
# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE                  194
2640 2641
# define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
# define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
2642
# define SSL_R_EXT_LENGTH_MISMATCH                        163
M
Matt Caswell 已提交
2643
# define SSL_R_FAILED_TO_INIT_ASYNC                       405
M
Matt Caswell 已提交
2644
# define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
2645 2646 2647
# define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
# define SSL_R_HTTPS_PROXY_REQUEST                        155
# define SSL_R_HTTP_REQUEST                               156
2648
# define SSL_R_ILLEGAL_POINT_COMPRESSION                  162
2649 2650 2651
# define SSL_R_ILLEGAL_SUITEB_DIGEST                      380
# define SSL_R_INAPPROPRIATE_FALLBACK                     373
# define SSL_R_INCONSISTENT_COMPRESSION                   340
D
Dr. Stephen Henson 已提交
2652
# define SSL_R_INCONSISTENT_EXTMS                         104
2653
# define SSL_R_INVALID_ALERT                              205
2654 2655
# define SSL_R_INVALID_COMMAND                            280
# define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
D
Dr. Stephen Henson 已提交
2656
# define SSL_R_INVALID_CONFIGURATION_NAME                 113
V
Viktor Dukhovni 已提交
2657
# define SSL_R_INVALID_CT_VALIDATION_TYPE                 212
2658
# define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
2659
# define SSL_R_INVALID_MAX_EARLY_DATA                     174
2660
# define SSL_R_INVALID_NULL_CMD_NAME                      385
M
Matt Caswell 已提交
2661
# define SSL_R_INVALID_SEQUENCE_NUMBER                    402
2662 2663 2664 2665 2666
# define SSL_R_INVALID_SERVERINFO_DATA                    388
# define SSL_R_INVALID_SRP_USERNAME                       357
# define SSL_R_INVALID_STATUS_RESPONSE                    328
# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
# define SSL_R_LENGTH_MISMATCH                            159
M
Matt Caswell 已提交
2667
# define SSL_R_LENGTH_TOO_LONG                            404
2668
# define SSL_R_LENGTH_TOO_SHORT                           160
2669 2670 2671 2672 2673 2674 2675
# define SSL_R_LIBRARY_BUG                                274
# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
# define SSL_R_MISSING_DSA_SIGNING_CERT                   165
# define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
# define SSL_R_MISSING_RSA_CERTIFICATE                    168
# define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
# define SSL_R_MISSING_RSA_SIGNING_CERT                   170
2676
# define SSL_R_MISSING_SIGALGS_EXTENSION                  112
2677
# define SSL_R_MISSING_SRP_PARAM                          358
2678
# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209
2679 2680
# define SSL_R_MISSING_TMP_DH_KEY                         171
# define SSL_R_MISSING_TMP_ECDH_KEY                       311
2681
# define SSL_R_NOT_ON_RECORD_BOUNDARY                     182
2682 2683 2684
# define SSL_R_NO_CERTIFICATES_RETURNED                   176
# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
# define SSL_R_NO_CERTIFICATE_SET                         179
2685
# define SSL_R_NO_CHANGE_FOLLOWING_HRR                    205
2686 2687 2688 2689 2690 2691 2692 2693 2694 2695 2696 2697 2698
# define SSL_R_NO_CIPHERS_AVAILABLE                       181
# define SSL_R_NO_CIPHERS_SPECIFIED                       183
# define SSL_R_NO_CIPHER_MATCH                            185
# define SSL_R_NO_CLIENT_CERT_METHOD                      331
# define SSL_R_NO_COMPRESSION_SPECIFIED                   187
# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
# define SSL_R_NO_METHOD_SPECIFIED                        188
# define SSL_R_NO_PEM_EXTENSIONS                          389
# define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
# define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
# define SSL_R_NO_RENEGOTIATION                           339
# define SSL_R_NO_REQUIRED_DIGEST                         324
# define SSL_R_NO_SHARED_CIPHER                           193
2699
# define SSL_R_NO_SHARED_GROUPS                           410
F
FdaSilvaYY 已提交
2700
# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
2701
# define SSL_R_NO_SRTP_PROFILES                           359
2702
# define SSL_R_NO_SUITABLE_KEY_SHARE                      101
D
Dr. Stephen Henson 已提交
2703
# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
V
Viktor Dukhovni 已提交
2704
# define SSL_R_NO_VALID_SCTS                              216
M
Matt Caswell 已提交
2705
# define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
2706 2707 2708 2709 2710 2711 2712 2713 2714 2715
# define SSL_R_NULL_SSL_CTX                               195
# define SSL_R_NULL_SSL_METHOD_PASSED                     196
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
# define SSL_R_PACKET_LENGTH_TOO_LONG                     198
# define SSL_R_PARSE_TLSEXT                               227
# define SSL_R_PATH_TOO_LONG                              270
# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
# define SSL_R_PEM_NAME_BAD_PREFIX                        391
# define SSL_R_PEM_NAME_TOO_SHORT                         392
2716
# define SSL_R_PIPELINE_FAILURE                           406
2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728
# define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
# define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
# define SSL_R_PSK_NO_CLIENT_CB                           224
# define SSL_R_PSK_NO_SERVER_CB                           225
# define SSL_R_READ_BIO_NOT_SET                           211
# define SSL_R_READ_TIMEOUT_EXPIRED                       312
# define SSL_R_RECORD_LENGTH_MISMATCH                     213
# define SSL_R_RECORD_TOO_SMALL                           298
# define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
# define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
# define SSL_R_RENEGOTIATION_MISMATCH                     337
# define SSL_R_REQUIRED_CIPHER_MISSING                    215
F
FdaSilvaYY 已提交
2729
# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
2730
# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
2731
# define SSL_R_SCT_VERIFICATION_FAILED                    208
2732 2733
# define SSL_R_SERVERHELLO_TLSEXT                         275
# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
2734
# define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
2735 2736 2737 2738 2739 2740 2741 2742 2743
# define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
# define SSL_R_SRP_A_CALC                                 361
# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754
# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
D
Dr. Stephen Henson 已提交
2755 2756
# define SSL_R_SSL_COMMAND_SECTION_EMPTY                  117
# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND              125
2757 2758 2759 2760
# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
# define SSL_R_SSL_HANDSHAKE_FAILURE                      229
# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
# define SSL_R_SSL_NEGATIVE_LENGTH                        372
D
Dr. Stephen Henson 已提交
2761 2762
# define SSL_R_SSL_SECTION_EMPTY                          126
# define SSL_R_SSL_SECTION_NOT_FOUND                      136
2763 2764 2765 2766
# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
# define SSL_R_SSL_SESSION_ID_CONFLICT                    302
# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
2767
# define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
2768
# define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
2769
# define SSL_R_STILL_IN_INIT                              121
2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787
# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
2788 2789
# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
# define SSL_R_TLS_HEARTBEAT_PENDING                      366
2790 2791
# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
2792
# define SSL_R_TOO_MANY_KEY_UPDATES                       132
2793
# define SSL_R_TOO_MANY_WARN_ALERTS                       409
2794
# define SSL_R_TOO_MUCH_EARLY_DATA                        164
2795 2796 2797 2798
# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
2799
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
2800 2801 2802 2803 2804 2805 2806 2807
# define SSL_R_UNEXPECTED_MESSAGE                         244
# define SSL_R_UNEXPECTED_RECORD                          245
# define SSL_R_UNINITIALIZED                              276
# define SSL_R_UNKNOWN_ALERT_TYPE                         246
# define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
# define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
# define SSL_R_UNKNOWN_CIPHER_TYPE                        249
# define SSL_R_UNKNOWN_CMD_NAME                           386
D
Dr. Stephen Henson 已提交
2808
# define SSL_R_UNKNOWN_COMMAND                            139
2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821
# define SSL_R_UNKNOWN_DIGEST                             368
# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
# define SSL_R_UNKNOWN_PKEY_TYPE                          251
# define SSL_R_UNKNOWN_PROTOCOL                           252
# define SSL_R_UNKNOWN_SSL_VERSION                        254
# define SSL_R_UNKNOWN_STATE                              255
# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
# define SSL_R_UNSUPPORTED_PROTOCOL                       258
# define SSL_R_UNSUPPORTED_SSL_VERSION                    259
# define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
# define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
2822
# define SSL_R_VERSION_TOO_HIGH                           166
2823 2824 2825 2826 2827 2828 2829 2830 2831 2832 2833
# define SSL_R_VERSION_TOO_LOW                            396
# define SSL_R_WRONG_CERTIFICATE_TYPE                     383
# define SSL_R_WRONG_CIPHER_RETURNED                      261
# define SSL_R_WRONG_CURVE                                378
# define SSL_R_WRONG_SIGNATURE_LENGTH                     264
# define SSL_R_WRONG_SIGNATURE_SIZE                       265
# define SSL_R_WRONG_SIGNATURE_TYPE                       370
# define SSL_R_WRONG_SSL_VERSION                          266
# define SSL_R_WRONG_VERSION_NUMBER                       267
# define SSL_R_X509_LIB                                   268
# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
D
Dr. Stephen Henson 已提交
2834

R
Rich Salz 已提交
2835
# ifdef  __cplusplus
2836
}
R
Rich Salz 已提交
2837
# endif
2838
#endif