Where Online Learning is simpler!
The C and C++ Include Header Files
/usr/include/node/openssl/archs/linux32-s390x/asm/include/openssl/ssl.h
$ cat -n /usr/include/node/openssl/archs/linux32-s390x/asm/include/openssl/ssl.h 1 /* 2 * WARNING: do not edit! 3 * Generated by Makefile from include/openssl/ssl.h.in 4 * 5 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. 6 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 7 * Copyright 2005 Nokia. All rights reserved. 8 * 9 * Licensed under the Apache License 2.0 (the "License"). You may not use 10 * this file except in compliance with the License. You can obtain a copy 11 * in the file LICENSE in the source distribution or at 12 * https://www.openssl.org/source/license.html 13 */ 14 15 16 17 #ifndef OPENSSL_SSL_H 18 # define OPENSSL_SSL_H 19 # pragma once 20 21 # include <openssl/macros.h> 22 # ifndef OPENSSL_NO_DEPRECATED_3_0 23 # define HEADER_SSL_H 24 # endif 25 26 # include <openssl/e_os2.h> 27 # include <openssl/e_ostime.h> 28 # include <openssl/opensslconf.h> 29 # include <openssl/comp.h> 30 # include <openssl/bio.h> 31 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 32 # include <openssl/x509.h> 33 # include <openssl/crypto.h> 34 # include <openssl/buffer.h> 35 # endif 36 # include <openssl/lhash.h> 37 # include <openssl/pem.h> 38 # include <openssl/hmac.h> 39 # include <openssl/async.h> 40 41 # include <openssl/safestack.h> 42 # include <openssl/symhacks.h> 43 # include <openssl/ct.h> 44 # include <openssl/sslerr.h> 45 # include <openssl/prov_ssl.h> 46 # ifndef OPENSSL_NO_STDIO 47 # include <stdio.h> 48 # endif 49 50 #ifdef __cplusplus 51 extern "C" { 52 #endif 53 54 /* OpenSSL version number for ASN.1 encoding of the session information */ 55 /*- 56 * Version 0 - initial version 57 * Version 1 - added the optional peer certificate 58 */ 59 # define SSL_SESSION_ASN1_VERSION 0x0001 60 61 # define SSL_MAX_SSL_SESSION_ID_LENGTH 32 62 # define SSL_MAX_SID_CTX_LENGTH 32 63 64 # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) 65 # define SSL_MAX_KEY_ARG_LENGTH 8 66 /* SSL_MAX_MASTER_KEY_LENGTH is defined in prov_ssl.h */ 67 68 /* The maximum number of encrypt/decrypt pipelines we can support */ 69 # define SSL_MAX_PIPELINES 32 70 71 /* text strings for the ciphers */ 72 73 /* These are used to specify which ciphers to use and not to use */ 74 75 # define SSL_TXT_LOW "LOW" 76 # define SSL_TXT_MEDIUM "MEDIUM" 77 # define SSL_TXT_HIGH "HIGH" 78 # define SSL_TXT_FIPS "FIPS" 79 80 # define SSL_TXT_aNULL "aNULL" 81 # define SSL_TXT_eNULL "eNULL" 82 # define SSL_TXT_NULL "NULL" 83 84 # define SSL_TXT_kRSA "kRSA" 85 # define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */ 86 # define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */ 87 # define SSL_TXT_kDH "kDH"/* this cipher class has been removed */ 88 # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ 89 # define SSL_TXT_kDHE "kDHE" 90 # define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */ 91 # define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */ 92 # define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */ 93 # define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ 94 # define SSL_TXT_kECDHE "kECDHE" 95 # define SSL_TXT_kPSK "kPSK" 96 # define SSL_TXT_kRSAPSK "kRSAPSK" 97 # define SSL_TXT_kECDHEPSK "kECDHEPSK" 98 # define SSL_TXT_kDHEPSK "kDHEPSK" 99 # define SSL_TXT_kGOST "kGOST" 100 # define SSL_TXT_kGOST18 "kGOST18" 101 # define SSL_TXT_kSRP "kSRP" 102 103 # define SSL_TXT_aRSA "aRSA" 104 # define SSL_TXT_aDSS "aDSS" 105 # define SSL_TXT_aDH "aDH"/* this cipher class has been removed */ 106 # define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */ 107 # define SSL_TXT_aECDSA "aECDSA" 108 # define SSL_TXT_aPSK "aPSK" 109 # define SSL_TXT_aGOST94 "aGOST94" 110 # define SSL_TXT_aGOST01 "aGOST01" 111 # define SSL_TXT_aGOST12 "aGOST12" 112 # define SSL_TXT_aGOST "aGOST" 113 # define SSL_TXT_aSRP "aSRP" 114 115 # define SSL_TXT_DSS "DSS" 116 # define SSL_TXT_DH "DH" 117 # define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ 118 # define SSL_TXT_EDH "EDH"/* alias for DHE */ 119 # define SSL_TXT_ADH "ADH" 120 # define SSL_TXT_RSA "RSA" 121 # define SSL_TXT_ECDH "ECDH" 122 # define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ 123 # define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ 124 # define SSL_TXT_AECDH "AECDH" 125 # define SSL_TXT_ECDSA "ECDSA" 126 # define SSL_TXT_PSK "PSK" 127 # define SSL_TXT_SRP "SRP" 128 129 # define SSL_TXT_DES "DES" 130 # define SSL_TXT_3DES "3DES" 131 # define SSL_TXT_RC4 "RC4" 132 # define SSL_TXT_RC2 "RC2" 133 # define SSL_TXT_IDEA "IDEA" 134 # define SSL_TXT_SEED "SEED" 135 # define SSL_TXT_AES128 "AES128" 136 # define SSL_TXT_AES256 "AES256" 137 # define SSL_TXT_AES "AES" 138 # define SSL_TXT_AES_GCM "AESGCM" 139 # define SSL_TXT_AES_CCM "AESCCM" 140 # define SSL_TXT_AES_CCM_8 "AESCCM8" 141 # define SSL_TXT_CAMELLIA128 "CAMELLIA128" 142 # define SSL_TXT_CAMELLIA256 "CAMELLIA256" 143 # define SSL_TXT_CAMELLIA "CAMELLIA" 144 # define SSL_TXT_CHACHA20 "CHACHA20" 145 # define SSL_TXT_GOST "GOST89" 146 # define SSL_TXT_ARIA "ARIA" 147 # define SSL_TXT_ARIA_GCM "ARIAGCM" 148 # define SSL_TXT_ARIA128 "ARIA128" 149 # define SSL_TXT_ARIA256 "ARIA256" 150 # define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912" 151 # define SSL_TXT_CBC "CBC" 152 153 # define SSL_TXT_MD5 "MD5" 154 # define SSL_TXT_SHA1 "SHA1" 155 # define SSL_TXT_SHA "SHA"/* same as "SHA1" */ 156 # define SSL_TXT_GOST94 "GOST94" 157 # define SSL_TXT_GOST89MAC "GOST89MAC" 158 # define SSL_TXT_GOST12 "GOST12" 159 # define SSL_TXT_GOST89MAC12 "GOST89MAC12" 160 # define SSL_TXT_SHA256 "SHA256" 161 # define SSL_TXT_SHA384 "SHA384" 162 163 # define SSL_TXT_SSLV3 "SSLv3" 164 # define SSL_TXT_TLSV1 "TLSv1" 165 # define SSL_TXT_TLSV1_1 "TLSv1.1" 166 # define SSL_TXT_TLSV1_2 "TLSv1.2" 167 168 # define SSL_TXT_ALL "ALL" 169 170 /*- 171 * COMPLEMENTOF* definitions. These identifiers are used to (de-select) 172 * ciphers normally not being used. 173 * Example: "RC4" will activate all ciphers using RC4 including ciphers 174 * without authentication, which would normally disabled by DEFAULT (due 175 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" 176 * will make sure that it is also disabled in the specific selection. 177 * COMPLEMENTOF* identifiers are portable between version, as adjustments 178 * to the default cipher setup will also be included here. 179 * 180 * COMPLEMENTOFDEFAULT does not experience the same special treatment that 181 * DEFAULT gets, as only selection is being done and no sorting as needed 182 * for DEFAULT. 183 */ 184 # define SSL_TXT_CMPALL "COMPLEMENTOFALL" 185 # define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" 186 187 /* 188 * The following cipher list is used by default. It also is substituted when 189 * an application-defined cipher list string starts with 'DEFAULT'. 190 * This applies to ciphersuites for TLSv1.2 and below. 191 * DEPRECATED IN 3.0.0, in favor of OSSL_default_cipher_list() 192 * Update both macro and function simultaneously 193 */ 194 # ifndef OPENSSL_NO_DEPRECATED_3_0 195 # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" 196 /* 197 * This is the default set of TLSv1.3 ciphersuites 198 * DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites() 199 * Update both macro and function simultaneously 200 */ 201 # define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ 202 "TLS_CHACHA20_POLY1305_SHA256:" \ 203 "TLS_AES_128_GCM_SHA256" 204 # endif 205 /* 206 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always 207 * starts with a reasonable order, and all we have to do for DEFAULT is 208 * throwing out anonymous and unencrypted ciphersuites! (The latter are not 209 * actually enabled by ALL, but "ALL:RSA" would enable some of them.) 210 */ 211 212 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ 213 # define SSL_SENT_SHUTDOWN 1 214 # define SSL_RECEIVED_SHUTDOWN 2 215 216 #ifdef __cplusplus 217 } 218 #endif 219 220 #ifdef __cplusplus 221 extern "C" { 222 #endif 223 224 # define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 225 # define SSL_FILETYPE_PEM X509_FILETYPE_PEM 226 227 /* 228 * This is needed to stop compilers complaining about the 'struct ssl_st *' 229 * function parameters used to prototype callbacks in SSL_CTX. 230 */ 231 typedef struct ssl_st *ssl_crock_st; 232 typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; 233 typedef struct ssl_method_st SSL_METHOD; 234 typedef struct ssl_cipher_st SSL_CIPHER; 235 typedef struct ssl_session_st SSL_SESSION; 236 typedef struct tls_sigalgs_st TLS_SIGALGS; 237 typedef struct ssl_conf_ctx_st SSL_CONF_CTX; 238 239 STACK_OF(SSL_CIPHER); 240 241 /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ 242 typedef struct srtp_protection_profile_st { 243 const char *name; 244 unsigned long id; 245 } SRTP_PROTECTION_PROFILE; 246 SKM_DEFINE_STACK_OF_INTERNAL(SRTP_PROTECTION_PROFILE, SRTP_PROTECTION_PROFILE, SRTP_PROTECTION_PROFILE) 247 #define sk_SRTP_PROTECTION_PROFILE_num(sk) OPENSSL_sk_num(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk)) 248 #define sk_SRTP_PROTECTION_PROFILE_value(sk, idx) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_value(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk), (idx))) 249 #define sk_SRTP_PROTECTION_PROFILE_new(cmp) ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_new(ossl_check_SRTP_PROTECTION_PROFILE_compfunc_type(cmp))) 250 #define sk_SRTP_PROTECTION_PROFILE_new_null() ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_new_null()) 251 #define sk_SRTP_PROTECTION_PROFILE_new_reserve(cmp, n) ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_new_reserve(ossl_check_SRTP_PROTECTION_PROFILE_compfunc_type(cmp), (n))) 252 #define sk_SRTP_PROTECTION_PROFILE_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), (n)) 253 #define sk_SRTP_PROTECTION_PROFILE_free(sk) OPENSSL_sk_free(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk)) 254 #define sk_SRTP_PROTECTION_PROFILE_zero(sk) OPENSSL_sk_zero(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk)) 255 #define sk_SRTP_PROTECTION_PROFILE_delete(sk, i) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_delete(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), (i))) 256 #define sk_SRTP_PROTECTION_PROFILE_delete_ptr(sk, ptr) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_delete_ptr(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr))) 257 #define sk_SRTP_PROTECTION_PROFILE_push(sk, ptr) OPENSSL_sk_push(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr)) 258 #define sk_SRTP_PROTECTION_PROFILE_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr)) 259 #define sk_SRTP_PROTECTION_PROFILE_pop(sk) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_pop(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk))) 260 #define sk_SRTP_PROTECTION_PROFILE_shift(sk) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_shift(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk))) 261 #define sk_SRTP_PROTECTION_PROFILE_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk),ossl_check_SRTP_PROTECTION_PROFILE_freefunc_type(freefunc)) 262 #define sk_SRTP_PROTECTION_PROFILE_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr), (idx)) 263 #define sk_SRTP_PROTECTION_PROFILE_set(sk, idx, ptr) ((SRTP_PROTECTION_PROFILE *)OPENSSL_sk_set(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), (idx), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr))) 264 #define sk_SRTP_PROTECTION_PROFILE_find(sk, ptr) OPENSSL_sk_find(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr)) 265 #define sk_SRTP_PROTECTION_PROFILE_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr)) 266 #define sk_SRTP_PROTECTION_PROFILE_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_type(ptr), pnum) 267 #define sk_SRTP_PROTECTION_PROFILE_sort(sk) OPENSSL_sk_sort(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk)) 268 #define sk_SRTP_PROTECTION_PROFILE_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk)) 269 #define sk_SRTP_PROTECTION_PROFILE_dup(sk) ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_dup(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk))) 270 #define sk_SRTP_PROTECTION_PROFILE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SRTP_PROTECTION_PROFILE) *)OPENSSL_sk_deep_copy(ossl_check_const_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_copyfunc_type(copyfunc), ossl_check_SRTP_PROTECTION_PROFILE_freefunc_type(freefunc))) 271 #define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(sk, cmp) ((sk_SRTP_PROTECTION_PROFILE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SRTP_PROTECTION_PROFILE_sk_type(sk), ossl_check_SRTP_PROTECTION_PROFILE_compfunc_type(cmp))) 272 273 274 275 typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, 276 int len, void *arg); 277 typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, 278 STACK_OF(SSL_CIPHER) *peer_ciphers, 279 const SSL_CIPHER **cipher, void *arg); 280 281 /* Extension context codes */ 282 /* This extension is only allowed in TLS */ 283 #define SSL_EXT_TLS_ONLY 0x00001 284 /* This extension is only allowed in DTLS */ 285 #define SSL_EXT_DTLS_ONLY 0x00002 286 /* Some extensions may be allowed in DTLS but we don't implement them for it */ 287 #define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x00004 288 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ 289 #define SSL_EXT_SSL3_ALLOWED 0x00008 290 /* Extension is only defined for TLS1.2 and below */ 291 #define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x00010 292 /* Extension is only defined for TLS1.3 and above */ 293 #define SSL_EXT_TLS1_3_ONLY 0x00020 294 /* Ignore this extension during parsing if we are resuming */ 295 #define SSL_EXT_IGNORE_ON_RESUMPTION 0x00040 296 #define SSL_EXT_CLIENT_HELLO 0x00080 297 /* Really means TLS1.2 or below */ 298 #define SSL_EXT_TLS1_2_SERVER_HELLO 0x00100 299 #define SSL_EXT_TLS1_3_SERVER_HELLO 0x00200 300 #define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x00400 301 #define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x00800 302 #define SSL_EXT_TLS1_3_CERTIFICATE 0x01000 303 #define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x02000 304 #define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x04000 305 #define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION 0x08000 306 /* When sending a raw public key in a certificate message */ 307 #define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY 0x10000 308 309 /* Typedefs for handling custom extensions */ 310 311 typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, 312 const unsigned char **out, size_t *outlen, 313 int *al, void *add_arg); 314 315 typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, 316 const unsigned char *out, void *add_arg); 317 318 typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, 319 const unsigned char *in, size_t inlen, 320 int *al, void *parse_arg); 321 322 323 typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, 324 unsigned int context, 325 const unsigned char **out, 326 size_t *outlen, X509 *x, 327 size_t chainidx, 328 int *al, void *add_arg); 329 330 typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, 331 unsigned int context, 332 const unsigned char *out, 333 void *add_arg); 334 335 typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, 336 unsigned int context, 337 const unsigned char *in, 338 size_t inlen, X509 *x, 339 size_t chainidx, 340 int *al, void *parse_arg); 341 342 /* Typedef for verification callback */ 343 typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); 344 345 /* Typedef for SSL async callback */ 346 typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); 347 348 #define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n) 349 350 /* 351 * SSL/TLS connection options. 352 */ 353 /* Disable Extended master secret */ 354 # define SSL_OP_NO_EXTENDED_MASTER_SECRET SSL_OP_BIT(0) 355 /* Cleanse plaintext copies of data delivered to the application */ 356 # define SSL_OP_CLEANSE_PLAINTEXT SSL_OP_BIT(1) 357 /* Allow initial connection to servers that don't support RI */ 358 # define SSL_OP_LEGACY_SERVER_CONNECT SSL_OP_BIT(2) 359 /* Enable support for Kernel TLS */ 360 # define SSL_OP_ENABLE_KTLS SSL_OP_BIT(3) 361 # define SSL_OP_TLSEXT_PADDING SSL_OP_BIT(4) 362 # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG SSL_OP_BIT(6) 363 # define SSL_OP_IGNORE_UNEXPECTED_EOF SSL_OP_BIT(7) 364 # define SSL_OP_ALLOW_CLIENT_RENEGOTIATION SSL_OP_BIT(8) 365 # define SSL_OP_DISABLE_TLSEXT_CA_NAMES SSL_OP_BIT(9) 366 /* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ 367 # define SSL_OP_ALLOW_NO_DHE_KEX SSL_OP_BIT(10) 368 /* 369 * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added 370 * in OpenSSL 0.9.6d. Usually (depending on the application protocol) 371 * the workaround is not needed. Unfortunately some broken SSL/TLS 372 * implementations cannot handle it at all, which is why we include it 373 * in SSL_OP_ALL. Added in 0.9.6e 374 */ 375 # define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_BIT(11) 376 /* DTLS options */ 377 # define SSL_OP_NO_QUERY_MTU SSL_OP_BIT(12) 378 /* Turn on Cookie Exchange (on relevant for servers) */ 379 # define SSL_OP_COOKIE_EXCHANGE SSL_OP_BIT(13) 380 /* Don't use RFC4507 ticket extension */ 381 # define SSL_OP_NO_TICKET SSL_OP_BIT(14) 382 # ifndef OPENSSL_NO_DTLS1_METHOD 383 /* 384 * Use Cisco's version identifier of DTLS_BAD_VER 385 * (only with deprecated DTLSv1_client_method()) 386 */ 387 # define SSL_OP_CISCO_ANYCONNECT SSL_OP_BIT(15) 388 # endif 389 /* As server, disallow session resumption on renegotiation */ 390 # define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_BIT(16) 391 /* Don't use compression even if supported */ 392 # define SSL_OP_NO_COMPRESSION SSL_OP_BIT(17) 393 /* Permit unsafe legacy renegotiation */ 394 # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_BIT(18) 395 /* Disable encrypt-then-mac */ 396 # define SSL_OP_NO_ENCRYPT_THEN_MAC SSL_OP_BIT(19) 397 /* 398 * Enable TLSv1.3 Compatibility mode. This is on by default. A future 399 * version of OpenSSL may have this disabled by default. 400 */ 401 # define SSL_OP_ENABLE_MIDDLEBOX_COMPAT SSL_OP_BIT(20) 402 /* 403 * Prioritize Chacha20Poly1305 when client does. 404 * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE 405 */ 406 # define SSL_OP_PRIORITIZE_CHACHA SSL_OP_BIT(21) 407 /* 408 * Set on servers to choose the cipher according to server's preferences. 409 */ 410 # define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_BIT(22) 411 /* 412 * If set, a server will allow a client to issue an SSLv3.0 version 413 * number as latest version supported in the premaster secret, even when 414 * TLSv1.0 (version 3.1) was announced in the client hello. Normally 415 * this is forbidden to prevent version rollback attacks. 416 */ 417 # define SSL_OP_TLS_ROLLBACK_BUG SSL_OP_BIT(23) 418 /* 419 * Switches off automatic TLSv1.3 anti-replay protection for early data. 420 * This is a server-side option only (no effect on the client). 421 */ 422 # define SSL_OP_NO_ANTI_REPLAY SSL_OP_BIT(24) 423 # define SSL_OP_NO_SSLv3 SSL_OP_BIT(25) 424 # define SSL_OP_NO_TLSv1 SSL_OP_BIT(26) 425 # define SSL_OP_NO_TLSv1_2 SSL_OP_BIT(27) 426 # define SSL_OP_NO_TLSv1_1 SSL_OP_BIT(28) 427 # define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29) 428 # define SSL_OP_NO_DTLSv1 SSL_OP_BIT(26) 429 # define SSL_OP_NO_DTLSv1_2 SSL_OP_BIT(27) 430 /* Disallow all renegotiation */ 431 # define SSL_OP_NO_RENEGOTIATION SSL_OP_BIT(30) 432 /* 433 * Make server add server-hello extension from early version of 434 * cryptopro draft, when GOST ciphersuite is negotiated. Required for 435 * interoperability with CryptoPro CSP 3.x 436 */ 437 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) 438 /* 439 * Disable RFC8879 certificate compression 440 * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates, 441 * and ignore the extension when received. 442 * SSL_OP_NO_RX_CERTIFICATE_COMPRESSION: don't send the extension, and 443 * subsequently indicating that receiving is not supported 444 */ 445 # define SSL_OP_NO_TX_CERTIFICATE_COMPRESSION SSL_OP_BIT(32) 446 # define SSL_OP_NO_RX_CERTIFICATE_COMPRESSION SSL_OP_BIT(33) 447 /* Enable KTLS TX zerocopy on Linux */ 448 # define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34) 449 450 #define SSL_OP_PREFER_NO_DHE_KEX SSL_OP_BIT(35) 451 452 /* 453 * Option "collections." 454 */ 455 # define SSL_OP_NO_SSL_MASK \ 456 ( SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 \ 457 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3 ) 458 # define SSL_OP_NO_DTLS_MASK \ 459 ( SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2 ) 460 461 /* Various bug workarounds that should be rather harmless. */ 462 # define SSL_OP_ALL \ 463 ( SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS \ 464 | SSL_OP_TLSEXT_PADDING | SSL_OP_SAFARI_ECDHE_ECDSA_BUG ) 465 466 /* 467 * OBSOLETE OPTIONS retained for compatibility 468 */ 469 470 # define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 471 # define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 472 # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 473 # define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 474 # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 475 # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 476 # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 477 # define SSL_OP_TLS_D5_BUG 0x0 478 # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 479 # define SSL_OP_SINGLE_ECDH_USE 0x0 480 # define SSL_OP_SINGLE_DH_USE 0x0 481 # define SSL_OP_EPHEMERAL_RSA 0x0 482 # define SSL_OP_NO_SSLv2 0x0 483 # define SSL_OP_PKCS1_CHECK_1 0x0 484 # define SSL_OP_PKCS1_CHECK_2 0x0 485 # define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 486 # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 487 488 /* 489 * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 490 * when just a single record has been written): 491 */ 492 # define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U 493 /* 494 * Make it possible to retry SSL_write() with changed buffer location (buffer 495 * contents must stay the same!); this is not the default to avoid the 496 * misconception that non-blocking SSL_write() behaves like non-blocking 497 * write(): 498 */ 499 # define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U 500 /* 501 * Never bother the application with retries if the transport is blocking: 502 */ 503 # define SSL_MODE_AUTO_RETRY 0x00000004U 504 /* Don't attempt to automatically build certificate chain */ 505 # define SSL_MODE_NO_AUTO_CHAIN 0x00000008U 506 /* 507 * Save RAM by releasing read and write buffers when they're empty. (SSL3 and 508 * TLS only.) Released buffers are freed. 509 */ 510 # define SSL_MODE_RELEASE_BUFFERS 0x00000010U 511 /* 512 * Send the current time in the Random fields of the ClientHello and 513 * ServerHello records for compatibility with hypothetical implementations 514 * that require it. 515 */ 516 # define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U 517 # define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U 518 /* 519 * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications 520 * that reconnect with a downgraded protocol version; see 521 * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your 522 * application attempts a normal handshake. Only use this in explicit 523 * fallback retries, following the guidance in 524 * draft-ietf-tls-downgrade-scsv-00. 525 */ 526 # define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U 527 /* 528 * Support Asynchronous operation 529 */ 530 # define SSL_MODE_ASYNC 0x00000100U 531 532 /* 533 * When using DTLS/SCTP, include the terminating zero in the label 534 * used for computing the endpoint-pair shared secret. Required for 535 * interoperability with implementations having this bug like these 536 * older version of OpenSSL: 537 * - OpenSSL 1.0.0 series 538 * - OpenSSL 1.0.1 series 539 * - OpenSSL 1.0.2 series 540 * - OpenSSL 1.1.0 series 541 * - OpenSSL 1.1.1 and 1.1.1a 542 */ 543 # define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U 544 545 /* Cert related flags */ 546 /* 547 * Many implementations ignore some aspects of the TLS standards such as 548 * enforcing certificate chain algorithms. When this is set we enforce them. 549 */ 550 # define SSL_CERT_FLAG_TLS_STRICT 0x00000001U 551 552 /* Suite B modes, takes same values as certificate verify flags */ 553 # define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 554 /* Suite B 192 bit only mode */ 555 # define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 556 /* Suite B 128 bit mode allowing 192 bit algorithms */ 557 # define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 558 559 /* Perform all sorts of protocol violations for testing purposes */ 560 # define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 561 562 /* Flags for building certificate chains */ 563 /* Treat any existing certificates as untrusted CAs */ 564 # define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 565 /* Don't include root CA in chain */ 566 # define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 567 /* Just check certificates already there */ 568 # define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 569 /* Ignore verification errors */ 570 # define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 571 /* Clear verification errors from queue */ 572 # define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 573 574 /* Flags returned by SSL_check_chain */ 575 /* Certificate can be used with this session */ 576 # define CERT_PKEY_VALID 0x1 577 /* Certificate can also be used for signing */ 578 # define CERT_PKEY_SIGN 0x2 579 /* EE certificate signing algorithm OK */ 580 # define CERT_PKEY_EE_SIGNATURE 0x10 581 /* CA signature algorithms OK */ 582 # define CERT_PKEY_CA_SIGNATURE 0x20 583 /* EE certificate parameters OK */ 584 # define CERT_PKEY_EE_PARAM 0x40 585 /* CA certificate parameters OK */ 586 # define CERT_PKEY_CA_PARAM 0x80 587 /* Signing explicitly allowed as opposed to SHA1 fallback */ 588 # define CERT_PKEY_EXPLICIT_SIGN 0x100 589 /* Client CA issuer names match (always set for server cert) */ 590 # define CERT_PKEY_ISSUER_NAME 0x200 591 /* Cert type matches client types (always set for server cert) */ 592 # define CERT_PKEY_CERT_TYPE 0x400 593 /* Cert chain suitable to Suite B */ 594 # define CERT_PKEY_SUITEB 0x800 595 /* Cert pkey valid for raw public key use */ 596 # define CERT_PKEY_RPK 0x1000 597 598 # define SSL_CONF_FLAG_CMDLINE 0x1 599 # define SSL_CONF_FLAG_FILE 0x2 600 # define SSL_CONF_FLAG_CLIENT 0x4 601 # define SSL_CONF_FLAG_SERVER 0x8 602 # define SSL_CONF_FLAG_SHOW_ERRORS 0x10 603 # define SSL_CONF_FLAG_CERTIFICATE 0x20 604 # define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 605 /* Configuration value types */ 606 # define SSL_CONF_TYPE_UNKNOWN 0x0 607 # define SSL_CONF_TYPE_STRING 0x1 608 # define SSL_CONF_TYPE_FILE 0x2 609 # define SSL_CONF_TYPE_DIR 0x3 610 # define SSL_CONF_TYPE_NONE 0x4 611 # define SSL_CONF_TYPE_STORE 0x5 612 613 /* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */ 614 # define SSL_COOKIE_LENGTH 4096 615 616 /* 617 * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they 618 * cannot be used to clear bits. 619 */ 620 621 uint64_t SSL_CTX_get_options(const SSL_CTX *ctx); 622 uint64_t SSL_get_options(const SSL *s); 623 uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op); 624 uint64_t SSL_clear_options(SSL *s, uint64_t op); 625 uint64_t SSL_CTX_set_options(SSL_CTX *ctx, uint64_t op); 626 uint64_t SSL_set_options(SSL *s, uint64_t op); 627 628 # define SSL_CTX_set_mode(ctx,op) \ 629 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) 630 # define SSL_CTX_clear_mode(ctx,op) \ 631 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) 632 # define SSL_CTX_get_mode(ctx) \ 633 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) 634 # define SSL_clear_mode(ssl,op) \ 635 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) 636 # define SSL_set_mode(ssl,op) \ 637 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) 638 # define SSL_get_mode(ssl) \ 639 SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) 640 # define SSL_set_mtu(ssl, mtu) \ 641 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) 642 # define DTLS_set_link_mtu(ssl, mtu) \ 643 SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) 644 # define DTLS_get_link_min_mtu(ssl) \ 645 SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) 646 647 # define SSL_get_secure_renegotiation_support(ssl) \ 648 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) 649 650 # define SSL_CTX_set_cert_flags(ctx,op) \ 651 SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) 652 # define SSL_set_cert_flags(s,op) \ 653 SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) 654 # define SSL_CTX_clear_cert_flags(ctx,op) \ 655 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) 656 # define SSL_clear_cert_flags(s,op) \ 657 SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) 658 659 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, 660 void (*cb) (int write_p, int version, 661 int content_type, const void *buf, 662 size_t len, SSL *ssl, void *arg)); 663 void SSL_set_msg_callback(SSL *ssl, 664 void (*cb) (int write_p, int version, 665 int content_type, const void *buf, 666 size_t len, SSL *ssl, void *arg)); 667 # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 668 # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 669 670 # define SSL_get_extms_support(s) \ 671 SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) 672 673 # ifndef OPENSSL_NO_SRP 674 /* see tls_srp.c */ 675 # ifndef OPENSSL_NO_DEPRECATED_3_0 676 OSSL_DEPRECATEDIN_3_0 __owur int SSL_SRP_CTX_init(SSL *s); 677 OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); 678 OSSL_DEPRECATEDIN_3_0 int SSL_SRP_CTX_free(SSL *ctx); 679 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); 680 OSSL_DEPRECATEDIN_3_0 __owur int SSL_srp_server_param_with_username(SSL *s, 681 int *ad); 682 OSSL_DEPRECATEDIN_3_0 __owur int SRP_Calc_A_param(SSL *s); 683 # endif 684 # endif 685 686 /* 100k max cert list */ 687 # define SSL_MAX_CERT_LIST_DEFAULT (1024*100) 688 689 # define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) 690 691 /* 692 * This callback type is used inside SSL_CTX, SSL, and in the functions that 693 * set them. It is used to override the generation of SSL/TLS session IDs in 694 * a server. Return value should be zero on an error, non-zero to proceed. 695 * Also, callbacks should themselves check if the id they generate is unique 696 * otherwise the SSL handshake will fail with an error - callbacks can do 697 * this using the 'ssl' value they're passed by; 698 * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in 699 * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 700 * bytes. The callback can alter this length to be less if desired. It is 701 * also an error for the callback to set the size to zero. 702 */ 703 typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, 704 unsigned int *id_len); 705 706 # define SSL_SESS_CACHE_OFF 0x0000 707 # define SSL_SESS_CACHE_CLIENT 0x0001 708 # define SSL_SESS_CACHE_SERVER 0x0002 709 # define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) 710 # define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 711 /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ 712 # define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 713 # define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 714 # define SSL_SESS_CACHE_NO_INTERNAL \ 715 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) 716 # define SSL_SESS_CACHE_UPDATE_TIME 0x0400 717 718 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); 719 # define SSL_CTX_sess_number(ctx) \ 720 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) 721 # define SSL_CTX_sess_connect(ctx) \ 722 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) 723 # define SSL_CTX_sess_connect_good(ctx) \ 724 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) 725 # define SSL_CTX_sess_connect_renegotiate(ctx) \ 726 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) 727 # define SSL_CTX_sess_accept(ctx) \ 728 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) 729 # define SSL_CTX_sess_accept_renegotiate(ctx) \ 730 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) 731 # define SSL_CTX_sess_accept_good(ctx) \ 732 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) 733 # define SSL_CTX_sess_hits(ctx) \ 734 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) 735 # define SSL_CTX_sess_cb_hits(ctx) \ 736 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) 737 # define SSL_CTX_sess_misses(ctx) \ 738 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) 739 # define SSL_CTX_sess_timeouts(ctx) \ 740 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) 741 # define SSL_CTX_sess_cache_full(ctx) \ 742 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) 743 744 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 745 int (*new_session_cb) (struct ssl_st *ssl, 746 SSL_SESSION *sess)); 747 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, 748 SSL_SESSION *sess); 749 void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 750 void (*remove_session_cb) (struct ssl_ctx_st 751 *ctx, 752 SSL_SESSION *sess)); 753 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, 754 SSL_SESSION *sess); 755 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, 756 SSL_SESSION *(*get_session_cb) (struct ssl_st 757 *ssl, 758 const unsigned char 759 *data, int len, 760 int *copy)); 761 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, 762 const unsigned char *data, 763 int len, int *copy); 764 void SSL_CTX_set_info_callback(SSL_CTX *ctx, 765 void (*cb) (const SSL *ssl, int type, int val)); 766 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, 767 int val); 768 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 769 int (*client_cert_cb) (SSL *ssl, X509 **x509, 770 EVP_PKEY **pkey)); 771 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, 772 EVP_PKEY **pkey); 773 # ifndef OPENSSL_NO_ENGINE 774 __owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); 775 # endif 776 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 777 int (*app_gen_cookie_cb) (SSL *ssl, 778 unsigned char 779 *cookie, 780 unsigned int 781 *cookie_len)); 782 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 783 int (*app_verify_cookie_cb) (SSL *ssl, 784 const unsigned 785 char *cookie, 786 unsigned int 787 cookie_len)); 788 789 void SSL_CTX_set_stateless_cookie_generate_cb( 790 SSL_CTX *ctx, 791 int (*gen_stateless_cookie_cb) (SSL *ssl, 792 unsigned char *cookie, 793 size_t *cookie_len)); 794 void SSL_CTX_set_stateless_cookie_verify_cb( 795 SSL_CTX *ctx, 796 int (*verify_stateless_cookie_cb) (SSL *ssl, 797 const unsigned char *cookie, 798 size_t cookie_len)); 799 # ifndef OPENSSL_NO_NEXTPROTONEG 800 801 typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl, 802 const unsigned char **out, 803 unsigned int *outlen, 804 void *arg); 805 void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, 806 SSL_CTX_npn_advertised_cb_func cb, 807 void *arg); 808 # define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb 809 810 typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, 811 unsigned char **out, 812 unsigned char *outlen, 813 const unsigned char *in, 814 unsigned int inlen, 815 void *arg); 816 void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, 817 SSL_CTX_npn_select_cb_func cb, 818 void *arg); 819 # define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb 820 821 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 822 unsigned *len); 823 # define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated 824 # endif 825 826 __owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 827 const unsigned char *in, unsigned int inlen, 828 const unsigned char *client, 829 unsigned int client_len); 830 831 # define OPENSSL_NPN_UNSUPPORTED 0 832 # define OPENSSL_NPN_NEGOTIATED 1 833 # define OPENSSL_NPN_NO_OVERLAP 2 834 835 __owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 836 unsigned int protos_len); 837 __owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 838 unsigned int protos_len); 839 typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl, 840 const unsigned char **out, 841 unsigned char *outlen, 842 const unsigned char *in, 843 unsigned int inlen, 844 void *arg); 845 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 846 SSL_CTX_alpn_select_cb_func cb, 847 void *arg); 848 void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 849 unsigned int *len); 850 851 # ifndef OPENSSL_NO_PSK 852 /* 853 * the maximum length of the buffer given to callbacks containing the 854 * resulting identity/psk 855 */ 856 # define PSK_MAX_IDENTITY_LEN 256 857 # define PSK_MAX_PSK_LEN 512 858 typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, 859 const char *hint, 860 char *identity, 861 unsigned int max_identity_len, 862 unsigned char *psk, 863 unsigned int max_psk_len); 864 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); 865 void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); 866 867 typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, 868 const char *identity, 869 unsigned char *psk, 870 unsigned int max_psk_len); 871 void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); 872 void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); 873 874 __owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); 875 __owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); 876 const char *SSL_get_psk_identity_hint(const SSL *s); 877 const char *SSL_get_psk_identity(const SSL *s); 878 # endif 879 880 typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, 881 const unsigned char *identity, 882 size_t identity_len, 883 SSL_SESSION **sess); 884 typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, 885 const unsigned char **id, 886 size_t *idlen, 887 SSL_SESSION **sess); 888 889 void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); 890 void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, 891 SSL_psk_find_session_cb_func cb); 892 void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); 893 void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, 894 SSL_psk_use_session_cb_func cb); 895 896 /* Register callbacks to handle custom TLS Extensions for client or server. */ 897 898 __owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, 899 unsigned int ext_type); 900 901 __owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, 902 unsigned int ext_type, 903 custom_ext_add_cb add_cb, 904 custom_ext_free_cb free_cb, 905 void *add_arg, 906 custom_ext_parse_cb parse_cb, 907 void *parse_arg); 908 909 __owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, 910 unsigned int ext_type, 911 custom_ext_add_cb add_cb, 912 custom_ext_free_cb free_cb, 913 void *add_arg, 914 custom_ext_parse_cb parse_cb, 915 void *parse_arg); 916 917 __owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, 918 unsigned int context, 919 SSL_custom_ext_add_cb_ex add_cb, 920 SSL_custom_ext_free_cb_ex free_cb, 921 void *add_arg, 922 SSL_custom_ext_parse_cb_ex parse_cb, 923 void *parse_arg); 924 925 __owur int SSL_extension_supported(unsigned int ext_type); 926 927 # define SSL_NOTHING 1 928 # define SSL_WRITING 2 929 # define SSL_READING 3 930 # define SSL_X509_LOOKUP 4 931 # define SSL_ASYNC_PAUSED 5 932 # define SSL_ASYNC_NO_JOBS 6 933 # define SSL_CLIENT_HELLO_CB 7 934 # define SSL_RETRY_VERIFY 8 935 936 /* These will only be used when doing non-blocking IO */ 937 # define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) 938 # define SSL_want_read(s) (SSL_want(s) == SSL_READING) 939 # define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) 940 # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) 941 # define SSL_want_retry_verify(s) (SSL_want(s) == SSL_RETRY_VERIFY) 942 # define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) 943 # define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) 944 # define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB) 945 946 # define SSL_MAC_FLAG_READ_MAC_STREAM 1 947 # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 948 # define SSL_MAC_FLAG_READ_MAC_TLSTREE 4 949 # define SSL_MAC_FLAG_WRITE_MAC_TLSTREE 8 950 951 /* 952 * A callback for logging out TLS key material. This callback should log out 953 * |line| followed by a newline. 954 */ 955 typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); 956 957 /* 958 * SSL_CTX_set_keylog_callback configures a callback to log key material. This 959 * is intended for debugging use with tools like Wireshark. The cb function 960 * should log line followed by a newline. 961 */ 962 void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); 963 964 /* 965 * SSL_CTX_get_keylog_callback returns the callback configured by 966 * SSL_CTX_set_keylog_callback. 967 */ 968 SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); 969 970 int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); 971 uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); 972 int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); 973 uint32_t SSL_get_max_early_data(const SSL *s); 974 int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); 975 uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); 976 int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); 977 uint32_t SSL_get_recv_max_early_data(const SSL *s); 978 979 #ifdef __cplusplus 980 } 981 #endif 982 983 # include <openssl/ssl2.h> 984 # include <openssl/ssl3.h> 985 # include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ 986 # include <openssl/dtls1.h> /* Datagram TLS */ 987 # include <openssl/srtp.h> /* Support for the use_srtp extension */ 988 # include <openssl/quic.h> 989 990 #ifdef __cplusplus 991 extern "C" { 992 #endif 993 994 /* 995 * These need to be after the above set of includes due to a compiler bug 996 * in VisualStudio 2015 997 */ 998 SKM_DEFINE_STACK_OF_INTERNAL(SSL_CIPHER, const SSL_CIPHER, SSL_CIPHER) 999 #define sk_SSL_CIPHER_num(sk) OPENSSL_sk_num(ossl_check_const_SSL_CIPHER_sk_type(sk)) 1000 #define sk_SSL_CIPHER_value(sk, idx) ((const SSL_CIPHER *)OPENSSL_sk_value(ossl_check_const_SSL_CIPHER_sk_type(sk), (idx))) 1001 #define sk_SSL_CIPHER_new(cmp) ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_new(ossl_check_SSL_CIPHER_compfunc_type(cmp))) 1002 #define sk_SSL_CIPHER_new_null() ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_new_null()) 1003 #define sk_SSL_CIPHER_new_reserve(cmp, n) ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_new_reserve(ossl_check_SSL_CIPHER_compfunc_type(cmp), (n))) 1004 #define sk_SSL_CIPHER_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_SSL_CIPHER_sk_type(sk), (n)) 1005 #define sk_SSL_CIPHER_free(sk) OPENSSL_sk_free(ossl_check_SSL_CIPHER_sk_type(sk)) 1006 #define sk_SSL_CIPHER_zero(sk) OPENSSL_sk_zero(ossl_check_SSL_CIPHER_sk_type(sk)) 1007 #define sk_SSL_CIPHER_delete(sk, i) ((const SSL_CIPHER *)OPENSSL_sk_delete(ossl_check_SSL_CIPHER_sk_type(sk), (i))) 1008 #define sk_SSL_CIPHER_delete_ptr(sk, ptr) ((const SSL_CIPHER *)OPENSSL_sk_delete_ptr(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr))) 1009 #define sk_SSL_CIPHER_push(sk, ptr) OPENSSL_sk_push(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr)) 1010 #define sk_SSL_CIPHER_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr)) 1011 #define sk_SSL_CIPHER_pop(sk) ((const SSL_CIPHER *)OPENSSL_sk_pop(ossl_check_SSL_CIPHER_sk_type(sk))) 1012 #define sk_SSL_CIPHER_shift(sk) ((const SSL_CIPHER *)OPENSSL_sk_shift(ossl_check_SSL_CIPHER_sk_type(sk))) 1013 #define sk_SSL_CIPHER_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_SSL_CIPHER_sk_type(sk),ossl_check_SSL_CIPHER_freefunc_type(freefunc)) 1014 #define sk_SSL_CIPHER_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr), (idx)) 1015 #define sk_SSL_CIPHER_set(sk, idx, ptr) ((const SSL_CIPHER *)OPENSSL_sk_set(ossl_check_SSL_CIPHER_sk_type(sk), (idx), ossl_check_SSL_CIPHER_type(ptr))) 1016 #define sk_SSL_CIPHER_find(sk, ptr) OPENSSL_sk_find(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr)) 1017 #define sk_SSL_CIPHER_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr)) 1018 #define sk_SSL_CIPHER_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_type(ptr), pnum) 1019 #define sk_SSL_CIPHER_sort(sk) OPENSSL_sk_sort(ossl_check_SSL_CIPHER_sk_type(sk)) 1020 #define sk_SSL_CIPHER_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_SSL_CIPHER_sk_type(sk)) 1021 #define sk_SSL_CIPHER_dup(sk) ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_dup(ossl_check_const_SSL_CIPHER_sk_type(sk))) 1022 #define sk_SSL_CIPHER_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(SSL_CIPHER) *)OPENSSL_sk_deep_copy(ossl_check_const_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_copyfunc_type(copyfunc), ossl_check_SSL_CIPHER_freefunc_type(freefunc))) 1023 #define sk_SSL_CIPHER_set_cmp_func(sk, cmp) ((sk_SSL_CIPHER_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_SSL_CIPHER_sk_type(sk), ossl_check_SSL_CIPHER_compfunc_type(cmp))) 1024 1025 1026 /* compatibility */ 1027 # define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg))) 1028 # define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) 1029 # define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \ 1030 (char *)(a))) 1031 # define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) 1032 # define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) 1033 # define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \ 1034 (char *)(arg))) 1035 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 1036 OSSL_DEPRECATEDIN_1_1_0 void SSL_set_debug(SSL *s, int debug); 1037 # endif 1038 1039 /* TLSv1.3 KeyUpdate message types */ 1040 /* -1 used so that this is an invalid value for the on-the-wire protocol */ 1041 #define SSL_KEY_UPDATE_NONE -1 1042 /* Values as defined for the on-the-wire protocol */ 1043 #define SSL_KEY_UPDATE_NOT_REQUESTED 0 1044 #define SSL_KEY_UPDATE_REQUESTED 1 1045 1046 /* 1047 * The valid handshake states (one for each type message sent and one for each 1048 * type of message received). There are also two "special" states: 1049 * TLS = TLS or DTLS state 1050 * DTLS = DTLS specific state 1051 * CR/SR = Client Read/Server Read 1052 * CW/SW = Client Write/Server Write 1053 * 1054 * The "special" states are: 1055 * TLS_ST_BEFORE = No handshake has been initiated yet 1056 * TLS_ST_OK = A handshake has been successfully completed 1057 */ 1058 typedef enum { 1059 TLS_ST_BEFORE, 1060 TLS_ST_OK, 1061 DTLS_ST_CR_HELLO_VERIFY_REQUEST, 1062 TLS_ST_CR_SRVR_HELLO, 1063 TLS_ST_CR_CERT, 1064 TLS_ST_CR_COMP_CERT, 1065 TLS_ST_CR_CERT_STATUS, 1066 TLS_ST_CR_KEY_EXCH, 1067 TLS_ST_CR_CERT_REQ, 1068 TLS_ST_CR_SRVR_DONE, 1069 TLS_ST_CR_SESSION_TICKET, 1070 TLS_ST_CR_CHANGE, 1071 TLS_ST_CR_FINISHED, 1072 TLS_ST_CW_CLNT_HELLO, 1073 TLS_ST_CW_CERT, 1074 TLS_ST_CW_COMP_CERT, 1075 TLS_ST_CW_KEY_EXCH, 1076 TLS_ST_CW_CERT_VRFY, 1077 TLS_ST_CW_CHANGE, 1078 TLS_ST_CW_NEXT_PROTO, 1079 TLS_ST_CW_FINISHED, 1080 TLS_ST_SW_HELLO_REQ, 1081 TLS_ST_SR_CLNT_HELLO, 1082 DTLS_ST_SW_HELLO_VERIFY_REQUEST, 1083 TLS_ST_SW_SRVR_HELLO, 1084 TLS_ST_SW_CERT, 1085 TLS_ST_SW_COMP_CERT, 1086 TLS_ST_SW_KEY_EXCH, 1087 TLS_ST_SW_CERT_REQ, 1088 TLS_ST_SW_SRVR_DONE, 1089 TLS_ST_SR_CERT, 1090 TLS_ST_SR_COMP_CERT, 1091 TLS_ST_SR_KEY_EXCH, 1092 TLS_ST_SR_CERT_VRFY, 1093 TLS_ST_SR_NEXT_PROTO, 1094 TLS_ST_SR_CHANGE, 1095 TLS_ST_SR_FINISHED, 1096 TLS_ST_SW_SESSION_TICKET, 1097 TLS_ST_SW_CERT_STATUS, 1098 TLS_ST_SW_CHANGE, 1099 TLS_ST_SW_FINISHED, 1100 TLS_ST_SW_ENCRYPTED_EXTENSIONS, 1101 TLS_ST_CR_ENCRYPTED_EXTENSIONS, 1102 TLS_ST_CR_CERT_VRFY, 1103 TLS_ST_SW_CERT_VRFY, 1104 TLS_ST_CR_HELLO_REQ, 1105 TLS_ST_SW_KEY_UPDATE, 1106 TLS_ST_CW_KEY_UPDATE, 1107 TLS_ST_SR_KEY_UPDATE, 1108 TLS_ST_CR_KEY_UPDATE, 1109 TLS_ST_EARLY_DATA, 1110 TLS_ST_PENDING_EARLY_DATA_END, 1111 TLS_ST_CW_END_OF_EARLY_DATA, 1112 TLS_ST_SR_END_OF_EARLY_DATA 1113 } OSSL_HANDSHAKE_STATE; 1114 1115 /* 1116 * Most of the following state values are no longer used and are defined to be 1117 * the closest equivalent value in the current state machine code. Not all 1118 * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT 1119 * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, 1120 * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. 1121 */ 1122 1123 # define SSL_ST_CONNECT 0x1000 1124 # define SSL_ST_ACCEPT 0x2000 1125 1126 # define SSL_ST_MASK 0x0FFF 1127 1128 # define SSL_CB_LOOP 0x01 1129 # define SSL_CB_EXIT 0x02 1130 # define SSL_CB_READ 0x04 1131 # define SSL_CB_WRITE 0x08 1132 # define SSL_CB_ALERT 0x4000/* used in callback */ 1133 # define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) 1134 # define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) 1135 # define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) 1136 # define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) 1137 # define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) 1138 # define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) 1139 # define SSL_CB_HANDSHAKE_START 0x10 1140 # define SSL_CB_HANDSHAKE_DONE 0x20 1141 1142 /* Is the SSL_connection established? */ 1143 # define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) 1144 # define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) 1145 int SSL_in_init(const SSL *s); 1146 int SSL_in_before(const SSL *s); 1147 int SSL_is_init_finished(const SSL *s); 1148 1149 /* 1150 * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you 1151 * should not need these 1152 */ 1153 # define SSL_ST_READ_HEADER 0xF0 1154 # define SSL_ST_READ_BODY 0xF1 1155 # define SSL_ST_READ_DONE 0xF2 1156 1157 /*- 1158 * Obtain latest Finished message 1159 * -- that we sent (SSL_get_finished) 1160 * -- that we expected from peer (SSL_get_peer_finished). 1161 * Returns length (0 == no Finished so far), copies up to 'count' bytes. 1162 */ 1163 size_t SSL_get_finished(const SSL *s, void *buf, size_t count); 1164 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); 1165 1166 /* 1167 * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are 1168 * 'ored' with SSL_VERIFY_PEER if they are desired 1169 */ 1170 # define SSL_VERIFY_NONE 0x00 1171 # define SSL_VERIFY_PEER 0x01 1172 # define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 1173 # define SSL_VERIFY_CLIENT_ONCE 0x04 1174 # define SSL_VERIFY_POST_HANDSHAKE 0x08 1175 1176 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 1177 # define OpenSSL_add_ssl_algorithms() SSL_library_init() 1178 # define SSLeay_add_ssl_algorithms() SSL_library_init() 1179 # endif 1180 1181 /* More backward compatibility */ 1182 # define SSL_get_cipher(s) \ 1183 SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 1184 # define SSL_get_cipher_bits(s,np) \ 1185 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) 1186 # define SSL_get_cipher_version(s) \ 1187 SSL_CIPHER_get_version(SSL_get_current_cipher(s)) 1188 # define SSL_get_cipher_name(s) \ 1189 SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 1190 # define SSL_get_time(a) SSL_SESSION_get_time(a) 1191 # define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) 1192 # define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) 1193 # define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) 1194 1195 # define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) 1196 # define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) 1197 1198 DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 1199 # define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value 1200 * from SSL_AD_... */ 1201 /* These alert types are for SSLv3 and TLSv1 */ 1202 # define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY 1203 /* fatal */ 1204 # define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE 1205 /* fatal */ 1206 # define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC 1207 # define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED 1208 # define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW 1209 /* fatal */ 1210 # define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE 1211 /* fatal */ 1212 # define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE 1213 /* Not for TLS */ 1214 # define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE 1215 # define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE 1216 # define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE 1217 # define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED 1218 # define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED 1219 # define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN 1220 /* fatal */ 1221 # define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER 1222 /* fatal */ 1223 # define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA 1224 /* fatal */ 1225 # define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED 1226 /* fatal */ 1227 # define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR 1228 # define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR 1229 /* fatal */ 1230 # define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION 1231 /* fatal */ 1232 # define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION 1233 /* fatal */ 1234 # define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY 1235 /* fatal */ 1236 # define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR 1237 # define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED 1238 # define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION 1239 # define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION 1240 # define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED 1241 # define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION 1242 # define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE 1243 # define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME 1244 # define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 1245 # define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 1246 /* fatal */ 1247 # define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY 1248 /* fatal */ 1249 # define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK 1250 # define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL 1251 # define SSL_ERROR_NONE 0 1252 # define SSL_ERROR_SSL 1 1253 # define SSL_ERROR_WANT_READ 2 1254 # define SSL_ERROR_WANT_WRITE 3 1255 # define SSL_ERROR_WANT_X509_LOOKUP 4 1256 # define SSL_ERROR_SYSCALL 5/* look at error stack/return 1257 * value/errno */ 1258 # define SSL_ERROR_ZERO_RETURN 6 1259 # define SSL_ERROR_WANT_CONNECT 7 1260 # define SSL_ERROR_WANT_ACCEPT 8 1261 # define SSL_ERROR_WANT_ASYNC 9 1262 # define SSL_ERROR_WANT_ASYNC_JOB 10 1263 # define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 1264 # define SSL_ERROR_WANT_RETRY_VERIFY 12 1265 1266 # ifndef OPENSSL_NO_DEPRECATED_3_0 1267 # define SSL_CTRL_SET_TMP_DH 3 1268 # define SSL_CTRL_SET_TMP_ECDH 4 1269 # define SSL_CTRL_SET_TMP_DH_CB 6 1270 # endif 1271 1272 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 1273 # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 1274 # define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 1275 # define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 1276 # define SSL_CTRL_GET_FLAGS 13 1277 # define SSL_CTRL_EXTRA_CHAIN_CERT 14 1278 # define SSL_CTRL_SET_MSG_CALLBACK 15 1279 # define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 1280 /* only applies to datagram connections */ 1281 # define SSL_CTRL_SET_MTU 17 1282 /* Stats */ 1283 # define SSL_CTRL_SESS_NUMBER 20 1284 # define SSL_CTRL_SESS_CONNECT 21 1285 # define SSL_CTRL_SESS_CONNECT_GOOD 22 1286 # define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 1287 # define SSL_CTRL_SESS_ACCEPT 24 1288 # define SSL_CTRL_SESS_ACCEPT_GOOD 25 1289 # define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 1290 # define SSL_CTRL_SESS_HIT 27 1291 # define SSL_CTRL_SESS_CB_HIT 28 1292 # define SSL_CTRL_SESS_MISSES 29 1293 # define SSL_CTRL_SESS_TIMEOUTS 30 1294 # define SSL_CTRL_SESS_CACHE_FULL 31 1295 # define SSL_CTRL_MODE 33 1296 # define SSL_CTRL_GET_READ_AHEAD 40 1297 # define SSL_CTRL_SET_READ_AHEAD 41 1298 # define SSL_CTRL_SET_SESS_CACHE_SIZE 42 1299 # define SSL_CTRL_GET_SESS_CACHE_SIZE 43 1300 # define SSL_CTRL_SET_SESS_CACHE_MODE 44 1301 # define SSL_CTRL_GET_SESS_CACHE_MODE 45 1302 # define SSL_CTRL_GET_MAX_CERT_LIST 50 1303 # define SSL_CTRL_SET_MAX_CERT_LIST 51 1304 # define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 1305 /* see tls1.h for macros based on these */ 1306 # define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 1307 # define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 1308 # define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 1309 # define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 1310 # define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 1311 # define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 1312 # define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 1313 /*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ 1314 /*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ 1315 /*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ 1316 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 1317 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 1318 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 1319 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 1320 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 1321 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 1322 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 1323 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 1324 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 1325 # ifndef OPENSSL_NO_DEPRECATED_3_0 1326 # define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 1327 # endif 1328 # define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 1329 # define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 1330 # define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 1331 # define SSL_CTRL_SET_SRP_ARG 78 1332 # define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 1333 # define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 1334 # define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 1335 # define DTLS_CTRL_GET_TIMEOUT 73 1336 # define DTLS_CTRL_HANDLE_TIMEOUT 74 1337 # define SSL_CTRL_GET_RI_SUPPORT 76 1338 # define SSL_CTRL_CLEAR_MODE 78 1339 # define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 1340 # define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 1341 # define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 1342 # define SSL_CTRL_CHAIN 88 1343 # define SSL_CTRL_CHAIN_CERT 89 1344 # define SSL_CTRL_GET_GROUPS 90 1345 # define SSL_CTRL_SET_GROUPS 91 1346 # define SSL_CTRL_SET_GROUPS_LIST 92 1347 # define SSL_CTRL_GET_SHARED_GROUP 93 1348 # define SSL_CTRL_SET_SIGALGS 97 1349 # define SSL_CTRL_SET_SIGALGS_LIST 98 1350 # define SSL_CTRL_CERT_FLAGS 99 1351 # define SSL_CTRL_CLEAR_CERT_FLAGS 100 1352 # define SSL_CTRL_SET_CLIENT_SIGALGS 101 1353 # define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 1354 # define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 1355 # define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 1356 # define SSL_CTRL_BUILD_CERT_CHAIN 105 1357 # define SSL_CTRL_SET_VERIFY_CERT_STORE 106 1358 # define SSL_CTRL_SET_CHAIN_CERT_STORE 107 1359 # define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 1360 # define SSL_CTRL_GET_PEER_TMP_KEY 109 1361 # define SSL_CTRL_GET_RAW_CIPHERLIST 110 1362 # define SSL_CTRL_GET_EC_POINT_FORMATS 111 1363 # define SSL_CTRL_GET_CHAIN_CERTS 115 1364 # define SSL_CTRL_SELECT_CURRENT_CERT 116 1365 # define SSL_CTRL_SET_CURRENT_CERT 117 1366 # define SSL_CTRL_SET_DH_AUTO 118 1367 # define DTLS_CTRL_SET_LINK_MTU 120 1368 # define DTLS_CTRL_GET_LINK_MIN_MTU 121 1369 # define SSL_CTRL_GET_EXTMS_SUPPORT 122 1370 # define SSL_CTRL_SET_MIN_PROTO_VERSION 123 1371 # define SSL_CTRL_SET_MAX_PROTO_VERSION 124 1372 # define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 1373 # define SSL_CTRL_SET_MAX_PIPELINES 126 1374 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 1375 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 1376 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 1377 # define SSL_CTRL_GET_MIN_PROTO_VERSION 130 1378 # define SSL_CTRL_GET_MAX_PROTO_VERSION 131 1379 # define SSL_CTRL_GET_SIGNATURE_NID 132 1380 # define SSL_CTRL_GET_TMP_KEY 133 1381 # define SSL_CTRL_GET_NEGOTIATED_GROUP 134 1382 # define SSL_CTRL_GET_IANA_GROUPS 135 1383 # define SSL_CTRL_SET_RETRY_VERIFY 136 1384 # define SSL_CTRL_GET_VERIFY_CERT_STORE 137 1385 # define SSL_CTRL_GET_CHAIN_CERT_STORE 138 1386 # define SSL_CTRL_GET0_IMPLEMENTED_GROUPS 139 1387 # define SSL_CTRL_GET_SIGNATURE_NAME 140 1388 # define SSL_CTRL_GET_PEER_SIGNATURE_NAME 141 1389 # define SSL_CERT_SET_FIRST 1 1390 # define SSL_CERT_SET_NEXT 2 1391 # define SSL_CERT_SET_SERVER 3 1392 # define DTLSv1_get_timeout(ssl, arg) \ 1393 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg)) 1394 # define DTLSv1_handle_timeout(ssl) \ 1395 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) 1396 # define SSL_num_renegotiations(ssl) \ 1397 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) 1398 # define SSL_clear_num_renegotiations(ssl) \ 1399 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) 1400 # define SSL_total_renegotiations(ssl) \ 1401 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) 1402 # ifndef OPENSSL_NO_DEPRECATED_3_0 1403 # define SSL_CTX_set_tmp_dh(ctx,dh) \ 1404 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) 1405 # endif 1406 # define SSL_CTX_set_dh_auto(ctx, onoff) \ 1407 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) 1408 # define SSL_set_dh_auto(s, onoff) \ 1409 SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) 1410 # ifndef OPENSSL_NO_DEPRECATED_3_0 1411 # define SSL_set_tmp_dh(ssl,dh) \ 1412 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) 1413 # endif 1414 # ifndef OPENSSL_NO_DEPRECATED_3_0 1415 # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ 1416 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) 1417 # define SSL_set_tmp_ecdh(ssl,ecdh) \ 1418 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) 1419 # endif 1420 # define SSL_CTX_add_extra_chain_cert(ctx,x509) \ 1421 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) 1422 # define SSL_CTX_get_extra_chain_certs(ctx,px509) \ 1423 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) 1424 # define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ 1425 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) 1426 # define SSL_CTX_clear_extra_chain_certs(ctx) \ 1427 SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) 1428 # define SSL_CTX_set0_chain(ctx,sk) \ 1429 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) 1430 # define SSL_CTX_set1_chain(ctx,sk) \ 1431 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk)) 1432 # define SSL_CTX_add0_chain_cert(ctx,x509) \ 1433 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) 1434 # define SSL_CTX_add1_chain_cert(ctx,x509) \ 1435 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) 1436 # define SSL_CTX_get0_chain_certs(ctx,px509) \ 1437 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) 1438 # define SSL_CTX_clear_chain_certs(ctx) \ 1439 SSL_CTX_set0_chain(ctx,NULL) 1440 # define SSL_CTX_build_cert_chain(ctx, flags) \ 1441 SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) 1442 # define SSL_CTX_select_current_cert(ctx,x509) \ 1443 SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) 1444 # define SSL_CTX_set_current_cert(ctx, op) \ 1445 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) 1446 # define SSL_CTX_set0_verify_cert_store(ctx,st) \ 1447 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) 1448 # define SSL_CTX_set1_verify_cert_store(ctx,st) \ 1449 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) 1450 # define SSL_CTX_get0_verify_cert_store(ctx,st) \ 1451 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) 1452 # define SSL_CTX_set0_chain_cert_store(ctx,st) \ 1453 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) 1454 # define SSL_CTX_set1_chain_cert_store(ctx,st) \ 1455 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) 1456 # define SSL_CTX_get0_chain_cert_store(ctx,st) \ 1457 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) 1458 # define SSL_set0_chain(s,sk) \ 1459 SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) 1460 # define SSL_set1_chain(s,sk) \ 1461 SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk)) 1462 # define SSL_add0_chain_cert(s,x509) \ 1463 SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509)) 1464 # define SSL_add1_chain_cert(s,x509) \ 1465 SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509)) 1466 # define SSL_get0_chain_certs(s,px509) \ 1467 SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509) 1468 # define SSL_clear_chain_certs(s) \ 1469 SSL_set0_chain(s,NULL) 1470 # define SSL_build_cert_chain(s, flags) \ 1471 SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) 1472 # define SSL_select_current_cert(s,x509) \ 1473 SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509)) 1474 # define SSL_set_current_cert(s,op) \ 1475 SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL) 1476 # define SSL_set0_verify_cert_store(s,st) \ 1477 SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) 1478 # define SSL_set1_verify_cert_store(s,st) \ 1479 SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) 1480 #define SSL_get0_verify_cert_store(s,st) \ 1481 SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) 1482 # define SSL_set0_chain_cert_store(s,st) \ 1483 SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) 1484 # define SSL_set1_chain_cert_store(s,st) \ 1485 SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) 1486 #define SSL_get0_chain_cert_store(s,st) \ 1487 SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) 1488 1489 # define SSL_get1_groups(s, glist) \ 1490 SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) 1491 # define SSL_get0_iana_groups(s, plst) \ 1492 SSL_ctrl(s,SSL_CTRL_GET_IANA_GROUPS,0,(uint16_t **)(plst)) 1493 # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ 1494 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) 1495 # define SSL_CTX_set1_groups_list(ctx, s) \ 1496 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) 1497 # define SSL_CTX_get0_implemented_groups(ctx, all, out) \ 1498 SSL_CTX_ctrl(ctx,SSL_CTRL_GET0_IMPLEMENTED_GROUPS, all, \ 1499 (STACK_OF(OPENSSL_CSTRING) *)(out)) 1500 # define SSL_set1_groups(s, glist, glistlen) \ 1501 SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) 1502 # define SSL_set1_groups_list(s, str) \ 1503 SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str)) 1504 # define SSL_get_shared_group(s, n) \ 1505 SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) 1506 # define SSL_get_negotiated_group(s) \ 1507 SSL_ctrl(s,SSL_CTRL_GET_NEGOTIATED_GROUP,0,NULL) 1508 # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ 1509 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) 1510 # define SSL_CTX_set1_sigalgs_list(ctx, s) \ 1511 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s)) 1512 # define SSL_set1_sigalgs(s, slist, slistlen) \ 1513 SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) 1514 # define SSL_set1_sigalgs_list(s, str) \ 1515 SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str)) 1516 # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ 1517 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) 1518 # define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ 1519 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s)) 1520 # define SSL_set1_client_sigalgs(s, slist, slistlen) \ 1521 SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist)) 1522 # define SSL_set1_client_sigalgs_list(s, str) \ 1523 SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str)) 1524 # define SSL_get0_certificate_types(s, clist) \ 1525 SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist)) 1526 # define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ 1527 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \ 1528 (char *)(clist)) 1529 # define SSL_set1_client_certificate_types(s, clist, clistlen) \ 1530 SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) 1531 # define SSL_get0_signature_name(s, str) \ 1532 SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NAME,0,(1?(str):(const char **)NULL)) 1533 # define SSL_get_signature_nid(s, pn) \ 1534 SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) 1535 # define SSL_get0_peer_signature_name(s, str) \ 1536 SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NAME,0,(1?(str):(const char **)NULL)) 1537 # define SSL_get_peer_signature_nid(s, pn) \ 1538 SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) 1539 # define SSL_get_peer_tmp_key(s, pk) \ 1540 SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) 1541 # define SSL_get_tmp_key(s, pk) \ 1542 SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) 1543 # define SSL_get0_raw_cipherlist(s, plst) \ 1544 SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) 1545 # define SSL_get0_ec_point_formats(s, plst) \ 1546 SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) 1547 # define SSL_CTX_set_min_proto_version(ctx, version) \ 1548 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) 1549 # define SSL_CTX_set_max_proto_version(ctx, version) \ 1550 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) 1551 # define SSL_CTX_get_min_proto_version(ctx) \ 1552 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) 1553 # define SSL_CTX_get_max_proto_version(ctx) \ 1554 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) 1555 # define SSL_set_min_proto_version(s, version) \ 1556 SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) 1557 # define SSL_set_max_proto_version(s, version) \ 1558 SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) 1559 # define SSL_get_min_proto_version(s) \ 1560 SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) 1561 # define SSL_get_max_proto_version(s) \ 1562 SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) 1563 1564 const char *SSL_get0_group_name(SSL *s); 1565 const char *SSL_group_to_name(SSL *s, int id); 1566 1567 /* Backwards compatibility, original 1.1.0 names */ 1568 # define SSL_CTRL_GET_SERVER_TMP_KEY \ 1569 SSL_CTRL_GET_PEER_TMP_KEY 1570 # define SSL_get_server_tmp_key(s, pk) \ 1571 SSL_get_peer_tmp_key(s, pk) 1572 1573 int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey); 1574 int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey); 1575 1576 /* 1577 * The following symbol names are old and obsolete. They are kept 1578 * for compatibility reasons only and should not be used anymore. 1579 */ 1580 # define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS 1581 # define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS 1582 # define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST 1583 # define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP 1584 1585 # define SSL_get1_curves SSL_get1_groups 1586 # define SSL_CTX_set1_curves SSL_CTX_set1_groups 1587 # define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list 1588 # define SSL_set1_curves SSL_set1_groups 1589 # define SSL_set1_curves_list SSL_set1_groups_list 1590 # define SSL_get_shared_curve SSL_get_shared_group 1591 1592 1593 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 1594 /* Provide some compatibility macros for removed functionality. */ 1595 # define SSL_CTX_need_tmp_RSA(ctx) 0 1596 # define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 1597 # define SSL_need_tmp_RSA(ssl) 0 1598 # define SSL_set_tmp_rsa(ssl,rsa) 1 1599 # define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) 1600 # define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) 1601 /* 1602 * We "pretend" to call the callback to avoid warnings about unused static 1603 * functions. 1604 */ 1605 # define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) 1606 # define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) 1607 # endif 1608 __owur const BIO_METHOD *BIO_f_ssl(void); 1609 __owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); 1610 __owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); 1611 __owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); 1612 __owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); 1613 void BIO_ssl_shutdown(BIO *ssl_bio); 1614 1615 __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); 1616 __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); 1617 __owur SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, 1618 const SSL_METHOD *meth); 1619 int SSL_CTX_up_ref(SSL_CTX *ctx); 1620 void SSL_CTX_free(SSL_CTX *); 1621 __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); 1622 __owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); 1623 __owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); 1624 void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); 1625 void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *); 1626 __owur int SSL_want(const SSL *s); 1627 __owur int SSL_clear(SSL *s); 1628 1629 #ifndef OPENSSL_NO_DEPRECATED_3_4 1630 OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_CTX_flush_sessions_ex()") 1631 void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); 1632 #endif 1633 void SSL_CTX_flush_sessions_ex(SSL_CTX *ctx, time_t tm); 1634 1635 __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); 1636 __owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s); 1637 __owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); 1638 __owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); 1639 __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); 1640 __owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); 1641 __owur const char *OPENSSL_cipher_name(const char *rfc_name); 1642 __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); 1643 __owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); 1644 __owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); 1645 __owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); 1646 __owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); 1647 __owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); 1648 1649 __owur int SSL_get_fd(const SSL *s); 1650 __owur int SSL_get_rfd(const SSL *s); 1651 __owur int SSL_get_wfd(const SSL *s); 1652 __owur const char *SSL_get_cipher_list(const SSL *s, int n); 1653 __owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); 1654 __owur int SSL_get_read_ahead(const SSL *s); 1655 __owur int SSL_pending(const SSL *s); 1656 __owur int SSL_has_pending(const SSL *s); 1657 # ifndef OPENSSL_NO_SOCK 1658 __owur int SSL_set_fd(SSL *s, int fd); 1659 __owur int SSL_set_rfd(SSL *s, int fd); 1660 __owur int SSL_set_wfd(SSL *s, int fd); 1661 # endif 1662 void SSL_set0_rbio(SSL *s, BIO *rbio); 1663 void SSL_set0_wbio(SSL *s, BIO *wbio); 1664 void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); 1665 __owur BIO *SSL_get_rbio(const SSL *s); 1666 __owur BIO *SSL_get_wbio(const SSL *s); 1667 __owur int SSL_set_cipher_list(SSL *s, const char *str); 1668 __owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); 1669 __owur int SSL_set_ciphersuites(SSL *s, const char *str); 1670 void SSL_set_read_ahead(SSL *s, int yes); 1671 __owur int SSL_get_verify_mode(const SSL *s); 1672 __owur int SSL_get_verify_depth(const SSL *s); 1673 __owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); 1674 void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); 1675 void SSL_set_verify_depth(SSL *s, int depth); 1676 void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); 1677 # ifndef OPENSSL_NO_DEPRECATED_3_0 1678 OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); 1679 OSSL_DEPRECATEDIN_3_0 1680 __owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, 1681 const unsigned char *d, long len); 1682 # endif 1683 __owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); 1684 __owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, 1685 long len); 1686 __owur int SSL_use_certificate(SSL *ssl, X509 *x); 1687 __owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); 1688 __owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, 1689 STACK_OF(X509) *chain, int override); 1690 1691 1692 /* serverinfo file format versions */ 1693 # define SSL_SERVERINFOV1 1 1694 # define SSL_SERVERINFOV2 2 1695 1696 /* Set serverinfo data for the current active cert. */ 1697 __owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, 1698 size_t serverinfo_length); 1699 __owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, 1700 const unsigned char *serverinfo, 1701 size_t serverinfo_length); 1702 __owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); 1703 1704 #ifndef OPENSSL_NO_DEPRECATED_3_0 1705 OSSL_DEPRECATEDIN_3_0 1706 __owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); 1707 #endif 1708 1709 __owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); 1710 __owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); 1711 1712 #ifndef OPENSSL_NO_DEPRECATED_3_0 1713 OSSL_DEPRECATEDIN_3_0 1714 __owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, 1715 int type); 1716 #endif 1717 __owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, 1718 int type); 1719 __owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, 1720 int type); 1721 /* PEM type */ 1722 __owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); 1723 __owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); 1724 __owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 1725 __owur STACK_OF(X509_NAME) 1726 *SSL_load_client_CA_file_ex(const char *file, OSSL_LIB_CTX *libctx, 1727 const char *propq); 1728 __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 1729 const char *file); 1730 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 1731 const char *dir); 1732 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 1733 const char *uri); 1734 1735 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 1736 # define SSL_load_error_strings() \ 1737 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ 1738 | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) 1739 # endif 1740 1741 __owur const char *SSL_state_string(const SSL *s); 1742 __owur const char *SSL_rstate_string(const SSL *s); 1743 __owur const char *SSL_state_string_long(const SSL *s); 1744 __owur const char *SSL_rstate_string_long(const SSL *s); 1745 1746 #ifndef OPENSSL_NO_DEPRECATED_3_4 1747 OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_get_time_ex()") 1748 __owur long SSL_SESSION_get_time(const SSL_SESSION *s); 1749 OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_set_time_ex()") 1750 __owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); 1751 #endif 1752 __owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); 1753 __owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); 1754 __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); 1755 __owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); 1756 1757 __owur time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s); 1758 __owur time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t); 1759 1760 __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); 1761 __owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); 1762 void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, 1763 const unsigned char **alpn, 1764 size_t *len); 1765 __owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, 1766 const unsigned char *alpn, 1767 size_t len); 1768 __owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); 1769 __owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); 1770 __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); 1771 __owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); 1772 void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, 1773 size_t *len); 1774 __owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); 1775 __owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, 1776 uint32_t max_early_data); 1777 __owur int SSL_copy_session_id(SSL *to, const SSL *from); 1778 __owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); 1779 __owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, 1780 const unsigned char *sid_ctx, 1781 unsigned int sid_ctx_len); 1782 __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, 1783 unsigned int sid_len); 1784 __owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); 1785 1786 __owur SSL_SESSION *SSL_SESSION_new(void); 1787 __owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); 1788 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, 1789 unsigned int *len); 1790 const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, 1791 unsigned int *len); 1792 __owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); 1793 # ifndef OPENSSL_NO_STDIO 1794 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); 1795 # endif 1796 int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); 1797 int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); 1798 int SSL_SESSION_up_ref(SSL_SESSION *ses); 1799 void SSL_SESSION_free(SSL_SESSION *ses); 1800 __owur int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp); 1801 __owur int SSL_set_session(SSL *to, SSL_SESSION *session); 1802 int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); 1803 int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); 1804 __owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); 1805 __owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); 1806 __owur int SSL_has_matching_session_id(const SSL *s, 1807 const unsigned char *id, 1808 unsigned int id_len); 1809 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 1810 long length); 1811 SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp, 1812 long length, OSSL_LIB_CTX *libctx, 1813 const char *propq); 1814 1815 # ifdef OPENSSL_X509_H 1816 __owur X509 *SSL_get0_peer_certificate(const SSL *s); 1817 __owur X509 *SSL_get1_peer_certificate(const SSL *s); 1818 /* Deprecated in 3.0.0 */ 1819 # ifndef OPENSSL_NO_DEPRECATED_3_0 1820 # define SSL_get_peer_certificate SSL_get1_peer_certificate 1821 # endif 1822 # endif 1823 1824 __owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); 1825 1826 __owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); 1827 __owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); 1828 __owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); 1829 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); 1830 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); 1831 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 1832 int (*cb) (X509_STORE_CTX *, void *), 1833 void *arg); 1834 void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), 1835 void *arg); 1836 # ifndef OPENSSL_NO_DEPRECATED_3_0 1837 OSSL_DEPRECATEDIN_3_0 1838 __owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 1839 OSSL_DEPRECATEDIN_3_0 1840 __owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, 1841 long len); 1842 # endif 1843 __owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 1844 __owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, 1845 const unsigned char *d, long len); 1846 __owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 1847 __owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, 1848 const unsigned char *d); 1849 __owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, 1850 STACK_OF(X509) *chain, int override); 1851 1852 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); 1853 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); 1854 pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); 1855 void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); 1856 void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); 1857 void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); 1858 pem_password_cb *SSL_get_default_passwd_cb(SSL *s); 1859 void *SSL_get_default_passwd_cb_userdata(SSL *s); 1860 1861 __owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); 1862 __owur int SSL_check_private_key(const SSL *ctx); 1863 1864 __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, 1865 const unsigned char *sid_ctx, 1866 unsigned int sid_ctx_len); 1867 1868 SSL *SSL_new(SSL_CTX *ctx); 1869 int SSL_up_ref(SSL *s); 1870 int SSL_is_dtls(const SSL *s); 1871 int SSL_is_tls(const SSL *s); 1872 int SSL_is_quic(const SSL *s); 1873 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 1874 unsigned int sid_ctx_len); 1875 1876 __owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); 1877 __owur int SSL_set_purpose(SSL *ssl, int purpose); 1878 __owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); 1879 __owur int SSL_set_trust(SSL *ssl, int trust); 1880 1881 __owur int SSL_set1_host(SSL *s, const char *host); 1882 __owur int SSL_add1_host(SSL *s, const char *host); 1883 __owur const char *SSL_get0_peername(SSL *s); 1884 void SSL_set_hostflags(SSL *s, unsigned int flags); 1885 1886 __owur int SSL_CTX_dane_enable(SSL_CTX *ctx); 1887 __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, 1888 uint8_t mtype, uint8_t ord); 1889 __owur int SSL_dane_enable(SSL *s, const char *basedomain); 1890 __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, 1891 uint8_t mtype, const unsigned char *data, size_t dlen); 1892 __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); 1893 __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, 1894 uint8_t *mtype, const unsigned char **data, 1895 size_t *dlen); 1896 /* 1897 * Bridge opacity barrier between libcrypt and libssl, also needed to support 1898 * offline testing in test/danetest.c 1899 */ 1900 SSL_DANE *SSL_get0_dane(SSL *ssl); 1901 /* 1902 * DANE flags 1903 */ 1904 unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); 1905 unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); 1906 unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); 1907 unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); 1908 1909 __owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); 1910 __owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 1911 1912 __owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); 1913 __owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); 1914 1915 # ifndef OPENSSL_NO_SRP 1916 # ifndef OPENSSL_NO_DEPRECATED_3_0 1917 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); 1918 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); 1919 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); 1920 OSSL_DEPRECATEDIN_3_0 1921 int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, 1922 char *(*cb) (SSL *, void *)); 1923 OSSL_DEPRECATEDIN_3_0 1924 int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, 1925 int (*cb) (SSL *, void *)); 1926 OSSL_DEPRECATEDIN_3_0 1927 int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, 1928 int (*cb) (SSL *, int *, void *)); 1929 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); 1930 1931 OSSL_DEPRECATEDIN_3_0 1932 int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, 1933 BIGNUM *sa, BIGNUM *v, char *info); 1934 OSSL_DEPRECATEDIN_3_0 1935 int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, 1936 const char *grp); 1937 1938 OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_g(SSL *s); 1939 OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_N(SSL *s); 1940 1941 OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_username(SSL *s); 1942 OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_userinfo(SSL *s); 1943 # endif 1944 # endif 1945 1946 /* 1947 * ClientHello callback and helpers. 1948 */ 1949 1950 # define SSL_CLIENT_HELLO_SUCCESS 1 1951 # define SSL_CLIENT_HELLO_ERROR 0 1952 # define SSL_CLIENT_HELLO_RETRY (-1) 1953 1954 typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); 1955 void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, 1956 void *arg); 1957 typedef int (*SSL_new_pending_conn_cb_fn) (SSL_CTX *ctx, SSL *new_ssl, 1958 void *arg); 1959 void SSL_CTX_set_new_pending_conn_cb(SSL_CTX *c, SSL_new_pending_conn_cb_fn cb, 1960 void *arg); 1961 1962 int SSL_client_hello_isv2(SSL *s); 1963 unsigned int SSL_client_hello_get0_legacy_version(SSL *s); 1964 size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); 1965 size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); 1966 size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); 1967 size_t SSL_client_hello_get0_compression_methods(SSL *s, 1968 const unsigned char **out); 1969 int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); 1970 int SSL_client_hello_get_extension_order(SSL *s, uint16_t *exts, 1971 size_t *num_exts); 1972 int SSL_client_hello_get0_ext(SSL *s, unsigned int type, 1973 const unsigned char **out, size_t *outlen); 1974 1975 void SSL_certs_clear(SSL *s); 1976 void SSL_free(SSL *ssl); 1977 # ifdef OSSL_ASYNC_FD 1978 /* 1979 * Windows application developer has to include windows.h to use these. 1980 */ 1981 __owur int SSL_waiting_for_async(SSL *s); 1982 __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); 1983 __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, 1984 size_t *numaddfds, OSSL_ASYNC_FD *delfd, 1985 size_t *numdelfds); 1986 __owur int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); 1987 __owur int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); 1988 __owur int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); 1989 __owur int SSL_set_async_callback_arg(SSL *s, void *arg); 1990 __owur int SSL_get_async_status(SSL *s, int *status); 1991 1992 # endif 1993 __owur int SSL_accept(SSL *ssl); 1994 __owur int SSL_stateless(SSL *s); 1995 __owur int SSL_connect(SSL *ssl); 1996 __owur int SSL_read(SSL *ssl, void *buf, int num); 1997 __owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); 1998 1999 # define SSL_READ_EARLY_DATA_ERROR 0 2000 # define SSL_READ_EARLY_DATA_SUCCESS 1 2001 # define SSL_READ_EARLY_DATA_FINISH 2 2002 2003 __owur int SSL_read_early_data(SSL *s, void *buf, size_t num, 2004 size_t *readbytes); 2005 __owur int SSL_peek(SSL *ssl, void *buf, int num); 2006 __owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); 2007 __owur ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, 2008 int flags); 2009 __owur int SSL_write(SSL *ssl, const void *buf, int num); 2010 __owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); 2011 __owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, 2012 size_t *written); 2013 long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); 2014 long SSL_callback_ctrl(SSL *, int, void (*)(void)); 2015 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); 2016 long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); 2017 2018 # define SSL_WRITE_FLAG_CONCLUDE (1U << 0) 2019 2020 __owur int SSL_write_ex2(SSL *s, const void *buf, size_t num, 2021 uint64_t flags, 2022 size_t *written); 2023 2024 # define SSL_EARLY_DATA_NOT_SENT 0 2025 # define SSL_EARLY_DATA_REJECTED 1 2026 # define SSL_EARLY_DATA_ACCEPTED 2 2027 2028 __owur int SSL_get_early_data_status(const SSL *s); 2029 2030 __owur int SSL_get_error(const SSL *s, int ret_code); 2031 __owur const char *SSL_get_version(const SSL *s); 2032 __owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt); 2033 2034 /* This sets the 'default' SSL version that SSL_new() will create */ 2035 # ifndef OPENSSL_NO_DEPRECATED_3_0 2036 OSSL_DEPRECATEDIN_3_0 2037 __owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); 2038 # endif 2039 2040 # ifndef OPENSSL_NO_SSL3_METHOD 2041 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 2042 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ 2043 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_server_method(void); 2044 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_client_method(void); 2045 # endif 2046 # endif 2047 2048 #define SSLv23_method TLS_method 2049 #define SSLv23_server_method TLS_server_method 2050 #define SSLv23_client_method TLS_client_method 2051 2052 /* Negotiate highest available SSL/TLS version */ 2053 __owur const SSL_METHOD *TLS_method(void); 2054 __owur const SSL_METHOD *TLS_server_method(void); 2055 __owur const SSL_METHOD *TLS_client_method(void); 2056 2057 # ifndef OPENSSL_NO_TLS1_METHOD 2058 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 2059 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ 2060 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_server_method(void); 2061 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_client_method(void); 2062 # endif 2063 # endif 2064 2065 # ifndef OPENSSL_NO_TLS1_1_METHOD 2066 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 2067 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ 2068 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_server_method(void); 2069 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_client_method(void); 2070 # endif 2071 # endif 2072 2073 # ifndef OPENSSL_NO_TLS1_2_METHOD 2074 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 2075 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ 2076 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_server_method(void); 2077 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_client_method(void); 2078 # endif 2079 # endif 2080 2081 # ifndef OPENSSL_NO_DTLS1_METHOD 2082 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 2083 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ 2084 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_server_method(void); 2085 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_client_method(void); 2086 # endif 2087 # endif 2088 2089 # ifndef OPENSSL_NO_DTLS1_2_METHOD 2090 /* DTLSv1.2 */ 2091 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 2092 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_method(void); 2093 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_server_method(void); 2094 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_client_method(void); 2095 # endif 2096 # endif 2097 2098 __owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ 2099 __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ 2100 __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ 2101 2102 __owur size_t DTLS_get_data_mtu(const SSL *s); 2103 2104 __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); 2105 __owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); 2106 __owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); 2107 __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); 2108 2109 __owur int SSL_do_handshake(SSL *s); 2110 int SSL_key_update(SSL *s, int updatetype); 2111 int SSL_get_key_update_type(const SSL *s); 2112 int SSL_renegotiate(SSL *s); 2113 int SSL_renegotiate_abbreviated(SSL *s); 2114 __owur int SSL_renegotiate_pending(const SSL *s); 2115 int SSL_new_session_ticket(SSL *s); 2116 int SSL_shutdown(SSL *s); 2117 __owur int SSL_verify_client_post_handshake(SSL *s); 2118 void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); 2119 void SSL_set_post_handshake_auth(SSL *s, int val); 2120 2121 __owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); 2122 __owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); 2123 __owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); 2124 __owur const char *SSL_alert_type_string_long(int value); 2125 __owur const char *SSL_alert_type_string(int value); 2126 __owur const char *SSL_alert_desc_string_long(int value); 2127 __owur const char *SSL_alert_desc_string(int value); 2128 2129 void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); 2130 void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); 2131 __owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); 2132 __owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); 2133 __owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); 2134 __owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); 2135 __owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); 2136 2137 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); 2138 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); 2139 __owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); 2140 __owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); 2141 __owur int SSL_add_client_CA(SSL *ssl, X509 *x); 2142 __owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); 2143 2144 void SSL_set_connect_state(SSL *s); 2145 void SSL_set_accept_state(SSL *s); 2146 2147 __owur long SSL_get_default_timeout(const SSL *s); 2148 2149 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 2150 # define SSL_library_init() OPENSSL_init_ssl(0, NULL) 2151 # endif 2152 2153 __owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); 2154 __owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); 2155 2156 __owur SSL *SSL_dup(SSL *ssl); 2157 2158 __owur X509 *SSL_get_certificate(const SSL *ssl); 2159 /* 2160 * EVP_PKEY 2161 */ 2162 struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); 2163 2164 __owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); 2165 __owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); 2166 2167 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); 2168 __owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); 2169 void SSL_set_quiet_shutdown(SSL *ssl, int mode); 2170 __owur int SSL_get_quiet_shutdown(const SSL *ssl); 2171 void SSL_set_shutdown(SSL *ssl, int mode); 2172 __owur int SSL_get_shutdown(const SSL *ssl); 2173 __owur int SSL_version(const SSL *ssl); 2174 __owur int SSL_client_version(const SSL *s); 2175 __owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); 2176 __owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); 2177 __owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); 2178 __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); 2179 __owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); 2180 __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); 2181 __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); 2182 __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, 2183 const char *CAfile, 2184 const char *CApath); 2185 # define SSL_get0_session SSL_get_session/* just peek at pointer */ 2186 __owur SSL_SESSION *SSL_get_session(const SSL *ssl); 2187 __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ 2188 __owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); 2189 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); 2190 void SSL_set_info_callback(SSL *ssl, 2191 void (*cb) (const SSL *ssl, int type, int val)); 2192 void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, 2193 int val); 2194 __owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); 2195 2196 void SSL_set_verify_result(SSL *ssl, long v); 2197 __owur long SSL_get_verify_result(const SSL *ssl); 2198 __owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); 2199 2200 __owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, 2201 size_t outlen); 2202 __owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, 2203 size_t outlen); 2204 __owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, 2205 unsigned char *out, size_t outlen); 2206 __owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, 2207 const unsigned char *in, size_t len); 2208 uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); 2209 2210 #define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ 2211 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) 2212 __owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); 2213 void *SSL_get_ex_data(const SSL *ssl, int idx); 2214 #define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ 2215 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) 2216 __owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); 2217 void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); 2218 #define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ 2219 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) 2220 __owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); 2221 void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); 2222 2223 __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); 2224 2225 # define SSL_CTX_sess_set_cache_size(ctx,t) \ 2226 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) 2227 # define SSL_CTX_sess_get_cache_size(ctx) \ 2228 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) 2229 # define SSL_CTX_set_session_cache_mode(ctx,m) \ 2230 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) 2231 # define SSL_CTX_get_session_cache_mode(ctx) \ 2232 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) 2233 2234 # define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) 2235 # define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) 2236 # define SSL_CTX_get_read_ahead(ctx) \ 2237 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) 2238 # define SSL_CTX_set_read_ahead(ctx,m) \ 2239 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) 2240 # define SSL_CTX_get_max_cert_list(ctx) \ 2241 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 2242 # define SSL_CTX_set_max_cert_list(ctx,m) \ 2243 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 2244 # define SSL_get_max_cert_list(ssl) \ 2245 SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 2246 # define SSL_set_max_cert_list(ssl,m) \ 2247 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 2248 2249 # define SSL_CTX_set_max_send_fragment(ctx,m) \ 2250 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 2251 # define SSL_set_max_send_fragment(ssl,m) \ 2252 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 2253 # define SSL_CTX_set_split_send_fragment(ctx,m) \ 2254 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) 2255 # define SSL_set_split_send_fragment(ssl,m) \ 2256 SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) 2257 # define SSL_CTX_set_max_pipelines(ctx,m) \ 2258 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) 2259 # define SSL_set_max_pipelines(ssl,m) \ 2260 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) 2261 # define SSL_set_retry_verify(ssl) \ 2262 (SSL_ctrl(ssl,SSL_CTRL_SET_RETRY_VERIFY,0,NULL) > 0) 2263 2264 void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); 2265 void SSL_set_default_read_buffer_len(SSL *s, size_t len); 2266 2267 # ifndef OPENSSL_NO_DH 2268 # ifndef OPENSSL_NO_DEPRECATED_3_0 2269 /* NB: the |keylength| is only applicable when is_export is true */ 2270 OSSL_DEPRECATEDIN_3_0 2271 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 2272 DH *(*dh) (SSL *ssl, int is_export, 2273 int keylength)); 2274 OSSL_DEPRECATEDIN_3_0 2275 void SSL_set_tmp_dh_callback(SSL *ssl, 2276 DH *(*dh) (SSL *ssl, int is_export, 2277 int keylength)); 2278 # endif 2279 # endif 2280 2281 __owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); 2282 __owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); 2283 __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); 2284 __owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); 2285 __owur int SSL_COMP_get_id(const SSL_COMP *comp); 2286 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 2287 __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) 2288 *meths); 2289 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 2290 # define SSL_COMP_free_compression_methods() while(0) continue 2291 # endif 2292 __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); 2293 2294 const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); 2295 int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); 2296 int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); 2297 int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, 2298 int isv2format, STACK_OF(SSL_CIPHER) **sk, 2299 STACK_OF(SSL_CIPHER) **scsvs); 2300 2301 /* TLS extensions functions */ 2302 __owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); 2303 2304 __owur int SSL_set_session_ticket_ext_cb(SSL *s, 2305 tls_session_ticket_ext_cb_fn cb, 2306 void *arg); 2307 2308 /* Pre-shared secret session resumption functions */ 2309 __owur int SSL_set_session_secret_cb(SSL *s, 2310 tls_session_secret_cb_fn session_secret_cb, 2311 void *arg); 2312 2313 void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, 2314 int (*cb) (SSL *ssl, 2315 int 2316 is_forward_secure)); 2317 2318 void SSL_set_not_resumable_session_callback(SSL *ssl, 2319 int (*cb) (SSL *ssl, 2320 int is_forward_secure)); 2321 2322 void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, 2323 size_t (*cb) (SSL *ssl, int type, 2324 size_t len, void *arg)); 2325 void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); 2326 void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); 2327 int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); 2328 int SSL_CTX_set_block_padding_ex(SSL_CTX *ctx, size_t app_block_size, 2329 size_t hs_block_size); 2330 2331 int SSL_set_record_padding_callback(SSL *ssl, 2332 size_t (*cb) (SSL *ssl, int type, 2333 size_t len, void *arg)); 2334 void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); 2335 void *SSL_get_record_padding_callback_arg(const SSL *ssl); 2336 int SSL_set_block_padding(SSL *ssl, size_t block_size); 2337 int SSL_set_block_padding_ex(SSL *ssl, size_t app_block_size, 2338 size_t hs_block_size); 2339 int SSL_set_num_tickets(SSL *s, size_t num_tickets); 2340 size_t SSL_get_num_tickets(const SSL *s); 2341 int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); 2342 size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); 2343 2344 /* QUIC support */ 2345 int SSL_handle_events(SSL *s); 2346 __owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite); 2347 __owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); 2348 __owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc); 2349 __owur int SSL_net_read_desired(SSL *s); 2350 __owur int SSL_net_write_desired(SSL *s); 2351 __owur int SSL_set_blocking_mode(SSL *s, int blocking); 2352 __owur int SSL_get_blocking_mode(SSL *s); 2353 __owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr); 2354 __owur SSL *SSL_get0_connection(SSL *s); 2355 __owur int SSL_is_connection(SSL *s); 2356 2357 __owur int SSL_is_listener(SSL *ssl); 2358 __owur SSL *SSL_get0_listener(SSL *s); 2359 #define SSL_LISTENER_FLAG_NO_VALIDATE (1UL << 1) 2360 __owur SSL *SSL_new_listener(SSL_CTX *ctx, uint64_t flags); 2361 __owur SSL *SSL_new_listener_from(SSL *ssl, uint64_t flags); 2362 __owur SSL *SSL_new_from_listener(SSL *ssl, uint64_t flags); 2363 #define SSL_ACCEPT_CONNECTION_NO_BLOCK (1UL << 0) 2364 __owur SSL *SSL_accept_connection(SSL *ssl, uint64_t flags); 2365 __owur size_t SSL_get_accept_connection_queue_len(SSL *ssl); 2366 __owur int SSL_listen(SSL *ssl); 2367 2368 __owur int SSL_is_domain(SSL *s); 2369 __owur SSL *SSL_get0_domain(SSL *s); 2370 __owur SSL *SSL_new_domain(SSL_CTX *ctx, uint64_t flags); 2371 2372 #define SSL_DOMAIN_FLAG_SINGLE_THREAD (1U << 0) 2373 #define SSL_DOMAIN_FLAG_MULTI_THREAD (1U << 1) 2374 #define SSL_DOMAIN_FLAG_THREAD_ASSISTED (1U << 2) 2375 #define SSL_DOMAIN_FLAG_BLOCKING (1U << 3) 2376 #define SSL_DOMAIN_FLAG_LEGACY_BLOCKING (1U << 4) 2377 2378 __owur int SSL_CTX_set_domain_flags(SSL_CTX *ctx, uint64_t domain_flags); 2379 __owur int SSL_CTX_get_domain_flags(const SSL_CTX *ctx, uint64_t *domain_flags); 2380 __owur int SSL_get_domain_flags(const SSL *ssl, uint64_t *domain_flags); 2381 2382 #define SSL_STREAM_TYPE_NONE 0 2383 #define SSL_STREAM_TYPE_READ (1U << 0) 2384 #define SSL_STREAM_TYPE_WRITE (1U << 1) 2385 #define SSL_STREAM_TYPE_BIDI (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE) 2386 __owur int SSL_get_stream_type(SSL *s); 2387 2388 __owur uint64_t SSL_get_stream_id(SSL *s); 2389 __owur int SSL_is_stream_local(SSL *s); 2390 2391 #define SSL_DEFAULT_STREAM_MODE_NONE 0 2392 #define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI 1 2393 #define SSL_DEFAULT_STREAM_MODE_AUTO_UNI 2 2394 __owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode); 2395 2396 #define SSL_STREAM_FLAG_UNI (1U << 0) 2397 #define SSL_STREAM_FLAG_NO_BLOCK (1U << 1) 2398 #define SSL_STREAM_FLAG_ADVANCE (1U << 2) 2399 __owur SSL *SSL_new_stream(SSL *s, uint64_t flags); 2400 2401 #define SSL_INCOMING_STREAM_POLICY_AUTO 0 2402 #define SSL_INCOMING_STREAM_POLICY_ACCEPT 1 2403 #define SSL_INCOMING_STREAM_POLICY_REJECT 2 2404 __owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec); 2405 2406 #define SSL_ACCEPT_STREAM_NO_BLOCK (1U << 0) 2407 __owur SSL *SSL_accept_stream(SSL *s, uint64_t flags); 2408 __owur size_t SSL_get_accept_stream_queue_len(SSL *s); 2409 2410 # ifndef OPENSSL_NO_QUIC 2411 __owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, 2412 size_t buf_len, 2413 const BIO_ADDR *peer, 2414 const BIO_ADDR *local); 2415 # endif 2416 2417 typedef struct ssl_shutdown_ex_args_st { 2418 uint64_t quic_error_code; 2419 const char *quic_reason; 2420 } SSL_SHUTDOWN_EX_ARGS; 2421 2422 #define SSL_SHUTDOWN_FLAG_RAPID (1U << 0) 2423 #define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH (1U << 1) 2424 #define SSL_SHUTDOWN_FLAG_NO_BLOCK (1U << 2) 2425 #define SSL_SHUTDOWN_FLAG_WAIT_PEER (1U << 3) 2426 2427 __owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags, 2428 const SSL_SHUTDOWN_EX_ARGS *args, 2429 size_t args_len); 2430 2431 __owur int SSL_stream_conclude(SSL *ssl, uint64_t flags); 2432 2433 typedef struct ssl_stream_reset_args_st { 2434 uint64_t quic_error_code; 2435 } SSL_STREAM_RESET_ARGS; 2436 2437 __owur int SSL_stream_reset(SSL *ssl, 2438 const SSL_STREAM_RESET_ARGS *args, 2439 size_t args_len); 2440 2441 #define SSL_STREAM_STATE_NONE 0 2442 #define SSL_STREAM_STATE_OK 1 2443 #define SSL_STREAM_STATE_WRONG_DIR 2 2444 #define SSL_STREAM_STATE_FINISHED 3 2445 #define SSL_STREAM_STATE_RESET_LOCAL 4 2446 #define SSL_STREAM_STATE_RESET_REMOTE 5 2447 #define SSL_STREAM_STATE_CONN_CLOSED 6 2448 __owur int SSL_get_stream_read_state(SSL *ssl); 2449 __owur int SSL_get_stream_write_state(SSL *ssl); 2450 2451 __owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code); 2452 __owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code); 2453 2454 #define SSL_CONN_CLOSE_FLAG_LOCAL (1U << 0) 2455 #define SSL_CONN_CLOSE_FLAG_TRANSPORT (1U << 1) 2456 2457 typedef struct ssl_conn_close_info_st { 2458 uint64_t error_code, frame_type; 2459 const char *reason; 2460 size_t reason_len; 2461 uint32_t flags; 2462 } SSL_CONN_CLOSE_INFO; 2463 2464 __owur int SSL_get_conn_close_info(SSL *ssl, 2465 SSL_CONN_CLOSE_INFO *info, 2466 size_t info_len); 2467 2468 # define SSL_VALUE_CLASS_GENERIC 0 2469 # define SSL_VALUE_CLASS_FEATURE_REQUEST 1 2470 # define SSL_VALUE_CLASS_FEATURE_PEER_REQUEST 2 2471 # define SSL_VALUE_CLASS_FEATURE_NEGOTIATED 3 2472 2473 # define SSL_VALUE_NONE 0 2474 # define SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL 1 2475 # define SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL 2 2476 # define SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL 3 2477 # define SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL 4 2478 # define SSL_VALUE_QUIC_IDLE_TIMEOUT 5 2479 # define SSL_VALUE_EVENT_HANDLING_MODE 6 2480 # define SSL_VALUE_STREAM_WRITE_BUF_SIZE 7 2481 # define SSL_VALUE_STREAM_WRITE_BUF_USED 8 2482 # define SSL_VALUE_STREAM_WRITE_BUF_AVAIL 9 2483 2484 # define SSL_VALUE_EVENT_HANDLING_MODE_INHERIT 0 2485 # define SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT 1 2486 # define SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT 2 2487 2488 int SSL_get_value_uint(SSL *s, uint32_t class_, uint32_t id, uint64_t *v); 2489 int SSL_set_value_uint(SSL *s, uint32_t class_, uint32_t id, uint64_t v); 2490 2491 # define SSL_get_generic_value_uint(ssl, id, v) \ 2492 SSL_get_value_uint((ssl), SSL_VALUE_CLASS_GENERIC, (id), (v)) 2493 # define SSL_set_generic_value_uint(ssl, id, v) \ 2494 SSL_set_value_uint((ssl), SSL_VALUE_CLASS_GENERIC, (id), (v)) 2495 # define SSL_get_feature_request_uint(ssl, id, v) \ 2496 SSL_get_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_REQUEST, (id), (v)) 2497 # define SSL_set_feature_request_uint(ssl, id, v) \ 2498 SSL_set_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_REQUEST, (id), (v)) 2499 # define SSL_get_feature_peer_request_uint(ssl, id, v) \ 2500 SSL_get_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, (id), (v)) 2501 # define SSL_get_feature_negotiated_uint(ssl, id, v) \ 2502 SSL_get_value_uint((ssl), SSL_VALUE_CLASS_FEATURE_NEGOTIATED, (id), (v)) 2503 2504 # define SSL_get_quic_stream_bidi_local_avail(ssl, value) \ 2505 SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, \ 2506 (value)) 2507 # define SSL_get_quic_stream_bidi_remote_avail(ssl, value) \ 2508 SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, \ 2509 (value)) 2510 # define SSL_get_quic_stream_uni_local_avail(ssl, value) \ 2511 SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, \ 2512 (value)) 2513 # define SSL_get_quic_stream_uni_remote_avail(ssl, value) \ 2514 SSL_get_generic_value_uint((ssl), SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, \ 2515 (value)) 2516 2517 # define SSL_get_event_handling_mode(ssl, value) \ 2518 SSL_get_generic_value_uint((ssl), SSL_VALUE_EVENT_HANDLING_MODE, \ 2519 (value)) 2520 # define SSL_set_event_handling_mode(ssl, value) \ 2521 SSL_set_generic_value_uint((ssl), SSL_VALUE_EVENT_HANDLING_MODE, \ 2522 (value)) 2523 2524 # define SSL_get_stream_write_buf_size(ssl, value) \ 2525 SSL_get_generic_value_uint((ssl), SSL_VALUE_STREAM_WRITE_BUF_SIZE, \ 2526 (value)) 2527 # define SSL_get_stream_write_buf_used(ssl, value) \ 2528 SSL_get_generic_value_uint((ssl), SSL_VALUE_STREAM_WRITE_BUF_USED, \ 2529 (value)) 2530 # define SSL_get_stream_write_buf_avail(ssl, value) \ 2531 SSL_get_generic_value_uint((ssl), SSL_VALUE_STREAM_WRITE_BUF_AVAIL, \ 2532 (value)) 2533 2534 # define SSL_POLL_EVENT_NONE 0 2535 2536 # define SSL_POLL_EVENT_F (1U << 0) /* F (Failure) */ 2537 # define SSL_POLL_EVENT_EL (1U << 1) /* EL (Exception on Listener) */ 2538 # define SSL_POLL_EVENT_EC (1U << 2) /* EC (Exception on Conn) */ 2539 # define SSL_POLL_EVENT_ECD (1U << 3) /* ECD (Exception on Conn Drained) */ 2540 # define SSL_POLL_EVENT_ER (1U << 4) /* ER (Exception on Read) */ 2541 # define SSL_POLL_EVENT_EW (1U << 5) /* EW (Exception on Write) */ 2542 # define SSL_POLL_EVENT_R (1U << 6) /* R (Readable) */ 2543 # define SSL_POLL_EVENT_W (1U << 7) /* W (Writable) */ 2544 # define SSL_POLL_EVENT_IC (1U << 8) /* IC (Incoming Connection) */ 2545 # define SSL_POLL_EVENT_ISB (1U << 9) /* ISB (Incoming Stream: Bidi) */ 2546 # define SSL_POLL_EVENT_ISU (1U << 10) /* ISU (Incoming Stream: Uni) */ 2547 # define SSL_POLL_EVENT_OSB (1U << 11) /* OSB (Outgoing Stream: Bidi) */ 2548 # define SSL_POLL_EVENT_OSU (1U << 12) /* OSU (Outgoing Stream: Uni) */ 2549 2550 # define SSL_POLL_EVENT_RW (SSL_POLL_EVENT_R | SSL_POLL_EVENT_W) 2551 # define SSL_POLL_EVENT_RE (SSL_POLL_EVENT_R | SSL_POLL_EVENT_ER) 2552 # define SSL_POLL_EVENT_WE (SSL_POLL_EVENT_W | SSL_POLL_EVENT_EW) 2553 # define SSL_POLL_EVENT_RWE (SSL_POLL_EVENT_RE | SSL_POLL_EVENT_WE) 2554 # define SSL_POLL_EVENT_E (SSL_POLL_EVENT_EL | SSL_POLL_EVENT_EC \ 2555 | SSL_POLL_EVENT_ER | SSL_POLL_EVENT_EW) 2556 # define SSL_POLL_EVENT_IS (SSL_POLL_EVENT_ISB | SSL_POLL_EVENT_ISU) 2557 # define SSL_POLL_EVENT_ISE (SSL_POLL_EVENT_IS | SSL_POLL_EVENT_EC) 2558 # define SSL_POLL_EVENT_I (SSL_POLL_EVENT_IS | SSL_POLL_EVENT_IC) 2559 # define SSL_POLL_EVENT_OS (SSL_POLL_EVENT_OSB | SSL_POLL_EVENT_OSU) 2560 # define SSL_POLL_EVENT_OSE (SSL_POLL_EVENT_OS | SSL_POLL_EVENT_EC) 2561 2562 typedef struct ssl_poll_item_st { 2563 BIO_POLL_DESCRIPTOR desc; 2564 uint64_t events, revents; 2565 } SSL_POLL_ITEM; 2566 2567 # define SSL_POLL_FLAG_NO_HANDLE_EVENTS (1U << 0) 2568 2569 __owur int SSL_poll(SSL_POLL_ITEM *items, 2570 size_t num_items, 2571 size_t stride, 2572 const struct timeval *timeout, 2573 uint64_t flags, 2574 size_t *result_count); 2575 2576 static ossl_inline ossl_unused BIO_POLL_DESCRIPTOR 2577 SSL_as_poll_descriptor(SSL *s) 2578 { 2579 BIO_POLL_DESCRIPTOR d; 2580 2581 d.type = BIO_POLL_DESCRIPTOR_TYPE_SSL; 2582 d.value.ssl = s; 2583 return d; 2584 } 2585 2586 # ifndef OPENSSL_NO_DEPRECATED_1_1_0 2587 # define SSL_cache_hit(s) SSL_session_reused(s) 2588 # endif 2589 2590 __owur int SSL_session_reused(const SSL *s); 2591 __owur int SSL_is_server(const SSL *s); 2592 2593 __owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); 2594 int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); 2595 void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); 2596 unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); 2597 __owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, 2598 unsigned int flags); 2599 __owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); 2600 2601 void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); 2602 void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); 2603 2604 __owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); 2605 __owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); 2606 __owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); 2607 2608 void SSL_add_ssl_module(void); 2609 int SSL_config(SSL *s, const char *name); 2610 int SSL_CTX_config(SSL_CTX *ctx, const char *name); 2611 2612 # ifndef OPENSSL_NO_SSL_TRACE 2613 void SSL_trace(int write_p, int version, int content_type, 2614 const void *buf, size_t len, SSL *ssl, void *arg); 2615 # endif 2616 2617 # ifndef OPENSSL_NO_SOCK 2618 int DTLSv1_listen(SSL *s, BIO_ADDR *client); 2619 # endif 2620 2621 # ifndef OPENSSL_NO_CT 2622 2623 /* 2624 * A callback for verifying that the received SCTs are sufficient. 2625 * Expected to return 1 if they are sufficient, otherwise 0. 2626 * May return a negative integer if an error occurs. 2627 * A connection should be aborted if the SCTs are deemed insufficient. 2628 */ 2629 typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, 2630 const STACK_OF(SCT) *scts, void *arg); 2631 2632 /* 2633 * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate 2634 * the received SCTs. 2635 * If the callback returns a non-positive result, the connection is terminated. 2636 * Call this function before beginning a handshake. 2637 * If a NULL |callback| is provided, SCT validation is disabled. 2638 * |arg| is arbitrary userdata that will be passed to the callback whenever it 2639 * is invoked. Ownership of |arg| remains with the caller. 2640 * 2641 * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response 2642 * will be requested. 2643 */ 2644 int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, 2645 void *arg); 2646 int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, 2647 ssl_ct_validation_cb callback, 2648 void *arg); 2649 #define SSL_disable_ct(s) \ 2650 ((void) SSL_set_validation_callback((s), NULL, NULL)) 2651 #define SSL_CTX_disable_ct(ctx) \ 2652 ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) 2653 2654 /* 2655 * The validation type enumerates the available behaviours of the built-in SSL 2656 * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). 2657 * The underlying callback is a static function in libssl. 2658 */ 2659 enum { 2660 SSL_CT_VALIDATION_PERMISSIVE = 0, 2661 SSL_CT_VALIDATION_STRICT 2662 }; 2663 2664 /* 2665 * Enable CT by setting up a callback that implements one of the built-in 2666 * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always 2667 * continues the handshake, the application can make appropriate decisions at 2668 * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at 2669 * least one valid SCT, or else handshake termination will be requested. The 2670 * handshake may continue anyway if SSL_VERIFY_NONE is in effect. 2671 */ 2672 int SSL_enable_ct(SSL *s, int validation_mode); 2673 int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); 2674 2675 /* 2676 * Report whether a non-NULL callback is enabled. 2677 */ 2678 int SSL_ct_is_enabled(const SSL *s); 2679 int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); 2680 2681 /* Gets the SCTs received from a connection */ 2682 const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); 2683 2684 /* 2685 * Loads the CT log list from the default location. 2686 * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, 2687 * the log information loaded from this file will be appended to the 2688 * CTLOG_STORE. 2689 * Returns 1 on success, 0 otherwise. 2690 */ 2691 int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); 2692 2693 /* 2694 * Loads the CT log list from the specified file path. 2695 * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, 2696 * the log information loaded from this file will be appended to the 2697 * CTLOG_STORE. 2698 * Returns 1 on success, 0 otherwise. 2699 */ 2700 int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); 2701 2702 /* 2703 * Sets the CT log list used by all SSL connections created from this SSL_CTX. 2704 * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. 2705 */ 2706 void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); 2707 2708 /* 2709 * Gets the CT log list used by all SSL connections created from this SSL_CTX. 2710 * This will be NULL unless one of the following functions has been called: 2711 * - SSL_CTX_set_default_ctlog_list_file 2712 * - SSL_CTX_set_ctlog_list_file 2713 * - SSL_CTX_set_ctlog_store 2714 */ 2715 const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); 2716 2717 # endif /* OPENSSL_NO_CT */ 2718 2719 /* What the "other" parameter contains in security callback */ 2720 /* Mask for type */ 2721 # define SSL_SECOP_OTHER_TYPE 0xffff0000 2722 # define SSL_SECOP_OTHER_NONE 0 2723 # define SSL_SECOP_OTHER_CIPHER (1 << 16) 2724 # define SSL_SECOP_OTHER_CURVE (2 << 16) 2725 # define SSL_SECOP_OTHER_DH (3 << 16) 2726 # define SSL_SECOP_OTHER_PKEY (4 << 16) 2727 # define SSL_SECOP_OTHER_SIGALG (5 << 16) 2728 # define SSL_SECOP_OTHER_CERT (6 << 16) 2729 2730 /* Indicated operation refers to peer key or certificate */ 2731 # define SSL_SECOP_PEER 0x1000 2732 2733 /* Values for "op" parameter in security callback */ 2734 2735 /* Called to filter ciphers */ 2736 /* Ciphers client supports */ 2737 # define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) 2738 /* Cipher shared by client/server */ 2739 # define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) 2740 /* Sanity check of cipher server selects */ 2741 # define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) 2742 /* Curves supported by client */ 2743 # define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) 2744 /* Curves shared by client/server */ 2745 # define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) 2746 /* Sanity check of curve server selects */ 2747 # define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) 2748 /* Temporary DH key */ 2749 # define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) 2750 /* SSL/TLS version */ 2751 # define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) 2752 /* Session tickets */ 2753 # define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) 2754 /* Supported signature algorithms sent to peer */ 2755 # define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) 2756 /* Shared signature algorithm */ 2757 # define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) 2758 /* Sanity check signature algorithm allowed */ 2759 # define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) 2760 /* Used to get mask of supported public key signature algorithms */ 2761 # define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) 2762 /* Use to see if compression is allowed */ 2763 # define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) 2764 /* EE key in certificate */ 2765 # define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) 2766 /* CA key in certificate */ 2767 # define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) 2768 /* CA digest algorithm in certificate */ 2769 # define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) 2770 /* Peer EE key in certificate */ 2771 # define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) 2772 /* Peer CA key in certificate */ 2773 # define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) 2774 /* Peer CA digest algorithm in certificate */ 2775 # define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) 2776 2777 void SSL_set_security_level(SSL *s, int level); 2778 __owur int SSL_get_security_level(const SSL *s); 2779 void SSL_set_security_callback(SSL *s, 2780 int (*cb) (const SSL *s, const SSL_CTX *ctx, 2781 int op, int bits, int nid, 2782 void *other, void *ex)); 2783 int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, 2784 const SSL_CTX *ctx, int op, 2785 int bits, int nid, void *other, 2786 void *ex); 2787 void SSL_set0_security_ex_data(SSL *s, void *ex); 2788 __owur void *SSL_get0_security_ex_data(const SSL *s); 2789 2790 void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); 2791 __owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); 2792 void SSL_CTX_set_security_callback(SSL_CTX *ctx, 2793 int (*cb) (const SSL *s, const SSL_CTX *ctx, 2794 int op, int bits, int nid, 2795 void *other, void *ex)); 2796 int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, 2797 const SSL_CTX *ctx, 2798 int op, int bits, 2799 int nid, 2800 void *other, 2801 void *ex); 2802 void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); 2803 __owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); 2804 2805 /* OPENSSL_INIT flag 0x010000 reserved for internal use */ 2806 # define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L 2807 # define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L 2808 2809 # define OPENSSL_INIT_SSL_DEFAULT \ 2810 (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) 2811 2812 int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); 2813 2814 # ifndef OPENSSL_NO_UNIT_TEST 2815 __owur const struct openssl_ssl_test_functions *SSL_test_functions(void); 2816 # endif 2817 2818 __owur int SSL_free_buffers(SSL *ssl); 2819 __owur int SSL_alloc_buffers(SSL *ssl); 2820 2821 /* Status codes passed to the decrypt session ticket callback. Some of these 2822 * are for internal use only and are never passed to the callback. */ 2823 typedef int SSL_TICKET_STATUS; 2824 2825 /* Support for ticket appdata */ 2826 /* fatal error, malloc failure */ 2827 # define SSL_TICKET_FATAL_ERR_MALLOC 0 2828 /* fatal error, either from parsing or decrypting the ticket */ 2829 # define SSL_TICKET_FATAL_ERR_OTHER 1 2830 /* No ticket present */ 2831 # define SSL_TICKET_NONE 2 2832 /* Empty ticket present */ 2833 # define SSL_TICKET_EMPTY 3 2834 /* the ticket couldn't be decrypted */ 2835 # define SSL_TICKET_NO_DECRYPT 4 2836 /* a ticket was successfully decrypted */ 2837 # define SSL_TICKET_SUCCESS 5 2838 /* same as above but the ticket needs to be renewed */ 2839 # define SSL_TICKET_SUCCESS_RENEW 6 2840 2841 /* Return codes for the decrypt session ticket callback */ 2842 typedef int SSL_TICKET_RETURN; 2843 2844 /* An error occurred */ 2845 #define SSL_TICKET_RETURN_ABORT 0 2846 /* Do not use the ticket, do not send a renewed ticket to the client */ 2847 #define SSL_TICKET_RETURN_IGNORE 1 2848 /* Do not use the ticket, send a renewed ticket to the client */ 2849 #define SSL_TICKET_RETURN_IGNORE_RENEW 2 2850 /* Use the ticket, do not send a renewed ticket to the client */ 2851 #define SSL_TICKET_RETURN_USE 3 2852 /* Use the ticket, send a renewed ticket to the client */ 2853 #define SSL_TICKET_RETURN_USE_RENEW 4 2854 2855 typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); 2856 typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, 2857 const unsigned char *keyname, 2858 size_t keyname_length, 2859 SSL_TICKET_STATUS status, 2860 void *arg); 2861 int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, 2862 SSL_CTX_generate_session_ticket_fn gen_cb, 2863 SSL_CTX_decrypt_session_ticket_fn dec_cb, 2864 void *arg); 2865 int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); 2866 int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); 2867 2868 typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); 2869 2870 void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); 2871 2872 2873 typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); 2874 void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, 2875 SSL_allow_early_data_cb_fn cb, 2876 void *arg); 2877 void SSL_set_allow_early_data_cb(SSL *s, 2878 SSL_allow_early_data_cb_fn cb, 2879 void *arg); 2880 2881 /* store the default cipher strings inside the library */ 2882 const char *OSSL_default_cipher_list(void); 2883 const char *OSSL_default_ciphersuites(void); 2884 2885 /* RFC8879 Certificate compression APIs */ 2886 2887 int SSL_CTX_compress_certs(SSL_CTX *ctx, int alg); 2888 int SSL_compress_certs(SSL *ssl, int alg); 2889 2890 int SSL_CTX_set1_cert_comp_preference(SSL_CTX *ctx, int *algs, size_t len); 2891 int SSL_set1_cert_comp_preference(SSL *ssl, int *algs, size_t len); 2892 2893 int SSL_CTX_set1_compressed_cert(SSL_CTX *ctx, int algorithm, unsigned char *comp_data, 2894 size_t comp_length, size_t orig_length); 2895 int SSL_set1_compressed_cert(SSL *ssl, int algorithm, unsigned char *comp_data, 2896 size_t comp_length, size_t orig_length); 2897 size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len); 2898 size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len); 2899 2900 __owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk); 2901 __owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s); 2902 __owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s); 2903 __owur int SSL_get_negotiated_client_cert_type(const SSL *s); 2904 __owur int SSL_get_negotiated_server_cert_type(const SSL *s); 2905 2906 __owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len); 2907 __owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len); 2908 __owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); 2909 __owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len); 2910 __owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len); 2911 __owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len); 2912 __owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len); 2913 __owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len); 2914 2915 /* 2916 * Protection level. For <= TLSv1.2 only "NONE" and "APPLICATION" are used. 2917 */ 2918 # define OSSL_RECORD_PROTECTION_LEVEL_NONE 0 2919 # define OSSL_RECORD_PROTECTION_LEVEL_EARLY 1 2920 # define OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE 2 2921 # define OSSL_RECORD_PROTECTION_LEVEL_APPLICATION 3 2922 2923 int SSL_set_quic_tls_cbs(SSL *s, const OSSL_DISPATCH *qtdis, void *arg); 2924 int SSL_set_quic_tls_transport_params(SSL *s, 2925 const unsigned char *params, 2926 size_t params_len); 2927 2928 int SSL_set_quic_tls_early_data_enabled(SSL *s, int enabled); 2929 2930 # ifdef __cplusplus 2931 } 2932 # endif 2933 #endif
Contact us
|
About us
|
Term of use
|
Copyright © 2000-2026 MyWebUniversity.com ™
