1 /* ssl/ssl.h */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * ECC cipher suite support in OpenSSL originally developed by 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115 */ 116 /* ==================================================================== 117 * Copyright 2005 Nokia. All rights reserved. 118 * 119 * The portions of the attached software ("Contribution") is developed by 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121 * license. 122 * 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125 * support (see RFC 4279) to OpenSSL. 126 * 127 * No patent licenses or other rights except those expressly stated in 128 * the OpenSSL open source license shall be deemed granted or received 129 * expressly, by implication, estoppel, or otherwise. 130 * 131 * No assurances are provided by Nokia that the Contribution does not 132 * infringe the patent or other intellectual property rights of any third 133 * party or that the license provides you with all the necessary rights 134 * to make use of the Contribution. 135 * 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140 * OTHERWISE. 141 */ 142 143 #ifndef HEADER_SSL_H 144 # define HEADER_SSL_H 145 146 # include <openssl/e_os2.h> 147 148 # ifndef OPENSSL_NO_COMP 149 # include <openssl/comp.h> 150 # endif 151 # ifndef OPENSSL_NO_BIO 152 # include <openssl/bio.h> 153 # endif 154 # ifndef OPENSSL_NO_DEPRECATED 155 # ifndef OPENSSL_NO_X509 156 # include <openssl/x509.h> 157 # endif 158 # include <openssl/crypto.h> 159 # include <openssl/lhash.h> 160 # include <openssl/buffer.h> 161 # endif 162 # include <openssl/pem.h> 163 # include <openssl/hmac.h> 164 165 # include <openssl/kssl.h> 166 # include <openssl/safestack.h> 167 # include <openssl/symhacks.h> 168 169 #ifdef __cplusplus 170 extern "C" { 171 #endif 172 173 /* SSLeay version number for ASN.1 encoding of the session information */ 174 /*- 175 * Version 0 - initial version 176 * Version 1 - added the optional peer certificate 177 */ 178 # define SSL_SESSION_ASN1_VERSION 0x0001 179 180 /* text strings for the ciphers */ 181 # define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 182 # define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 183 # define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 184 # define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 185 # define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 186 # define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 187 # define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 188 # define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA 189 # define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 190 # define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA 191 192 /* 193 * VRS Additional Kerberos5 entries 194 */ 195 # define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA 196 # define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA 197 # define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA 198 # define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA 199 # define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 200 # define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 201 # define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 202 # define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 203 204 # define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA 205 # define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA 206 # define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA 207 # define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 208 # define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 209 # define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 210 211 # define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA 212 # define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 213 # define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA 214 # define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 215 # define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA 216 # define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 217 # define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 218 219 # define SSL_MAX_SSL_SESSION_ID_LENGTH 32 220 # define SSL_MAX_SID_CTX_LENGTH 32 221 222 # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) 223 # define SSL_MAX_KEY_ARG_LENGTH 8 224 # define SSL_MAX_MASTER_KEY_LENGTH 48 225 226 /* These are used to specify which ciphers to use and not to use */ 227 228 # define SSL_TXT_EXP40 "EXPORT40" 229 # define SSL_TXT_EXP56 "EXPORT56" 230 # define SSL_TXT_LOW "LOW" 231 # define SSL_TXT_MEDIUM "MEDIUM" 232 # define SSL_TXT_HIGH "HIGH" 233 # define SSL_TXT_FIPS "FIPS" 234 235 # define SSL_TXT_kFZA "kFZA"/* unused! */ 236 # define SSL_TXT_aFZA "aFZA"/* unused! */ 237 # define SSL_TXT_eFZA "eFZA"/* unused! */ 238 # define SSL_TXT_FZA "FZA"/* unused! */ 239 240 # define SSL_TXT_aNULL "aNULL" 241 # define SSL_TXT_eNULL "eNULL" 242 # define SSL_TXT_NULL "NULL" 243 244 # define SSL_TXT_kRSA "kRSA" 245 # define SSL_TXT_kDHr "kDHr" 246 # define SSL_TXT_kDHd "kDHd" 247 # define SSL_TXT_kDH "kDH" 248 # define SSL_TXT_kEDH "kEDH" 249 # define SSL_TXT_kDHE "kDHE"/* alias for kEDH */ 250 # define SSL_TXT_kKRB5 "kKRB5" 251 # define SSL_TXT_kECDHr "kECDHr" 252 # define SSL_TXT_kECDHe "kECDHe" 253 # define SSL_TXT_kECDH "kECDH" 254 # define SSL_TXT_kEECDH "kEECDH" 255 # define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */ 256 # define SSL_TXT_kPSK "kPSK" 257 # define SSL_TXT_kRSAPSK "kRSAPSK" 258 # define SSL_TXT_kGOST "kGOST" 259 # define SSL_TXT_kSRP "kSRP" 260 261 # define SSL_TXT_aRSA "aRSA" 262 # define SSL_TXT_aDSS "aDSS" 263 # define SSL_TXT_aDH "aDH" 264 # define SSL_TXT_aECDH "aECDH" 265 # define SSL_TXT_aKRB5 "aKRB5" 266 # define SSL_TXT_aECDSA "aECDSA" 267 # define SSL_TXT_aPSK "aPSK" 268 # define SSL_TXT_aGOST94 "aGOST94" 269 # define SSL_TXT_aGOST01 "aGOST01" 270 # define SSL_TXT_aGOST "aGOST" 271 # define SSL_TXT_aSRP "aSRP" 272 273 # define SSL_TXT_DSS "DSS" 274 # define SSL_TXT_DH "DH" 275 # define SSL_TXT_EDH "EDH"/* same as "kEDH:-ADH" */ 276 # define SSL_TXT_DHE "DHE"/* alias for EDH */ 277 # define SSL_TXT_ADH "ADH" 278 # define SSL_TXT_RSA "RSA" 279 # define SSL_TXT_ECDH "ECDH" 280 # define SSL_TXT_EECDH "EECDH"/* same as "kEECDH:-AECDH" */ 281 # define SSL_TXT_ECDHE "ECDHE"/* alias for ECDHE" */ 282 # define SSL_TXT_AECDH "AECDH" 283 # define SSL_TXT_ECDSA "ECDSA" 284 # define SSL_TXT_KRB5 "KRB5" 285 # define SSL_TXT_PSK "PSK" 286 # define SSL_TXT_RSAPSK "RSAPSK" 287 # define SSL_TXT_SRP "SRP" 288 289 # define SSL_TXT_DES "DES" 290 # define SSL_TXT_3DES "3DES" 291 # define SSL_TXT_RC4 "RC4" 292 # define SSL_TXT_RC2 "RC2" 293 # define SSL_TXT_IDEA "IDEA" 294 # define SSL_TXT_SEED "SEED" 295 # define SSL_TXT_AES128 "AES128" 296 # define SSL_TXT_AES256 "AES256" 297 # define SSL_TXT_AES "AES" 298 # define SSL_TXT_AES_GCM "AESGCM" 299 # define SSL_TXT_CAMELLIA128 "CAMELLIA128" 300 # define SSL_TXT_CAMELLIA256 "CAMELLIA256" 301 # define SSL_TXT_CAMELLIA "CAMELLIA" 302 # define SSL_TXT_CHACHA20 "CHACHA20" 303 304 # define SSL_TXT_MD5 "MD5" 305 # define SSL_TXT_SHA1 "SHA1" 306 # define SSL_TXT_SHA "SHA"/* same as "SHA1" */ 307 # define SSL_TXT_GOST94 "GOST94" 308 # define SSL_TXT_GOST89MAC "GOST89MAC" 309 # define SSL_TXT_SHA256 "SHA256" 310 # define SSL_TXT_SHA384 "SHA384" 311 312 # define SSL_TXT_SSLV2 "SSLv2" 313 # define SSL_TXT_SSLV3 "SSLv3" 314 # define SSL_TXT_TLSV1 "TLSv1" 315 # define SSL_TXT_TLSV1_1 "TLSv1.1" 316 # define SSL_TXT_TLSV1_2 "TLSv1.2" 317 318 # define SSL_TXT_EXP "EXP" 319 # define SSL_TXT_EXPORT "EXPORT" 320 321 # define SSL_TXT_ALL "ALL" 322 323 /*- 324 * COMPLEMENTOF* definitions. These identifiers are used to (de-select) 325 * ciphers normally not being used. 326 * Example: "RC4" will activate all ciphers using RC4 including ciphers 327 * without authentication, which would normally disabled by DEFAULT (due 328 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" 329 * will make sure that it is also disabled in the specific selection. 330 * COMPLEMENTOF* identifiers are portable between version, as adjustments 331 * to the default cipher setup will also be included here. 332 * 333 * COMPLEMENTOFDEFAULT does not experience the same special treatment that 334 * DEFAULT gets, as only selection is being done and no sorting as needed 335 * for DEFAULT. 336 */ 337 # define SSL_TXT_CMPALL "COMPLEMENTOFALL" 338 # define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" 339 340 /* 341 * The following cipher list is used by default. It also is substituted when 342 * an application-defined cipher list string starts with 'DEFAULT'. 343 */ 344 # define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" 345 /* 346 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always 347 * starts with a reasonable order, and all we have to do for DEFAULT is 348 * throwing out anonymous and unencrypted ciphersuites! (The latter are not 349 * actually enabled by ALL, but "ALL:RSA" would enable some of them.) 350 */ 351 352 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ 353 # define SSL_SENT_SHUTDOWN 1 354 # define SSL_RECEIVED_SHUTDOWN 2 355 356 #ifdef __cplusplus 357 } 358 #endif 359 360 #ifdef __cplusplus 361 extern "C" { 362 #endif 363 364 # if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) 365 # define OPENSSL_NO_SSL2 366 # endif 367 368 # define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 369 # define SSL_FILETYPE_PEM X509_FILETYPE_PEM 370 371 /* 372 * This is needed to stop compilers complaining about the 'struct ssl_st *' 373 * function parameters used to prototype callbacks in SSL_CTX. 374 */ 375 typedef struct ssl_st *ssl_crock_st; 376 typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; 377 typedef struct ssl_method_st SSL_METHOD; 378 typedef struct ssl_cipher_st SSL_CIPHER; 379 typedef struct ssl_session_st SSL_SESSION; 380 typedef struct tls_sigalgs_st TLS_SIGALGS; 381 typedef struct ssl_conf_ctx_st SSL_CONF_CTX; 382 383 DECLARE_STACK_OF(SSL_CIPHER) 384 385 /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ 386 typedef struct srtp_protection_profile_st { 387 const char *name; 388 unsigned long id; 389 } SRTP_PROTECTION_PROFILE; 390 391 DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) 392 393 typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, 394 const unsigned char *data, 395 int len, void *arg); 396 typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, 397 int *secret_len, 398 STACK_OF(SSL_CIPHER) *peer_ciphers, 399 SSL_CIPHER **cipher, void *arg); 400 401 # ifndef OPENSSL_NO_TLSEXT 402 403 /* Typedefs for handling custom extensions */ 404 405 typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type, 406 const unsigned char **out, 407 size_t *outlen, int *al, void *add_arg); 408 409 typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type, 410 const unsigned char *out, void *add_arg); 411 412 typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, 413 const unsigned char *in, 414 size_t inlen, int *al, void *parse_arg); 415 416 # endif 417 418 # ifndef OPENSSL_NO_SSL_INTERN 419 420 /* used to hold info on the particular ciphers used */ 421 struct ssl_cipher_st { 422 int valid; 423 const char *name; /* text name */ 424 unsigned long id; /* id, 4 bytes, first is version */ 425 /* 426 * changed in 0.9.9: these four used to be portions of a single value 427 * 'algorithms' 428 */ 429 unsigned long algorithm_mkey; /* key exchange algorithm */ 430 unsigned long algorithm_auth; /* server authentication */ 431 unsigned long algorithm_enc; /* symmetric encryption */ 432 unsigned long algorithm_mac; /* symmetric authentication */ 433 unsigned long algorithm_ssl; /* (major) protocol version */ 434 unsigned long algo_strength; /* strength and export flags */ 435 unsigned long algorithm2; /* Extra flags */ 436 int strength_bits; /* Number of bits really used */ 437 int alg_bits; /* Number of bits for algorithm */ 438 }; 439 440 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 441 struct ssl_method_st { 442 int version; 443 int (*ssl_new) (SSL *s); 444 void (*ssl_clear) (SSL *s); 445 void (*ssl_free) (SSL *s); 446 int (*ssl_accept) (SSL *s); 447 int (*ssl_connect) (SSL *s); 448 int (*ssl_read) (SSL *s, void *buf, int len); 449 int (*ssl_peek) (SSL *s, void *buf, int len); 450 int (*ssl_write) (SSL *s, const void *buf, int len); 451 int (*ssl_shutdown) (SSL *s); 452 int (*ssl_renegotiate) (SSL *s); 453 int (*ssl_renegotiate_check) (SSL *s); 454 long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long 455 max, int *ok); 456 int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, 457 int peek); 458 int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); 459 int (*ssl_dispatch_alert) (SSL *s); 460 long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); 461 long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); 462 const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); 463 int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); 464 int (*ssl_pending) (const SSL *s); 465 int (*num_ciphers) (void); 466 const SSL_CIPHER *(*get_cipher) (unsigned ncipher); 467 const struct ssl_method_st *(*get_ssl_method) (int version); 468 long (*get_timeout) (void); 469 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ 470 int (*ssl_version) (void); 471 long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); 472 long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); 473 }; 474 475 /*- 476 * Lets make this into an ASN.1 type structure as follows 477 * SSL_SESSION_ID ::= SEQUENCE { 478 * version INTEGER, -- structure version number 479 * SSLversion INTEGER, -- SSL version number 480 * Cipher OCTET STRING, -- the 3 byte cipher ID 481 * Session_ID OCTET STRING, -- the Session ID 482 * Master_key OCTET STRING, -- the master key 483 * KRB5_principal OCTET STRING -- optional Kerberos principal 484 * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument 485 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time 486 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds 487 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate 488 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context 489 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' 490 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension 491 * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint 492 * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity 493 * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket 494 * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) 495 * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method 496 * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username 497 * } 498 * Look in ssl/ssl_asn1.c for more details 499 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). 500 */ 501 struct ssl_session_st { 502 int ssl_version; /* what ssl version session info is being 503 * kept in here? */ 504 /* only really used in SSLv2 */ 505 unsigned int key_arg_length; 506 unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; 507 int master_key_length; 508 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; 509 /* session_id - valid? */ 510 unsigned int session_id_length; 511 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; 512 /* 513 * this is used to determine whether the session is being reused in the 514 * appropriate context. It is up to the application to set this, via 515 * SSL_new 516 */ 517 unsigned int sid_ctx_length; 518 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 519 # ifndef OPENSSL_NO_KRB5 520 unsigned int krb5_client_princ_len; 521 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; 522 # endif /* OPENSSL_NO_KRB5 */ 523 # ifndef OPENSSL_NO_PSK 524 char *psk_identity_hint; 525 char *psk_identity; 526 # endif 527 /* 528 * Used to indicate that session resumption is not allowed. Applications 529 * can also set this bit for a new session via not_resumable_session_cb 530 * to disable session caching and tickets. 531 */ 532 int not_resumable; 533 /* The cert is the certificate used to establish this connection */ 534 struct sess_cert_st /* SESS_CERT */ *sess_cert; 535 /* 536 * This is the cert for the other end. On clients, it will be the same as 537 * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is 538 * not retained in the external representation of sessions, see 539 * ssl_asn1.c). 540 */ 541 X509 *peer; 542 /* 543 * when app_verify_callback accepts a session where the peer's 544 * certificate is not ok, we must remember the error for session reuse: 545 */ 546 long verify_result; /* only for servers */ 547 int references; 548 long timeout; 549 long time; 550 unsigned int compress_meth; /* Need to lookup the method */ 551 const SSL_CIPHER *cipher; 552 unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used 553 * to load the 'cipher' structure */ 554 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ 555 CRYPTO_EX_DATA ex_data; /* application specific data */ 556 /* 557 * These are used to make removal of session-ids more efficient and to 558 * implement a maximum cache size. 559 */ 560 struct ssl_session_st *prev, *next; 561 # ifndef OPENSSL_NO_TLSEXT 562 char *tlsext_hostname; 563 # ifndef OPENSSL_NO_EC 564 size_t tlsext_ecpointformatlist_length; 565 unsigned char *tlsext_ecpointformatlist; /* peer's list */ 566 size_t tlsext_ellipticcurvelist_length; 567 unsigned char *tlsext_ellipticcurvelist; /* peer's list */ 568 # endif /* OPENSSL_NO_EC */ 569 /* RFC4507 info */ 570 unsigned char *tlsext_tick; /* Session ticket */ 571 size_t tlsext_ticklen; /* Session ticket length */ 572 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 573 # endif 574 # ifndef OPENSSL_NO_SRP 575 char *srp_username; 576 # endif 577 }; 578 579 # endif 580 581 # define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 582 # define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 583 /* Allow initial connection to servers that don't support RI */ 584 # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L 585 # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 586 # define SSL_OP_TLSEXT_PADDING 0x00000010L 587 # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 588 # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L 589 # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L 590 # define SSL_OP_TLS_D5_BUG 0x00000100L 591 # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L 592 593 /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ 594 # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 595 /* Refers to ancient SSLREF and SSLv2, retained for compatibility */ 596 # define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 597 598 /* Disables sending any TLS extensions in client hello, even if required 599 * by used protocol version, ciphers or other options */ 600 # define SSL_OP_NO_TLSEXT 0x00000400L 601 602 /* 603 * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in 604 * OpenSSL 0.9.6d. Usually (depending on the application protocol) the 605 * workaround is not needed. Unfortunately some broken SSL/TLS 606 * implementations cannot handle it at all, which is why we include it in 607 * SSL_OP_ALL. 608 */ 609 /* added in 0.9.6e */ 610 # define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L 611 612 /* 613 * SSL_OP_ALL: various bug workarounds that should be rather harmless. This 614 * used to be 0x000FFFFFL before 0.9.7. 615 */ 616 # define SSL_OP_ALL 0x80000BFFL 617 618 /* DTLS options */ 619 # define SSL_OP_NO_QUERY_MTU 0x00001000L 620 /* Turn on Cookie Exchange (on relevant for servers) */ 621 # define SSL_OP_COOKIE_EXCHANGE 0x00002000L 622 /* Don't use RFC4507 ticket extension */ 623 # define SSL_OP_NO_TICKET 0x00004000L 624 /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ 625 # define SSL_OP_CISCO_ANYCONNECT 0x00008000L 626 627 /* As server, disallow session resumption on renegotiation */ 628 # define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L 629 /* Don't use compression even if supported */ 630 # define SSL_OP_NO_COMPRESSION 0x00020000L 631 /* Permit unsafe legacy renegotiation */ 632 # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L 633 /* If set, always create a new key when using tmp_ecdh parameters */ 634 # define SSL_OP_SINGLE_ECDH_USE 0x00080000L 635 /* Does nothing: retained for compatibility */ 636 # define SSL_OP_SINGLE_DH_USE 0x00100000L 637 /* Does nothing: retained for compatibiity */ 638 # define SSL_OP_EPHEMERAL_RSA 0x0 639 /* 640 * Set on servers to choose the cipher according to the server's preferences 641 */ 642 # define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L 643 /* 644 * If set, a server will allow a client to issue a SSLv3.0 version number as 645 * latest version supported in the premaster secret, even when TLSv1.0 646 * (version 3.1) was announced in the client hello. Normally this is 647 * forbidden to prevent version rollback attacks. 648 */ 649 # define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L 650 651 # define SSL_OP_NO_SSLv2 0x01000000L 652 # define SSL_OP_NO_SSLv3 0x02000000L 653 # define SSL_OP_NO_TLSv1 0x04000000L 654 # define SSL_OP_NO_TLSv1_2 0x08000000L 655 # define SSL_OP_NO_TLSv1_1 0x10000000L 656 657 # define SSL_OP_NO_DTLSv1 0x04000000L 658 # define SSL_OP_NO_DTLSv1_2 0x08000000L 659 660 # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ 661 SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) 662 663 /* 664 * These next two were never actually used for anything since SSLeay zap so 665 * we have some more flags. 666 */ 667 /* 668 * The next flag deliberately changes the ciphertest, this is a check for the 669 * PKCS#1 attack 670 */ 671 # define SSL_OP_PKCS1_CHECK_1 0x0 672 # define SSL_OP_PKCS1_CHECK_2 0x0 673 674 # define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 675 # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L 676 /* 677 * Make server add server-hello extension from early version of cryptopro 678 * draft, when GOST ciphersuite is negotiated. Required for interoperability 679 * with CryptoPro CSP 3.x 680 */ 681 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L 682 683 /* 684 * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 685 * when just a single record has been written): 686 */ 687 # define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L 688 /* 689 * Make it possible to retry SSL_write() with changed buffer location (buffer 690 * contents must stay the same!); this is not the default to avoid the 691 * misconception that non-blocking SSL_write() behaves like non-blocking 692 * write(): 693 */ 694 # define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L 695 /* 696 * Never bother the application with retries if the transport is blocking: 697 */ 698 # define SSL_MODE_AUTO_RETRY 0x00000004L 699 /* Don't attempt to automatically build certificate chain */ 700 # define SSL_MODE_NO_AUTO_CHAIN 0x00000008L 701 /* 702 * Save RAM by releasing read and write buffers when they're empty. (SSL3 and 703 * TLS only.) "Released" buffers are put onto a free-list in the context or 704 * just freed (depending on the context's setting for freelist_max_len). 705 */ 706 # define SSL_MODE_RELEASE_BUFFERS 0x00000010L 707 /* 708 * Send the current time in the Random fields of the ClientHello and 709 * ServerHello records for compatibility with hypothetical implementations 710 * that require it. 711 */ 712 # define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L 713 # define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L 714 /* 715 * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications 716 * that reconnect with a downgraded protocol version; see 717 * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your 718 * application attempts a normal handshake. Only use this in explicit 719 * fallback retries, following the guidance in 720 * draft-ietf-tls-downgrade-scsv-00. 721 */ 722 # define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L 723 724 /* Cert related flags */ 725 /* 726 * Many implementations ignore some aspects of the TLS standards such as 727 * enforcing certifcate chain algorithms. When this is set we enforce them. 728 */ 729 # define SSL_CERT_FLAG_TLS_STRICT 0x00000001L 730 731 /* Suite B modes, takes same values as certificate verify flags */ 732 # define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 733 /* Suite B 192 bit only mode */ 734 # define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 735 /* Suite B 128 bit mode allowing 192 bit algorithms */ 736 # define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 737 738 /* Perform all sorts of protocol violations for testing purposes */ 739 # define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 740 741 /* Flags for building certificate chains */ 742 /* Treat any existing certificates as untrusted CAs */ 743 # define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 744 /* Don't include root CA in chain */ 745 # define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 746 /* Just check certificates already there */ 747 # define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 748 /* Ignore verification errors */ 749 # define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 750 /* Clear verification errors from queue */ 751 # define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 752 753 /* Flags returned by SSL_check_chain */ 754 /* Certificate can be used with this session */ 755 # define CERT_PKEY_VALID 0x1 756 /* Certificate can also be used for signing */ 757 # define CERT_PKEY_SIGN 0x2 758 /* EE certificate signing algorithm OK */ 759 # define CERT_PKEY_EE_SIGNATURE 0x10 760 /* CA signature algorithms OK */ 761 # define CERT_PKEY_CA_SIGNATURE 0x20 762 /* EE certificate parameters OK */ 763 # define CERT_PKEY_EE_PARAM 0x40 764 /* CA certificate parameters OK */ 765 # define CERT_PKEY_CA_PARAM 0x80 766 /* Signing explicitly allowed as opposed to SHA1 fallback */ 767 # define CERT_PKEY_EXPLICIT_SIGN 0x100 768 /* Client CA issuer names match (always set for server cert) */ 769 # define CERT_PKEY_ISSUER_NAME 0x200 770 /* Cert type matches client types (always set for server cert) */ 771 # define CERT_PKEY_CERT_TYPE 0x400 772 /* Cert chain suitable to Suite B */ 773 # define CERT_PKEY_SUITEB 0x800 774 775 # define SSL_CONF_FLAG_CMDLINE 0x1 776 # define SSL_CONF_FLAG_FILE 0x2 777 # define SSL_CONF_FLAG_CLIENT 0x4 778 # define SSL_CONF_FLAG_SERVER 0x8 779 # define SSL_CONF_FLAG_SHOW_ERRORS 0x10 780 # define SSL_CONF_FLAG_CERTIFICATE 0x20 781 /* Configuration value types */ 782 # define SSL_CONF_TYPE_UNKNOWN 0x0 783 # define SSL_CONF_TYPE_STRING 0x1 784 # define SSL_CONF_TYPE_FILE 0x2 785 # define SSL_CONF_TYPE_DIR 0x3 786 787 /* 788 * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they 789 * cannot be used to clear bits. 790 */ 791 792 # define SSL_CTX_set_options(ctx,op) \ 793 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) 794 # define SSL_CTX_clear_options(ctx,op) \ 795 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) 796 # define SSL_CTX_get_options(ctx) \ 797 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) 798 # define SSL_set_options(ssl,op) \ 799 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) 800 # define SSL_clear_options(ssl,op) \ 801 SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) 802 # define SSL_get_options(ssl) \ 803 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) 804 805 # define SSL_CTX_set_mode(ctx,op) \ 806 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) 807 # define SSL_CTX_clear_mode(ctx,op) \ 808 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) 809 # define SSL_CTX_get_mode(ctx) \ 810 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) 811 # define SSL_clear_mode(ssl,op) \ 812 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) 813 # define SSL_set_mode(ssl,op) \ 814 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) 815 # define SSL_get_mode(ssl) \ 816 SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) 817 # define SSL_set_mtu(ssl, mtu) \ 818 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) 819 # define DTLS_set_link_mtu(ssl, mtu) \ 820 SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) 821 # define DTLS_get_link_min_mtu(ssl) \ 822 SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) 823 824 # define SSL_get_secure_renegotiation_support(ssl) \ 825 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) 826 827 # ifndef OPENSSL_NO_HEARTBEATS 828 # define SSL_heartbeat(ssl) \ 829 SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) 830 # endif 831 832 # define SSL_CTX_set_cert_flags(ctx,op) \ 833 SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) 834 # define SSL_set_cert_flags(s,op) \ 835 SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) 836 # define SSL_CTX_clear_cert_flags(ctx,op) \ 837 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) 838 # define SSL_clear_cert_flags(s,op) \ 839 SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) 840 841 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, 842 void (*cb) (int write_p, int version, 843 int content_type, const void *buf, 844 size_t len, SSL *ssl, void *arg)); 845 void SSL_set_msg_callback(SSL *ssl, 846 void (*cb) (int write_p, int version, 847 int content_type, const void *buf, 848 size_t len, SSL *ssl, void *arg)); 849 # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 850 # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 851 852 # ifndef OPENSSL_NO_SRP 853 854 # ifndef OPENSSL_NO_SSL_INTERN 855 856 typedef struct srp_ctx_st { 857 /* param for all the callbacks */ 858 void *SRP_cb_arg; 859 /* set client Hello login callback */ 860 int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); 861 /* set SRP N/g param callback for verification */ 862 int (*SRP_verify_param_callback) (SSL *, void *); 863 /* set SRP client passwd callback */ 864 char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); 865 char *login; 866 BIGNUM *N, *g, *s, *B, *A; 867 BIGNUM *a, *b, *v; 868 char *info; 869 int strength; 870 unsigned long srp_Mask; 871 } SRP_CTX; 872 873 # endif 874 875 /* see tls_srp.c */ 876 int SSL_SRP_CTX_init(SSL *s); 877 int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); 878 int SSL_SRP_CTX_free(SSL *ctx); 879 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); 880 int SSL_srp_server_param_with_username(SSL *s, int *ad); 881 int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); 882 int SRP_Calc_A_param(SSL *s); 883 int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); 884 885 # endif 886 887 struct ssl_aead_ctx_st; 888 typedef struct ssl_aead_ctx_st SSL_AEAD_CTX; 889 890 # if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) 891 # define SSL_MAX_CERT_LIST_DEFAULT 1024*30 892 /* 30k max cert list :-) */ 893 # else 894 # define SSL_MAX_CERT_LIST_DEFAULT 1024*100 895 /* 100k max cert list :-) */ 896 # endif 897 898 # define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) 899 900 /* 901 * This callback type is used inside SSL_CTX, SSL, and in the functions that 902 * set them. It is used to override the generation of SSL/TLS session IDs in 903 * a server. Return value should be zero on an error, non-zero to proceed. 904 * Also, callbacks should themselves check if the id they generate is unique 905 * otherwise the SSL handshake will fail with an error - callbacks can do 906 * this using the 'ssl' value they're passed by; 907 * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in 908 * is set at the maximum size the session ID can be. In SSLv2 this is 16 909 * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this 910 * length to be less if desired, but under SSLv2 session IDs are supposed to 911 * be fixed at 16 bytes so the id will be padded after the callback returns 912 * in this case. It is also an error for the callback to set the size to 913 * zero. 914 */ 915 typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, 916 unsigned int *id_len); 917 918 typedef struct ssl_comp_st SSL_COMP; 919 920 # ifndef OPENSSL_NO_SSL_INTERN 921 922 struct ssl_comp_st { 923 int id; 924 const char *name; 925 # ifndef OPENSSL_NO_COMP 926 COMP_METHOD *method; 927 # else 928 char *method; 929 # endif 930 }; 931 932 DECLARE_STACK_OF(SSL_COMP) 933 DECLARE_LHASH_OF(SSL_SESSION); 934 935 struct ssl_ctx_st { 936 const SSL_METHOD *method; 937 STACK_OF(SSL_CIPHER) *cipher_list; 938 /* same as above but sorted for lookup */ 939 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 940 struct x509_store_st /* X509_STORE */ *cert_store; 941 LHASH_OF(SSL_SESSION) *sessions; 942 /* 943 * Most session-ids that will be cached, default is 944 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. 945 */ 946 unsigned long session_cache_size; 947 struct ssl_session_st *session_cache_head; 948 struct ssl_session_st *session_cache_tail; 949 /* 950 * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, 951 * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which 952 * means only SSL_accept which cache SSL_SESSIONS. 953 */ 954 int session_cache_mode; 955 /* 956 * If timeout is not 0, it is the default timeout value set when 957 * SSL_new() is called. This has been put in to make life easier to set 958 * things up 959 */ 960 long session_timeout; 961 /* 962 * If this callback is not null, it will be called each time a session id 963 * is added to the cache. If this function returns 1, it means that the 964 * callback will do a SSL_SESSION_free() when it has finished using it. 965 * Otherwise, on 0, it means the callback has finished with it. If 966 * remove_session_cb is not null, it will be called when a session-id is 967 * removed from the cache. After the call, OpenSSL will 968 * SSL_SESSION_free() it. 969 */ 970 int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); 971 void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); 972 SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, 973 unsigned char *data, int len, int *copy); 974 struct { 975 int sess_connect; /* SSL new conn - started */ 976 int sess_connect_renegotiate; /* SSL reneg - requested */ 977 int sess_connect_good; /* SSL new conne/reneg - finished */ 978 int sess_accept; /* SSL new accept - started */ 979 int sess_accept_renegotiate; /* SSL reneg - requested */ 980 int sess_accept_good; /* SSL accept/reneg - finished */ 981 int sess_miss; /* session lookup misses */ 982 int sess_timeout; /* reuse attempt on timeouted session */ 983 int sess_cache_full; /* session removed due to full cache */ 984 int sess_hit; /* session reuse actually done */ 985 int sess_cb_hit; /* session-id that was not in the cache was 986 * passed back via the callback. This 987 * indicates that the application is 988 * supplying session-id's from other 989 * processes - spooky :-) */ 990 } stats; 991 992 int references; 993 994 /* if defined, these override the X509_verify_cert() calls */ 995 int (*app_verify_callback) (X509_STORE_CTX *, void *); 996 void *app_verify_arg; 997 /* 998 * before OpenSSL 0.9.7, 'app_verify_arg' was ignored 999 * ('app_verify_callback' was called with just one argument) 1000 */ 1001 1002 /* Default password callback. */ 1003 pem_password_cb *default_passwd_callback; 1004 1005 /* Default password callback user data. */ 1006 void *default_passwd_callback_userdata; 1007 1008 /* get client cert callback */ 1009 int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); 1010 1011 /* cookie generate callback */ 1012 int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, 1013 unsigned int *cookie_len); 1014 1015 /* verify cookie callback */ 1016 int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, 1017 unsigned int cookie_len); 1018 1019 CRYPTO_EX_DATA ex_data; 1020 1021 const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ 1022 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ 1023 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ 1024 1025 STACK_OF(X509) *extra_certs; 1026 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ 1027 1028 /* Default values used when no per-SSL value is defined follow */ 1029 1030 /* used if SSL's info_callback is NULL */ 1031 void (*info_callback) (const SSL *ssl, int type, int val); 1032 1033 /* what we put in client cert requests */ 1034 STACK_OF(X509_NAME) *client_CA; 1035 1036 /* 1037 * Default values to use in SSL structures follow (these are copied by 1038 * SSL_new) 1039 */ 1040 1041 unsigned long options; 1042 unsigned long mode; 1043 long max_cert_list; 1044 1045 struct cert_st /* CERT */ *cert; 1046 int read_ahead; 1047 1048 /* callback that allows applications to peek at protocol messages */ 1049 void (*msg_callback) (int write_p, int version, int content_type, 1050 const void *buf, size_t len, SSL *ssl, void *arg); 1051 void *msg_callback_arg; 1052 1053 int verify_mode; 1054 unsigned int sid_ctx_length; 1055 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 1056 /* called 'verify_callback' in the SSL */ 1057 int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); 1058 1059 /* Default generate session ID callback. */ 1060 GEN_SESSION_CB generate_session_id; 1061 1062 X509_VERIFY_PARAM *param; 1063 1064 # if 0 1065 int purpose; /* Purpose setting */ 1066 int trust; /* Trust setting */ 1067 # endif 1068 1069 int quiet_shutdown; 1070 1071 /* 1072 * Maximum amount of data to send in one fragment. actual record size can 1073 * be more than this due to padding and MAC overheads. 1074 */ 1075 unsigned int max_send_fragment; 1076 1077 # ifndef OPENSSL_NO_ENGINE 1078 /* 1079 * Engine to pass requests for client certs to 1080 */ 1081 ENGINE *client_cert_engine; 1082 # endif 1083 1084 # ifndef OPENSSL_NO_TLSEXT 1085 /* TLS extensions servername callback */ 1086 int (*tlsext_servername_callback) (SSL *, int *, void *); 1087 void *tlsext_servername_arg; 1088 /* RFC 4507 session ticket keys */ 1089 unsigned char tlsext_tick_key_name[16]; 1090 unsigned char tlsext_tick_hmac_key[16]; 1091 unsigned char tlsext_tick_aes_key[16]; 1092 /* Callback to support customisation of ticket key setting */ 1093 int (*tlsext_ticket_key_cb) (SSL *ssl, 1094 unsigned char *name, unsigned char *iv, 1095 EVP_CIPHER_CTX *ectx, 1096 HMAC_CTX *hctx, int enc); 1097 1098 /* certificate status request info */ 1099 /* Callback for status request */ 1100 int (*tlsext_status_cb) (SSL *ssl, void *arg); 1101 void *tlsext_status_arg; 1102 1103 /* draft-rescorla-tls-opaque-prf-input-00.txt information */ 1104 int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, 1105 size_t len, void *arg); 1106 void *tlsext_opaque_prf_input_callback_arg; 1107 # endif 1108 1109 # ifndef OPENSSL_NO_PSK 1110 char *psk_identity_hint; 1111 unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, 1112 char *identity, 1113 unsigned int max_identity_len, 1114 unsigned char *psk, 1115 unsigned int max_psk_len); 1116 unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, 1117 unsigned char *psk, 1118 unsigned int max_psk_len); 1119 # endif 1120 1121 # ifndef OPENSSL_NO_BUF_FREELISTS 1122 # define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 1123 unsigned int freelist_max_len; 1124 struct ssl3_buf_freelist_st *wbuf_freelist; 1125 struct ssl3_buf_freelist_st *rbuf_freelist; 1126 # endif 1127 # ifndef OPENSSL_NO_SRP 1128 SRP_CTX srp_ctx; /* ctx for SRP authentication */ 1129 # endif 1130 1131 # ifndef OPENSSL_NO_TLSEXT 1132 1133 # ifndef OPENSSL_NO_NEXTPROTONEG 1134 /* Next protocol negotiation information */ 1135 /* (for experimental NPN extension). */ 1136 1137 /* 1138 * For a server, this contains a callback function by which the set of 1139 * advertised protocols can be provided. 1140 */ 1141 int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, 1142 unsigned int *len, void *arg); 1143 void *next_protos_advertised_cb_arg; 1144 /* 1145 * For a client, this contains a callback function that selects the next 1146 * protocol from the list provided by the server. 1147 */ 1148 int (*next_proto_select_cb) (SSL *s, unsigned char **out, 1149 unsigned char *outlen, 1150 const unsigned char *in, 1151 unsigned int inlen, void *arg); 1152 void *next_proto_select_cb_arg; 1153 # endif 1154 /* SRTP profiles we are willing to do from RFC 5764 */ 1155 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 1156 1157 /* 1158 * ALPN information (we are in the process of transitioning from NPN to 1159 * ALPN.) 1160 */ 1161 1162 /*- 1163 * For a server, this contains a callback function that allows the 1164 * server to select the protocol for the connection. 1165 * out: on successful return, this must point to the raw protocol 1166 * name (without the length prefix). 1167 * outlen: on successful return, this contains the length of |*out|. 1168 * in: points to the client's list of supported protocols in 1169 * wire-format. 1170 * inlen: the length of |in|. 1171 */ 1172 int (*alpn_select_cb) (SSL *s, 1173 const unsigned char **out, 1174 unsigned char *outlen, 1175 const unsigned char *in, 1176 unsigned int inlen, void *arg); 1177 void *alpn_select_cb_arg; 1178 1179 /* 1180 * For a client, this contains the list of supported protocols in wire 1181 * format. 1182 */ 1183 unsigned char *alpn_client_proto_list; 1184 unsigned alpn_client_proto_list_len; 1185 1186 # ifndef OPENSSL_NO_EC 1187 /* EC extension values inherited by SSL structure */ 1188 size_t tlsext_ecpointformatlist_length; 1189 unsigned char *tlsext_ecpointformatlist; 1190 size_t tlsext_ellipticcurvelist_length; 1191 unsigned char *tlsext_ellipticcurvelist; 1192 # endif /* OPENSSL_NO_EC */ 1193 # endif 1194 }; 1195 1196 # endif 1197 1198 # define SSL_SESS_CACHE_OFF 0x0000 1199 # define SSL_SESS_CACHE_CLIENT 0x0001 1200 # define SSL_SESS_CACHE_SERVER 0x0002 1201 # define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) 1202 # define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 1203 /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ 1204 # define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 1205 # define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 1206 # define SSL_SESS_CACHE_NO_INTERNAL \ 1207 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) 1208 1209 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); 1210 # define SSL_CTX_sess_number(ctx) \ 1211 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) 1212 # define SSL_CTX_sess_connect(ctx) \ 1213 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) 1214 # define SSL_CTX_sess_connect_good(ctx) \ 1215 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) 1216 # define SSL_CTX_sess_connect_renegotiate(ctx) \ 1217 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) 1218 # define SSL_CTX_sess_accept(ctx) \ 1219 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) 1220 # define SSL_CTX_sess_accept_renegotiate(ctx) \ 1221 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) 1222 # define SSL_CTX_sess_accept_good(ctx) \ 1223 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) 1224 # define SSL_CTX_sess_hits(ctx) \ 1225 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) 1226 # define SSL_CTX_sess_cb_hits(ctx) \ 1227 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) 1228 # define SSL_CTX_sess_misses(ctx) \ 1229 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) 1230 # define SSL_CTX_sess_timeouts(ctx) \ 1231 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) 1232 # define SSL_CTX_sess_cache_full(ctx) \ 1233 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) 1234 1235 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 1236 int (*new_session_cb) (struct ssl_st *ssl, 1237 SSL_SESSION *sess)); 1238 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, 1239 SSL_SESSION *sess); 1240 void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 1241 void (*remove_session_cb) (struct ssl_ctx_st 1242 *ctx, 1243 SSL_SESSION 1244 *sess)); 1245 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, 1246 SSL_SESSION *sess); 1247 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, 1248 SSL_SESSION *(*get_session_cb) (struct ssl_st 1249 *ssl, 1250 unsigned char 1251 *data, int len, 1252 int *copy)); 1253 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, 1254 unsigned char *Data, 1255 int len, int *copy); 1256 void SSL_CTX_set_info_callback(SSL_CTX *ctx, 1257 void (*cb) (const SSL *ssl, int type, 1258 int val)); 1259 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, 1260 int val); 1261 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 1262 int (*client_cert_cb) (SSL *ssl, X509 **x509, 1263 EVP_PKEY **pkey)); 1264 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, 1265 EVP_PKEY **pkey); 1266 # ifndef OPENSSL_NO_ENGINE 1267 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); 1268 # endif 1269 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 1270 int (*app_gen_cookie_cb) (SSL *ssl, 1271 unsigned char 1272 *cookie, 1273 unsigned int 1274 *cookie_len)); 1275 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 1276 int (*app_verify_cookie_cb) (SSL *ssl, 1277 unsigned char 1278 *cookie, 1279 unsigned int 1280 cookie_len)); 1281 # ifndef OPENSSL_NO_NEXTPROTONEG 1282 void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, 1283 int (*cb) (SSL *ssl, 1284 const unsigned char 1285 **out, 1286 unsigned int *outlen, 1287 void *arg), void *arg); 1288 void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, 1289 int (*cb) (SSL *ssl, 1290 unsigned char **out, 1291 unsigned char *outlen, 1292 const unsigned char *in, 1293 unsigned int inlen, 1294 void *arg), void *arg); 1295 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 1296 unsigned *len); 1297 # endif 1298 1299 # ifndef OPENSSL_NO_TLSEXT 1300 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1301 const unsigned char *in, unsigned int inlen, 1302 const unsigned char *client, 1303 unsigned int client_len); 1304 # endif 1305 1306 # define OPENSSL_NPN_UNSUPPORTED 0 1307 # define OPENSSL_NPN_NEGOTIATED 1 1308 # define OPENSSL_NPN_NO_OVERLAP 2 1309 1310 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 1311 unsigned protos_len); 1312 int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 1313 unsigned protos_len); 1314 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 1315 int (*cb) (SSL *ssl, 1316 const unsigned char **out, 1317 unsigned char *outlen, 1318 const unsigned char *in, 1319 unsigned int inlen, 1320 void *arg), void *arg); 1321 void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 1322 unsigned *len); 1323 1324 # ifndef OPENSSL_NO_PSK 1325 /* 1326 * the maximum length of the buffer given to callbacks containing the 1327 * resulting identity/psk 1328 */ 1329 # define PSK_MAX_IDENTITY_LEN 128 1330 # define PSK_MAX_PSK_LEN 256 1331 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 1332 unsigned int (*psk_client_callback) (SSL 1333 *ssl, 1334 const 1335 char 1336 *hint, 1337 char 1338 *identity, 1339 unsigned 1340 int 1341 max_identity_len, 1342 unsigned 1343 char 1344 *psk, 1345 unsigned 1346 int 1347 max_psk_len)); 1348 void SSL_set_psk_client_callback(SSL *ssl, 1349 unsigned int (*psk_client_callback) (SSL 1350 *ssl, 1351 const 1352 char 1353 *hint, 1354 char 1355 *identity, 1356 unsigned 1357 int 1358 max_identity_len, 1359 unsigned 1360 char 1361 *psk, 1362 unsigned 1363 int 1364 max_psk_len)); 1365 void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 1366 unsigned int (*psk_server_callback) (SSL 1367 *ssl, 1368 const 1369 char 1370 *identity, 1371 unsigned 1372 char 1373 *psk, 1374 unsigned 1375 int 1376 max_psk_len)); 1377 void SSL_set_psk_server_callback(SSL *ssl, 1378 unsigned int (*psk_server_callback) (SSL 1379 *ssl, 1380 const 1381 char 1382 *identity, 1383 unsigned 1384 char 1385 *psk, 1386 unsigned 1387 int 1388 max_psk_len)); 1389 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); 1390 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); 1391 const char *SSL_get_psk_identity_hint(const SSL *s); 1392 const char *SSL_get_psk_identity(const SSL *s); 1393 # endif 1394 1395 # ifndef OPENSSL_NO_TLSEXT 1396 /* Register callbacks to handle custom TLS Extensions for client or server. */ 1397 1398 int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, 1399 custom_ext_add_cb add_cb, 1400 custom_ext_free_cb free_cb, 1401 void *add_arg, 1402 custom_ext_parse_cb parse_cb, 1403 void *parse_arg); 1404 1405 int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, 1406 custom_ext_add_cb add_cb, 1407 custom_ext_free_cb free_cb, 1408 void *add_arg, 1409 custom_ext_parse_cb parse_cb, 1410 void *parse_arg); 1411 1412 int SSL_extension_supported(unsigned int ext_type); 1413 1414 # endif 1415 1416 # define SSL_NOTHING 1 1417 # define SSL_WRITING 2 1418 # define SSL_READING 3 1419 # define SSL_X509_LOOKUP 4 1420 1421 /* These will only be used when doing non-blocking IO */ 1422 # define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) 1423 # define SSL_want_read(s) (SSL_want(s) == SSL_READING) 1424 # define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) 1425 # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) 1426 1427 # define SSL_MAC_FLAG_READ_MAC_STREAM 1 1428 # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 1429 1430 # ifndef OPENSSL_NO_SSL_INTERN 1431 1432 struct ssl_st { 1433 /* 1434 * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, 1435 * DTLS1_VERSION) 1436 */ 1437 int version; 1438 /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ 1439 int type; 1440 /* SSLv3 */ 1441 const SSL_METHOD *method; 1442 /* 1443 * There are 2 BIO's even though they are normally both the same. This 1444 * is so data can be read and written to different handlers 1445 */ 1446 # ifndef OPENSSL_NO_BIO 1447 /* used by SSL_read */ 1448 BIO *rbio; 1449 /* used by SSL_write */ 1450 BIO *wbio; 1451 /* used during session-id reuse to concatenate messages */ 1452 BIO *bbio; 1453 # else 1454 /* used by SSL_read */ 1455 char *rbio; 1456 /* used by SSL_write */ 1457 char *wbio; 1458 char *bbio; 1459 # endif 1460 /* 1461 * This holds a variable that indicates what we were doing when a 0 or -1 1462 * is returned. This is needed for non-blocking IO so we know what 1463 * request needs re-doing when in SSL_accept or SSL_connect 1464 */ 1465 int rwstate; 1466 /* true when we are actually in SSL_accept() or SSL_connect() */ 1467 int in_handshake; 1468 int (*handshake_func) (SSL *); 1469 /* 1470 * Imagine that here's a boolean member "init" that is switched as soon 1471 * as SSL_set_{accept/connect}_state is called for the first time, so 1472 * that "state" and "handshake_func" are properly initialized. But as 1473 * handshake_func is == 0 until then, we use this test instead of an 1474 * "init" member. 1475 */ 1476 /* are we the server side? - mostly used by SSL_clear */ 1477 int server; 1478 /* 1479 * Generate a new session or reuse an old one. 1480 * NB: For servers, the 'new' session may actually be a previously 1481 * cached session or even the previous session unless 1482 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set 1483 */ 1484 int new_session; 1485 /* don't send shutdown packets */ 1486 int quiet_shutdown; 1487 /* we have shut things down, 0x01 sent, 0x02 for received */ 1488 int shutdown; 1489 /* where we are */ 1490 int state; 1491 /* where we are when reading */ 1492 int rstate; 1493 BUF_MEM *init_buf; /* buffer used during init */ 1494 void *init_msg; /* pointer to handshake message body, set by 1495 * ssl3_get_message() */ 1496 int init_num; /* amount read/written */ 1497 int init_off; /* amount read/written */ 1498 /* used internally to point at a raw packet */ 1499 unsigned char *packet; 1500 unsigned int packet_length; 1501 struct ssl2_state_st *s2; /* SSLv2 variables */ 1502 struct ssl3_state_st *s3; /* SSLv3 variables */ 1503 struct dtls1_state_st *d1; /* DTLSv1 variables */ 1504 int read_ahead; /* Read as many input bytes as possible (for 1505 * non-blocking reads) */ 1506 /* callback that allows applications to peek at protocol messages */ 1507 void (*msg_callback) (int write_p, int version, int content_type, 1508 const void *buf, size_t len, SSL *ssl, void *arg); 1509 void *msg_callback_arg; 1510 int hit; /* reusing a previous session */ 1511 X509_VERIFY_PARAM *param; 1512 # if 0 1513 int purpose; /* Purpose setting */ 1514 int trust; /* Trust setting */ 1515 # endif 1516 /* crypto */ 1517 STACK_OF(SSL_CIPHER) *cipher_list; 1518 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 1519 /* 1520 * These are the ones being used, the ones in SSL_SESSION are the ones to 1521 * be 'copied' into these ones 1522 */ 1523 int mac_flags; 1524 SSL_AEAD_CTX *aead_read_ctx; /* AEAD context. If non-NULL, then 1525 |enc_read_ctx| and |read_hash| are 1526 ignored. */ 1527 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 1528 EVP_MD_CTX *read_hash; /* used for mac generation */ 1529 # ifndef OPENSSL_NO_COMP 1530 COMP_CTX *expand; /* uncompress */ 1531 # else 1532 char *expand; 1533 # endif 1534 SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then 1535 |enc_write_ctx| and |write_hash| are 1536 ignored. */ 1537 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 1538 EVP_MD_CTX *write_hash; /* used for mac generation */ 1539 # ifndef OPENSSL_NO_COMP 1540 COMP_CTX *compress; /* compression */ 1541 # else 1542 char *compress; 1543 # endif 1544 /* session info */ 1545 /* client cert? */ 1546 /* This is used to hold the server certificate used */ 1547 struct cert_st /* CERT */ *cert; 1548 /* 1549 * the session_id_context is used to ensure sessions are only reused in 1550 * the appropriate context 1551 */ 1552 unsigned int sid_ctx_length; 1553 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 1554 /* This can also be in the session once a session is established */ 1555 SSL_SESSION *session; 1556 /* Default generate session ID callback. */ 1557 GEN_SESSION_CB generate_session_id; 1558 /* Used in SSL2 and SSL3 */ 1559 /* 1560 * 0 don't care about verify failure. 1561 * 1 fail if verify fails 1562 */ 1563 int verify_mode; 1564 /* fail if callback returns 0 */ 1565 int (*verify_callback) (int ok, X509_STORE_CTX *ctx); 1566 /* optional informational callback */ 1567 void (*info_callback) (const SSL *ssl, int type, int val); 1568 /* error bytes to be written */ 1569 int error; 1570 /* actual code */ 1571 int error_code; 1572 # ifndef OPENSSL_NO_KRB5 1573 /* Kerberos 5 context */ 1574 KSSL_CTX *kssl_ctx; 1575 # endif /* OPENSSL_NO_KRB5 */ 1576 # ifndef OPENSSL_NO_PSK 1577 unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, 1578 char *identity, 1579 unsigned int max_identity_len, 1580 unsigned char *psk, 1581 unsigned int max_psk_len); 1582 unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, 1583 unsigned char *psk, 1584 unsigned int max_psk_len); 1585 # endif 1586 SSL_CTX *ctx; 1587 /* 1588 * set this flag to 1 and a sleep(1) is put into all SSL_read() and 1589 * SSL_write() calls, good for nbio debuging :-) 1590 */ 1591 int debug; 1592 /* extra application data */ 1593 long verify_result; 1594 CRYPTO_EX_DATA ex_data; 1595 /* for server side, keep the list of CA_dn we can use */ 1596 STACK_OF(X509_NAME) *client_CA; 1597 int references; 1598 /* protocol behaviour */ 1599 unsigned long options; 1600 /* API behaviour */ 1601 unsigned long mode; 1602 long max_cert_list; 1603 int first_packet; 1604 /* what was passed, used for SSLv3/TLS rollback check */ 1605 int client_version; 1606 unsigned int max_send_fragment; 1607 # ifndef OPENSSL_NO_TLSEXT 1608 /* TLS extension debug callback */ 1609 void (*tlsext_debug_cb) (SSL *s, int client_server, int type, 1610 unsigned char *data, int len, void *arg); 1611 void *tlsext_debug_arg; 1612 char *tlsext_hostname; 1613 /*- 1614 * no further mod of servername 1615 * 0 : call the servername extension callback. 1616 * 1 : prepare 2, allow last ack just after in server callback. 1617 * 2 : don't call servername callback, no ack in server hello 1618 */ 1619 int servername_done; 1620 /* certificate status request info */ 1621 /* Status type or -1 if no status type */ 1622 int tlsext_status_type; 1623 /* Expect OCSP CertificateStatus message */ 1624 int tlsext_status_expected; 1625 /* OCSP status request only */ 1626 STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; 1627 X509_EXTENSIONS *tlsext_ocsp_exts; 1628 /* OCSP response received or to be sent */ 1629 unsigned char *tlsext_ocsp_resp; 1630 int tlsext_ocsp_resplen; 1631 /* RFC4507 session ticket expected to be received or sent */ 1632 int tlsext_ticket_expected; 1633 # ifndef OPENSSL_NO_EC 1634 size_t tlsext_ecpointformatlist_length; 1635 /* our list */ 1636 unsigned char *tlsext_ecpointformatlist; 1637 size_t tlsext_ellipticcurvelist_length; 1638 /* our list */ 1639 unsigned char *tlsext_ellipticcurvelist; 1640 # endif /* OPENSSL_NO_EC */ 1641 /* 1642 * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for 1643 * handshakes 1644 */ 1645 void *tlsext_opaque_prf_input; 1646 size_t tlsext_opaque_prf_input_len; 1647 /* TLS Session Ticket extension override */ 1648 TLS_SESSION_TICKET_EXT *tlsext_session_ticket; 1649 /* TLS Session Ticket extension callback */ 1650 tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; 1651 void *tls_session_ticket_ext_cb_arg; 1652 /* TLS pre-shared secret session resumption */ 1653 tls_session_secret_cb_fn tls_session_secret_cb; 1654 void *tls_session_secret_cb_arg; 1655 SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ 1656 # ifndef OPENSSL_NO_NEXTPROTONEG 1657 /* 1658 * Next protocol negotiation. For the client, this is the protocol that 1659 * we sent in NextProtocol and is set when handling ServerHello 1660 * extensions. For a server, this is the client's selected_protocol from 1661 * NextProtocol and is set when handling the NextProtocol message, before 1662 * the Finished message. 1663 */ 1664 unsigned char *next_proto_negotiated; 1665 unsigned char next_proto_negotiated_len; 1666 # endif 1667 # define session_ctx initial_ctx 1668 /* What we'll do */ 1669 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 1670 /* What's been chosen */ 1671 SRTP_PROTECTION_PROFILE *srtp_profile; 1672 /*- 1673 * Is use of the Heartbeat extension negotiated? 1674 * 0: disabled 1675 * 1: enabled 1676 * 2: enabled, but not allowed to send Requests 1677 */ 1678 unsigned int tlsext_heartbeat; 1679 /* Indicates if a HeartbeatRequest is in flight */ 1680 unsigned int tlsext_hb_pending; 1681 /* HeartbeatRequest sequence number */ 1682 unsigned int tlsext_hb_seq; 1683 # else 1684 # define session_ctx ctx 1685 # endif /* OPENSSL_NO_TLSEXT */ 1686 /*- 1687 * 1 if we are renegotiating. 1688 * 2 if we are a server and are inside a handshake 1689 * (i.e. not just sending a HelloRequest) 1690 */ 1691 int renegotiate; 1692 # ifndef OPENSSL_NO_SRP 1693 /* ctx for SRP authentication */ 1694 SRP_CTX srp_ctx; 1695 # endif 1696 # ifndef OPENSSL_NO_TLSEXT 1697 /* 1698 * For a client, this contains the list of supported protocols in wire 1699 * format. 1700 */ 1701 unsigned char *alpn_client_proto_list; 1702 unsigned alpn_client_proto_list_len; 1703 # endif /* OPENSSL_NO_TLSEXT */ 1704 }; 1705 1706 # endif 1707 1708 #ifdef __cplusplus 1709 } 1710 #endif 1711 1712 # include <openssl/ssl2.h> 1713 # include <openssl/ssl3.h> 1714 # include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ 1715 # include <openssl/dtls1.h> /* Datagram TLS */ 1716 # include <openssl/ssl23.h> 1717 # include <openssl/srtp.h> /* Support for the use_srtp extension */ 1718 1719 #ifdef __cplusplus 1720 extern "C" { 1721 #endif 1722 1723 /* compatibility */ 1724 # define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) 1725 # define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) 1726 # define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) 1727 # define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) 1728 # define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) 1729 # define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) 1730 1731 /* 1732 * The following are the possible values for ssl->state are are used to 1733 * indicate where we are up to in the SSL connection establishment. The 1734 * macros that follow are about the only things you should need to use and 1735 * even then, only when using non-blocking IO. It can also be useful to work 1736 * out where you were when the connection failed 1737 */ 1738 1739 # define SSL_ST_CONNECT 0x1000 1740 # define SSL_ST_ACCEPT 0x2000 1741 # define SSL_ST_MASK 0x0FFF 1742 # define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) 1743 # define SSL_ST_BEFORE 0x4000 1744 # define SSL_ST_OK 0x03 1745 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) 1746 # define SSL_ST_ERR 0x05 1747 1748 # define SSL_CB_LOOP 0x01 1749 # define SSL_CB_EXIT 0x02 1750 # define SSL_CB_READ 0x04 1751 # define SSL_CB_WRITE 0x08 1752 # define SSL_CB_ALERT 0x4000/* used in callback */ 1753 # define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) 1754 # define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) 1755 # define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) 1756 # define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) 1757 # define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) 1758 # define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) 1759 # define SSL_CB_HANDSHAKE_START 0x10 1760 # define SSL_CB_HANDSHAKE_DONE 0x20 1761 1762 /* Is the SSL_connection established? */ 1763 # define SSL_get_state(a) SSL_state(a) 1764 # define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) 1765 # define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) 1766 # define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) 1767 # define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) 1768 # define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) 1769 1770 /* 1771 * The following 2 states are kept in ssl->rstate when reads fail, you should 1772 * not need these 1773 */ 1774 # define SSL_ST_READ_HEADER 0xF0 1775 # define SSL_ST_READ_BODY 0xF1 1776 # define SSL_ST_READ_DONE 0xF2 1777 1778 /*- 1779 * Obtain latest Finished message 1780 * -- that we sent (SSL_get_finished) 1781 * -- that we expected from peer (SSL_get_peer_finished). 1782 * Returns length (0 == no Finished so far), copies up to 'count' bytes. 1783 */ 1784 size_t SSL_get_finished(const SSL *s, void *buf, size_t count); 1785 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); 1786 1787 /* 1788 * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are 1789 * 'ored' with SSL_VERIFY_PEER if they are desired 1790 */ 1791 # define SSL_VERIFY_NONE 0x00 1792 # define SSL_VERIFY_PEER 0x01 1793 # define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 1794 # define SSL_VERIFY_CLIENT_ONCE 0x04 1795 1796 # define OpenSSL_add_ssl_algorithms() SSL_library_init() 1797 # define SSLeay_add_ssl_algorithms() SSL_library_init() 1798 1799 /* this is for backward compatibility */ 1800 # if 0 /* NEW_SSLEAY */ 1801 # define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) 1802 # define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) 1803 # define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) 1804 # define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) 1805 # define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) 1806 # endif 1807 /* More backward compatibility */ 1808 # define SSL_get_cipher(s) \ 1809 SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 1810 # define SSL_get_cipher_bits(s,np) \ 1811 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) 1812 # define SSL_get_cipher_version(s) \ 1813 SSL_CIPHER_get_version(SSL_get_current_cipher(s)) 1814 # define SSL_get_cipher_name(s) \ 1815 SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 1816 # define SSL_get_time(a) SSL_SESSION_get_time(a) 1817 # define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) 1818 # define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) 1819 # define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) 1820 1821 # define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) 1822 # define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) 1823 1824 DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 1825 # define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value 1826 * from SSL_AD_... */ 1827 /* These alert types are for SSLv3 and TLSv1 */ 1828 # define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY 1829 /* fatal */ 1830 # define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE 1831 /* fatal */ 1832 # define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC 1833 # define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED 1834 # define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW 1835 /* fatal */ 1836 # define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE 1837 /* fatal */ 1838 # define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE 1839 /* Not for TLS */ 1840 # define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE 1841 # define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE 1842 # define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE 1843 # define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED 1844 # define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED 1845 # define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN 1846 /* fatal */ 1847 # define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER 1848 /* fatal */ 1849 # define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA 1850 /* fatal */ 1851 # define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED 1852 /* fatal */ 1853 # define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR 1854 # define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR 1855 /* fatal */ 1856 # define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION 1857 /* fatal */ 1858 # define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION 1859 /* fatal */ 1860 # define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY 1861 /* fatal */ 1862 # define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR 1863 # define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED 1864 # define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION 1865 # define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION 1866 # define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE 1867 # define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME 1868 # define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 1869 # define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 1870 /* fatal */ 1871 # define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY 1872 /* fatal */ 1873 # define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK 1874 # define SSL_ERROR_NONE 0 1875 # define SSL_ERROR_SSL 1 1876 # define SSL_ERROR_WANT_READ 2 1877 # define SSL_ERROR_WANT_WRITE 3 1878 # define SSL_ERROR_WANT_X509_LOOKUP 4 1879 # define SSL_ERROR_SYSCALL 5/* look at error stack/return 1880 * value/errno */ 1881 # define SSL_ERROR_ZERO_RETURN 6 1882 # define SSL_ERROR_WANT_CONNECT 7 1883 # define SSL_ERROR_WANT_ACCEPT 8 1884 # define SSL_CTRL_NEED_TMP_RSA 1 1885 # define SSL_CTRL_SET_TMP_RSA 2 1886 # define SSL_CTRL_SET_TMP_DH 3 1887 # define SSL_CTRL_SET_TMP_ECDH 4 1888 # define SSL_CTRL_SET_TMP_RSA_CB 5 1889 # define SSL_CTRL_SET_TMP_DH_CB 6 1890 # define SSL_CTRL_SET_TMP_ECDH_CB 7 1891 # define SSL_CTRL_GET_SESSION_REUSED 8 1892 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 1893 # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 1894 # define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 1895 # define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 1896 # define SSL_CTRL_GET_FLAGS 13 1897 # define SSL_CTRL_EXTRA_CHAIN_CERT 14 1898 # define SSL_CTRL_SET_MSG_CALLBACK 15 1899 # define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 1900 /* only applies to datagram connections */ 1901 # define SSL_CTRL_SET_MTU 17 1902 /* Stats */ 1903 # define SSL_CTRL_SESS_NUMBER 20 1904 # define SSL_CTRL_SESS_CONNECT 21 1905 # define SSL_CTRL_SESS_CONNECT_GOOD 22 1906 # define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 1907 # define SSL_CTRL_SESS_ACCEPT 24 1908 # define SSL_CTRL_SESS_ACCEPT_GOOD 25 1909 # define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 1910 # define SSL_CTRL_SESS_HIT 27 1911 # define SSL_CTRL_SESS_CB_HIT 28 1912 # define SSL_CTRL_SESS_MISSES 29 1913 # define SSL_CTRL_SESS_TIMEOUTS 30 1914 # define SSL_CTRL_SESS_CACHE_FULL 31 1915 # define SSL_CTRL_OPTIONS 32 1916 # define SSL_CTRL_MODE 33 1917 # define SSL_CTRL_GET_READ_AHEAD 40 1918 # define SSL_CTRL_SET_READ_AHEAD 41 1919 # define SSL_CTRL_SET_SESS_CACHE_SIZE 42 1920 # define SSL_CTRL_GET_SESS_CACHE_SIZE 43 1921 # define SSL_CTRL_SET_SESS_CACHE_MODE 44 1922 # define SSL_CTRL_GET_SESS_CACHE_MODE 45 1923 # define SSL_CTRL_GET_MAX_CERT_LIST 50 1924 # define SSL_CTRL_SET_MAX_CERT_LIST 51 1925 # define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 1926 /* see tls1.h for macros based on these */ 1927 # ifndef OPENSSL_NO_TLSEXT 1928 # define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 1929 # define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 1930 # define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 1931 # define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 1932 # define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 1933 # define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 1934 # define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 1935 # define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 1936 # define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 1937 # define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 1938 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 1939 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 1940 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 1941 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 1942 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 1943 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 1944 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 1945 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 1946 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 1947 # define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 1948 # define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 1949 # define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 1950 # define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 1951 # define SSL_CTRL_SET_SRP_ARG 78 1952 # define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 1953 # define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 1954 # define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 1955 # ifndef OPENSSL_NO_HEARTBEATS 1956 # define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 1957 # define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 1958 # define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 1959 # endif 1960 # endif /* OPENSSL_NO_TLSEXT */ 1961 # define DTLS_CTRL_GET_TIMEOUT 73 1962 # define DTLS_CTRL_HANDLE_TIMEOUT 74 1963 # define DTLS_CTRL_LISTEN 75 1964 # define SSL_CTRL_GET_RI_SUPPORT 76 1965 # define SSL_CTRL_CLEAR_OPTIONS 77 1966 # define SSL_CTRL_CLEAR_MODE 78 1967 # define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 1968 # define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 1969 # define SSL_CTRL_CHAIN 88 1970 # define SSL_CTRL_CHAIN_CERT 89 1971 # define SSL_CTRL_GET_CURVES 90 1972 # define SSL_CTRL_SET_CURVES 91 1973 # define SSL_CTRL_SET_CURVES_LIST 92 1974 # define SSL_CTRL_GET_SHARED_CURVE 93 1975 # define SSL_CTRL_SET_ECDH_AUTO 94 1976 # define SSL_CTRL_SET_SIGALGS 97 1977 # define SSL_CTRL_SET_SIGALGS_LIST 98 1978 # define SSL_CTRL_CERT_FLAGS 99 1979 # define SSL_CTRL_CLEAR_CERT_FLAGS 100 1980 # define SSL_CTRL_SET_CLIENT_SIGALGS 101 1981 # define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 1982 # define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 1983 # define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 1984 # define SSL_CTRL_BUILD_CERT_CHAIN 105 1985 # define SSL_CTRL_SET_VERIFY_CERT_STORE 106 1986 # define SSL_CTRL_SET_CHAIN_CERT_STORE 107 1987 # define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 1988 # define SSL_CTRL_GET_SERVER_TMP_KEY 109 1989 # define SSL_CTRL_GET_RAW_CIPHERLIST 110 1990 # define SSL_CTRL_GET_EC_POINT_FORMATS 111 1991 # define SSL_CTRL_GET_CHAIN_CERTS 115 1992 # define SSL_CTRL_SELECT_CURRENT_CERT 116 1993 # define SSL_CTRL_SET_CURRENT_CERT 117 1994 # define SSL_CTRL_CHECK_PROTO_VERSION 119 1995 # define DTLS_CTRL_SET_LINK_MTU 120 1996 # define DTLS_CTRL_GET_LINK_MIN_MTU 121 1997 # define SSL_CERT_SET_FIRST 1 1998 # define SSL_CERT_SET_NEXT 2 1999 # define SSL_CERT_SET_SERVER 3 2000 # define DTLSv1_get_timeout(ssl, arg) \ 2001 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) 2002 # define DTLSv1_handle_timeout(ssl) \ 2003 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) 2004 # define DTLSv1_listen(ssl, peer) \ 2005 SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) 2006 # define SSL_session_reused(ssl) \ 2007 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) 2008 # define SSL_num_renegotiations(ssl) \ 2009 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) 2010 # define SSL_clear_num_renegotiations(ssl) \ 2011 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) 2012 # define SSL_total_renegotiations(ssl) \ 2013 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) 2014 # define SSL_CTX_need_tmp_RSA(ctx) \ 2015 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) 2016 # define SSL_CTX_set_tmp_rsa(ctx,rsa) \ 2017 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) 2018 # define SSL_CTX_set_tmp_dh(ctx,dh) \ 2019 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) 2020 # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ 2021 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 2022 # define SSL_need_tmp_RSA(ssl) \ 2023 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) 2024 # define SSL_set_tmp_rsa(ssl,rsa) \ 2025 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) 2026 # define SSL_set_tmp_dh(ssl,dh) \ 2027 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) 2028 # define SSL_set_tmp_ecdh(ssl,ecdh) \ 2029 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 2030 # define SSL_CTX_add_extra_chain_cert(ctx,x509) \ 2031 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) 2032 # define SSL_CTX_get_extra_chain_certs(ctx,px509) \ 2033 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) 2034 # define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ 2035 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) 2036 # define SSL_CTX_clear_extra_chain_certs(ctx) \ 2037 SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) 2038 # define SSL_CTX_set0_chain(ctx,sk) \ 2039 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) 2040 # define SSL_CTX_set1_chain(ctx,sk) \ 2041 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) 2042 # define SSL_CTX_add0_chain_cert(ctx,x509) \ 2043 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) 2044 # define SSL_CTX_add1_chain_cert(ctx,x509) \ 2045 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) 2046 # define SSL_CTX_get0_chain_certs(ctx,px509) \ 2047 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) 2048 # define SSL_CTX_clear_chain_certs(ctx) \ 2049 SSL_CTX_set0_chain(ctx,NULL) 2050 # define SSL_CTX_build_cert_chain(ctx, flags) \ 2051 SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) 2052 # define SSL_CTX_select_current_cert(ctx,x509) \ 2053 SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) 2054 # define SSL_CTX_set_current_cert(ctx, op) \ 2055 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) 2056 # define SSL_CTX_set0_verify_cert_store(ctx,st) \ 2057 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) 2058 # define SSL_CTX_set1_verify_cert_store(ctx,st) \ 2059 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) 2060 # define SSL_CTX_set0_chain_cert_store(ctx,st) \ 2061 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) 2062 # define SSL_CTX_set1_chain_cert_store(ctx,st) \ 2063 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) 2064 # define SSL_set0_chain(ctx,sk) \ 2065 SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) 2066 # define SSL_set1_chain(ctx,sk) \ 2067 SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) 2068 # define SSL_add0_chain_cert(ctx,x509) \ 2069 SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) 2070 # define SSL_add1_chain_cert(ctx,x509) \ 2071 SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) 2072 # define SSL_get0_chain_certs(ctx,px509) \ 2073 SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) 2074 # define SSL_clear_chain_certs(ctx) \ 2075 SSL_set0_chain(ctx,NULL) 2076 # define SSL_build_cert_chain(s, flags) \ 2077 SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) 2078 # define SSL_select_current_cert(ctx,x509) \ 2079 SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) 2080 # define SSL_set_current_cert(ctx,op) \ 2081 SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) 2082 # define SSL_set0_verify_cert_store(s,st) \ 2083 SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) 2084 # define SSL_set1_verify_cert_store(s,st) \ 2085 SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) 2086 # define SSL_set0_chain_cert_store(s,st) \ 2087 SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) 2088 # define SSL_set1_chain_cert_store(s,st) \ 2089 SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) 2090 # define SSL_get1_curves(ctx, s) \ 2091 SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s) 2092 # define SSL_CTX_set1_curves(ctx, clist, clistlen) \ 2093 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) 2094 # define SSL_CTX_set1_curves_list(ctx, s) \ 2095 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) 2096 # define SSL_set1_curves(ctx, clist, clistlen) \ 2097 SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) 2098 # define SSL_set1_curves_list(ctx, s) \ 2099 SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) 2100 # define SSL_get_shared_curve(s, n) \ 2101 SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) 2102 # define SSL_CTX_set_ecdh_auto(ctx, onoff) \ 2103 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) 2104 # define SSL_set_ecdh_auto(s, onoff) \ 2105 SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) 2106 # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ 2107 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) 2108 # define SSL_CTX_set1_sigalgs_list(ctx, s) \ 2109 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) 2110 # define SSL_set1_sigalgs(ctx, slist, slistlen) \ 2111 SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) 2112 # define SSL_set1_sigalgs_list(ctx, s) \ 2113 SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) 2114 # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ 2115 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist) 2116 # define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ 2117 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) 2118 # define SSL_set1_client_sigalgs(ctx, slist, slistlen) \ 2119 SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist) 2120 # define SSL_set1_client_sigalgs_list(ctx, s) \ 2121 SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) 2122 # define SSL_get0_certificate_types(s, clist) \ 2123 SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist) 2124 # define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ 2125 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) 2126 # define SSL_set1_client_certificate_types(s, clist, clistlen) \ 2127 SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) 2128 # define SSL_get_peer_signature_nid(s, pn) \ 2129 SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) 2130 # define SSL_get_server_tmp_key(s, pk) \ 2131 SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) 2132 # define SSL_get0_raw_cipherlist(s, plst) \ 2133 SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,(char *)plst) 2134 # define SSL_get0_ec_point_formats(s, plst) \ 2135 SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,(char *)plst) 2136 # ifndef OPENSSL_NO_BIO 2137 BIO_METHOD *BIO_f_ssl(void); 2138 BIO *BIO_new_ssl(SSL_CTX *ctx, int client); 2139 BIO *BIO_new_ssl_connect(SSL_CTX *ctx); 2140 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); 2141 int BIO_ssl_copy_session_id(BIO *to, BIO *from); 2142 void BIO_ssl_shutdown(BIO *ssl_bio); 2143 2144 # endif 2145 2146 int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); 2147 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); 2148 void SSL_CTX_free(SSL_CTX *); 2149 long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); 2150 long SSL_CTX_get_timeout(const SSL_CTX *ctx); 2151 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); 2152 void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); 2153 int SSL_want(const SSL *s); 2154 int SSL_clear(SSL *s); 2155 2156 void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); 2157 2158 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); 2159 int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); 2160 char *SSL_CIPHER_get_version(const SSL_CIPHER *c); 2161 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); 2162 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); 2163 2164 int SSL_get_fd(const SSL *s); 2165 int SSL_get_rfd(const SSL *s); 2166 int SSL_get_wfd(const SSL *s); 2167 const char *SSL_get_cipher_list(const SSL *s, int n); 2168 char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); 2169 int SSL_get_read_ahead(const SSL *s); 2170 int SSL_pending(const SSL *s); 2171 # ifndef OPENSSL_NO_SOCK 2172 int SSL_set_fd(SSL *s, int fd); 2173 int SSL_set_rfd(SSL *s, int fd); 2174 int SSL_set_wfd(SSL *s, int fd); 2175 # endif 2176 # ifndef OPENSSL_NO_BIO 2177 void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); 2178 BIO *SSL_get_rbio(const SSL *s); 2179 BIO *SSL_get_wbio(const SSL *s); 2180 # endif 2181 int SSL_set_cipher_list(SSL *s, const char *str); 2182 void SSL_set_read_ahead(SSL *s, int yes); 2183 int SSL_get_verify_mode(const SSL *s); 2184 int SSL_get_verify_depth(const SSL *s); 2185 int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); 2186 void SSL_set_verify(SSL *s, int mode, 2187 int (*callback) (int ok, X509_STORE_CTX *ctx)); 2188 void SSL_set_verify_depth(SSL *s, int depth); 2189 void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); 2190 # ifndef OPENSSL_NO_RSA 2191 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); 2192 # endif 2193 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); 2194 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); 2195 int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, 2196 long len); 2197 int SSL_use_certificate(SSL *ssl, X509 *x); 2198 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); 2199 2200 # ifndef OPENSSL_NO_TLSEXT 2201 /* Set serverinfo data for the current active cert. */ 2202 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, 2203 size_t serverinfo_length); 2204 # ifndef OPENSSL_NO_STDIO 2205 int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); 2206 # endif /* NO_STDIO */ 2207 2208 # endif 2209 2210 # ifndef OPENSSL_NO_STDIO 2211 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); 2212 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); 2213 int SSL_use_certificate_file(SSL *ssl, const char *file, int type); 2214 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); 2215 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); 2216 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); 2217 /* PEM type */ 2218 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); 2219 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 2220 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 2221 const char *file); 2222 # ifndef OPENSSL_SYS_VMS 2223 /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ 2224 # ifndef OPENSSL_SYS_MACINTOSH_CLASSIC 2225 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 2226 const char *dir); 2227 # endif 2228 # endif 2229 2230 # endif 2231 2232 void SSL_load_error_strings(void); 2233 const char *SSL_state_string(const SSL *s); 2234 const char *SSL_rstate_string(const SSL *s); 2235 const char *SSL_state_string_long(const SSL *s); 2236 const char *SSL_rstate_string_long(const SSL *s); 2237 long SSL_SESSION_get_time(const SSL_SESSION *s); 2238 long SSL_SESSION_set_time(SSL_SESSION *s, long t); 2239 long SSL_SESSION_get_timeout(const SSL_SESSION *s); 2240 long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); 2241 void SSL_copy_session_id(SSL *to, const SSL *from); 2242 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); 2243 int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, 2244 unsigned int sid_ctx_len); 2245 2246 SSL_SESSION *SSL_SESSION_new(void); 2247 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, 2248 unsigned int *len); 2249 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); 2250 # ifndef OPENSSL_NO_FP_API 2251 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); 2252 # endif 2253 # ifndef OPENSSL_NO_BIO 2254 int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); 2255 # endif 2256 void SSL_SESSION_free(SSL_SESSION *ses); 2257 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); 2258 int SSL_set_session(SSL *to, SSL_SESSION *session); 2259 int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); 2260 int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); 2261 int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); 2262 int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); 2263 int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 2264 unsigned int id_len); 2265 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 2266 long length); 2267 2268 # ifdef HEADER_X509_H 2269 X509 *SSL_get_peer_certificate(const SSL *s); 2270 # endif 2271 2272 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); 2273 2274 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); 2275 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); 2276 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, 2277 X509_STORE_CTX *); 2278 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 2279 int (*callback) (int, X509_STORE_CTX *)); 2280 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); 2281 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 2282 int (*cb) (X509_STORE_CTX *, void *), 2283 void *arg); 2284 void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), 2285 void *arg); 2286 # ifndef OPENSSL_NO_RSA 2287 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 2288 # endif 2289 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, 2290 long len); 2291 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 2292 int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, 2293 const unsigned char *d, long len); 2294 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 2295 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, 2296 const unsigned char *d); 2297 2298 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); 2299 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); 2300 2301 int SSL_CTX_check_private_key(const SSL_CTX *ctx); 2302 int SSL_check_private_key(const SSL *ctx); 2303 2304 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 2305 unsigned int sid_ctx_len); 2306 2307 SSL *SSL_new(SSL_CTX *ctx); 2308 int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 2309 unsigned int sid_ctx_len); 2310 2311 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); 2312 int SSL_set_purpose(SSL *s, int purpose); 2313 int SSL_CTX_set_trust(SSL_CTX *s, int trust); 2314 int SSL_set_trust(SSL *s, int trust); 2315 2316 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); 2317 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 2318 2319 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); 2320 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); 2321 2322 # ifndef OPENSSL_NO_SRP 2323 int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); 2324 int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); 2325 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); 2326 int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, 2327 char *(*cb) (SSL *, void *)); 2328 int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, 2329 int (*cb) (SSL *, void *)); 2330 int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, 2331 int (*cb) (SSL *, int *, void *)); 2332 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); 2333 2334 int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, 2335 BIGNUM *sa, BIGNUM *v, char *info); 2336 int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, 2337 const char *grp); 2338 2339 BIGNUM *SSL_get_srp_g(SSL *s); 2340 BIGNUM *SSL_get_srp_N(SSL *s); 2341 2342 char *SSL_get_srp_username(SSL *s); 2343 char *SSL_get_srp_userinfo(SSL *s); 2344 # endif 2345 2346 void SSL_certs_clear(SSL *s); 2347 void SSL_free(SSL *ssl); 2348 int SSL_accept(SSL *ssl); 2349 int SSL_connect(SSL *ssl); 2350 int SSL_read(SSL *ssl, void *buf, int num); 2351 int SSL_peek(SSL *ssl, void *buf, int num); 2352 int SSL_write(SSL *ssl, const void *buf, int num); 2353 long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); 2354 long SSL_callback_ctrl(SSL *, int, void (*)(void)); 2355 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); 2356 long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); 2357 2358 int SSL_get_error(const SSL *s, int ret_code); 2359 const char *SSL_get_version(const SSL *s); 2360 2361 /* This sets the 'default' SSL version that SSL_new() will create */ 2362 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); 2363 2364 # ifndef OPENSSL_NO_SSL2_METHOD 2365 const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ 2366 const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ 2367 const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ 2368 # endif 2369 2370 # ifndef OPENSSL_NO_SSL3_METHOD 2371 const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ 2372 const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ 2373 const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ 2374 # endif 2375 2376 const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS 2377 * version */ 2378 const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available 2379 * SSL/TLS version */ 2380 const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available 2381 * SSL/TLS version */ 2382 2383 const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ 2384 const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ 2385 const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ 2386 2387 const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ 2388 const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ 2389 const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ 2390 2391 const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ 2392 const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ 2393 const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ 2394 2395 const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ 2396 const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ 2397 const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ 2398 2399 const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ 2400 const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ 2401 const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ 2402 2403 const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ 2404 const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ 2405 const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ 2406 2407 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); 2408 2409 int SSL_do_handshake(SSL *s); 2410 int SSL_renegotiate(SSL *s); 2411 int SSL_renegotiate_abbreviated(SSL *s); 2412 int SSL_renegotiate_pending(SSL *s); 2413 int SSL_shutdown(SSL *s); 2414 2415 const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); 2416 const SSL_METHOD *SSL_get_ssl_method(SSL *s); 2417 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); 2418 const char *SSL_alert_type_string_long(int value); 2419 const char *SSL_alert_type_string(int value); 2420 const char *SSL_alert_desc_string_long(int value); 2421 const char *SSL_alert_desc_string(int value); 2422 2423 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); 2424 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); 2425 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); 2426 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); 2427 int SSL_add_client_CA(SSL *ssl, X509 *x); 2428 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); 2429 2430 void SSL_set_connect_state(SSL *s); 2431 void SSL_set_accept_state(SSL *s); 2432 2433 long SSL_get_default_timeout(const SSL *s); 2434 2435 int SSL_library_init(void); 2436 2437 char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); 2438 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); 2439 2440 SSL *SSL_dup(SSL *ssl); 2441 2442 X509 *SSL_get_certificate(const SSL *ssl); 2443 /* 2444 * EVP_PKEY 2445 */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); 2446 2447 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); 2448 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); 2449 2450 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); 2451 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); 2452 void SSL_set_quiet_shutdown(SSL *ssl, int mode); 2453 int SSL_get_quiet_shutdown(const SSL *ssl); 2454 void SSL_set_shutdown(SSL *ssl, int mode); 2455 int SSL_get_shutdown(const SSL *ssl); 2456 int SSL_version(const SSL *ssl); 2457 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); 2458 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 2459 const char *CApath); 2460 # define SSL_get0_session SSL_get_session/* just peek at pointer */ 2461 SSL_SESSION *SSL_get_session(const SSL *ssl); 2462 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ 2463 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); 2464 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); 2465 void SSL_set_info_callback(SSL *ssl, 2466 void (*cb) (const SSL *ssl, int type, int val)); 2467 void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, 2468 int val); 2469 int SSL_state(const SSL *ssl); 2470 void SSL_set_state(SSL *ssl, int state); 2471 2472 void SSL_set_verify_result(SSL *ssl, long v); 2473 long SSL_get_verify_result(const SSL *ssl); 2474 2475 int SSL_set_ex_data(SSL *ssl, int idx, void *data); 2476 void *SSL_get_ex_data(const SSL *ssl, int idx); 2477 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 2478 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 2479 2480 int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); 2481 void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); 2482 int SSL_SESSION_get_ex_new_index(long argl, void *argp, 2483 CRYPTO_EX_new *new_func, 2484 CRYPTO_EX_dup *dup_func, 2485 CRYPTO_EX_free *free_func); 2486 2487 int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); 2488 void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); 2489 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 2490 CRYPTO_EX_dup *dup_func, 2491 CRYPTO_EX_free *free_func); 2492 2493 int SSL_get_ex_data_X509_STORE_CTX_idx(void); 2494 2495 # define SSL_CTX_sess_set_cache_size(ctx,t) \ 2496 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) 2497 # define SSL_CTX_sess_get_cache_size(ctx) \ 2498 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) 2499 # define SSL_CTX_set_session_cache_mode(ctx,m) \ 2500 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) 2501 # define SSL_CTX_get_session_cache_mode(ctx) \ 2502 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) 2503 2504 # define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) 2505 # define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) 2506 # define SSL_CTX_get_read_ahead(ctx) \ 2507 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) 2508 # define SSL_CTX_set_read_ahead(ctx,m) \ 2509 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) 2510 # define SSL_CTX_get_max_cert_list(ctx) \ 2511 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 2512 # define SSL_CTX_set_max_cert_list(ctx,m) \ 2513 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 2514 # define SSL_get_max_cert_list(ssl) \ 2515 SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 2516 # define SSL_set_max_cert_list(ssl,m) \ 2517 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 2518 2519 # define SSL_CTX_set_max_send_fragment(ctx,m) \ 2520 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 2521 # define SSL_set_max_send_fragment(ssl,m) \ 2522 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 2523 2524 /* NB: the keylength is only applicable when is_export is true */ 2525 # ifndef OPENSSL_NO_RSA 2526 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, 2527 RSA *(*cb) (SSL *ssl, int is_export, 2528 int keylength)); 2529 2530 void SSL_set_tmp_rsa_callback(SSL *ssl, 2531 RSA *(*cb) (SSL *ssl, int is_export, 2532 int keylength)); 2533 # endif 2534 # ifndef OPENSSL_NO_DH 2535 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 2536 DH *(*dh) (SSL *ssl, int is_export, 2537 int keylength)); 2538 void SSL_set_tmp_dh_callback(SSL *ssl, 2539 DH *(*dh) (SSL *ssl, int is_export, 2540 int keylength)); 2541 # endif 2542 # ifndef OPENSSL_NO_ECDH 2543 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, 2544 EC_KEY *(*ecdh) (SSL *ssl, int is_export, 2545 int keylength)); 2546 void SSL_set_tmp_ecdh_callback(SSL *ssl, 2547 EC_KEY *(*ecdh) (SSL *ssl, int is_export, 2548 int keylength)); 2549 # endif 2550 2551 const COMP_METHOD *SSL_get_current_compression(SSL *s); 2552 const COMP_METHOD *SSL_get_current_expansion(SSL *s); 2553 const char *SSL_COMP_get_name(const COMP_METHOD *comp); 2554 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 2555 STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) 2556 *meths); 2557 void SSL_COMP_free_compression_methods(void); 2558 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); 2559 2560 const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); 2561 2562 /* TLS extensions functions */ 2563 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); 2564 2565 int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 2566 void *arg); 2567 2568 /* Pre-shared secret session resumption functions */ 2569 int SSL_set_session_secret_cb(SSL *s, 2570 tls_session_secret_cb_fn tls_session_secret_cb, 2571 void *arg); 2572 2573 void SSL_set_debug(SSL *s, int debug); 2574 int SSL_cache_hit(SSL *s); 2575 int SSL_is_server(SSL *s); 2576 2577 SSL_CONF_CTX *SSL_CONF_CTX_new(void); 2578 int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); 2579 void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); 2580 unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); 2581 unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); 2582 int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); 2583 2584 void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); 2585 void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); 2586 2587 int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); 2588 int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); 2589 int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); 2590 2591 # ifndef OPENSSL_NO_SSL_TRACE 2592 void SSL_trace(int write_p, int version, int content_type, 2593 const void *buf, size_t len, SSL *ssl, void *arg); 2594 const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); 2595 # endif 2596 2597 # ifndef OPENSSL_NO_UNIT_TEST 2598 const struct openssl_ssl_test_functions *SSL_test_functions(void); 2599 # endif 2600 2601 void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len, 2602 unsigned char *context, int context_len, 2603 unsigned char *out, int olen); 2604 2605 /* BEGIN ERROR CODES */ 2606 /* 2607 * The following lines are auto generated by the script mkerr.pl. Any changes 2608 * made after this point may be overwritten when the script is next run. 2609 */ 2610 void ERR_load_SSL_strings(void); 2611 2612 /* Error codes for the SSL functions. */ 2613 2614 /* Function codes. */ 2615 # define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 2616 # define SSL_F_CLIENT_CERTIFICATE 100 2617 # define SSL_F_CLIENT_FINISHED 167 2618 # define SSL_F_CLIENT_HELLO 101 2619 # define SSL_F_CLIENT_MASTER_KEY 102 2620 # define SSL_F_D2I_SSL_SESSION 103 2621 # define SSL_F_DO_DTLS1_WRITE 245 2622 # define SSL_F_DO_SSL3_WRITE 104 2623 # define SSL_F_DTLS1_ACCEPT 246 2624 # define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 2625 # define SSL_F_DTLS1_BUFFER_RECORD 247 2626 # define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 2627 # define SSL_F_DTLS1_CLIENT_HELLO 248 2628 # define SSL_F_DTLS1_CONNECT 249 2629 # define SSL_F_DTLS1_ENC 250 2630 # define SSL_F_DTLS1_GET_HELLO_VERIFY 251 2631 # define SSL_F_DTLS1_GET_MESSAGE 252 2632 # define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 2633 # define SSL_F_DTLS1_GET_RECORD 254 2634 # define SSL_F_DTLS1_HANDLE_TIMEOUT 297 2635 # define SSL_F_DTLS1_HEARTBEAT 305 2636 # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 2637 # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 2638 # define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 2639 # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 2640 # define SSL_F_DTLS1_PROCESS_RECORD 257 2641 # define SSL_F_DTLS1_READ_BYTES 258 2642 # define SSL_F_DTLS1_READ_FAILED 259 2643 # define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 2644 # define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 2645 # define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 2646 # define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 2647 # define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 2648 # define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 2649 # define SSL_F_DTLS1_SEND_SERVER_HELLO 266 2650 # define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 2651 # define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 2652 # define SSL_F_GET_CLIENT_FINISHED 105 2653 # define SSL_F_GET_CLIENT_HELLO 106 2654 # define SSL_F_GET_CLIENT_MASTER_KEY 107 2655 # define SSL_F_GET_SERVER_FINISHED 108 2656 # define SSL_F_GET_SERVER_HELLO 109 2657 # define SSL_F_GET_SERVER_STATIC_DH_KEY 340 2658 # define SSL_F_GET_SERVER_VERIFY 110 2659 # define SSL_F_I2D_SSL_SESSION 111 2660 # define SSL_F_READ_N 112 2661 # define SSL_F_REQUEST_CERTIFICATE 113 2662 # define SSL_F_SERVER_FINISH 239 2663 # define SSL_F_SERVER_HELLO 114 2664 # define SSL_F_SERVER_VERIFY 240 2665 # define SSL_F_SSL23_ACCEPT 115 2666 # define SSL_F_SSL23_CLIENT_HELLO 116 2667 # define SSL_F_SSL23_CONNECT 117 2668 # define SSL_F_SSL23_GET_CLIENT_HELLO 118 2669 # define SSL_F_SSL23_GET_SERVER_HELLO 119 2670 # define SSL_F_SSL23_PEEK 237 2671 # define SSL_F_SSL23_READ 120 2672 # define SSL_F_SSL23_WRITE 121 2673 # define SSL_F_SSL2_ACCEPT 122 2674 # define SSL_F_SSL2_CONNECT 123 2675 # define SSL_F_SSL2_ENC_INIT 124 2676 # define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 2677 # define SSL_F_SSL2_PEEK 234 2678 # define SSL_F_SSL2_READ 125 2679 # define SSL_F_SSL2_READ_INTERNAL 236 2680 # define SSL_F_SSL2_SET_CERTIFICATE 126 2681 # define SSL_F_SSL2_WRITE 127 2682 # define SSL_F_SSL3_ACCEPT 128 2683 # define SSL_F_SSL3_ADD_CERT_TO_BUF 296 2684 # define SSL_F_SSL3_CALLBACK_CTRL 233 2685 # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 2686 # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 2687 # define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 2688 # define SSL_F_SSL3_CHECK_FINISHED 339 2689 # define SSL_F_SSL3_CLIENT_HELLO 131 2690 # define SSL_F_SSL3_CONNECT 132 2691 # define SSL_F_SSL3_CTRL 213 2692 # define SSL_F_SSL3_CTX_CTRL 133 2693 # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 2694 # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 2695 # define SSL_F_SSL3_ENC 134 2696 # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 2697 # define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 2698 # define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 2699 # define SSL_F_SSL3_GET_CERT_STATUS 289 2700 # define SSL_F_SSL3_GET_CERT_VERIFY 136 2701 # define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 2702 # define SSL_F_SSL3_GET_CLIENT_HELLO 138 2703 # define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 2704 # define SSL_F_SSL3_GET_FINISHED 140 2705 # define SSL_F_SSL3_GET_KEY_EXCHANGE 141 2706 # define SSL_F_SSL3_GET_MESSAGE 142 2707 # define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 2708 # define SSL_F_SSL3_GET_NEXT_PROTO 306 2709 # define SSL_F_SSL3_GET_RECORD 143 2710 # define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 2711 # define SSL_F_SSL3_GET_SERVER_DONE 145 2712 # define SSL_F_SSL3_GET_SERVER_HELLO 146 2713 # define SSL_F_SSL3_HANDSHAKE_MAC 285 2714 # define SSL_F_SSL3_NEW_SESSION_TICKET 287 2715 # define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 2716 # define SSL_F_SSL3_PEEK 235 2717 # define SSL_F_SSL3_READ_BYTES 148 2718 # define SSL_F_SSL3_READ_N 149 2719 # define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 2720 # define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 2721 # define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 2722 # define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 2723 # define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 2724 # define SSL_F_SSL3_SEND_SERVER_HELLO 242 2725 # define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 2726 # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 2727 # define SSL_F_SSL3_SETUP_READ_BUFFER 156 2728 # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 2729 # define SSL_F_SSL3_WRITE_BYTES 158 2730 # define SSL_F_SSL3_WRITE_PENDING 159 2731 # define SSL_F_SSL_ADD_CERT_CHAIN 318 2732 # define SSL_F_SSL_ADD_CERT_TO_BUF 319 2733 # define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 2734 # define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 2735 # define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 2736 # define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 2737 # define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 2738 # define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 2739 # define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 2740 # define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 2741 # define SSL_F_SSL_BAD_METHOD 160 2742 # define SSL_F_SSL_BUILD_CERT_CHAIN 332 2743 # define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 2744 # define SSL_F_SSL_CERT_DUP 221 2745 # define SSL_F_SSL_CERT_INST 222 2746 # define SSL_F_SSL_CERT_INSTANTIATE 214 2747 # define SSL_F_SSL_CERT_NEW 162 2748 # define SSL_F_SSL_CHECK_PRIVATE_KEY 163 2749 # define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 2750 # define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 2751 # define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 2752 # define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 2753 # define SSL_F_SSL_CLEAR 164 2754 # define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 2755 # define SSL_F_SSL_CONF_CMD 334 2756 # define SSL_F_SSL_CREATE_CIPHER_LIST 166 2757 # define SSL_F_SSL_CTRL 232 2758 # define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 2759 # define SSL_F_SSL_CTX_MAKE_PROFILES 309 2760 # define SSL_F_SSL_CTX_NEW 169 2761 # define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 2762 # define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 2763 # define SSL_F_SSL_CTX_SET_PURPOSE 226 2764 # define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 2765 # define SSL_F_SSL_CTX_SET_SSL_VERSION 170 2766 # define SSL_F_SSL_CTX_SET_TRUST 229 2767 # define SSL_F_SSL_CTX_USE_CERTIFICATE 171 2768 # define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 2769 # define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 2770 # define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 2771 # define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 2772 # define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 2773 # define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 2774 # define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 2775 # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 2776 # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 2777 # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 2778 # define SSL_F_SSL_CTX_USE_SERVERINFO 336 2779 # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 2780 # define SSL_F_SSL_DO_HANDSHAKE 180 2781 # define SSL_F_SSL_GET_NEW_SESSION 181 2782 # define SSL_F_SSL_GET_PREV_SESSION 217 2783 # define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 2784 # define SSL_F_SSL_GET_SERVER_SEND_CERT 182 2785 # define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 2786 # define SSL_F_SSL_GET_SIGN_PKEY 183 2787 # define SSL_F_SSL_INIT_WBIO_BUFFER 184 2788 # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 2789 # define SSL_F_SSL_NEW 186 2790 # define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 2791 # define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 2792 # define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 2793 # define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 2794 # define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 2795 # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 2796 # define SSL_F_SSL_PEEK 270 2797 # define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 2798 # define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 2799 # define SSL_F_SSL_READ 223 2800 # define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 2801 # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 2802 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 2803 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 2804 # define SSL_F_SSL_SESSION_DUP 348 2805 # define SSL_F_SSL_SESSION_NEW 189 2806 # define SSL_F_SSL_SESSION_PRINT_FP 190 2807 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 2808 # define SSL_F_SSL_SESS_CERT_NEW 225 2809 # define SSL_F_SSL_SET_CERT 191 2810 # define SSL_F_SSL_SET_CIPHER_LIST 271 2811 # define SSL_F_SSL_SET_FD 192 2812 # define SSL_F_SSL_SET_PKEY 193 2813 # define SSL_F_SSL_SET_PURPOSE 227 2814 # define SSL_F_SSL_SET_RFD 194 2815 # define SSL_F_SSL_SET_SESSION 195 2816 # define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 2817 # define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 2818 # define SSL_F_SSL_SET_TRUST 228 2819 # define SSL_F_SSL_SET_WFD 196 2820 # define SSL_F_SSL_SHUTDOWN 224 2821 # define SSL_F_SSL_SRP_CTX_INIT 313 2822 # define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 2823 # define SSL_F_SSL_UNDEFINED_FUNCTION 197 2824 # define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 2825 # define SSL_F_SSL_USE_CERTIFICATE 198 2826 # define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 2827 # define SSL_F_SSL_USE_CERTIFICATE_FILE 200 2828 # define SSL_F_SSL_USE_PRIVATEKEY 201 2829 # define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 2830 # define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 2831 # define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 2832 # define SSL_F_SSL_USE_RSAPRIVATEKEY 204 2833 # define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 2834 # define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 2835 # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 2836 # define SSL_F_SSL_WRITE 208 2837 # define SSL_F_TLS1_AEAD_CTX_INIT 342 2838 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 2839 # define SSL_F_TLS1_CERT_VERIFY_MAC 286 2840 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 2841 # define SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD 343 2842 # define SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER 341 2843 # define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 2844 # define SSL_F_TLS1_ENC 210 2845 # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 2846 # define SSL_F_TLS1_GET_CURVELIST 338 2847 # define SSL_F_TLS1_HEARTBEAT 315 2848 # define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 2849 # define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 2850 # define SSL_F_TLS1_PRF 284 2851 # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 2852 # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 2853 # define SSL_F_WRITE_PENDING 212 2854 2855 /* Reason codes. */ 2856 # define SSL_R_APP_DATA_IN_HANDSHAKE 100 2857 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 2858 # define SSL_R_BAD_ALERT_RECORD 101 2859 # define SSL_R_BAD_AUTHENTICATION_TYPE 102 2860 # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 2861 # define SSL_R_BAD_CHECKSUM 104 2862 # define SSL_R_BAD_DATA 390 2863 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 2864 # define SSL_R_BAD_DECOMPRESSION 107 2865 # define SSL_R_BAD_DH_G_LENGTH 108 2866 # define SSL_R_BAD_DH_G_VALUE 375 2867 # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 2868 # define SSL_R_BAD_DH_PUB_KEY_VALUE 393 2869 # define SSL_R_BAD_DH_P_LENGTH 110 2870 # define SSL_R_BAD_DH_P_VALUE 395 2871 # define SSL_R_BAD_DIGEST_LENGTH 111 2872 # define SSL_R_BAD_DSA_SIGNATURE 112 2873 # define SSL_R_BAD_ECC_CERT 304 2874 # define SSL_R_BAD_ECDSA_SIGNATURE 305 2875 # define SSL_R_BAD_ECPOINT 306 2876 # define SSL_R_BAD_HANDSHAKE_LENGTH 332 2877 # define SSL_R_BAD_HELLO_REQUEST 105 2878 # define SSL_R_BAD_LENGTH 271 2879 # define SSL_R_BAD_MAC_DECODE 113 2880 # define SSL_R_BAD_MAC_LENGTH 333 2881 # define SSL_R_BAD_MESSAGE_TYPE 114 2882 # define SSL_R_BAD_PACKET_LENGTH 115 2883 # define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 2884 # define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 2885 # define SSL_R_BAD_RESPONSE_ARGUMENT 117 2886 # define SSL_R_BAD_RSA_DECRYPT 118 2887 # define SSL_R_BAD_RSA_ENCRYPT 119 2888 # define SSL_R_BAD_RSA_E_LENGTH 120 2889 # define SSL_R_BAD_RSA_MODULUS_LENGTH 121 2890 # define SSL_R_BAD_RSA_SIGNATURE 122 2891 # define SSL_R_BAD_SIGNATURE 123 2892 # define SSL_R_BAD_SRP_A_LENGTH 347 2893 # define SSL_R_BAD_SRP_B_LENGTH 348 2894 # define SSL_R_BAD_SRP_G_LENGTH 349 2895 # define SSL_R_BAD_SRP_N_LENGTH 350 2896 # define SSL_R_BAD_SRP_PARAMETERS 371 2897 # define SSL_R_BAD_SRP_S_LENGTH 351 2898 # define SSL_R_BAD_SRTP_MKI_VALUE 352 2899 # define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 2900 # define SSL_R_BAD_SSL_FILETYPE 124 2901 # define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 2902 # define SSL_R_BAD_STATE 126 2903 # define SSL_R_BAD_VALUE 384 2904 # define SSL_R_BAD_WRITE_RETRY 127 2905 # define SSL_R_BIO_NOT_SET 128 2906 # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 2907 # define SSL_R_BN_LIB 130 2908 # define SSL_R_CA_DN_LENGTH_MISMATCH 131 2909 # define SSL_R_CA_DN_TOO_LONG 132 2910 # define SSL_R_CCS_RECEIVED_EARLY 133 2911 # define SSL_R_CERTIFICATE_VERIFY_FAILED 134 2912 # define SSL_R_CERT_CB_ERROR 377 2913 # define SSL_R_CERT_LENGTH_MISMATCH 135 2914 # define SSL_R_CHALLENGE_IS_DIFFERENT 136 2915 # define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 2916 # define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 2917 # define SSL_R_CIPHER_TABLE_SRC_ERROR 139 2918 # define SSL_R_CLIENTHELLO_TLSEXT 226 2919 # define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 2920 # define SSL_R_COMPRESSION_DISABLED 343 2921 # define SSL_R_COMPRESSION_FAILURE 141 2922 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 2923 # define SSL_R_COMPRESSION_LIBRARY_ERROR 142 2924 # define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 2925 # define SSL_R_CONNECTION_TYPE_NOT_SET 144 2926 # define SSL_R_COOKIE_MISMATCH 308 2927 # define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 2928 # define SSL_R_DATA_LENGTH_TOO_LONG 146 2929 # define SSL_R_DECRYPTION_FAILED 147 2930 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 2931 # define SSL_R_DH_KEY_TOO_SMALL 372 2932 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 2933 # define SSL_R_DIGEST_CHECK_FAILED 149 2934 # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 2935 # define SSL_R_DUPLICATE_COMPRESSION_ID 309 2936 # define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 2937 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 2938 # define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 2939 # define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 2940 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 2941 # define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 2942 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 2943 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 2944 # define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 2945 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 2946 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 2947 # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 2948 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 2949 # define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 2950 # define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 2951 # define SSL_R_HTTPS_PROXY_REQUEST 155 2952 # define SSL_R_HTTP_REQUEST 156 2953 # define SSL_R_ILLEGAL_PADDING 283 2954 # define SSL_R_ILLEGAL_SUITEB_DIGEST 380 2955 # define SSL_R_INAPPROPRIATE_FALLBACK 373 2956 # define SSL_R_INCONSISTENT_COMPRESSION 340 2957 # define SSL_R_INVALID_CHALLENGE_LENGTH 158 2958 # define SSL_R_INVALID_COMMAND 280 2959 # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 2960 # define SSL_R_INVALID_NULL_CMD_NAME 385 2961 # define SSL_R_INVALID_PURPOSE 278 2962 # define SSL_R_INVALID_SERVERINFO_DATA 388 2963 # define SSL_R_INVALID_SRP_USERNAME 357 2964 # define SSL_R_INVALID_STATUS_RESPONSE 328 2965 # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 2966 # define SSL_R_INVALID_TRUST 279 2967 # define SSL_R_KEY_ARG_TOO_LONG 284 2968 # define SSL_R_KRB5 285 2969 # define SSL_R_KRB5_C_CC_PRINC 286 2970 # define SSL_R_KRB5_C_GET_CRED 287 2971 # define SSL_R_KRB5_C_INIT 288 2972 # define SSL_R_KRB5_C_MK_REQ 289 2973 # define SSL_R_KRB5_S_BAD_TICKET 290 2974 # define SSL_R_KRB5_S_INIT 291 2975 # define SSL_R_KRB5_S_RD_REQ 292 2976 # define SSL_R_KRB5_S_TKT_EXPIRED 293 2977 # define SSL_R_KRB5_S_TKT_NYV 294 2978 # define SSL_R_KRB5_S_TKT_SKEW 295 2979 # define SSL_R_LENGTH_MISMATCH 159 2980 # define SSL_R_LENGTH_TOO_SHORT 160 2981 # define SSL_R_LIBRARY_BUG 274 2982 # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 2983 # define SSL_R_MESSAGE_TOO_LONG 296 2984 # define SSL_R_MISSING_DH_DSA_CERT 162 2985 # define SSL_R_MISSING_DH_KEY 163 2986 # define SSL_R_MISSING_DH_RSA_CERT 164 2987 # define SSL_R_MISSING_DSA_SIGNING_CERT 165 2988 # define SSL_R_MISSING_ECDH_CERT 382 2989 # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 2990 # define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 2991 # define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 2992 # define SSL_R_MISSING_RSA_CERTIFICATE 168 2993 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 2994 # define SSL_R_MISSING_RSA_SIGNING_CERT 170 2995 # define SSL_R_MISSING_SRP_PARAM 358 2996 # define SSL_R_MISSING_TMP_DH_KEY 171 2997 # define SSL_R_MISSING_TMP_ECDH_KEY 311 2998 # define SSL_R_MISSING_TMP_RSA_KEY 172 2999 # define SSL_R_MISSING_TMP_RSA_PKEY 173 3000 # define SSL_R_MISSING_VERIFY_MESSAGE 174 3001 # define SSL_R_MULTIPLE_SGC_RESTARTS 346 3002 # define SSL_R_NON_SSLV2_INITIAL_PACKET 175 3003 # define SSL_R_NO_CERTIFICATES_RETURNED 176 3004 # define SSL_R_NO_CERTIFICATE_ASSIGNED 177 3005 # define SSL_R_NO_CERTIFICATE_RETURNED 178 3006 # define SSL_R_NO_CERTIFICATE_SET 179 3007 # define SSL_R_NO_CERTIFICATE_SPECIFIED 180 3008 # define SSL_R_NO_CIPHERS_AVAILABLE 181 3009 # define SSL_R_NO_CIPHERS_PASSED 182 3010 # define SSL_R_NO_CIPHERS_SPECIFIED 183 3011 # define SSL_R_NO_CIPHER_LIST 184 3012 # define SSL_R_NO_CIPHER_MATCH 185 3013 # define SSL_R_NO_CLIENT_CERT_METHOD 331 3014 # define SSL_R_NO_CLIENT_CERT_RECEIVED 186 3015 # define SSL_R_NO_COMPRESSION_SPECIFIED 187 3016 # define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 3017 # define SSL_R_NO_METHOD_SPECIFIED 188 3018 # define SSL_R_NO_PEM_EXTENSIONS 389 3019 # define SSL_R_NO_PRIVATEKEY 189 3020 # define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 3021 # define SSL_R_NO_PROTOCOLS_AVAILABLE 191 3022 # define SSL_R_NO_PUBLICKEY 192 3023 # define SSL_R_NO_RENEGOTIATION 339 3024 # define SSL_R_NO_REQUIRED_DIGEST 324 3025 # define SSL_R_NO_SHARED_CIPHER 193 3026 # define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 3027 # define SSL_R_NO_SRTP_PROFILES 359 3028 # define SSL_R_NO_VERIFY_CALLBACK 194 3029 # define SSL_R_NULL_SSL_CTX 195 3030 # define SSL_R_NULL_SSL_METHOD_PASSED 196 3031 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 3032 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 3033 # define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387 3034 # define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379 3035 # define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 3036 # define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 3037 # define SSL_R_PACKET_LENGTH_TOO_LONG 198 3038 # define SSL_R_PARSE_TLSEXT 227 3039 # define SSL_R_PATH_TOO_LONG 270 3040 # define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 3041 # define SSL_R_PEER_ERROR 200 3042 # define SSL_R_PEER_ERROR_CERTIFICATE 201 3043 # define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 3044 # define SSL_R_PEER_ERROR_NO_CIPHER 203 3045 # define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 3046 # define SSL_R_PEM_NAME_BAD_PREFIX 391 3047 # define SSL_R_PEM_NAME_TOO_SHORT 392 3048 # define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 3049 # define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 3050 # define SSL_R_PROTOCOL_IS_SHUTDOWN 207 3051 # define SSL_R_PSK_IDENTITY_NOT_FOUND 223 3052 # define SSL_R_PSK_NO_CLIENT_CB 224 3053 # define SSL_R_PSK_NO_SERVER_CB 225 3054 # define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 3055 # define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 3056 # define SSL_R_PUBLIC_KEY_NOT_RSA 210 3057 # define SSL_R_READ_BIO_NOT_SET 211 3058 # define SSL_R_READ_TIMEOUT_EXPIRED 312 3059 # define SSL_R_READ_WRONG_PACKET_TYPE 212 3060 # define SSL_R_RECORD_LENGTH_MISMATCH 213 3061 # define SSL_R_RECORD_TOO_LARGE 214 3062 # define SSL_R_RECORD_TOO_SMALL 298 3063 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 3064 # define SSL_R_RENEGOTIATION_ENCODING_ERR 336 3065 # define SSL_R_RENEGOTIATION_MISMATCH 337 3066 # define SSL_R_REQUIRED_CIPHER_MISSING 215 3067 # define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 3068 # define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 3069 # define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 3070 # define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 3071 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 3072 # define SSL_R_SERVERHELLO_TLSEXT 275 3073 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 3074 # define SSL_R_SHORT_READ 219 3075 # define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 3076 # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 3077 # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 3078 # define SSL_R_SRP_A_CALC 361 3079 # define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 3080 # define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 3081 # define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 3082 # define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 3083 # define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 3084 # define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 3085 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 3086 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 3087 # define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 3088 # define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 3089 # define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 3090 # define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 3091 # define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 3092 # define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 3093 # define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 3094 # define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 3095 # define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 3096 # define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 3097 # define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 3098 # define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 3099 # define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 3100 # define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 3101 # define SSL_R_SSL_HANDSHAKE_FAILURE 229 3102 # define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 3103 # define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 3104 # define SSL_R_SSL_SESSION_ID_CONFLICT 302 3105 # define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 3106 # define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 3107 # define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 3108 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 3109 # define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 3110 # define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 3111 # define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 3112 # define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 3113 # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 3114 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 3115 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 3116 # define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 3117 # define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 3118 # define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 3119 # define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 3120 # define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 3121 # define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 3122 # define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 3123 # define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 3124 # define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 3125 # define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 3126 # define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 3127 # define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 3128 # define SSL_R_TLS_HEARTBEAT_PENDING 366 3129 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 3130 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 3131 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 3132 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 3133 # define SSL_R_TOO_MANY_WARN_ALERTS 409 3134 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 3135 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 3136 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 3137 # define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 3138 # define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 3139 # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 3140 # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 3141 # define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 3142 # define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 3143 # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 3144 # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 3145 # define SSL_R_UNEXPECTED_MESSAGE 244 3146 # define SSL_R_UNEXPECTED_RECORD 245 3147 # define SSL_R_UNINITIALIZED 276 3148 # define SSL_R_UNKNOWN_ALERT_TYPE 246 3149 # define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 3150 # define SSL_R_UNKNOWN_CIPHER_RETURNED 248 3151 # define SSL_R_UNKNOWN_CIPHER_TYPE 249 3152 # define SSL_R_UNKNOWN_CMD_NAME 386 3153 # define SSL_R_UNKNOWN_DIGEST 368 3154 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 3155 # define SSL_R_UNKNOWN_PKEY_TYPE 251 3156 # define SSL_R_UNKNOWN_PROTOCOL 252 3157 # define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 3158 # define SSL_R_UNKNOWN_SSL_VERSION 254 3159 # define SSL_R_UNKNOWN_STATE 255 3160 # define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 3161 # define SSL_R_UNSUPPORTED_CIPHER 256 3162 # define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 3163 # define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 3164 # define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 3165 # define SSL_R_UNSUPPORTED_PROTOCOL 258 3166 # define SSL_R_UNSUPPORTED_SSL_VERSION 259 3167 # define SSL_R_UNSUPPORTED_STATUS_TYPE 329 3168 # define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 3169 # define SSL_R_WRITE_BIO_NOT_SET 260 3170 # define SSL_R_WRONG_CERTIFICATE_TYPE 383 3171 # define SSL_R_WRONG_CIPHER_RETURNED 261 3172 # define SSL_R_WRONG_CURVE 378 3173 # define SSL_R_WRONG_MESSAGE_TYPE 262 3174 # define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 3175 # define SSL_R_WRONG_SIGNATURE_LENGTH 264 3176 # define SSL_R_WRONG_SIGNATURE_SIZE 265 3177 # define SSL_R_WRONG_SIGNATURE_TYPE 370 3178 # define SSL_R_WRONG_SSL_VERSION 266 3179 # define SSL_R_WRONG_VERSION_NUMBER 267 3180 # define SSL_R_X509_LIB 268 3181 # define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 3182 3183 #ifdef __cplusplus 3184 } 3185 #endif 3186 #endif 3187