155714Skris/* ssl/ssl.h */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 855714Skris * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1555714Skris * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 2255714Skris * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 3755714Skris * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4055714Skris * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 5255714Skris * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 58100928Snectar/* ==================================================================== 59238405Sjkim * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60109998Smarkm * 61109998Smarkm * Redistribution and use in source and binary forms, with or without 62109998Smarkm * modification, are permitted provided that the following conditions 63109998Smarkm * are met: 64109998Smarkm * 65109998Smarkm * 1. Redistributions of source code must retain the above copyright 66109998Smarkm * notice, this list of conditions and the following disclaimer. 67109998Smarkm * 68109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright 69109998Smarkm * notice, this list of conditions and the following disclaimer in 70109998Smarkm * the documentation and/or other materials provided with the 71109998Smarkm * distribution. 72109998Smarkm * 73109998Smarkm * 3. All advertising materials mentioning features or use of this 74109998Smarkm * software must display the following acknowledgment: 75109998Smarkm * "This product includes software developed by the OpenSSL Project 76109998Smarkm * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77109998Smarkm * 78109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79109998Smarkm * endorse or promote products derived from this software without 80109998Smarkm * prior written permission. For written permission, please contact 81109998Smarkm * openssl-core@openssl.org. 82109998Smarkm * 83109998Smarkm * 5. Products derived from this software may not be called "OpenSSL" 84109998Smarkm * nor may "OpenSSL" appear in their names without prior written 85109998Smarkm * permission of the OpenSSL Project. 86109998Smarkm * 87109998Smarkm * 6. Redistributions of any form whatsoever must retain the following 88109998Smarkm * acknowledgment: 89109998Smarkm * "This product includes software developed by the OpenSSL Project 90109998Smarkm * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91109998Smarkm * 92109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95109998Smarkm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 104109998Smarkm * ==================================================================== 105109998Smarkm * 106109998Smarkm * This product includes cryptographic software written by Eric Young 107109998Smarkm * (eay@cryptsoft.com). This product includes software written by Tim 108109998Smarkm * Hudson (tjh@cryptsoft.com). 109109998Smarkm * 110109998Smarkm */ 111109998Smarkm/* ==================================================================== 112238405Sjkim * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113238405Sjkim * ECC cipher suite support in OpenSSL originally developed by 114238405Sjkim * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115238405Sjkim */ 116238405Sjkim/* ==================================================================== 117238405Sjkim * Copyright 2005 Nokia. All rights reserved. 118100928Snectar * 119238405Sjkim * The portions of the attached software ("Contribution") is developed by 120238405Sjkim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121238405Sjkim * license. 122100928Snectar * 123238405Sjkim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124238405Sjkim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125238405Sjkim * support (see RFC 4279) to OpenSSL. 126100928Snectar * 127238405Sjkim * No patent licenses or other rights except those expressly stated in 128238405Sjkim * the OpenSSL open source license shall be deemed granted or received 129238405Sjkim * expressly, by implication, estoppel, or otherwise. 130100928Snectar * 131238405Sjkim * No assurances are provided by Nokia that the Contribution does not 132238405Sjkim * infringe the patent or other intellectual property rights of any third 133238405Sjkim * party or that the license provides you with all the necessary rights 134238405Sjkim * to make use of the Contribution. 135100928Snectar * 136238405Sjkim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137238405Sjkim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138238405Sjkim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139238405Sjkim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140238405Sjkim * OTHERWISE. 141100928Snectar */ 14255714Skris 14355714Skris#ifndef HEADER_SSL_H 14455714Skris#define HEADER_SSL_H 14555714Skris 146109998Smarkm#include <openssl/e_os2.h> 147109998Smarkm 148109998Smarkm#ifndef OPENSSL_NO_COMP 14968651Skris#include <openssl/comp.h> 15068651Skris#endif 151109998Smarkm#ifndef OPENSSL_NO_BIO 15268651Skris#include <openssl/bio.h> 15368651Skris#endif 154160814Ssimon#ifndef OPENSSL_NO_DEPRECATED 155109998Smarkm#ifndef OPENSSL_NO_X509 15668651Skris#include <openssl/x509.h> 15768651Skris#endif 158160814Ssimon#include <openssl/crypto.h> 159160814Ssimon#include <openssl/lhash.h> 160160814Ssimon#include <openssl/buffer.h> 161160814Ssimon#endif 162160814Ssimon#include <openssl/pem.h> 163194206Ssimon#include <openssl/hmac.h> 164160814Ssimon 165109998Smarkm#include <openssl/kssl.h> 16668651Skris#include <openssl/safestack.h> 167109998Smarkm#include <openssl/symhacks.h> 16868651Skris 16955714Skris#ifdef __cplusplus 17055714Skrisextern "C" { 17155714Skris#endif 17255714Skris 17355714Skris/* SSLeay version number for ASN.1 encoding of the session information */ 17455714Skris/* Version 0 - initial version 17555714Skris * Version 1 - added the optional peer certificate 17655714Skris */ 17755714Skris#define SSL_SESSION_ASN1_VERSION 0x0001 17855714Skris 17955714Skris/* text strings for the ciphers */ 18055714Skris#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 18155714Skris#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 18255714Skris#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 18355714Skris#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 18455714Skris#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 18555714Skris#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 18655714Skris#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 18755714Skris#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA 18855714Skris#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 18955714Skris#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA 19055714Skris 191109998Smarkm/* VRS Additional Kerberos5 entries 192109998Smarkm */ 193109998Smarkm#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA 194109998Smarkm#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA 195109998Smarkm#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA 196109998Smarkm#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA 197109998Smarkm#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 198109998Smarkm#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 199109998Smarkm#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 200109998Smarkm#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 201109998Smarkm 202109998Smarkm#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA 203109998Smarkm#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA 204109998Smarkm#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA 205109998Smarkm#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 206109998Smarkm#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 207109998Smarkm#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 208109998Smarkm 209109998Smarkm#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA 210109998Smarkm#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 211109998Smarkm#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA 212109998Smarkm#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 213109998Smarkm#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA 214109998Smarkm#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 215109998Smarkm#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 216109998Smarkm 21755714Skris#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 21855714Skris#define SSL_MAX_SID_CTX_LENGTH 32 21955714Skris 22055714Skris#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) 22155714Skris#define SSL_MAX_KEY_ARG_LENGTH 8 22255714Skris#define SSL_MAX_MASTER_KEY_LENGTH 48 22355714Skris 224238405Sjkim 22555714Skris/* These are used to specify which ciphers to use and not to use */ 226238405Sjkim 227238405Sjkim#define SSL_TXT_EXP40 "EXPORT40" 228238405Sjkim#define SSL_TXT_EXP56 "EXPORT56" 22955714Skris#define SSL_TXT_LOW "LOW" 23055714Skris#define SSL_TXT_MEDIUM "MEDIUM" 23155714Skris#define SSL_TXT_HIGH "HIGH" 232194206Ssimon#define SSL_TXT_FIPS "FIPS" 23355714Skris 234238405Sjkim#define SSL_TXT_kFZA "kFZA" /* unused! */ 235238405Sjkim#define SSL_TXT_aFZA "aFZA" /* unused! */ 236238405Sjkim#define SSL_TXT_eFZA "eFZA" /* unused! */ 237238405Sjkim#define SSL_TXT_FZA "FZA" /* unused! */ 238238405Sjkim 23955714Skris#define SSL_TXT_aNULL "aNULL" 24055714Skris#define SSL_TXT_eNULL "eNULL" 24155714Skris#define SSL_TXT_NULL "NULL" 24255714Skris 243238405Sjkim#define SSL_TXT_kRSA "kRSA" 244238405Sjkim#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */ 245238405Sjkim#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */ 246238405Sjkim#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */ 247238405Sjkim#define SSL_TXT_kEDH "kEDH" 248109998Smarkm#define SSL_TXT_kKRB5 "kKRB5" 249238405Sjkim#define SSL_TXT_kECDHr "kECDHr" 250238405Sjkim#define SSL_TXT_kECDHe "kECDHe" 251238405Sjkim#define SSL_TXT_kECDH "kECDH" 252238405Sjkim#define SSL_TXT_kEECDH "kEECDH" 253238405Sjkim#define SSL_TXT_kPSK "kPSK" 254238405Sjkim#define SSL_TXT_kGOST "kGOST" 255238405Sjkim#define SSL_TXT_kSRP "kSRP" 256109998Smarkm 25755714Skris#define SSL_TXT_aRSA "aRSA" 25855714Skris#define SSL_TXT_aDSS "aDSS" 259238405Sjkim#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */ 260238405Sjkim#define SSL_TXT_aECDH "aECDH" 261238405Sjkim#define SSL_TXT_aKRB5 "aKRB5" 262238405Sjkim#define SSL_TXT_aECDSA "aECDSA" 263238405Sjkim#define SSL_TXT_aPSK "aPSK" 264238405Sjkim#define SSL_TXT_aGOST94 "aGOST94" 265238405Sjkim#define SSL_TXT_aGOST01 "aGOST01" 266238405Sjkim#define SSL_TXT_aGOST "aGOST" 267271304Sdelphij#define SSL_TXT_aSRP "aSRP" 268238405Sjkim 26955714Skris#define SSL_TXT_DSS "DSS" 27055714Skris#define SSL_TXT_DH "DH" 271238405Sjkim#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */ 27255714Skris#define SSL_TXT_ADH "ADH" 27355714Skris#define SSL_TXT_RSA "RSA" 274238405Sjkim#define SSL_TXT_ECDH "ECDH" 275238405Sjkim#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */ 276238405Sjkim#define SSL_TXT_AECDH "AECDH" 277238405Sjkim#define SSL_TXT_ECDSA "ECDSA" 278238405Sjkim#define SSL_TXT_KRB5 "KRB5" 279238405Sjkim#define SSL_TXT_PSK "PSK" 280238405Sjkim#define SSL_TXT_SRP "SRP" 281238405Sjkim 28255714Skris#define SSL_TXT_DES "DES" 28355714Skris#define SSL_TXT_3DES "3DES" 28455714Skris#define SSL_TXT_RC4 "RC4" 28555714Skris#define SSL_TXT_RC2 "RC2" 28655714Skris#define SSL_TXT_IDEA "IDEA" 287194206Ssimon#define SSL_TXT_SEED "SEED" 288238405Sjkim#define SSL_TXT_AES128 "AES128" 289238405Sjkim#define SSL_TXT_AES256 "AES256" 290109998Smarkm#define SSL_TXT_AES "AES" 291238405Sjkim#define SSL_TXT_AES_GCM "AESGCM" 292238405Sjkim#define SSL_TXT_CAMELLIA128 "CAMELLIA128" 293238405Sjkim#define SSL_TXT_CAMELLIA256 "CAMELLIA256" 294162911Ssimon#define SSL_TXT_CAMELLIA "CAMELLIA" 295238405Sjkim 29655714Skris#define SSL_TXT_MD5 "MD5" 29755714Skris#define SSL_TXT_SHA1 "SHA1" 298238405Sjkim#define SSL_TXT_SHA "SHA" /* same as "SHA1" */ 299238405Sjkim#define SSL_TXT_GOST94 "GOST94" 300238405Sjkim#define SSL_TXT_GOST89MAC "GOST89MAC" 301238405Sjkim#define SSL_TXT_SHA256 "SHA256" 302238405Sjkim#define SSL_TXT_SHA384 "SHA384" 303238405Sjkim 30455714Skris#define SSL_TXT_SSLV2 "SSLv2" 30555714Skris#define SSL_TXT_SSLV3 "SSLv3" 30655714Skris#define SSL_TXT_TLSV1 "TLSv1" 307238405Sjkim#define SSL_TXT_TLSV1_1 "TLSv1.1" 308238405Sjkim#define SSL_TXT_TLSV1_2 "TLSv1.2" 309238405Sjkim 310238405Sjkim#define SSL_TXT_EXP "EXP" 311238405Sjkim#define SSL_TXT_EXPORT "EXPORT" 312238405Sjkim 31355714Skris#define SSL_TXT_ALL "ALL" 31455714Skris 315109998Smarkm/* 316109998Smarkm * COMPLEMENTOF* definitions. These identifiers are used to (de-select) 317109998Smarkm * ciphers normally not being used. 318109998Smarkm * Example: "RC4" will activate all ciphers using RC4 including ciphers 319109998Smarkm * without authentication, which would normally disabled by DEFAULT (due 320109998Smarkm * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" 321109998Smarkm * will make sure that it is also disabled in the specific selection. 322109998Smarkm * COMPLEMENTOF* identifiers are portable between version, as adjustments 323109998Smarkm * to the default cipher setup will also be included here. 324109998Smarkm * 325109998Smarkm * COMPLEMENTOFDEFAULT does not experience the same special treatment that 326109998Smarkm * DEFAULT gets, as only selection is being done and no sorting as needed 327109998Smarkm * for DEFAULT. 328109998Smarkm */ 329109998Smarkm#define SSL_TXT_CMPALL "COMPLEMENTOFALL" 330109998Smarkm#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" 33155714Skris 332109998Smarkm/* The following cipher list is used by default. 333109998Smarkm * It also is substituted when an application-defined cipher list string 334109998Smarkm * starts with 'DEFAULT'. */ 335238405Sjkim#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" 336238405Sjkim/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always 337238405Sjkim * starts with a reasonable order, and all we have to do for DEFAULT is 338238405Sjkim * throwing out anonymous and unencrypted ciphersuites! 339238405Sjkim * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable 340238405Sjkim * some of them.) 341238405Sjkim */ 342109998Smarkm 34355714Skris/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ 34455714Skris#define SSL_SENT_SHUTDOWN 1 34555714Skris#define SSL_RECEIVED_SHUTDOWN 2 34655714Skris 34768651Skris#ifdef __cplusplus 34868651Skris} 34968651Skris#endif 35068651Skris 35168651Skris#ifdef __cplusplus 35268651Skrisextern "C" { 35368651Skris#endif 35468651Skris 355109998Smarkm#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) 356109998Smarkm#define OPENSSL_NO_SSL2 35759191Skris#endif 35859191Skris 35955714Skris#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 36055714Skris#define SSL_FILETYPE_PEM X509_FILETYPE_PEM 36155714Skris 36255714Skris/* This is needed to stop compilers complaining about the 36355714Skris * 'struct ssl_st *' function parameters used to prototype callbacks 36455714Skris * in SSL_CTX. */ 36555714Skristypedef struct ssl_st *ssl_crock_st; 366238405Sjkimtypedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; 367238405Sjkimtypedef struct ssl_method_st SSL_METHOD; 368238405Sjkimtypedef struct ssl_cipher_st SSL_CIPHER; 369238405Sjkimtypedef struct ssl_session_st SSL_SESSION; 37055714Skris 371238405SjkimDECLARE_STACK_OF(SSL_CIPHER) 372238405Sjkim 373238405Sjkim/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ 374238405Sjkimtypedef struct srtp_protection_profile_st 375238405Sjkim { 376238405Sjkim const char *name; 377238405Sjkim unsigned long id; 378238405Sjkim } SRTP_PROTECTION_PROFILE; 379238405Sjkim 380238405SjkimDECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) 381238405Sjkim 382238405Sjkimtypedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg); 383238405Sjkimtypedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); 384238405Sjkim 385238405Sjkim 386238405Sjkim#ifndef OPENSSL_NO_SSL_INTERN 387238405Sjkim 38855714Skris/* used to hold info on the particular ciphers used */ 389238405Sjkimstruct ssl_cipher_st 39055714Skris { 39155714Skris int valid; 39255714Skris const char *name; /* text name */ 39355714Skris unsigned long id; /* id, 4 bytes, first is version */ 394238405Sjkim 395238405Sjkim /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */ 396238405Sjkim unsigned long algorithm_mkey; /* key exchange algorithm */ 397238405Sjkim unsigned long algorithm_auth; /* server authentication */ 398238405Sjkim unsigned long algorithm_enc; /* symmetric encryption */ 399238405Sjkim unsigned long algorithm_mac; /* symmetric authentication */ 400238405Sjkim unsigned long algorithm_ssl; /* (major) protocol version */ 401238405Sjkim 40259191Skris unsigned long algo_strength; /* strength and export flags */ 40355714Skris unsigned long algorithm2; /* Extra flags */ 40459191Skris int strength_bits; /* Number of bits really used */ 40559191Skris int alg_bits; /* Number of bits for algorithm */ 406238405Sjkim }; 40755714Skris 40855714Skris 40955714Skris/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 410238405Sjkimstruct ssl_method_st 41155714Skris { 41255714Skris int version; 41355714Skris int (*ssl_new)(SSL *s); 41455714Skris void (*ssl_clear)(SSL *s); 41555714Skris void (*ssl_free)(SSL *s); 41655714Skris int (*ssl_accept)(SSL *s); 41755714Skris int (*ssl_connect)(SSL *s); 41855714Skris int (*ssl_read)(SSL *s,void *buf,int len); 41976866Skris int (*ssl_peek)(SSL *s,void *buf,int len); 42055714Skris int (*ssl_write)(SSL *s,const void *buf,int len); 42155714Skris int (*ssl_shutdown)(SSL *s); 42255714Skris int (*ssl_renegotiate)(SSL *s); 42355714Skris int (*ssl_renegotiate_check)(SSL *s); 424160814Ssimon long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long 425160814Ssimon max, int *ok); 426160814Ssimon int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 427160814Ssimon int peek); 428160814Ssimon int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); 429160814Ssimon int (*ssl_dispatch_alert)(SSL *s); 430109998Smarkm long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); 431109998Smarkm long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); 432238405Sjkim const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); 43355714Skris int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); 434160814Ssimon int (*ssl_pending)(const SSL *s); 43555714Skris int (*num_ciphers)(void); 436238405Sjkim const SSL_CIPHER *(*get_cipher)(unsigned ncipher); 437238405Sjkim const struct ssl_method_st *(*get_ssl_method)(int version); 43855714Skris long (*get_timeout)(void); 43955714Skris struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ 440160814Ssimon int (*ssl_version)(void); 441160814Ssimon long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); 442160814Ssimon long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); 443238405Sjkim }; 44455714Skris 44555714Skris/* Lets make this into an ASN.1 type structure as follows 44655714Skris * SSL_SESSION_ID ::= SEQUENCE { 44755714Skris * version INTEGER, -- structure version number 44855714Skris * SSLversion INTEGER, -- SSL version number 449238405Sjkim * Cipher OCTET STRING, -- the 3 byte cipher ID 450238405Sjkim * Session_ID OCTET STRING, -- the Session ID 451238405Sjkim * Master_key OCTET STRING, -- the master key 452238405Sjkim * KRB5_principal OCTET STRING -- optional Kerberos principal 453238405Sjkim * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument 45455714Skris * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time 45555714Skris * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds 45655714Skris * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate 457238405Sjkim * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context 458238405Sjkim * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' 459238405Sjkim * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension 460238405Sjkim * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint 461238405Sjkim * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity 462238405Sjkim * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket 463238405Sjkim * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) 464238405Sjkim * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method 465238405Sjkim * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username 46655714Skris * } 46755714Skris * Look in ssl/ssl_asn1.c for more details 46855714Skris * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). 46955714Skris */ 470238405Sjkimstruct ssl_session_st 47155714Skris { 47255714Skris int ssl_version; /* what ssl version session info is 47355714Skris * being kept in here? */ 47455714Skris 47555714Skris /* only really used in SSLv2 */ 47655714Skris unsigned int key_arg_length; 47755714Skris unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; 47855714Skris int master_key_length; 47955714Skris unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; 48055714Skris /* session_id - valid? */ 48155714Skris unsigned int session_id_length; 48255714Skris unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; 48355714Skris /* this is used to determine whether the session is being reused in 48455714Skris * the appropriate context. It is up to the application to set this, 48555714Skris * via SSL_new */ 48655714Skris unsigned int sid_ctx_length; 48755714Skris unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 48855714Skris 489109998Smarkm#ifndef OPENSSL_NO_KRB5 490109998Smarkm unsigned int krb5_client_princ_len; 491109998Smarkm unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; 492109998Smarkm#endif /* OPENSSL_NO_KRB5 */ 493238405Sjkim#ifndef OPENSSL_NO_PSK 494238405Sjkim char *psk_identity_hint; 495238405Sjkim char *psk_identity; 496238405Sjkim#endif 497246772Sjkim /* Used to indicate that session resumption is not allowed. 498246772Sjkim * Applications can also set this bit for a new session via 499246772Sjkim * not_resumable_session_cb to disable session caching and tickets. */ 50055714Skris int not_resumable; 50155714Skris 50255714Skris /* The cert is the certificate used to establish this connection */ 50355714Skris struct sess_cert_st /* SESS_CERT */ *sess_cert; 50455714Skris 50555714Skris /* This is the cert for the other end. 50655714Skris * On clients, it will be the same as sess_cert->peer_key->x509 50755714Skris * (the latter is not enough as sess_cert is not retained 50855714Skris * in the external representation of sessions, see ssl_asn1.c). */ 50955714Skris X509 *peer; 51059191Skris /* when app_verify_callback accepts a session where the peer's certificate 51159191Skris * is not ok, we must remember the error for session reuse: */ 51259191Skris long verify_result; /* only for servers */ 51355714Skris 51455714Skris int references; 51555714Skris long timeout; 51655714Skris long time; 51755714Skris 518238405Sjkim unsigned int compress_meth; /* Need to lookup the method */ 51955714Skris 520238405Sjkim const SSL_CIPHER *cipher; 52155714Skris unsigned long cipher_id; /* when ASN.1 loaded, this 52255714Skris * needs to be used to load 52355714Skris * the 'cipher' structure */ 52455714Skris 52555714Skris STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ 52655714Skris 52755714Skris CRYPTO_EX_DATA ex_data; /* application specific data */ 52855714Skris 52955714Skris /* These are used to make removal of session-ids more 53055714Skris * efficient and to implement a maximum cache size. */ 53155714Skris struct ssl_session_st *prev,*next; 532194206Ssimon#ifndef OPENSSL_NO_TLSEXT 533194206Ssimon char *tlsext_hostname; 534238405Sjkim#ifndef OPENSSL_NO_EC 535238405Sjkim size_t tlsext_ecpointformatlist_length; 536238405Sjkim unsigned char *tlsext_ecpointformatlist; /* peer's list */ 537238405Sjkim size_t tlsext_ellipticcurvelist_length; 538238405Sjkim unsigned char *tlsext_ellipticcurvelist; /* peer's list */ 539238405Sjkim#endif /* OPENSSL_NO_EC */ 540194206Ssimon /* RFC4507 info */ 541194206Ssimon unsigned char *tlsext_tick; /* Session ticket */ 542246772Sjkim size_t tlsext_ticklen; /* Session ticket length */ 543194206Ssimon long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 544194206Ssimon#endif 545238405Sjkim#ifndef OPENSSL_NO_SRP 546238405Sjkim char *srp_username; 547238405Sjkim#endif 548238405Sjkim }; 54955714Skris 550238405Sjkim#endif 551100936Snectar 55255714Skris#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 55355714Skris#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 554205128Ssimon/* Allow initial connection to servers that don't support RI */ 555205128Ssimon#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L 55655714Skris#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 557279264Sdelphij#define SSL_OP_TLSEXT_PADDING 0x00000010L 55855714Skris#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 559279264Sdelphij#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L 56055714Skris#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L 56155714Skris#define SSL_OP_TLS_D5_BUG 0x00000100L 56255714Skris#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L 56355714Skris 564279264Sdelphij/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ 565279264Sdelphij#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 566279264Sdelphij/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ 567279264Sdelphij#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 568279264Sdelphij 569100936Snectar/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added 570100936Snectar * in OpenSSL 0.9.6d. Usually (depending on the application protocol) 571100936Snectar * the workaround is not needed. Unfortunately some broken SSL/TLS 572100936Snectar * implementations cannot handle it at all, which is why we include 573100936Snectar * it in SSL_OP_ALL. */ 574100936Snectar#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ 575100936Snectar 576109998Smarkm/* SSL_OP_ALL: various bug workarounds that should be rather harmless. 577109998Smarkm * This used to be 0x000FFFFFL before 0.9.7. */ 578238405Sjkim#define SSL_OP_ALL 0x80000BFFL 579100936Snectar 580160814Ssimon/* DTLS options */ 581160814Ssimon#define SSL_OP_NO_QUERY_MTU 0x00001000L 582160814Ssimon/* Turn on Cookie Exchange (on relevant for servers) */ 583160814Ssimon#define SSL_OP_COOKIE_EXCHANGE 0x00002000L 584194206Ssimon/* Don't use RFC4507 ticket extension */ 585194206Ssimon#define SSL_OP_NO_TICKET 0x00004000L 586205128Ssimon/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ 587205128Ssimon#define SSL_OP_CISCO_ANYCONNECT 0x00008000L 588160814Ssimon 589109998Smarkm/* As server, disallow session resumption on renegotiation */ 590109998Smarkm#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L 591238405Sjkim/* Don't use compression even if supported */ 592238405Sjkim#define SSL_OP_NO_COMPRESSION 0x00020000L 593205128Ssimon/* Permit unsafe legacy renegotiation */ 594205128Ssimon#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L 595160814Ssimon/* If set, always create a new key when using tmp_ecdh parameters */ 596160814Ssimon#define SSL_OP_SINGLE_ECDH_USE 0x00080000L 59755714Skris/* If set, always create a new key when using tmp_dh parameters */ 59855714Skris#define SSL_OP_SINGLE_DH_USE 0x00100000L 599277195Sdelphij/* Does nothing: retained for compatibiity */ 600277195Sdelphij#define SSL_OP_EPHEMERAL_RSA 0x0 601109998Smarkm/* Set on servers to choose the cipher according to the server's 602109998Smarkm * preferences */ 603109998Smarkm#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L 604109998Smarkm/* If set, a server will allow a client to issue a SSLv3.0 version number 605109998Smarkm * as latest version supported in the premaster secret, even when TLSv1.0 606109998Smarkm * (version 3.1) was announced in the client hello. Normally this is 607109998Smarkm * forbidden to prevent version rollback attacks. */ 608109998Smarkm#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L 60955714Skris 610100936Snectar#define SSL_OP_NO_SSLv2 0x01000000L 611100936Snectar#define SSL_OP_NO_SSLv3 0x02000000L 612100936Snectar#define SSL_OP_NO_TLSv1 0x04000000L 613238405Sjkim#define SSL_OP_NO_TLSv1_2 0x08000000L 614238405Sjkim#define SSL_OP_NO_TLSv1_1 0x10000000L 615100936Snectar 616238405Sjkim/* These next two were never actually used for anything since SSLeay 617238405Sjkim * zap so we have some more flags. 618238405Sjkim */ 61955714Skris/* The next flag deliberately changes the ciphertest, this is a check 62055714Skris * for the PKCS#1 attack */ 621238405Sjkim#define SSL_OP_PKCS1_CHECK_1 0x0 622238405Sjkim#define SSL_OP_PKCS1_CHECK_2 0x0 623238405Sjkim 62455714Skris#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 625109998Smarkm#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L 626238405Sjkim/* Make server add server-hello extension from early version of 627238405Sjkim * cryptopro draft, when GOST ciphersuite is negotiated. 628238405Sjkim * Required for interoperability with CryptoPro CSP 3.x 629238405Sjkim */ 630238405Sjkim#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L 63155714Skris 63255714Skris/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 63355714Skris * when just a single record has been written): */ 63455714Skris#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L 63555714Skris/* Make it possible to retry SSL_write() with changed buffer location 63655714Skris * (buffer contents must stay the same!); this is not the default to avoid 63755714Skris * the misconception that non-blocking SSL_write() behaves like 63855714Skris * non-blocking write(): */ 63955714Skris#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L 64068651Skris/* Never bother the application with retries if the transport 64168651Skris * is blocking: */ 64268651Skris#define SSL_MODE_AUTO_RETRY 0x00000004L 643111147Snectar/* Don't attempt to automatically build certificate chain */ 644111147Snectar#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L 645238405Sjkim/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and 646238405Sjkim * TLS only.) "Released" buffers are put onto a free-list in the context 647238405Sjkim * or just freed (depending on the context's setting for freelist_max_len). */ 648238405Sjkim#define SSL_MODE_RELEASE_BUFFERS 0x00000010L 649279264Sdelphij/* Send the current time in the Random fields of the ClientHello and 650279264Sdelphij * ServerHello records for compatibility with hypothetical implementations 651279264Sdelphij * that require it. 652279264Sdelphij */ 653279264Sdelphij#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L 654279264Sdelphij#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L 655273415Sdelphij/* Send TLS_FALLBACK_SCSV in the ClientHello. 656279264Sdelphij * To be set only by applications that reconnect with a downgraded protocol 657279264Sdelphij * version; see draft-ietf-tls-downgrade-scsv-00 for details. 658279264Sdelphij * 659279264Sdelphij * DO NOT ENABLE THIS if your application attempts a normal handshake. 660279264Sdelphij * Only use this in explicit fallback retries, following the guidance 661279264Sdelphij * in draft-ietf-tls-downgrade-scsv-00. 662279264Sdelphij */ 663273415Sdelphij#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L 66455714Skris 66555714Skris/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, 66655714Skris * they cannot be used to clear bits. */ 66755714Skris 66855714Skris#define SSL_CTX_set_options(ctx,op) \ 669109998Smarkm SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) 670205128Ssimon#define SSL_CTX_clear_options(ctx,op) \ 671205128Ssimon SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) 67255714Skris#define SSL_CTX_get_options(ctx) \ 673109998Smarkm SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) 67455714Skris#define SSL_set_options(ssl,op) \ 675109998Smarkm SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) 676205128Ssimon#define SSL_clear_options(ssl,op) \ 677205128Ssimon SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) 67855714Skris#define SSL_get_options(ssl) \ 679109998Smarkm SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) 68055714Skris 68155714Skris#define SSL_CTX_set_mode(ctx,op) \ 682109998Smarkm SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) 683205128Ssimon#define SSL_CTX_clear_mode(ctx,op) \ 684205128Ssimon SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) 68555714Skris#define SSL_CTX_get_mode(ctx) \ 686109998Smarkm SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) 687205128Ssimon#define SSL_clear_mode(ssl,op) \ 688205128Ssimon SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) 68955714Skris#define SSL_set_mode(ssl,op) \ 690109998Smarkm SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) 69155714Skris#define SSL_get_mode(ssl) \ 692109998Smarkm SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) 693160814Ssimon#define SSL_set_mtu(ssl, mtu) \ 694160814Ssimon SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) 695279264Sdelphij#define DTLS_set_link_mtu(ssl, mtu) \ 696279264Sdelphij SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) 697279264Sdelphij#define DTLS_get_link_min_mtu(ssl) \ 698279264Sdelphij SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) 69955714Skris 700205128Ssimon#define SSL_get_secure_renegotiation_support(ssl) \ 701205128Ssimon SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) 702109998Smarkm 703238405Sjkim#ifndef OPENSSL_NO_HEARTBEATS 704238405Sjkim#define SSL_heartbeat(ssl) \ 705238405Sjkim SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) 706238405Sjkim#endif 707238405Sjkim 708109998Smarkmvoid SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 709109998Smarkmvoid SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 710109998Smarkm#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 711109998Smarkm#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 712109998Smarkm 713238405Sjkim#ifndef OPENSSL_NO_SRP 714109998Smarkm 715238405Sjkim#ifndef OPENSSL_NO_SSL_INTERN 716109998Smarkm 717238405Sjkimtypedef struct srp_ctx_st 718238405Sjkim { 719238405Sjkim /* param for all the callbacks */ 720238405Sjkim void *SRP_cb_arg; 721238405Sjkim /* set client Hello login callback */ 722238405Sjkim int (*TLS_ext_srp_username_callback)(SSL *, int *, void *); 723238405Sjkim /* set SRP N/g param callback for verification */ 724238405Sjkim int (*SRP_verify_param_callback)(SSL *, void *); 725238405Sjkim /* set SRP client passwd callback */ 726238405Sjkim char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); 727238405Sjkim 728238405Sjkim char *login; 729238405Sjkim BIGNUM *N,*g,*s,*B,*A; 730238405Sjkim BIGNUM *a,*b,*v; 731238405Sjkim char *info; 732238405Sjkim int strength; 733238405Sjkim 734238405Sjkim unsigned long srp_Mask; 735238405Sjkim } SRP_CTX; 736238405Sjkim 737238405Sjkim#endif 738238405Sjkim 739238405Sjkim/* see tls_srp.c */ 740238405Sjkimint SSL_SRP_CTX_init(SSL *s); 741238405Sjkimint SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); 742238405Sjkimint SSL_SRP_CTX_free(SSL *ctx); 743238405Sjkimint SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); 744238405Sjkimint SSL_srp_server_param_with_username(SSL *s, int *ad); 745238405Sjkimint SRP_generate_server_master_secret(SSL *s,unsigned char *master_key); 746238405Sjkimint SRP_Calc_A_param(SSL *s); 747238405Sjkimint SRP_generate_client_master_secret(SSL *s,unsigned char *master_key); 748238405Sjkim 749238405Sjkim#endif 750238405Sjkim 751109998Smarkm#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) 752109998Smarkm#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ 753109998Smarkm#else 754109998Smarkm#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ 755109998Smarkm#endif 756109998Smarkm 75755714Skris#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) 75855714Skris 759109998Smarkm/* This callback type is used inside SSL_CTX, SSL, and in the functions that set 760109998Smarkm * them. It is used to override the generation of SSL/TLS session IDs in a 761109998Smarkm * server. Return value should be zero on an error, non-zero to proceed. Also, 762109998Smarkm * callbacks should themselves check if the id they generate is unique otherwise 763109998Smarkm * the SSL handshake will fail with an error - callbacks can do this using the 764109998Smarkm * 'ssl' value they're passed by; 765109998Smarkm * SSL_has_matching_session_id(ssl, id, *id_len) 766109998Smarkm * The length value passed in is set at the maximum size the session ID can be. 767109998Smarkm * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback 768109998Smarkm * can alter this length to be less if desired, but under SSLv2 session IDs are 769109998Smarkm * supposed to be fixed at 16 bytes so the id will be padded after the callback 770109998Smarkm * returns in this case. It is also an error for the callback to set the size to 771109998Smarkm * zero. */ 772109998Smarkmtypedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, 773109998Smarkm unsigned int *id_len); 774109998Smarkm 775238405Sjkimtypedef struct ssl_comp_st SSL_COMP; 776238405Sjkim 777238405Sjkim#ifndef OPENSSL_NO_SSL_INTERN 778238405Sjkim 779238405Sjkimstruct ssl_comp_st 78068651Skris { 78168651Skris int id; 782160814Ssimon const char *name; 783109998Smarkm#ifndef OPENSSL_NO_COMP 78468651Skris COMP_METHOD *method; 78555714Skris#else 78668651Skris char *method; 78755714Skris#endif 788238405Sjkim }; 78955714Skris 79055714SkrisDECLARE_STACK_OF(SSL_COMP) 791238405SjkimDECLARE_LHASH_OF(SSL_SESSION); 79255714Skris 79355714Skrisstruct ssl_ctx_st 79455714Skris { 795238405Sjkim const SSL_METHOD *method; 79655714Skris 79755714Skris STACK_OF(SSL_CIPHER) *cipher_list; 79855714Skris /* same as above but sorted for lookup */ 79955714Skris STACK_OF(SSL_CIPHER) *cipher_list_by_id; 80055714Skris 80155714Skris struct x509_store_st /* X509_STORE */ *cert_store; 802238405Sjkim LHASH_OF(SSL_SESSION) *sessions; 80355714Skris /* Most session-ids that will be cached, default is 80459191Skris * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ 80555714Skris unsigned long session_cache_size; 80655714Skris struct ssl_session_st *session_cache_head; 80755714Skris struct ssl_session_st *session_cache_tail; 80855714Skris 80955714Skris /* This can have one of 2 values, ored together, 81055714Skris * SSL_SESS_CACHE_CLIENT, 81155714Skris * SSL_SESS_CACHE_SERVER, 81255714Skris * Default is SSL_SESSION_CACHE_SERVER, which means only 81355714Skris * SSL_accept which cache SSL_SESSIONS. */ 81455714Skris int session_cache_mode; 81555714Skris 81655714Skris /* If timeout is not 0, it is the default timeout value set 81755714Skris * when SSL_new() is called. This has been put in to make 81855714Skris * life easier to set things up */ 81955714Skris long session_timeout; 82055714Skris 82155714Skris /* If this callback is not null, it will be called each 82255714Skris * time a session id is added to the cache. If this function 82355714Skris * returns 1, it means that the callback will do a 82455714Skris * SSL_SESSION_free() when it has finished using it. Otherwise, 82555714Skris * on 0, it means the callback has finished with it. 82655714Skris * If remove_session_cb is not null, it will be called when 82759191Skris * a session-id is removed from the cache. After the call, 82859191Skris * OpenSSL will SSL_SESSION_free() it. */ 82955714Skris int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); 83055714Skris void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); 83155714Skris SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, 83255714Skris unsigned char *data,int len,int *copy); 833109998Smarkm 83455714Skris struct 83555714Skris { 83655714Skris int sess_connect; /* SSL new conn - started */ 83755714Skris int sess_connect_renegotiate;/* SSL reneg - requested */ 83855714Skris int sess_connect_good; /* SSL new conne/reneg - finished */ 83955714Skris int sess_accept; /* SSL new accept - started */ 84055714Skris int sess_accept_renegotiate;/* SSL reneg - requested */ 84155714Skris int sess_accept_good; /* SSL accept/reneg - finished */ 84255714Skris int sess_miss; /* session lookup misses */ 84355714Skris int sess_timeout; /* reuse attempt on timeouted session */ 84455714Skris int sess_cache_full; /* session removed due to full cache */ 84555714Skris int sess_hit; /* session reuse actually done */ 84655714Skris int sess_cb_hit; /* session-id that was not 84755714Skris * in the cache was 84855714Skris * passed back via the callback. This 84955714Skris * indicates that the application is 85055714Skris * supplying session-id's from other 85155714Skris * processes - spooky :-) */ 85255714Skris } stats; 85355714Skris 85455714Skris int references; 85555714Skris 85655714Skris /* if defined, these override the X509_verify_cert() calls */ 857109998Smarkm int (*app_verify_callback)(X509_STORE_CTX *, void *); 858109998Smarkm void *app_verify_arg; 859109998Smarkm /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored 860109998Smarkm * ('app_verify_callback' was called with just one argument) */ 86155714Skris 86255714Skris /* Default password callback. */ 863109998Smarkm pem_password_cb *default_passwd_callback; 86455714Skris 86555714Skris /* Default password callback user data. */ 866109998Smarkm void *default_passwd_callback_userdata; 86755714Skris 86855714Skris /* get client cert callback */ 869109998Smarkm int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); 87055714Skris 871160814Ssimon /* cookie generate callback */ 872160814Ssimon int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 873160814Ssimon unsigned int *cookie_len); 874160814Ssimon 875160814Ssimon /* verify cookie callback */ 876160814Ssimon int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 877160814Ssimon unsigned int cookie_len); 878160814Ssimon 87955714Skris CRYPTO_EX_DATA ex_data; 88055714Skris 88155714Skris const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ 88255714Skris const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ 88355714Skris const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ 88455714Skris 88555714Skris STACK_OF(X509) *extra_certs; 886109998Smarkm STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ 887109998Smarkm 888109998Smarkm 889109998Smarkm /* Default values used when no per-SSL value is defined follow */ 890109998Smarkm 891109998Smarkm void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ 892109998Smarkm 893109998Smarkm /* what we put in client cert requests */ 894109998Smarkm STACK_OF(X509_NAME) *client_CA; 895109998Smarkm 896109998Smarkm 897109998Smarkm /* Default values to use in SSL structures follow (these are copied by SSL_new) */ 898109998Smarkm 899109998Smarkm unsigned long options; 900109998Smarkm unsigned long mode; 901109998Smarkm long max_cert_list; 902109998Smarkm 903109998Smarkm struct cert_st /* CERT */ *cert; 904109998Smarkm int read_ahead; 905109998Smarkm 906109998Smarkm /* callback that allows applications to peek at protocol messages */ 907109998Smarkm void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); 908109998Smarkm void *msg_callback_arg; 909109998Smarkm 910109998Smarkm int verify_mode; 911109998Smarkm unsigned int sid_ctx_length; 912109998Smarkm unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 913109998Smarkm int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ 914109998Smarkm 915109998Smarkm /* Default generate session ID callback. */ 916109998Smarkm GEN_SESSION_CB generate_session_id; 917109998Smarkm 918160814Ssimon X509_VERIFY_PARAM *param; 919160814Ssimon 920160814Ssimon#if 0 921109998Smarkm int purpose; /* Purpose setting */ 922109998Smarkm int trust; /* Trust setting */ 923160814Ssimon#endif 924109998Smarkm 925109998Smarkm int quiet_shutdown; 926194206Ssimon 927238405Sjkim /* Maximum amount of data to send in one fragment. 928238405Sjkim * actual record size can be more than this due to 929238405Sjkim * padding and MAC overheads. 930238405Sjkim */ 931238405Sjkim unsigned int max_send_fragment; 932238405Sjkim 933279264Sdelphij#ifndef OPENSSL_NO_ENGINE 934194206Ssimon /* Engine to pass requests for client certs to 935194206Ssimon */ 936194206Ssimon ENGINE *client_cert_engine; 937194206Ssimon#endif 938194206Ssimon 939194206Ssimon#ifndef OPENSSL_NO_TLSEXT 940194206Ssimon /* TLS extensions servername callback */ 941194206Ssimon int (*tlsext_servername_callback)(SSL*, int *, void *); 942194206Ssimon void *tlsext_servername_arg; 943194206Ssimon /* RFC 4507 session ticket keys */ 944194206Ssimon unsigned char tlsext_tick_key_name[16]; 945194206Ssimon unsigned char tlsext_tick_hmac_key[16]; 946194206Ssimon unsigned char tlsext_tick_aes_key[16]; 947194206Ssimon /* Callback to support customisation of ticket key setting */ 948194206Ssimon int (*tlsext_ticket_key_cb)(SSL *ssl, 949194206Ssimon unsigned char *name, unsigned char *iv, 950194206Ssimon EVP_CIPHER_CTX *ectx, 951238405Sjkim HMAC_CTX *hctx, int enc); 952194206Ssimon 953194206Ssimon /* certificate status request info */ 954194206Ssimon /* Callback for status request */ 955194206Ssimon int (*tlsext_status_cb)(SSL *ssl, void *arg); 956194206Ssimon void *tlsext_status_arg; 957246772Sjkim 958238405Sjkim /* draft-rescorla-tls-opaque-prf-input-00.txt information */ 959238405Sjkim int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); 960238405Sjkim void *tlsext_opaque_prf_input_callback_arg; 961194206Ssimon#endif 962194206Ssimon 963238405Sjkim#ifndef OPENSSL_NO_PSK 964238405Sjkim char *psk_identity_hint; 965238405Sjkim unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, 966238405Sjkim unsigned int max_identity_len, unsigned char *psk, 967238405Sjkim unsigned int max_psk_len); 968238405Sjkim unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 969238405Sjkim unsigned char *psk, unsigned int max_psk_len); 970238405Sjkim#endif 971238405Sjkim 972238405Sjkim#ifndef OPENSSL_NO_BUF_FREELISTS 973238405Sjkim#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 974238405Sjkim unsigned int freelist_max_len; 975238405Sjkim struct ssl3_buf_freelist_st *wbuf_freelist; 976238405Sjkim struct ssl3_buf_freelist_st *rbuf_freelist; 977238405Sjkim#endif 978238405Sjkim#ifndef OPENSSL_NO_SRP 979238405Sjkim SRP_CTX srp_ctx; /* ctx for SRP authentication */ 980238405Sjkim#endif 981238405Sjkim 982238405Sjkim#ifndef OPENSSL_NO_TLSEXT 983246772Sjkim 984238405Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 985238405Sjkim /* Next protocol negotiation information */ 986238405Sjkim /* (for experimental NPN extension). */ 987238405Sjkim 988238405Sjkim /* For a server, this contains a callback function by which the set of 989238405Sjkim * advertised protocols can be provided. */ 990238405Sjkim int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, 991238405Sjkim unsigned int *len, void *arg); 992238405Sjkim void *next_protos_advertised_cb_arg; 993238405Sjkim /* For a client, this contains a callback function that selects the 994238405Sjkim * next protocol from the list provided by the server. */ 995238405Sjkim int (*next_proto_select_cb)(SSL *s, unsigned char **out, 996238405Sjkim unsigned char *outlen, 997238405Sjkim const unsigned char *in, 998238405Sjkim unsigned int inlen, 999238405Sjkim void *arg); 1000238405Sjkim void *next_proto_select_cb_arg; 1001238405Sjkim# endif 1002238405Sjkim /* SRTP profiles we are willing to do from RFC 5764 */ 1003238405Sjkim STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 1004238405Sjkim#endif 100555714Skris }; 100655714Skris 1007238405Sjkim#endif 1008238405Sjkim 100955714Skris#define SSL_SESS_CACHE_OFF 0x0000 101055714Skris#define SSL_SESS_CACHE_CLIENT 0x0001 101155714Skris#define SSL_SESS_CACHE_SERVER 0x0002 101255714Skris#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) 101355714Skris#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 1014109998Smarkm/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ 101555714Skris#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 1016109998Smarkm#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 1017109998Smarkm#define SSL_SESS_CACHE_NO_INTERNAL \ 1018109998Smarkm (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) 101955714Skris 1020238405SjkimLHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); 102155714Skris#define SSL_CTX_sess_number(ctx) \ 102255714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) 102355714Skris#define SSL_CTX_sess_connect(ctx) \ 102455714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) 102555714Skris#define SSL_CTX_sess_connect_good(ctx) \ 102655714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) 102755714Skris#define SSL_CTX_sess_connect_renegotiate(ctx) \ 102855714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) 102955714Skris#define SSL_CTX_sess_accept(ctx) \ 103055714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) 103155714Skris#define SSL_CTX_sess_accept_renegotiate(ctx) \ 103255714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) 103355714Skris#define SSL_CTX_sess_accept_good(ctx) \ 103455714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) 103555714Skris#define SSL_CTX_sess_hits(ctx) \ 103655714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) 103755714Skris#define SSL_CTX_sess_cb_hits(ctx) \ 103855714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) 103955714Skris#define SSL_CTX_sess_misses(ctx) \ 104055714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) 104155714Skris#define SSL_CTX_sess_timeouts(ctx) \ 104255714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) 104355714Skris#define SSL_CTX_sess_cache_full(ctx) \ 104455714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) 104555714Skris 1046167612Ssimonvoid SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); 1047167612Ssimonint (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); 1048167612Ssimonvoid SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); 1049167612Ssimonvoid (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); 1050167612Ssimonvoid SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); 1051167612SsimonSSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); 1052167612Ssimonvoid SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); 1053167612Ssimonvoid (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); 1054167612Ssimonvoid SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); 1055167612Ssimonint (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); 1056194206Ssimon#ifndef OPENSSL_NO_ENGINE 1057194206Ssimonint SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); 1058194206Ssimon#endif 1059167612Ssimonvoid SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); 1060167612Ssimonvoid SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); 1061238405Sjkim#ifndef OPENSSL_NO_NEXTPROTONEG 1062238405Sjkimvoid SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, 1063238405Sjkim int (*cb) (SSL *ssl, 1064238405Sjkim const unsigned char **out, 1065238405Sjkim unsigned int *outlen, 1066238405Sjkim void *arg), 1067238405Sjkim void *arg); 1068238405Sjkimvoid SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, 1069238405Sjkim int (*cb) (SSL *ssl, 1070238405Sjkim unsigned char **out, 1071238405Sjkim unsigned char *outlen, 1072238405Sjkim const unsigned char *in, 1073238405Sjkim unsigned int inlen, 1074238405Sjkim void *arg), 1075238405Sjkim void *arg); 107655714Skris 1077238405Sjkimint SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1078238405Sjkim const unsigned char *in, unsigned int inlen, 1079238405Sjkim const unsigned char *client, unsigned int client_len); 1080238405Sjkimvoid SSL_get0_next_proto_negotiated(const SSL *s, 1081238405Sjkim const unsigned char **data, unsigned *len); 1082238405Sjkim 1083238405Sjkim#define OPENSSL_NPN_UNSUPPORTED 0 1084238405Sjkim#define OPENSSL_NPN_NEGOTIATED 1 1085238405Sjkim#define OPENSSL_NPN_NO_OVERLAP 2 1086238405Sjkim#endif 1087238405Sjkim 1088238405Sjkim#ifndef OPENSSL_NO_PSK 1089238405Sjkim/* the maximum length of the buffer given to callbacks containing the 1090238405Sjkim * resulting identity/psk */ 1091238405Sjkim#define PSK_MAX_IDENTITY_LEN 128 1092238405Sjkim#define PSK_MAX_PSK_LEN 256 1093238405Sjkimvoid SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 1094238405Sjkim unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 1095238405Sjkim char *identity, unsigned int max_identity_len, unsigned char *psk, 1096238405Sjkim unsigned int max_psk_len)); 1097238405Sjkimvoid SSL_set_psk_client_callback(SSL *ssl, 1098238405Sjkim unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 1099238405Sjkim char *identity, unsigned int max_identity_len, unsigned char *psk, 1100238405Sjkim unsigned int max_psk_len)); 1101238405Sjkimvoid SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 1102238405Sjkim unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 1103238405Sjkim unsigned char *psk, unsigned int max_psk_len)); 1104238405Sjkimvoid SSL_set_psk_server_callback(SSL *ssl, 1105238405Sjkim unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 1106238405Sjkim unsigned char *psk, unsigned int max_psk_len)); 1107238405Sjkimint SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); 1108238405Sjkimint SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); 1109238405Sjkimconst char *SSL_get_psk_identity_hint(const SSL *s); 1110238405Sjkimconst char *SSL_get_psk_identity(const SSL *s); 1111238405Sjkim#endif 1112238405Sjkim 111355714Skris#define SSL_NOTHING 1 111455714Skris#define SSL_WRITING 2 111555714Skris#define SSL_READING 3 111655714Skris#define SSL_X509_LOOKUP 4 111755714Skris 111855714Skris/* These will only be used when doing non-blocking IO */ 111955714Skris#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) 112055714Skris#define SSL_want_read(s) (SSL_want(s) == SSL_READING) 112155714Skris#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) 112255714Skris#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) 112355714Skris 1124238405Sjkim#define SSL_MAC_FLAG_READ_MAC_STREAM 1 1125238405Sjkim#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 1126238405Sjkim 1127238405Sjkim#ifndef OPENSSL_NO_SSL_INTERN 1128238405Sjkim 112955714Skrisstruct ssl_st 113055714Skris { 113155714Skris /* protocol version 1132160814Ssimon * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) 113355714Skris */ 113455714Skris int version; 113555714Skris int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ 113655714Skris 1137238405Sjkim const SSL_METHOD *method; /* SSLv3 */ 113855714Skris 113955714Skris /* There are 2 BIO's even though they are normally both the 114055714Skris * same. This is so data can be read and written to different 114155714Skris * handlers */ 114255714Skris 1143109998Smarkm#ifndef OPENSSL_NO_BIO 114455714Skris BIO *rbio; /* used by SSL_read */ 114555714Skris BIO *wbio; /* used by SSL_write */ 114668651Skris BIO *bbio; /* used during session-id reuse to concatenate 114755714Skris * messages */ 114855714Skris#else 114955714Skris char *rbio; /* used by SSL_read */ 115055714Skris char *wbio; /* used by SSL_write */ 115155714Skris char *bbio; 115255714Skris#endif 115355714Skris /* This holds a variable that indicates what we were doing 115455714Skris * when a 0 or -1 is returned. This is needed for 115555714Skris * non-blocking IO so we know what request needs re-doing when 115655714Skris * in SSL_accept or SSL_connect */ 115755714Skris int rwstate; 115855714Skris 115955714Skris /* true when we are actually in SSL_accept() or SSL_connect() */ 116055714Skris int in_handshake; 1161160814Ssimon int (*handshake_func)(SSL *); 116255714Skris 116355714Skris /* Imagine that here's a boolean member "init" that is 116455714Skris * switched as soon as SSL_set_{accept/connect}_state 116555714Skris * is called for the first time, so that "state" and 116655714Skris * "handshake_func" are properly initialized. But as 116755714Skris * handshake_func is == 0 until then, we use this 116855714Skris * test instead of an "init" member. 116955714Skris */ 117055714Skris 117155714Skris int server; /* are we the server side? - mostly used by SSL_clear*/ 117255714Skris 1173238405Sjkim int new_session;/* Generate a new session or reuse an old one. 117489837Skris * NB: For servers, the 'new' session may actually be a previously 1175109998Smarkm * cached session or even the previous session unless 1176109998Smarkm * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ 117755714Skris int quiet_shutdown;/* don't send shutdown packets */ 117855714Skris int shutdown; /* we have shut things down, 0x01 sent, 0x02 117955714Skris * for received */ 118055714Skris int state; /* where we are */ 118155714Skris int rstate; /* where we are when reading */ 118255714Skris 118355714Skris BUF_MEM *init_buf; /* buffer used during init */ 1184109998Smarkm void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ 118555714Skris int init_num; /* amount read/written */ 118655714Skris int init_off; /* amount read/written */ 118755714Skris 118855714Skris /* used internally to point at a raw packet */ 118955714Skris unsigned char *packet; 119055714Skris unsigned int packet_length; 119155714Skris 119259191Skris struct ssl2_state_st *s2; /* SSLv2 variables */ 119359191Skris struct ssl3_state_st *s3; /* SSLv3 variables */ 1194160814Ssimon struct dtls1_state_st *d1; /* DTLSv1 variables */ 119555714Skris 119659191Skris int read_ahead; /* Read as many input bytes as possible 119759191Skris * (for non-blocking reads) */ 1198109998Smarkm 1199109998Smarkm /* callback that allows applications to peek at protocol messages */ 1200109998Smarkm void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); 1201109998Smarkm void *msg_callback_arg; 1202109998Smarkm 120355714Skris int hit; /* reusing a previous session */ 120455714Skris 1205160814Ssimon X509_VERIFY_PARAM *param; 1206160814Ssimon 1207160814Ssimon#if 0 120859191Skris int purpose; /* Purpose setting */ 120959191Skris int trust; /* Trust setting */ 1210160814Ssimon#endif 121159191Skris 121255714Skris /* crypto */ 121355714Skris STACK_OF(SSL_CIPHER) *cipher_list; 121455714Skris STACK_OF(SSL_CIPHER) *cipher_list_by_id; 121555714Skris 121659191Skris /* These are the ones being used, the ones in SSL_SESSION are 121755714Skris * the ones to be 'copied' into these ones */ 1218238405Sjkim int mac_flags; 121955714Skris EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 1220238405Sjkim EVP_MD_CTX *read_hash; /* used for mac generation */ 1221109998Smarkm#ifndef OPENSSL_NO_COMP 122255714Skris COMP_CTX *expand; /* uncompress */ 122355714Skris#else 122455714Skris char *expand; 122555714Skris#endif 122655714Skris 122755714Skris EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 1228238405Sjkim EVP_MD_CTX *write_hash; /* used for mac generation */ 1229109998Smarkm#ifndef OPENSSL_NO_COMP 123055714Skris COMP_CTX *compress; /* compression */ 123155714Skris#else 123255714Skris char *compress; 123355714Skris#endif 123455714Skris 123555714Skris /* session info */ 123655714Skris 123755714Skris /* client cert? */ 123855714Skris /* This is used to hold the server certificate used */ 123955714Skris struct cert_st /* CERT */ *cert; 124055714Skris 124155714Skris /* the session_id_context is used to ensure sessions are only reused 124255714Skris * in the appropriate context */ 124355714Skris unsigned int sid_ctx_length; 124455714Skris unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 124555714Skris 124655714Skris /* This can also be in the session once a session is established */ 124755714Skris SSL_SESSION *session; 124855714Skris 1249109998Smarkm /* Default generate session ID callback. */ 1250109998Smarkm GEN_SESSION_CB generate_session_id; 1251109998Smarkm 125255714Skris /* Used in SSL2 and SSL3 */ 125355714Skris int verify_mode; /* 0 don't care about verify failure. 125455714Skris * 1 fail if verify fails */ 125555714Skris int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ 125655714Skris 1257109998Smarkm void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ 1258109998Smarkm 125955714Skris int error; /* error bytes to be written */ 126055714Skris int error_code; /* actual code */ 126155714Skris 1262109998Smarkm#ifndef OPENSSL_NO_KRB5 1263109998Smarkm KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ 1264109998Smarkm#endif /* OPENSSL_NO_KRB5 */ 1265109998Smarkm 1266238405Sjkim#ifndef OPENSSL_NO_PSK 1267238405Sjkim unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, 1268238405Sjkim unsigned int max_identity_len, unsigned char *psk, 1269238405Sjkim unsigned int max_psk_len); 1270238405Sjkim unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 1271238405Sjkim unsigned char *psk, unsigned int max_psk_len); 1272238405Sjkim#endif 1273238405Sjkim 127455714Skris SSL_CTX *ctx; 127555714Skris /* set this flag to 1 and a sleep(1) is put into all SSL_read() 127655714Skris * and SSL_write() calls, good for nbio debuging :-) */ 127755714Skris int debug; 127855714Skris 127955714Skris /* extra application data */ 128055714Skris long verify_result; 128155714Skris CRYPTO_EX_DATA ex_data; 128255714Skris 128355714Skris /* for server side, keep the list of CA_dn we can use */ 128455714Skris STACK_OF(X509_NAME) *client_CA; 128555714Skris 128655714Skris int references; 128755714Skris unsigned long options; /* protocol behaviour */ 128855714Skris unsigned long mode; /* API behaviour */ 1289109998Smarkm long max_cert_list; 129055714Skris int first_packet; 129155714Skris int client_version; /* what was passed, used for 129259191Skris * SSLv3/TLS rollback check */ 1293238405Sjkim unsigned int max_send_fragment; 1294194206Ssimon#ifndef OPENSSL_NO_TLSEXT 1295194206Ssimon /* TLS extension debug callback */ 1296194206Ssimon void (*tlsext_debug_cb)(SSL *s, int client_server, int type, 1297194206Ssimon unsigned char *data, int len, 1298194206Ssimon void *arg); 1299194206Ssimon void *tlsext_debug_arg; 1300194206Ssimon char *tlsext_hostname; 1301194206Ssimon int servername_done; /* no further mod of servername 1302194206Ssimon 0 : call the servername extension callback. 1303194206Ssimon 1 : prepare 2, allow last ack just after in server callback. 1304194206Ssimon 2 : don't call servername callback, no ack in server hello 1305194206Ssimon */ 1306194206Ssimon /* certificate status request info */ 1307194206Ssimon /* Status type or -1 if no status type */ 1308194206Ssimon int tlsext_status_type; 1309194206Ssimon /* Expect OCSP CertificateStatus message */ 1310194206Ssimon int tlsext_status_expected; 1311194206Ssimon /* OCSP status request only */ 1312194206Ssimon STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; 1313194206Ssimon X509_EXTENSIONS *tlsext_ocsp_exts; 1314194206Ssimon /* OCSP response received or to be sent */ 1315194206Ssimon unsigned char *tlsext_ocsp_resp; 1316194206Ssimon int tlsext_ocsp_resplen; 1317194206Ssimon 1318194206Ssimon /* RFC4507 session ticket expected to be received or sent */ 1319194206Ssimon int tlsext_ticket_expected; 1320238405Sjkim#ifndef OPENSSL_NO_EC 1321238405Sjkim size_t tlsext_ecpointformatlist_length; 1322238405Sjkim unsigned char *tlsext_ecpointformatlist; /* our list */ 1323238405Sjkim size_t tlsext_ellipticcurvelist_length; 1324238405Sjkim unsigned char *tlsext_ellipticcurvelist; /* our list */ 1325238405Sjkim#endif /* OPENSSL_NO_EC */ 1326238405Sjkim 1327238405Sjkim /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */ 1328238405Sjkim void *tlsext_opaque_prf_input; 1329238405Sjkim size_t tlsext_opaque_prf_input_len; 1330238405Sjkim 1331238405Sjkim /* TLS Session Ticket extension override */ 1332238405Sjkim TLS_SESSION_TICKET_EXT *tlsext_session_ticket; 1333238405Sjkim 1334238405Sjkim /* TLS Session Ticket extension callback */ 1335238405Sjkim tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; 1336238405Sjkim void *tls_session_ticket_ext_cb_arg; 1337238405Sjkim 1338238405Sjkim /* TLS pre-shared secret session resumption */ 1339238405Sjkim tls_session_secret_cb_fn tls_session_secret_cb; 1340238405Sjkim void *tls_session_secret_cb_arg; 1341238405Sjkim 1342194206Ssimon SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ 1343238405Sjkim 1344238405Sjkim#ifndef OPENSSL_NO_NEXTPROTONEG 1345238405Sjkim /* Next protocol negotiation. For the client, this is the protocol that 1346238405Sjkim * we sent in NextProtocol and is set when handling ServerHello 1347238405Sjkim * extensions. 1348238405Sjkim * 1349238405Sjkim * For a server, this is the client's selected_protocol from 1350238405Sjkim * NextProtocol and is set when handling the NextProtocol message, 1351238405Sjkim * before the Finished message. */ 1352238405Sjkim unsigned char *next_proto_negotiated; 1353238405Sjkim unsigned char next_proto_negotiated_len; 1354238405Sjkim#endif 1355238405Sjkim 1356194206Ssimon#define session_ctx initial_ctx 1357238405Sjkim 1358238405Sjkim STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ 1359238405Sjkim SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ 1360238405Sjkim 1361238405Sjkim unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated? 1362238405Sjkim 0: disabled 1363238405Sjkim 1: enabled 1364238405Sjkim 2: enabled, but not allowed to send Requests 1365238405Sjkim */ 1366238405Sjkim unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ 1367238405Sjkim unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ 1368194206Ssimon#else 1369194206Ssimon#define session_ctx ctx 1370238405Sjkim#endif /* OPENSSL_NO_TLSEXT */ 1371238405Sjkim 1372238405Sjkim int renegotiate;/* 1 if we are renegotiating. 1373238405Sjkim * 2 if we are a server and are inside a handshake 1374238405Sjkim * (i.e. not just sending a HelloRequest) */ 1375238405Sjkim 1376238405Sjkim#ifndef OPENSSL_NO_SRP 1377238405Sjkim SRP_CTX srp_ctx; /* ctx for SRP authentication */ 1378194206Ssimon#endif 137955714Skris }; 138055714Skris 1381238405Sjkim#endif 1382238405Sjkim 138368651Skris#ifdef __cplusplus 138468651Skris} 138568651Skris#endif 138668651Skris 138755714Skris#include <openssl/ssl2.h> 138855714Skris#include <openssl/ssl3.h> 138955714Skris#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ 1390160814Ssimon#include <openssl/dtls1.h> /* Datagram TLS */ 139155714Skris#include <openssl/ssl23.h> 1392238405Sjkim#include <openssl/srtp.h> /* Support for the use_srtp extension */ 139355714Skris 139468651Skris#ifdef __cplusplus 139568651Skrisextern "C" { 139668651Skris#endif 139768651Skris 139859191Skris/* compatibility */ 139955714Skris#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) 140055714Skris#define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) 140155714Skris#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) 140255714Skris#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) 140355714Skris#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) 140455714Skris#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) 140555714Skris 140655714Skris/* The following are the possible values for ssl->state are are 140759191Skris * used to indicate where we are up to in the SSL connection establishment. 140855714Skris * The macros that follow are about the only things you should need to use 140955714Skris * and even then, only when using non-blocking IO. 141055714Skris * It can also be useful to work out where you were when the connection 141155714Skris * failed */ 141255714Skris 141355714Skris#define SSL_ST_CONNECT 0x1000 141455714Skris#define SSL_ST_ACCEPT 0x2000 141555714Skris#define SSL_ST_MASK 0x0FFF 141655714Skris#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) 141755714Skris#define SSL_ST_BEFORE 0x4000 141855714Skris#define SSL_ST_OK 0x03 141955714Skris#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) 142055714Skris 142155714Skris#define SSL_CB_LOOP 0x01 142255714Skris#define SSL_CB_EXIT 0x02 142355714Skris#define SSL_CB_READ 0x04 142455714Skris#define SSL_CB_WRITE 0x08 142555714Skris#define SSL_CB_ALERT 0x4000 /* used in callback */ 142655714Skris#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) 142755714Skris#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) 142855714Skris#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) 142955714Skris#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) 143055714Skris#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) 143155714Skris#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) 143255714Skris#define SSL_CB_HANDSHAKE_START 0x10 143355714Skris#define SSL_CB_HANDSHAKE_DONE 0x20 143455714Skris 143555714Skris/* Is the SSL_connection established? */ 143655714Skris#define SSL_get_state(a) SSL_state(a) 143755714Skris#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) 143855714Skris#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) 143955714Skris#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) 144055714Skris#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) 144155714Skris#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) 144255714Skris 144355714Skris/* The following 2 states are kept in ssl->rstate when reads fail, 144455714Skris * you should not need these */ 144555714Skris#define SSL_ST_READ_HEADER 0xF0 144655714Skris#define SSL_ST_READ_BODY 0xF1 144755714Skris#define SSL_ST_READ_DONE 0xF2 144855714Skris 144959191Skris/* Obtain latest Finished message 145059191Skris * -- that we sent (SSL_get_finished) 145159191Skris * -- that we expected from peer (SSL_get_peer_finished). 145259191Skris * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ 1453160814Ssimonsize_t SSL_get_finished(const SSL *s, void *buf, size_t count); 1454160814Ssimonsize_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); 145559191Skris 145655714Skris/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options 145755714Skris * are 'ored' with SSL_VERIFY_PEER if they are desired */ 145855714Skris#define SSL_VERIFY_NONE 0x00 145955714Skris#define SSL_VERIFY_PEER 0x01 146055714Skris#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 146155714Skris#define SSL_VERIFY_CLIENT_ONCE 0x04 146255714Skris 146359191Skris#define OpenSSL_add_ssl_algorithms() SSL_library_init() 146455714Skris#define SSLeay_add_ssl_algorithms() SSL_library_init() 146555714Skris 146659191Skris/* this is for backward compatibility */ 146755714Skris#if 0 /* NEW_SSLEAY */ 146855714Skris#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) 146955714Skris#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) 147055714Skris#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) 147155714Skris#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) 147255714Skris#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) 147355714Skris#endif 147459191Skris/* More backward compatibility */ 147555714Skris#define SSL_get_cipher(s) \ 147655714Skris SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 147755714Skris#define SSL_get_cipher_bits(s,np) \ 147855714Skris SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) 147955714Skris#define SSL_get_cipher_version(s) \ 148055714Skris SSL_CIPHER_get_version(SSL_get_current_cipher(s)) 148155714Skris#define SSL_get_cipher_name(s) \ 148255714Skris SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 148355714Skris#define SSL_get_time(a) SSL_SESSION_get_time(a) 148455714Skris#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) 148555714Skris#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) 148655714Skris#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) 148755714Skris 1488160814Ssimon#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) 1489160814Ssimon#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) 149055714Skris 1491238405SjkimDECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 1492238405Sjkim 1493238405Sjkim#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */ 1494238405Sjkim 149555714Skris/* These alert types are for SSLv3 and TLSv1 */ 149655714Skris#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY 149755714Skris#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ 149855714Skris#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ 149955714Skris#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED 150055714Skris#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW 150155714Skris#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ 150255714Skris#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ 150355714Skris#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ 150455714Skris#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE 150555714Skris#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE 150655714Skris#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED 150755714Skris#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED 150855714Skris#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN 150955714Skris#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ 151055714Skris#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ 151155714Skris#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ 151255714Skris#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ 151355714Skris#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR 151459191Skris#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ 151555714Skris#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ 151655714Skris#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ 151755714Skris#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ 151859191Skris#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED 151955714Skris#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION 1520194206Ssimon#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION 1521194206Ssimon#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE 1522194206Ssimon#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME 1523194206Ssimon#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 1524238405Sjkim#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 1525238405Sjkim#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ 1526273415Sdelphij#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ 152755714Skris 152855714Skris#define SSL_ERROR_NONE 0 152955714Skris#define SSL_ERROR_SSL 1 153055714Skris#define SSL_ERROR_WANT_READ 2 153155714Skris#define SSL_ERROR_WANT_WRITE 3 153255714Skris#define SSL_ERROR_WANT_X509_LOOKUP 4 153355714Skris#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ 153455714Skris#define SSL_ERROR_ZERO_RETURN 6 153555714Skris#define SSL_ERROR_WANT_CONNECT 7 1536109998Smarkm#define SSL_ERROR_WANT_ACCEPT 8 153755714Skris 153855714Skris#define SSL_CTRL_NEED_TMP_RSA 1 153955714Skris#define SSL_CTRL_SET_TMP_RSA 2 154055714Skris#define SSL_CTRL_SET_TMP_DH 3 1541160814Ssimon#define SSL_CTRL_SET_TMP_ECDH 4 1542160814Ssimon#define SSL_CTRL_SET_TMP_RSA_CB 5 1543160814Ssimon#define SSL_CTRL_SET_TMP_DH_CB 6 1544160814Ssimon#define SSL_CTRL_SET_TMP_ECDH_CB 7 1545109998Smarkm 1546160814Ssimon#define SSL_CTRL_GET_SESSION_REUSED 8 1547160814Ssimon#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 1548160814Ssimon#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 1549160814Ssimon#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 1550160814Ssimon#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 1551160814Ssimon#define SSL_CTRL_GET_FLAGS 13 1552160814Ssimon#define SSL_CTRL_EXTRA_CHAIN_CERT 14 155355714Skris 1554160814Ssimon#define SSL_CTRL_SET_MSG_CALLBACK 15 1555160814Ssimon#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 1556109998Smarkm 1557160814Ssimon/* only applies to datagram connections */ 1558160814Ssimon#define SSL_CTRL_SET_MTU 17 155955714Skris/* Stats */ 156055714Skris#define SSL_CTRL_SESS_NUMBER 20 156155714Skris#define SSL_CTRL_SESS_CONNECT 21 156255714Skris#define SSL_CTRL_SESS_CONNECT_GOOD 22 156355714Skris#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 156455714Skris#define SSL_CTRL_SESS_ACCEPT 24 156555714Skris#define SSL_CTRL_SESS_ACCEPT_GOOD 25 156655714Skris#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 156755714Skris#define SSL_CTRL_SESS_HIT 27 156855714Skris#define SSL_CTRL_SESS_CB_HIT 28 156955714Skris#define SSL_CTRL_SESS_MISSES 29 157055714Skris#define SSL_CTRL_SESS_TIMEOUTS 30 157155714Skris#define SSL_CTRL_SESS_CACHE_FULL 31 157255714Skris#define SSL_CTRL_OPTIONS 32 1573109998Smarkm#define SSL_CTRL_MODE 33 157455714Skris 157555714Skris#define SSL_CTRL_GET_READ_AHEAD 40 157655714Skris#define SSL_CTRL_SET_READ_AHEAD 41 157755714Skris#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 157855714Skris#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 157955714Skris#define SSL_CTRL_SET_SESS_CACHE_MODE 44 158055714Skris#define SSL_CTRL_GET_SESS_CACHE_MODE 45 158155714Skris 1582109998Smarkm#define SSL_CTRL_GET_MAX_CERT_LIST 50 1583109998Smarkm#define SSL_CTRL_SET_MAX_CERT_LIST 51 1584109998Smarkm 1585238405Sjkim#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 1586238405Sjkim 1587194206Ssimon/* see tls1.h for macros based on these */ 1588194206Ssimon#ifndef OPENSSL_NO_TLSEXT 1589194206Ssimon#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 1590194206Ssimon#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 1591194206Ssimon#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 1592194206Ssimon#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 1593194206Ssimon#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 1594194206Ssimon#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 1595194206Ssimon#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 1596238405Sjkim#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 1597238405Sjkim#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 1598238405Sjkim#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 1599194206Ssimon#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 1600194206Ssimon#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 1601194206Ssimon#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 1602194206Ssimon#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 1603194206Ssimon#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 1604194206Ssimon#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 1605194206Ssimon#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 1606194206Ssimon#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 1607194206Ssimon#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 1608194206Ssimon 1609194206Ssimon#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 1610238405Sjkim 1611238405Sjkim#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 1612238405Sjkim#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 1613238405Sjkim#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 1614238405Sjkim 1615238405Sjkim#define SSL_CTRL_SET_SRP_ARG 78 1616238405Sjkim#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 1617238405Sjkim#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 1618238405Sjkim#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 1619238405Sjkim#ifndef OPENSSL_NO_HEARTBEATS 1620238405Sjkim#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 1621238405Sjkim#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 1622238405Sjkim#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 1623194206Ssimon#endif 1624238405Sjkim#endif 1625194206Ssimon 1626205128Ssimon#define DTLS_CTRL_GET_TIMEOUT 73 1627205128Ssimon#define DTLS_CTRL_HANDLE_TIMEOUT 74 1628205128Ssimon#define DTLS_CTRL_LISTEN 75 1629205128Ssimon 1630205128Ssimon#define SSL_CTRL_GET_RI_SUPPORT 76 1631205128Ssimon#define SSL_CTRL_CLEAR_OPTIONS 77 1632205128Ssimon#define SSL_CTRL_CLEAR_MODE 78 1633205128Ssimon 1634238405Sjkim#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 1635238405Sjkim#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 1636238405Sjkim 1637273415Sdelphij#define SSL_CTRL_CHECK_PROTO_VERSION 119 1638279264Sdelphij#define DTLS_CTRL_SET_LINK_MTU 120 1639279264Sdelphij#define DTLS_CTRL_GET_LINK_MIN_MTU 121 1640273415Sdelphij 1641205128Ssimon#define DTLSv1_get_timeout(ssl, arg) \ 1642205128Ssimon SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) 1643205128Ssimon#define DTLSv1_handle_timeout(ssl) \ 1644205128Ssimon SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) 1645205128Ssimon#define DTLSv1_listen(ssl, peer) \ 1646205128Ssimon SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) 1647205128Ssimon 164855714Skris#define SSL_session_reused(ssl) \ 164955714Skris SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) 165055714Skris#define SSL_num_renegotiations(ssl) \ 165155714Skris SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) 165255714Skris#define SSL_clear_num_renegotiations(ssl) \ 165355714Skris SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) 165455714Skris#define SSL_total_renegotiations(ssl) \ 165555714Skris SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) 165655714Skris 165755714Skris#define SSL_CTX_need_tmp_RSA(ctx) \ 165855714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) 165955714Skris#define SSL_CTX_set_tmp_rsa(ctx,rsa) \ 166055714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) 166155714Skris#define SSL_CTX_set_tmp_dh(ctx,dh) \ 166255714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) 1663160814Ssimon#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ 1664160814Ssimon SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 166555714Skris 166655714Skris#define SSL_need_tmp_RSA(ssl) \ 166755714Skris SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) 166855714Skris#define SSL_set_tmp_rsa(ssl,rsa) \ 166955714Skris SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) 167055714Skris#define SSL_set_tmp_dh(ssl,dh) \ 167155714Skris SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) 1672160814Ssimon#define SSL_set_tmp_ecdh(ssl,ecdh) \ 1673160814Ssimon SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 167455714Skris 167555714Skris#define SSL_CTX_add_extra_chain_cert(ctx,x509) \ 167655714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) 1677238405Sjkim#define SSL_CTX_get_extra_chain_certs(ctx,px509) \ 1678238405Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) 1679238405Sjkim#define SSL_CTX_clear_extra_chain_certs(ctx) \ 1680238405Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) 168155714Skris 1682109998Smarkm#ifndef OPENSSL_NO_BIO 168355714SkrisBIO_METHOD *BIO_f_ssl(void); 168455714SkrisBIO *BIO_new_ssl(SSL_CTX *ctx,int client); 168555714SkrisBIO *BIO_new_ssl_connect(SSL_CTX *ctx); 168655714SkrisBIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); 168755714Skrisint BIO_ssl_copy_session_id(BIO *to,BIO *from); 168855714Skrisvoid BIO_ssl_shutdown(BIO *ssl_bio); 168955714Skris 169055714Skris#endif 169155714Skris 169259191Skrisint SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); 1693238405SjkimSSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); 169455714Skrisvoid SSL_CTX_free(SSL_CTX *); 169555714Skrislong SSL_CTX_set_timeout(SSL_CTX *ctx,long t); 1696160814Ssimonlong SSL_CTX_get_timeout(const SSL_CTX *ctx); 1697160814SsimonX509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); 169855714Skrisvoid SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); 1699160814Ssimonint SSL_want(const SSL *s); 170055714Skrisint SSL_clear(SSL *s); 170155714Skris 170255714Skrisvoid SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); 170355714Skris 1704238405Sjkimconst SSL_CIPHER *SSL_get_current_cipher(const SSL *s); 1705160814Ssimonint SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); 1706160814Ssimonchar * SSL_CIPHER_get_version(const SSL_CIPHER *c); 1707160814Ssimonconst char * SSL_CIPHER_get_name(const SSL_CIPHER *c); 1708238405Sjkimunsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); 170955714Skris 1710160814Ssimonint SSL_get_fd(const SSL *s); 1711160814Ssimonint SSL_get_rfd(const SSL *s); 1712160814Ssimonint SSL_get_wfd(const SSL *s); 1713160814Ssimonconst char * SSL_get_cipher_list(const SSL *s,int n); 1714160814Ssimonchar * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); 1715160814Ssimonint SSL_get_read_ahead(const SSL * s); 1716160814Ssimonint SSL_pending(const SSL *s); 1717109998Smarkm#ifndef OPENSSL_NO_SOCK 171855714Skrisint SSL_set_fd(SSL *s, int fd); 171955714Skrisint SSL_set_rfd(SSL *s, int fd); 172055714Skrisint SSL_set_wfd(SSL *s, int fd); 172155714Skris#endif 1722109998Smarkm#ifndef OPENSSL_NO_BIO 172355714Skrisvoid SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); 1724160814SsimonBIO * SSL_get_rbio(const SSL *s); 1725160814SsimonBIO * SSL_get_wbio(const SSL *s); 172655714Skris#endif 172759191Skrisint SSL_set_cipher_list(SSL *s, const char *str); 172855714Skrisvoid SSL_set_read_ahead(SSL *s, int yes); 1729160814Ssimonint SSL_get_verify_mode(const SSL *s); 1730160814Ssimonint SSL_get_verify_depth(const SSL *s); 1731160814Ssimonint (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); 173255714Skrisvoid SSL_set_verify(SSL *s, int mode, 173355714Skris int (*callback)(int ok,X509_STORE_CTX *ctx)); 173455714Skrisvoid SSL_set_verify_depth(SSL *s, int depth); 1735109998Smarkm#ifndef OPENSSL_NO_RSA 173655714Skrisint SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); 173755714Skris#endif 173855714Skrisint SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); 173955714Skrisint SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); 1740160814Ssimonint SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); 174155714Skrisint SSL_use_certificate(SSL *ssl, X509 *x); 1742160814Ssimonint SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); 174355714Skris 1744109998Smarkm#ifndef OPENSSL_NO_STDIO 174555714Skrisint SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); 174655714Skrisint SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); 174755714Skrisint SSL_use_certificate_file(SSL *ssl, const char *file, int type); 174855714Skrisint SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); 174955714Skrisint SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); 175055714Skrisint SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); 175155714Skrisint SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ 175255714SkrisSTACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 175355714Skrisint SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 175455714Skris const char *file); 1755109998Smarkm#ifndef OPENSSL_SYS_VMS 1756109998Smarkm#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ 175755714Skrisint SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 175855714Skris const char *dir); 175955714Skris#endif 1760109998Smarkm#endif 176155714Skris 1762109998Smarkm#endif 1763109998Smarkm 176455714Skrisvoid SSL_load_error_strings(void ); 1765109998Smarkmconst char *SSL_state_string(const SSL *s); 1766109998Smarkmconst char *SSL_rstate_string(const SSL *s); 1767109998Smarkmconst char *SSL_state_string_long(const SSL *s); 1768109998Smarkmconst char *SSL_rstate_string_long(const SSL *s); 1769160814Ssimonlong SSL_SESSION_get_time(const SSL_SESSION *s); 177055714Skrislong SSL_SESSION_set_time(SSL_SESSION *s, long t); 1771160814Ssimonlong SSL_SESSION_get_timeout(const SSL_SESSION *s); 177255714Skrislong SSL_SESSION_set_timeout(SSL_SESSION *s, long t); 1773160814Ssimonvoid SSL_copy_session_id(SSL *to,const SSL *from); 1774238405SjkimX509 *SSL_SESSION_get0_peer(SSL_SESSION *s); 1775238405Sjkimint SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, 1776238405Sjkim unsigned int sid_ctx_len); 177755714Skris 177855714SkrisSSL_SESSION *SSL_SESSION_new(void); 1779238405Sjkimconst unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, 1780238405Sjkim unsigned int *len); 1781238405Sjkimunsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); 1782109998Smarkm#ifndef OPENSSL_NO_FP_API 1783160814Ssimonint SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); 178455714Skris#endif 1785109998Smarkm#ifndef OPENSSL_NO_BIO 1786160814Ssimonint SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); 178755714Skris#endif 178855714Skrisvoid SSL_SESSION_free(SSL_SESSION *ses); 178955714Skrisint i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); 179055714Skrisint SSL_set_session(SSL *to, SSL_SESSION *session); 179155714Skrisint SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); 179255714Skrisint SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); 1793109998Smarkmint SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); 1794109998Smarkmint SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); 1795109998Smarkmint SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 1796109998Smarkm unsigned int id_len); 1797160814SsimonSSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, 1798160814Ssimon long length); 179955714Skris 180055714Skris#ifdef HEADER_X509_H 1801160814SsimonX509 * SSL_get_peer_certificate(const SSL *s); 180255714Skris#endif 180355714Skris 1804160814SsimonSTACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); 180555714Skris 1806160814Ssimonint SSL_CTX_get_verify_mode(const SSL_CTX *ctx); 1807160814Ssimonint SSL_CTX_get_verify_depth(const SSL_CTX *ctx); 1808160814Ssimonint (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); 180955714Skrisvoid SSL_CTX_set_verify(SSL_CTX *ctx,int mode, 181055714Skris int (*callback)(int, X509_STORE_CTX *)); 181155714Skrisvoid SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); 1812109998Smarkmvoid SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); 1813109998Smarkm#ifndef OPENSSL_NO_RSA 181455714Skrisint SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 181555714Skris#endif 1816160814Ssimonint SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); 181755714Skrisint SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 181855714Skrisint SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, 1819160814Ssimon const unsigned char *d, long len); 182055714Skrisint SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 1821160814Ssimonint SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); 182255714Skris 182355714Skrisvoid SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); 182455714Skrisvoid SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); 182555714Skris 1826160814Ssimonint SSL_CTX_check_private_key(const SSL_CTX *ctx); 1827160814Ssimonint SSL_check_private_key(const SSL *ctx); 182855714Skris 182955714Skrisint SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, 183055714Skris unsigned int sid_ctx_len); 183155714Skris 183255714SkrisSSL * SSL_new(SSL_CTX *ctx); 183355714Skrisint SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, 183455714Skris unsigned int sid_ctx_len); 183559191Skris 183659191Skrisint SSL_CTX_set_purpose(SSL_CTX *s, int purpose); 183759191Skrisint SSL_set_purpose(SSL *s, int purpose); 183859191Skrisint SSL_CTX_set_trust(SSL_CTX *s, int trust); 183959191Skrisint SSL_set_trust(SSL *s, int trust); 184059191Skris 1841238405Sjkimint SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); 1842238405Sjkimint SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 1843238405Sjkim 1844238405Sjkim#ifndef OPENSSL_NO_SRP 1845238405Sjkimint SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name); 1846238405Sjkimint SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password); 1847238405Sjkimint SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); 1848238405Sjkimint SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, 1849238405Sjkim char *(*cb)(SSL *,void *)); 1850238405Sjkimint SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, 1851238405Sjkim int (*cb)(SSL *,void *)); 1852238405Sjkimint SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, 1853238405Sjkim int (*cb)(SSL *,int *,void *)); 1854238405Sjkimint SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); 1855238405Sjkim 1856238405Sjkimint SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, 1857238405Sjkim BIGNUM *sa, BIGNUM *v, char *info); 1858238405Sjkimint SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, 1859238405Sjkim const char *grp); 1860238405Sjkim 1861238405SjkimBIGNUM *SSL_get_srp_g(SSL *s); 1862238405SjkimBIGNUM *SSL_get_srp_N(SSL *s); 1863238405Sjkim 1864238405Sjkimchar *SSL_get_srp_username(SSL *s); 1865238405Sjkimchar *SSL_get_srp_userinfo(SSL *s); 1866238405Sjkim#endif 1867238405Sjkim 186855714Skrisvoid SSL_free(SSL *ssl); 186955714Skrisint SSL_accept(SSL *ssl); 187055714Skrisint SSL_connect(SSL *ssl); 187176866Skrisint SSL_read(SSL *ssl,void *buf,int num); 187276866Skrisint SSL_peek(SSL *ssl,void *buf,int num); 187376866Skrisint SSL_write(SSL *ssl,const void *buf,int num); 1874109998Smarkmlong SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); 1875160814Ssimonlong SSL_callback_ctrl(SSL *, int, void (*)(void)); 1876109998Smarkmlong SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); 1877160814Ssimonlong SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); 187855714Skris 1879160814Ssimonint SSL_get_error(const SSL *s,int ret_code); 1880160814Ssimonconst char *SSL_get_version(const SSL *s); 188155714Skris 188255714Skris/* This sets the 'default' SSL version that SSL_new() will create */ 1883238405Sjkimint SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); 188455714Skris 1885238405Sjkim#ifndef OPENSSL_NO_SSL2 1886238405Sjkimconst SSL_METHOD *SSLv2_method(void); /* SSLv2 */ 1887238405Sjkimconst SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ 1888238405Sjkimconst SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ 1889238405Sjkim#endif 189055714Skris 1891279264Sdelphij#ifndef OPENSSL_NO_SSL3_METHOD 1892238405Sjkimconst SSL_METHOD *SSLv3_method(void); /* SSLv3 */ 1893238405Sjkimconst SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ 1894238405Sjkimconst SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ 1895279264Sdelphij#endif 189655714Skris 1897279264Sdelphijconst SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */ 1898279264Sdelphijconst SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */ 1899279264Sdelphijconst SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */ 190055714Skris 1901238405Sjkimconst SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ 1902238405Sjkimconst SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ 1903238405Sjkimconst SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ 190455714Skris 1905238405Sjkimconst SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ 1906238405Sjkimconst SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ 1907238405Sjkimconst SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ 190855714Skris 1909238405Sjkimconst SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ 1910238405Sjkimconst SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ 1911238405Sjkimconst SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ 1912238405Sjkim 1913238405Sjkim 1914238405Sjkimconst SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ 1915238405Sjkimconst SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ 1916238405Sjkimconst SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ 1917238405Sjkim 1918160814SsimonSTACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); 1919160814Ssimon 192055714Skrisint SSL_do_handshake(SSL *s); 192155714Skrisint SSL_renegotiate(SSL *s); 1922238405Sjkimint SSL_renegotiate_abbreviated(SSL *s); 1923109998Smarkmint SSL_renegotiate_pending(SSL *s); 192455714Skrisint SSL_shutdown(SSL *s); 192555714Skris 1926238405Sjkimconst SSL_METHOD *SSL_get_ssl_method(SSL *s); 1927238405Sjkimint SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); 1928109998Smarkmconst char *SSL_alert_type_string_long(int value); 1929109998Smarkmconst char *SSL_alert_type_string(int value); 1930109998Smarkmconst char *SSL_alert_desc_string_long(int value); 1931109998Smarkmconst char *SSL_alert_desc_string(int value); 193255714Skris 1933127128Snectarvoid SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); 1934127128Snectarvoid SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); 1935160814SsimonSTACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); 1936160814SsimonSTACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); 193755714Skrisint SSL_add_client_CA(SSL *ssl,X509 *x); 193855714Skrisint SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); 193955714Skris 194055714Skrisvoid SSL_set_connect_state(SSL *s); 194155714Skrisvoid SSL_set_accept_state(SSL *s); 194255714Skris 1943160814Ssimonlong SSL_get_default_timeout(const SSL *s); 194455714Skris 194555714Skrisint SSL_library_init(void ); 194655714Skris 1947205128Ssimonchar *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); 194855714SkrisSTACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); 194955714Skris 195055714SkrisSSL *SSL_dup(SSL *ssl); 195155714Skris 1952160814SsimonX509 *SSL_get_certificate(const SSL *ssl); 195355714Skris/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); 195455714Skris 195555714Skrisvoid SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); 1956160814Ssimonint SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); 195755714Skrisvoid SSL_set_quiet_shutdown(SSL *ssl,int mode); 1958160814Ssimonint SSL_get_quiet_shutdown(const SSL *ssl); 195955714Skrisvoid SSL_set_shutdown(SSL *ssl,int mode); 1960160814Ssimonint SSL_get_shutdown(const SSL *ssl); 1961160814Ssimonint SSL_version(const SSL *ssl); 196255714Skrisint SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); 196355714Skrisint SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 196455714Skris const char *CApath); 196559191Skris#define SSL_get0_session SSL_get_session /* just peek at pointer */ 1966160814SsimonSSL_SESSION *SSL_get_session(const SSL *ssl); 196759191SkrisSSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ 1968160814SsimonSSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); 1969194206SsimonSSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); 1970109998Smarkmvoid SSL_set_info_callback(SSL *ssl, 1971109998Smarkm void (*cb)(const SSL *ssl,int type,int val)); 1972160814Ssimonvoid (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); 1973160814Ssimonint SSL_state(const SSL *ssl); 1974238405Sjkimvoid SSL_set_state(SSL *ssl, int state); 197555714Skris 197655714Skrisvoid SSL_set_verify_result(SSL *ssl,long v); 1977160814Ssimonlong SSL_get_verify_result(const SSL *ssl); 197855714Skris 197955714Skrisint SSL_set_ex_data(SSL *ssl,int idx,void *data); 1980160814Ssimonvoid *SSL_get_ex_data(const SSL *ssl,int idx); 198159191Skrisint SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 198259191Skris CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 198355714Skris 198455714Skrisint SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); 1985160814Ssimonvoid *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); 198659191Skrisint SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 198759191Skris CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 198855714Skris 198955714Skrisint SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); 1990160814Ssimonvoid *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); 199159191Skrisint SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 199259191Skris CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 199355714Skris 199455714Skrisint SSL_get_ex_data_X509_STORE_CTX_idx(void ); 199555714Skris 199655714Skris#define SSL_CTX_sess_set_cache_size(ctx,t) \ 199755714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) 199855714Skris#define SSL_CTX_sess_get_cache_size(ctx) \ 199955714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) 200055714Skris#define SSL_CTX_set_session_cache_mode(ctx,m) \ 200155714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) 200255714Skris#define SSL_CTX_get_session_cache_mode(ctx) \ 200355714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) 200455714Skris 200555714Skris#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) 200655714Skris#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) 200755714Skris#define SSL_CTX_get_read_ahead(ctx) \ 200855714Skris SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) 200955714Skris#define SSL_CTX_set_read_ahead(ctx,m) \ 201072613Skris SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) 2011109998Smarkm#define SSL_CTX_get_max_cert_list(ctx) \ 2012109998Smarkm SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 2013109998Smarkm#define SSL_CTX_set_max_cert_list(ctx,m) \ 2014109998Smarkm SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 2015109998Smarkm#define SSL_get_max_cert_list(ssl) \ 2016109998Smarkm SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 2017109998Smarkm#define SSL_set_max_cert_list(ssl,m) \ 2018109998Smarkm SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 201955714Skris 2020238405Sjkim#define SSL_CTX_set_max_send_fragment(ctx,m) \ 2021238405Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 2022238405Sjkim#define SSL_set_max_send_fragment(ssl,m) \ 2023238405Sjkim SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 2024238405Sjkim 202555714Skris /* NB: the keylength is only applicable when is_export is true */ 2026109998Smarkm#ifndef OPENSSL_NO_RSA 202755714Skrisvoid SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, 202855714Skris RSA *(*cb)(SSL *ssl,int is_export, 202955714Skris int keylength)); 203055714Skris 203155714Skrisvoid SSL_set_tmp_rsa_callback(SSL *ssl, 203255714Skris RSA *(*cb)(SSL *ssl,int is_export, 203355714Skris int keylength)); 203455714Skris#endif 2035109998Smarkm#ifndef OPENSSL_NO_DH 203655714Skrisvoid SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 203755714Skris DH *(*dh)(SSL *ssl,int is_export, 203855714Skris int keylength)); 203955714Skrisvoid SSL_set_tmp_dh_callback(SSL *ssl, 204055714Skris DH *(*dh)(SSL *ssl,int is_export, 204155714Skris int keylength)); 204255714Skris#endif 2043160814Ssimon#ifndef OPENSSL_NO_ECDH 2044160814Ssimonvoid SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, 2045160814Ssimon EC_KEY *(*ecdh)(SSL *ssl,int is_export, 2046160814Ssimon int keylength)); 2047160814Ssimonvoid SSL_set_tmp_ecdh_callback(SSL *ssl, 2048160814Ssimon EC_KEY *(*ecdh)(SSL *ssl,int is_export, 2049160814Ssimon int keylength)); 2050160814Ssimon#endif 205155714Skris 2052109998Smarkm#ifndef OPENSSL_NO_COMP 2053160814Ssimonconst COMP_METHOD *SSL_get_current_compression(SSL *s); 2054160814Ssimonconst COMP_METHOD *SSL_get_current_expansion(SSL *s); 2055160814Ssimonconst char *SSL_COMP_get_name(const COMP_METHOD *comp); 2056160814SsimonSTACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 205755714Skrisint SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); 205855714Skris#else 2059160814Ssimonconst void *SSL_get_current_compression(SSL *s); 2060160814Ssimonconst void *SSL_get_current_expansion(SSL *s); 2061160814Ssimonconst char *SSL_COMP_get_name(const void *comp); 2062160814Ssimonvoid *SSL_COMP_get_compression_methods(void); 2063160814Ssimonint SSL_COMP_add_compression_method(int id,void *cm); 206455714Skris#endif 206555714Skris 2066238405Sjkim/* TLS extensions functions */ 2067238405Sjkimint SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); 2068238405Sjkim 2069238405Sjkimint SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 2070238405Sjkim void *arg); 2071238405Sjkim 2072238405Sjkim/* Pre-shared secret session resumption functions */ 2073238405Sjkimint SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); 2074238405Sjkim 2075238405Sjkimvoid SSL_set_debug(SSL *s, int debug); 2076238405Sjkimint SSL_cache_hit(SSL *s); 2077238405Sjkim 2078279264Sdelphij#ifndef OPENSSL_NO_UNIT_TEST 2079279264Sdelphijconst struct openssl_ssl_test_functions *SSL_test_functions(void); 2080279264Sdelphij#endif 2081279264Sdelphij 208255714Skris/* BEGIN ERROR CODES */ 208355714Skris/* The following lines are auto generated by the script mkerr.pl. Any changes 208455714Skris * made after this point may be overwritten when the script is next run. 208555714Skris */ 208676866Skrisvoid ERR_load_SSL_strings(void); 208755714Skris 208855714Skris/* Error codes for the SSL functions. */ 208955714Skris 209055714Skris/* Function codes. */ 209155714Skris#define SSL_F_CLIENT_CERTIFICATE 100 2092160814Ssimon#define SSL_F_CLIENT_FINISHED 167 209355714Skris#define SSL_F_CLIENT_HELLO 101 209455714Skris#define SSL_F_CLIENT_MASTER_KEY 102 209555714Skris#define SSL_F_D2I_SSL_SESSION 103 2096160814Ssimon#define SSL_F_DO_DTLS1_WRITE 245 209755714Skris#define SSL_F_DO_SSL3_WRITE 104 2098160814Ssimon#define SSL_F_DTLS1_ACCEPT 246 2099238405Sjkim#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 2100160814Ssimon#define SSL_F_DTLS1_BUFFER_RECORD 247 2101238405Sjkim#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 2102160814Ssimon#define SSL_F_DTLS1_CLIENT_HELLO 248 2103160814Ssimon#define SSL_F_DTLS1_CONNECT 249 2104160814Ssimon#define SSL_F_DTLS1_ENC 250 2105160814Ssimon#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 2106160814Ssimon#define SSL_F_DTLS1_GET_MESSAGE 252 2107160814Ssimon#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 2108160814Ssimon#define SSL_F_DTLS1_GET_RECORD 254 2109238405Sjkim#define SSL_F_DTLS1_HANDLE_TIMEOUT 297 2110238405Sjkim#define SSL_F_DTLS1_HEARTBEAT 305 2111160814Ssimon#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 2112238405Sjkim#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 2113160814Ssimon#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 2114160814Ssimon#define SSL_F_DTLS1_PROCESS_RECORD 257 2115160814Ssimon#define SSL_F_DTLS1_READ_BYTES 258 2116160814Ssimon#define SSL_F_DTLS1_READ_FAILED 259 2117160814Ssimon#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 2118160814Ssimon#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 2119160814Ssimon#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 2120160814Ssimon#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 2121160814Ssimon#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 2122160814Ssimon#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 2123160814Ssimon#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 2124160814Ssimon#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 2125160814Ssimon#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 212655714Skris#define SSL_F_GET_CLIENT_FINISHED 105 212755714Skris#define SSL_F_GET_CLIENT_HELLO 106 212855714Skris#define SSL_F_GET_CLIENT_MASTER_KEY 107 212955714Skris#define SSL_F_GET_SERVER_FINISHED 108 213055714Skris#define SSL_F_GET_SERVER_HELLO 109 213155714Skris#define SSL_F_GET_SERVER_VERIFY 110 213255714Skris#define SSL_F_I2D_SSL_SESSION 111 213355714Skris#define SSL_F_READ_N 112 213455714Skris#define SSL_F_REQUEST_CERTIFICATE 113 2135101615Snectar#define SSL_F_SERVER_FINISH 239 213655714Skris#define SSL_F_SERVER_HELLO 114 2137101615Snectar#define SSL_F_SERVER_VERIFY 240 213855714Skris#define SSL_F_SSL23_ACCEPT 115 213955714Skris#define SSL_F_SSL23_CLIENT_HELLO 116 214055714Skris#define SSL_F_SSL23_CONNECT 117 214155714Skris#define SSL_F_SSL23_GET_CLIENT_HELLO 118 214255714Skris#define SSL_F_SSL23_GET_SERVER_HELLO 119 214376866Skris#define SSL_F_SSL23_PEEK 237 214455714Skris#define SSL_F_SSL23_READ 120 214555714Skris#define SSL_F_SSL23_WRITE 121 214655714Skris#define SSL_F_SSL2_ACCEPT 122 214755714Skris#define SSL_F_SSL2_CONNECT 123 214855714Skris#define SSL_F_SSL2_ENC_INIT 124 2149101615Snectar#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 215072613Skris#define SSL_F_SSL2_PEEK 234 215155714Skris#define SSL_F_SSL2_READ 125 215272613Skris#define SSL_F_SSL2_READ_INTERNAL 236 215355714Skris#define SSL_F_SSL2_SET_CERTIFICATE 126 215455714Skris#define SSL_F_SSL2_WRITE 127 215555714Skris#define SSL_F_SSL3_ACCEPT 128 2156238405Sjkim#define SSL_F_SSL3_ADD_CERT_TO_BUF 296 215759191Skris#define SSL_F_SSL3_CALLBACK_CTRL 233 215855714Skris#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 215955714Skris#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 2160238405Sjkim#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 216155714Skris#define SSL_F_SSL3_CLIENT_HELLO 131 216255714Skris#define SSL_F_SSL3_CONNECT 132 216355714Skris#define SSL_F_SSL3_CTRL 213 216455714Skris#define SSL_F_SSL3_CTX_CTRL 133 2165238405Sjkim#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 2166238405Sjkim#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 216755714Skris#define SSL_F_SSL3_ENC 134 2168109998Smarkm#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 216955714Skris#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 2170238405Sjkim#define SSL_F_SSL3_GET_CERT_STATUS 289 217155714Skris#define SSL_F_SSL3_GET_CERT_VERIFY 136 217255714Skris#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 217355714Skris#define SSL_F_SSL3_GET_CLIENT_HELLO 138 217455714Skris#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 217555714Skris#define SSL_F_SSL3_GET_FINISHED 140 217655714Skris#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 217755714Skris#define SSL_F_SSL3_GET_MESSAGE 142 2178194206Ssimon#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 2179238405Sjkim#define SSL_F_SSL3_GET_NEXT_PROTO 306 218055714Skris#define SSL_F_SSL3_GET_RECORD 143 218155714Skris#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 218255714Skris#define SSL_F_SSL3_GET_SERVER_DONE 145 218355714Skris#define SSL_F_SSL3_GET_SERVER_HELLO 146 2184238405Sjkim#define SSL_F_SSL3_HANDSHAKE_MAC 285 2185238405Sjkim#define SSL_F_SSL3_NEW_SESSION_TICKET 287 218655714Skris#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 218772613Skris#define SSL_F_SSL3_PEEK 235 218855714Skris#define SSL_F_SSL3_READ_BYTES 148 218955714Skris#define SSL_F_SSL3_READ_N 149 219055714Skris#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 219155714Skris#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 219255714Skris#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 219355714Skris#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 219455714Skris#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 2195101615Snectar#define SSL_F_SSL3_SEND_SERVER_HELLO 242 219655714Skris#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 219755714Skris#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 2198238405Sjkim#define SSL_F_SSL3_SETUP_READ_BUFFER 156 2199238405Sjkim#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 220055714Skris#define SSL_F_SSL3_WRITE_BYTES 158 220155714Skris#define SSL_F_SSL3_WRITE_PENDING 159 2202238405Sjkim#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 2203238405Sjkim#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 2204238405Sjkim#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 220555714Skris#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 220655714Skris#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 2207238405Sjkim#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 2208238405Sjkim#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 2209238405Sjkim#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 221055714Skris#define SSL_F_SSL_BAD_METHOD 160 221155714Skris#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 221255714Skris#define SSL_F_SSL_CERT_DUP 221 221355714Skris#define SSL_F_SSL_CERT_INST 222 221455714Skris#define SSL_F_SSL_CERT_INSTANTIATE 214 221555714Skris#define SSL_F_SSL_CERT_NEW 162 221655714Skris#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 2217238405Sjkim#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 2218238405Sjkim#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 221959191Skris#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 222059191Skris#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 222155714Skris#define SSL_F_SSL_CLEAR 164 222255714Skris#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 222355714Skris#define SSL_F_SSL_CREATE_CIPHER_LIST 166 222459191Skris#define SSL_F_SSL_CTRL 232 222555714Skris#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 2226238405Sjkim#define SSL_F_SSL_CTX_MAKE_PROFILES 309 222755714Skris#define SSL_F_SSL_CTX_NEW 169 2228160814Ssimon#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 2229238405Sjkim#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 223059191Skris#define SSL_F_SSL_CTX_SET_PURPOSE 226 223155714Skris#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 223255714Skris#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 223359191Skris#define SSL_F_SSL_CTX_SET_TRUST 229 223455714Skris#define SSL_F_SSL_CTX_USE_CERTIFICATE 171 223555714Skris#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 223655714Skris#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 223755714Skris#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 223855714Skris#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 223955714Skris#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 224055714Skris#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 2241238405Sjkim#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 224255714Skris#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 224355714Skris#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 224455714Skris#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 224555714Skris#define SSL_F_SSL_DO_HANDSHAKE 180 224655714Skris#define SSL_F_SSL_GET_NEW_SESSION 181 224755714Skris#define SSL_F_SSL_GET_PREV_SESSION 217 224855714Skris#define SSL_F_SSL_GET_SERVER_SEND_CERT 182 2249246772Sjkim#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 225055714Skris#define SSL_F_SSL_GET_SIGN_PKEY 183 225155714Skris#define SSL_F_SSL_INIT_WBIO_BUFFER 184 225255714Skris#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 225355714Skris#define SSL_F_SSL_NEW 186 2254238405Sjkim#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 2255238405Sjkim#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 2256238405Sjkim#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 2257238405Sjkim#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 2258238405Sjkim#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 2259238405Sjkim#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 2260160814Ssimon#define SSL_F_SSL_PEEK 270 2261238405Sjkim#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 2262238405Sjkim#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 226355714Skris#define SSL_F_SSL_READ 223 226455714Skris#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 226555714Skris#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 226655714Skris#define SSL_F_SSL_SESSION_NEW 189 226755714Skris#define SSL_F_SSL_SESSION_PRINT_FP 190 2268238405Sjkim#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 226955714Skris#define SSL_F_SSL_SESS_CERT_NEW 225 227055714Skris#define SSL_F_SSL_SET_CERT 191 2271160814Ssimon#define SSL_F_SSL_SET_CIPHER_LIST 271 227255714Skris#define SSL_F_SSL_SET_FD 192 227355714Skris#define SSL_F_SSL_SET_PKEY 193 227459191Skris#define SSL_F_SSL_SET_PURPOSE 227 227555714Skris#define SSL_F_SSL_SET_RFD 194 227655714Skris#define SSL_F_SSL_SET_SESSION 195 227755714Skris#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 2278238405Sjkim#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 227959191Skris#define SSL_F_SSL_SET_TRUST 228 228055714Skris#define SSL_F_SSL_SET_WFD 196 228155714Skris#define SSL_F_SSL_SHUTDOWN 224 2282238405Sjkim#define SSL_F_SSL_SRP_CTX_INIT 313 2283160814Ssimon#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 228455714Skris#define SSL_F_SSL_UNDEFINED_FUNCTION 197 2285160814Ssimon#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 228655714Skris#define SSL_F_SSL_USE_CERTIFICATE 198 228755714Skris#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 228855714Skris#define SSL_F_SSL_USE_CERTIFICATE_FILE 200 228955714Skris#define SSL_F_SSL_USE_PRIVATEKEY 201 229055714Skris#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 229155714Skris#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 2292238405Sjkim#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 229355714Skris#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 229455714Skris#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 229555714Skris#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 229655714Skris#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 229755714Skris#define SSL_F_SSL_WRITE 208 2298238405Sjkim#define SSL_F_TLS1_CERT_VERIFY_MAC 286 229955714Skris#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 2300238405Sjkim#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 230155714Skris#define SSL_F_TLS1_ENC 210 2302238405Sjkim#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 2303238405Sjkim#define SSL_F_TLS1_HEARTBEAT 315 2304238405Sjkim#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 2305238405Sjkim#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 2306238405Sjkim#define SSL_F_TLS1_PRF 284 230755714Skris#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 230855714Skris#define SSL_F_WRITE_PENDING 212 230955714Skris 231055714Skris/* Reason codes. */ 231155714Skris#define SSL_R_APP_DATA_IN_HANDSHAKE 100 231255714Skris#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 231355714Skris#define SSL_R_BAD_ALERT_RECORD 101 231455714Skris#define SSL_R_BAD_AUTHENTICATION_TYPE 102 231555714Skris#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 231655714Skris#define SSL_R_BAD_CHECKSUM 104 231755714Skris#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 231855714Skris#define SSL_R_BAD_DECOMPRESSION 107 231955714Skris#define SSL_R_BAD_DH_G_LENGTH 108 232055714Skris#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 232155714Skris#define SSL_R_BAD_DH_P_LENGTH 110 232255714Skris#define SSL_R_BAD_DIGEST_LENGTH 111 232355714Skris#define SSL_R_BAD_DSA_SIGNATURE 112 2324160814Ssimon#define SSL_R_BAD_ECC_CERT 304 2325160814Ssimon#define SSL_R_BAD_ECDSA_SIGNATURE 305 2326160814Ssimon#define SSL_R_BAD_ECPOINT 306 2327238405Sjkim#define SSL_R_BAD_HANDSHAKE_LENGTH 332 232859191Skris#define SSL_R_BAD_HELLO_REQUEST 105 232955714Skris#define SSL_R_BAD_LENGTH 271 233055714Skris#define SSL_R_BAD_MAC_DECODE 113 2331238405Sjkim#define SSL_R_BAD_MAC_LENGTH 333 233255714Skris#define SSL_R_BAD_MESSAGE_TYPE 114 233355714Skris#define SSL_R_BAD_PACKET_LENGTH 115 233455714Skris#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 2335238405Sjkim#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 233655714Skris#define SSL_R_BAD_RESPONSE_ARGUMENT 117 233755714Skris#define SSL_R_BAD_RSA_DECRYPT 118 233855714Skris#define SSL_R_BAD_RSA_ENCRYPT 119 233955714Skris#define SSL_R_BAD_RSA_E_LENGTH 120 234055714Skris#define SSL_R_BAD_RSA_MODULUS_LENGTH 121 234155714Skris#define SSL_R_BAD_RSA_SIGNATURE 122 234255714Skris#define SSL_R_BAD_SIGNATURE 123 2343238405Sjkim#define SSL_R_BAD_SRP_A_LENGTH 347 2344238405Sjkim#define SSL_R_BAD_SRP_B_LENGTH 348 2345238405Sjkim#define SSL_R_BAD_SRP_G_LENGTH 349 2346238405Sjkim#define SSL_R_BAD_SRP_N_LENGTH 350 2347271304Sdelphij#define SSL_R_BAD_SRP_PARAMETERS 371 2348238405Sjkim#define SSL_R_BAD_SRP_S_LENGTH 351 2349238405Sjkim#define SSL_R_BAD_SRTP_MKI_VALUE 352 2350238405Sjkim#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 235155714Skris#define SSL_R_BAD_SSL_FILETYPE 124 235255714Skris#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 235355714Skris#define SSL_R_BAD_STATE 126 235455714Skris#define SSL_R_BAD_WRITE_RETRY 127 235555714Skris#define SSL_R_BIO_NOT_SET 128 235655714Skris#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 235755714Skris#define SSL_R_BN_LIB 130 235855714Skris#define SSL_R_CA_DN_LENGTH_MISMATCH 131 235955714Skris#define SSL_R_CA_DN_TOO_LONG 132 236055714Skris#define SSL_R_CCS_RECEIVED_EARLY 133 236155714Skris#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 236255714Skris#define SSL_R_CERT_LENGTH_MISMATCH 135 236355714Skris#define SSL_R_CHALLENGE_IS_DIFFERENT 136 236455714Skris#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 236555714Skris#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 236655714Skris#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 2367238405Sjkim#define SSL_R_CLIENTHELLO_TLSEXT 226 236855714Skris#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 2369238405Sjkim#define SSL_R_COMPRESSION_DISABLED 343 237055714Skris#define SSL_R_COMPRESSION_FAILURE 141 2371160814Ssimon#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 237255714Skris#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 237355714Skris#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 237455714Skris#define SSL_R_CONNECTION_TYPE_NOT_SET 144 2375160814Ssimon#define SSL_R_COOKIE_MISMATCH 308 237655714Skris#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 237755714Skris#define SSL_R_DATA_LENGTH_TOO_LONG 146 237855714Skris#define SSL_R_DECRYPTION_FAILED 147 2379160814Ssimon#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 238055714Skris#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 238155714Skris#define SSL_R_DIGEST_CHECK_FAILED 149 2382238405Sjkim#define SSL_R_DTLS_MESSAGE_TOO_BIG 334 2383160814Ssimon#define SSL_R_DUPLICATE_COMPRESSION_ID 309 2384238405Sjkim#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 2385238405Sjkim#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 2386238405Sjkim#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 2387238405Sjkim#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 2388160814Ssimon#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 2389238405Sjkim#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 239055714Skris#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 2391160814Ssimon#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 239255714Skris#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 239355714Skris#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 239455714Skris#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 239555714Skris#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 2396238405Sjkim#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 2397238405Sjkim#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 239855714Skris#define SSL_R_HTTPS_PROXY_REQUEST 155 239955714Skris#define SSL_R_HTTP_REQUEST 156 2400160814Ssimon#define SSL_R_ILLEGAL_PADDING 283 2401273415Sdelphij#define SSL_R_INAPPROPRIATE_FALLBACK 373 2402238405Sjkim#define SSL_R_INCONSISTENT_COMPRESSION 340 240355714Skris#define SSL_R_INVALID_CHALLENGE_LENGTH 158 240459191Skris#define SSL_R_INVALID_COMMAND 280 2405238405Sjkim#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 240659191Skris#define SSL_R_INVALID_PURPOSE 278 2407238405Sjkim#define SSL_R_INVALID_SRP_USERNAME 357 2408238405Sjkim#define SSL_R_INVALID_STATUS_RESPONSE 328 2409238405Sjkim#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 241059191Skris#define SSL_R_INVALID_TRUST 279 2411160814Ssimon#define SSL_R_KEY_ARG_TOO_LONG 284 2412160814Ssimon#define SSL_R_KRB5 285 2413160814Ssimon#define SSL_R_KRB5_C_CC_PRINC 286 2414160814Ssimon#define SSL_R_KRB5_C_GET_CRED 287 2415160814Ssimon#define SSL_R_KRB5_C_INIT 288 2416160814Ssimon#define SSL_R_KRB5_C_MK_REQ 289 2417160814Ssimon#define SSL_R_KRB5_S_BAD_TICKET 290 2418160814Ssimon#define SSL_R_KRB5_S_INIT 291 2419160814Ssimon#define SSL_R_KRB5_S_RD_REQ 292 2420160814Ssimon#define SSL_R_KRB5_S_TKT_EXPIRED 293 2421160814Ssimon#define SSL_R_KRB5_S_TKT_NYV 294 2422160814Ssimon#define SSL_R_KRB5_S_TKT_SKEW 295 242355714Skris#define SSL_R_LENGTH_MISMATCH 159 242455714Skris#define SSL_R_LENGTH_TOO_SHORT 160 242555714Skris#define SSL_R_LIBRARY_BUG 274 242655714Skris#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 2427160814Ssimon#define SSL_R_MESSAGE_TOO_LONG 296 242855714Skris#define SSL_R_MISSING_DH_DSA_CERT 162 242955714Skris#define SSL_R_MISSING_DH_KEY 163 243055714Skris#define SSL_R_MISSING_DH_RSA_CERT 164 243155714Skris#define SSL_R_MISSING_DSA_SIGNING_CERT 165 243255714Skris#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 243355714Skris#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 243455714Skris#define SSL_R_MISSING_RSA_CERTIFICATE 168 243555714Skris#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 243655714Skris#define SSL_R_MISSING_RSA_SIGNING_CERT 170 2437238405Sjkim#define SSL_R_MISSING_SRP_PARAM 358 243855714Skris#define SSL_R_MISSING_TMP_DH_KEY 171 2439160814Ssimon#define SSL_R_MISSING_TMP_ECDH_KEY 311 244055714Skris#define SSL_R_MISSING_TMP_RSA_KEY 172 244155714Skris#define SSL_R_MISSING_TMP_RSA_PKEY 173 244255714Skris#define SSL_R_MISSING_VERIFY_MESSAGE 174 2443238405Sjkim#define SSL_R_MULTIPLE_SGC_RESTARTS 346 244455714Skris#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 244555714Skris#define SSL_R_NO_CERTIFICATES_RETURNED 176 244655714Skris#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 244755714Skris#define SSL_R_NO_CERTIFICATE_RETURNED 178 244855714Skris#define SSL_R_NO_CERTIFICATE_SET 179 244955714Skris#define SSL_R_NO_CERTIFICATE_SPECIFIED 180 245055714Skris#define SSL_R_NO_CIPHERS_AVAILABLE 181 245155714Skris#define SSL_R_NO_CIPHERS_PASSED 182 245255714Skris#define SSL_R_NO_CIPHERS_SPECIFIED 183 245355714Skris#define SSL_R_NO_CIPHER_LIST 184 245455714Skris#define SSL_R_NO_CIPHER_MATCH 185 2455238405Sjkim#define SSL_R_NO_CLIENT_CERT_METHOD 331 245655714Skris#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 245755714Skris#define SSL_R_NO_COMPRESSION_SPECIFIED 187 2458238405Sjkim#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 245955714Skris#define SSL_R_NO_METHOD_SPECIFIED 188 246055714Skris#define SSL_R_NO_PRIVATEKEY 189 246155714Skris#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 246255714Skris#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 246355714Skris#define SSL_R_NO_PUBLICKEY 192 2464238405Sjkim#define SSL_R_NO_RENEGOTIATION 339 2465238405Sjkim#define SSL_R_NO_REQUIRED_DIGEST 324 246655714Skris#define SSL_R_NO_SHARED_CIPHER 193 2467238405Sjkim#define SSL_R_NO_SRTP_PROFILES 359 246855714Skris#define SSL_R_NO_VERIFY_CALLBACK 194 246955714Skris#define SSL_R_NULL_SSL_CTX 195 247055714Skris#define SSL_R_NULL_SSL_METHOD_PASSED 196 247155714Skris#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 2472238405Sjkim#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 2473160814Ssimon#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 2474238405Sjkim#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 247555714Skris#define SSL_R_PACKET_LENGTH_TOO_LONG 198 2476238405Sjkim#define SSL_R_PARSE_TLSEXT 227 247755714Skris#define SSL_R_PATH_TOO_LONG 270 247855714Skris#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 247955714Skris#define SSL_R_PEER_ERROR 200 248055714Skris#define SSL_R_PEER_ERROR_CERTIFICATE 201 248155714Skris#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 248255714Skris#define SSL_R_PEER_ERROR_NO_CIPHER 203 248355714Skris#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 248455714Skris#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 248555714Skris#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 248655714Skris#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 2487238405Sjkim#define SSL_R_PSK_IDENTITY_NOT_FOUND 223 2488238405Sjkim#define SSL_R_PSK_NO_CLIENT_CB 224 2489238405Sjkim#define SSL_R_PSK_NO_SERVER_CB 225 249055714Skris#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 249155714Skris#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 249255714Skris#define SSL_R_PUBLIC_KEY_NOT_RSA 210 249355714Skris#define SSL_R_READ_BIO_NOT_SET 211 2494160814Ssimon#define SSL_R_READ_TIMEOUT_EXPIRED 312 249555714Skris#define SSL_R_READ_WRONG_PACKET_TYPE 212 249655714Skris#define SSL_R_RECORD_LENGTH_MISMATCH 213 249755714Skris#define SSL_R_RECORD_TOO_LARGE 214 2498160814Ssimon#define SSL_R_RECORD_TOO_SMALL 298 2499238405Sjkim#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 2500238405Sjkim#define SSL_R_RENEGOTIATION_ENCODING_ERR 336 2501238405Sjkim#define SSL_R_RENEGOTIATION_MISMATCH 337 250255714Skris#define SSL_R_REQUIRED_CIPHER_MISSING 215 2503238405Sjkim#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 250455714Skris#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 250555714Skris#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 250655714Skris#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 2507238405Sjkim#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 2508238405Sjkim#define SSL_R_SERVERHELLO_TLSEXT 275 250955714Skris#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 251055714Skris#define SSL_R_SHORT_READ 219 2511238405Sjkim#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 251255714Skris#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 2513238405Sjkim#define SSL_R_SRP_A_CALC 361 2514238405Sjkim#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 2515238405Sjkim#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 2516238405Sjkim#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 251755714Skris#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 2518160814Ssimon#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 2519238405Sjkim#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 2520238405Sjkim#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 2521238405Sjkim#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 2522160814Ssimon#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 252355714Skris#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 252455714Skris#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 252555714Skris#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 252655714Skris#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 252755714Skris#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 252855714Skris#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 252955714Skris#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 253055714Skris#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 253155714Skris#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 253255714Skris#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 253355714Skris#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 253455714Skris#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 253555714Skris#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 253655714Skris#define SSL_R_SSL_HANDSHAKE_FAILURE 229 253755714Skris#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 2538160814Ssimon#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 2539160814Ssimon#define SSL_R_SSL_SESSION_ID_CONFLICT 302 254055714Skris#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 2541160814Ssimon#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 254255714Skris#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 254355714Skris#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 254455714Skris#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 254555714Skris#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 254655714Skris#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 254759191Skris#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 2548273415Sdelphij#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 254955714Skris#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 255055714Skris#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 255155714Skris#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 255255714Skris#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 255355714Skris#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 255455714Skris#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 255559191Skris#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 2556238405Sjkim#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 2557238405Sjkim#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 2558238405Sjkim#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 2559238405Sjkim#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 2560238405Sjkim#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 256155714Skris#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 2562238405Sjkim#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 2563238405Sjkim#define SSL_R_TLS_HEARTBEAT_PENDING 366 2564238405Sjkim#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 2565238405Sjkim#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 256655714Skris#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 256755714Skris#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 256855714Skris#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 256955714Skris#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 2570160814Ssimon#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 257155714Skris#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 257255714Skris#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 2573160814Ssimon#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 257455714Skris#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 257555714Skris#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 257655714Skris#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 257755714Skris#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 257855714Skris#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 257955714Skris#define SSL_R_UNEXPECTED_MESSAGE 244 258055714Skris#define SSL_R_UNEXPECTED_RECORD 245 258155714Skris#define SSL_R_UNINITIALIZED 276 258255714Skris#define SSL_R_UNKNOWN_ALERT_TYPE 246 258355714Skris#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 258455714Skris#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 258555714Skris#define SSL_R_UNKNOWN_CIPHER_TYPE 249 2586238405Sjkim#define SSL_R_UNKNOWN_DIGEST 368 258755714Skris#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 258855714Skris#define SSL_R_UNKNOWN_PKEY_TYPE 251 258955714Skris#define SSL_R_UNKNOWN_PROTOCOL 252 259055714Skris#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 259155714Skris#define SSL_R_UNKNOWN_SSL_VERSION 254 259255714Skris#define SSL_R_UNKNOWN_STATE 255 2593238405Sjkim#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 259455714Skris#define SSL_R_UNSUPPORTED_CIPHER 256 259555714Skris#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 2596238405Sjkim#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 2597160814Ssimon#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 259855714Skris#define SSL_R_UNSUPPORTED_PROTOCOL 258 259955714Skris#define SSL_R_UNSUPPORTED_SSL_VERSION 259 2600194206Ssimon#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 2601238405Sjkim#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 260255714Skris#define SSL_R_WRITE_BIO_NOT_SET 260 260355714Skris#define SSL_R_WRONG_CIPHER_RETURNED 261 260455714Skris#define SSL_R_WRONG_MESSAGE_TYPE 262 260555714Skris#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 260655714Skris#define SSL_R_WRONG_SIGNATURE_LENGTH 264 260755714Skris#define SSL_R_WRONG_SIGNATURE_SIZE 265 2608238405Sjkim#define SSL_R_WRONG_SIGNATURE_TYPE 370 260955714Skris#define SSL_R_WRONG_SSL_VERSION 266 261055714Skris#define SSL_R_WRONG_VERSION_NUMBER 267 261155714Skris#define SSL_R_X509_LIB 268 261255714Skris#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 261355714Skris 261455714Skris#ifdef __cplusplus 261555714Skris} 261655714Skris#endif 261755714Skris#endif 2618