ssl.h revision fad6327e4112082b1e77e89a995723f26bd5a9aa
1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] 56 */ 57/* ==================================================================== 58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 59 * 60 * Redistribution and use in source and binary forms, with or without 61 * modification, are permitted provided that the following conditions 62 * are met: 63 * 64 * 1. Redistributions of source code must retain the above copyright 65 * notice, this list of conditions and the following disclaimer. 66 * 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in 69 * the documentation and/or other materials provided with the 70 * distribution. 71 * 72 * 3. All advertising materials mentioning features or use of this 73 * software must display the following acknowledgment: 74 * "This product includes software developed by the OpenSSL Project 75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 76 * 77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 78 * endorse or promote products derived from this software without 79 * prior written permission. For written permission, please contact 80 * openssl-core@openssl.org. 81 * 82 * 5. Products derived from this software may not be called "OpenSSL" 83 * nor may "OpenSSL" appear in their names without prior written 84 * permission of the OpenSSL Project. 85 * 86 * 6. Redistributions of any form whatsoever must retain the following 87 * acknowledgment: 88 * "This product includes software developed by the OpenSSL Project 89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 90 * 91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 102 * OF THE POSSIBILITY OF SUCH DAMAGE. 103 * ==================================================================== 104 * 105 * This product includes cryptographic software written by Eric Young 106 * (eay@cryptsoft.com). This product includes software written by Tim 107 * Hudson (tjh@cryptsoft.com). 108 * 109 */ 110/* ==================================================================== 111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * ECC cipher suite support in OpenSSL originally developed by 113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 */ 115/* ==================================================================== 116 * Copyright 2005 Nokia. All rights reserved. 117 * 118 * The portions of the attached software ("Contribution") is developed by 119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 120 * license. 121 * 122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 124 * support (see RFC 4279) to OpenSSL. 125 * 126 * No patent licenses or other rights except those expressly stated in 127 * the OpenSSL open source license shall be deemed granted or received 128 * expressly, by implication, estoppel, or otherwise. 129 * 130 * No assurances are provided by Nokia that the Contribution does not 131 * infringe the patent or other intellectual property rights of any third 132 * party or that the license provides you with all the necessary rights 133 * to make use of the Contribution. 134 * 135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 139 * OTHERWISE. 140 */ 141 142#ifndef OPENSSL_HEADER_SSL_H 143#define OPENSSL_HEADER_SSL_H 144 145#include <openssl/base.h> 146 147#include <openssl/bio.h> 148#include <openssl/buf.h> 149#include <openssl/hmac.h> 150#include <openssl/lhash.h> 151#include <openssl/pem.h> 152#include <openssl/ssl3.h> 153#include <openssl/thread.h> 154#include <openssl/tls1.h> 155#include <openssl/x509.h> 156 157#if !defined(OPENSSL_WINDOWS) 158#include <sys/time.h> 159#endif 160 161/* wpa_supplicant expects to get the version functions from ssl.h */ 162#include <openssl/crypto.h> 163 164/* Forward-declare struct timeval. On Windows, it is defined in winsock2.h and 165 * Windows headers define too many macros to be included in public headers. 166 * However, only a forward declaration is needed. */ 167struct timeval; 168 169#if defined(__cplusplus) 170extern "C" { 171#endif 172 173 174/* SSL implementation. */ 175 176 177/* SSL contexts. 178 * 179 * |SSL_CTX| objects manage shared state and configuration between multiple TLS 180 * or DTLS connections. Whether the connections are TLS or DTLS is selected by 181 * an |SSL_METHOD| on creation. 182 * 183 * |SSL_CTX| are reference-counted and may be shared by connections across 184 * multiple threads. Once shared, functions which change the |SSL_CTX|'s 185 * configuration may not be used. */ 186 187/* TLS_method is the |SSL_METHOD| used for TLS (and SSLv3) connections. */ 188OPENSSL_EXPORT const SSL_METHOD *TLS_method(void); 189 190/* DTLS_method is the |SSL_METHOD| used for DTLS connections. */ 191OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void); 192 193/* SSL_CTX_new returns a newly-allocated |SSL_CTX| with default settings or NULL 194 * on error. */ 195OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); 196 197/* SSL_CTX_free releases memory associated with |ctx|. */ 198OPENSSL_EXPORT void SSL_CTX_free(SSL_CTX *ctx); 199 200 201/* SSL connections. 202 * 203 * An |SSL| object represents a single TLS or DTLS connection. Although the 204 * shared |SSL_CTX| is thread-safe, an |SSL| is not thread-safe and may only be 205 * used on one thread at a time. */ 206 207/* SSL_new returns a newly-allocated |SSL| using |ctx| or NULL on error. The new 208 * connection inherits settings from |ctx| at the time of creation. Settings may 209 * also be individually configured on the connection. 210 * 211 * On creation, an |SSL| is not configured to be either a client or server. Call 212 * |SSL_set_connect_state| or |SSL_set_accept_state| to set this. */ 213OPENSSL_EXPORT SSL *SSL_new(SSL_CTX *ctx); 214 215/* SSL_free releases memory associated with |ssl|. */ 216OPENSSL_EXPORT void SSL_free(SSL *ssl); 217 218/* SSL_get_SSL_CTX returns the |SSL_CTX| associated with |ssl|. If 219 * |SSL_set_SSL_CTX| is called, it returns the new |SSL_CTX|, not the initial 220 * one. */ 221OPENSSL_EXPORT SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); 222 223/* SSL_set_connect_state configures |ssl| to be a client. */ 224OPENSSL_EXPORT void SSL_set_connect_state(SSL *ssl); 225 226/* SSL_set_accept_state configures |ssl| to be a server. */ 227OPENSSL_EXPORT void SSL_set_accept_state(SSL *ssl); 228 229/* SSL_is_server returns one if |ssl| is configured as a server and zero 230 * otherwise. */ 231OPENSSL_EXPORT int SSL_is_server(SSL *ssl); 232 233/* SSL_set_bio configures |ssl| to read from |rbio| and write to |wbio|. |ssl| 234 * takes ownership of the two |BIO|s. If |rbio| and |wbio| are the same, |ssl| 235 * only takes ownership of one reference. 236 * 237 * In DTLS, if |rbio| is blocking, it must handle 238 * |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| control requests to set read timeouts. 239 * 240 * Calling this function on an already-configured |ssl| is deprecated. */ 241OPENSSL_EXPORT void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); 242 243/* SSL_get_rbio returns the |BIO| that |ssl| reads from. */ 244OPENSSL_EXPORT BIO *SSL_get_rbio(const SSL *ssl); 245 246/* SSL_get_wbio returns the |BIO| that |ssl| writes to. */ 247OPENSSL_EXPORT BIO *SSL_get_wbio(const SSL *ssl); 248 249/* SSL_get_fd calls |SSL_get_rfd|. */ 250OPENSSL_EXPORT int SSL_get_fd(const SSL *ssl); 251 252/* SSL_get_rfd returns the file descriptor that |ssl| is configured to read 253 * from. If |ssl|'s read |BIO| is not configured or doesn't wrap a file 254 * descriptor then it returns -1. */ 255OPENSSL_EXPORT int SSL_get_rfd(const SSL *ssl); 256 257/* SSL_get_wfd returns the file descriptor that |ssl| is configured to write 258 * to. If |ssl|'s write |BIO| is not configured or doesn't wrap a file 259 * descriptor then it returns -1. */ 260OPENSSL_EXPORT int SSL_get_wfd(const SSL *ssl); 261 262/* SSL_set_fd configures |ssl| to read from and write to |fd|. It returns one 263 * on success and zero on allocation error. The caller retains ownership of 264 * |fd|. */ 265OPENSSL_EXPORT int SSL_set_fd(SSL *ssl, int fd); 266 267/* SSL_set_rfd configures |ssl| to read from |fd|. It returns one on success and 268 * zero on allocation error. The caller retains ownership of |fd|. */ 269OPENSSL_EXPORT int SSL_set_rfd(SSL *ssl, int fd); 270 271/* SSL_set_wfd configures |ssl| to write to |fd|. It returns one on success and 272 * zero on allocation error. The caller retains ownership of |fd|. */ 273OPENSSL_EXPORT int SSL_set_wfd(SSL *ssl, int fd); 274 275/* SSL_do_handshake continues the current handshake. If there is none or the 276 * handshake has completed or False Started, it returns one. Otherwise, it 277 * returns <= 0. The caller should pass the value into |SSL_get_error| to 278 * determine how to proceed. 279 * 280 * In DTLS, if the read |BIO| is non-blocking, the caller must drive 281 * retransmissions. Whenever |SSL_get_error| signals |SSL_ERROR_WANT_READ|, use 282 * |DTLSv1_get_timeout| to determine the current timeout. If it expires before 283 * the next retry, call |DTLSv1_handle_timeout|. Note that DTLS handshake 284 * retransmissions use fresh sequence numbers, so it is not sufficient to replay 285 * packets at the transport. 286 * 287 * TODO(davidben): Ensure 0 is only returned on transport EOF. 288 * https://crbug.com/466303. */ 289OPENSSL_EXPORT int SSL_do_handshake(SSL *ssl); 290 291/* SSL_connect configures |ssl| as a client, if unconfigured, and calls 292 * |SSL_do_handshake|. */ 293OPENSSL_EXPORT int SSL_connect(SSL *ssl); 294 295/* SSL_accept configures |ssl| as a server, if unconfigured, and calls 296 * |SSL_do_handshake|. */ 297OPENSSL_EXPORT int SSL_accept(SSL *ssl); 298 299/* SSL_read reads up to |num| bytes from |ssl| into |buf|. It implicitly runs 300 * any pending handshakes, including renegotiations when enabled. On success, it 301 * returns the number of bytes read. Otherwise, it returns <= 0. The caller 302 * should pass the value into |SSL_get_error| to determine how to proceed. 303 * 304 * TODO(davidben): Ensure 0 is only returned on transport EOF. 305 * https://crbug.com/466303. */ 306OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num); 307 308/* SSL_peek behaves like |SSL_read| but does not consume any bytes returned. */ 309OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num); 310 311/* SSL_pending returns the number of bytes available in |ssl|. It does not read 312 * from the transport. */ 313OPENSSL_EXPORT int SSL_pending(const SSL *ssl); 314 315/* SSL_write writes up to |num| bytes from |buf| into |ssl|. It implicitly runs 316 * any pending handshakes, including renegotiations when enabled. On success, it 317 * returns the number of bytes read. Otherwise, it returns <= 0. The caller 318 * should pass the value into |SSL_get_error| to determine how to proceed. 319 * 320 * In TLS, a non-blocking |SSL_write| differs from non-blocking |write| in that 321 * a failed |SSL_write| still commits to the data passed in. When retrying, the 322 * caller must supply the original write buffer (or a larger one containing the 323 * original as a prefix). By default, retries will fail if they also do not 324 * reuse the same |buf| pointer. This may be relaxed with 325 * |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, but the buffer contents still must be 326 * unchanged. 327 * 328 * By default, in TLS, |SSL_write| will not return success until all |num| bytes 329 * are written. This may be relaxed with |SSL_MODE_ENABLE_PARTIAL_WRITE|. It 330 * allows |SSL_write| to complete with a partial result when only part of the 331 * input was written in a single record. 332 * 333 * In DTLS, neither |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| and 334 * |SSL_MODE_ENABLE_PARTIAL_WRITE| do anything. The caller may retry with a 335 * different buffer freely. A single call to |SSL_write| only ever writes a 336 * single record in a single packet, so |num| must be at most 337 * |SSL3_RT_MAX_PLAIN_LENGTH|. 338 * 339 * TODO(davidben): Ensure 0 is only returned on transport EOF. 340 * https://crbug.com/466303. */ 341OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num); 342 343/* SSL_shutdown shuts down |ssl|. On success, it completes in two stages. First, 344 * it returns 0 if |ssl| completed uni-directional shutdown; close_notify has 345 * been sent, but the peer's close_notify has not been received. Most callers 346 * may stop at this point. For bi-directional shutdown, call |SSL_shutdown| 347 * again. It returns 1 if close_notify has been both sent and received. 348 * 349 * If the peer's close_notify arrived first, the first stage is skipped. 350 * |SSL_shutdown| will return 1 once close_notify is sent and skip 0. Callers 351 * only interested in uni-directional shutdown must therefore allow for the 352 * first stage returning either 0 or 1. 353 * 354 * |SSL_shutdown| returns -1 on failure. The caller should pass the return value 355 * into |SSL_get_error| to determine how to proceed. If the underlying |BIO| is 356 * non-blocking, both stages may require retry. 357 * 358 * |SSL_shutdown| must be called to retain |ssl|'s session in the session 359 * cache. Use |SSL_CTX_set_quiet_shutdown| to configure |SSL_shutdown| to 360 * neither send nor wait for close_notify but still retain the session. 361 * 362 * TODO(davidben): Is there any point in the session cache interaction? Remove 363 * it? */ 364OPENSSL_EXPORT int SSL_shutdown(SSL *ssl); 365 366/* SSL_CTX_set_quiet_shutdown sets quiet shutdown on |ctx| to |mode|. If 367 * enabled, |SSL_shutdown| will not send a close_notify alert or wait for one 368 * from the peer. It will instead synchronously return one. */ 369OPENSSL_EXPORT void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); 370 371/* SSL_CTX_get_quiet_shutdown returns whether quiet shutdown is enabled for 372 * |ctx|. */ 373OPENSSL_EXPORT int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); 374 375/* SSL_set_quiet_shutdown sets quiet shutdown on |ssl| to |mode|. If enabled, 376 * |SSL_shutdown| will not send a close_notify alert or wait for one from the 377 * peer. It will instead synchronously return one. */ 378OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode); 379 380/* SSL_get_quiet_shutdown returns whether quiet shutdown is enabled for 381 * |ssl|. */ 382OPENSSL_EXPORT int SSL_get_quiet_shutdown(const SSL *ssl); 383 384/* SSL_get_error returns a |SSL_ERROR_*| value for the most recent operation on 385 * |ssl|. It should be called after an operation failed to determine whether the 386 * error was fatal and, if not, when to retry. */ 387OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code); 388 389/* SSL_ERROR_NONE indicates the operation succeeded. */ 390#define SSL_ERROR_NONE 0 391 392/* SSL_ERROR_SSL indicates the operation failed within the library. The caller 393 * may inspect the error queue for more information. */ 394#define SSL_ERROR_SSL 1 395 396/* SSL_ERROR_WANT_READ indicates the operation failed attempting to read from 397 * the transport. The caller may retry the operation when the transport is ready 398 * for reading. 399 * 400 * If signaled by a DTLS handshake, the caller must also call 401 * |DTLSv1_get_timeout| and |DTLSv1_handle_timeout| as appropriate. See 402 * |SSL_do_handshake|. */ 403#define SSL_ERROR_WANT_READ 2 404 405/* SSL_ERROR_WANT_WRITE indicates the operation failed attempting to write to 406 * the transport. The caller may retry the operation when the transport is ready 407 * for writing. */ 408#define SSL_ERROR_WANT_WRITE 3 409 410/* SSL_ERROR_WANT_X509_LOOKUP indicates the operation failed in calling the 411 * |cert_cb| or |client_cert_cb|. The caller may retry the operation when the 412 * callback is ready to return a certificate or one has been configured 413 * externally. 414 * 415 * See also |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb|. */ 416#define SSL_ERROR_WANT_X509_LOOKUP 4 417 418/* SSL_ERROR_WANT_SYSCALL indicates the operation failed externally to the 419 * library. The caller should consult the system-specific error mechanism. This 420 * is typically |errno| but may be something custom if using a custom |BIO|. It 421 * may also be signaled if the transport returned EOF, in which case the 422 * operation's return value will be zero. */ 423#define SSL_ERROR_SYSCALL 5 424 425/* SSL_ERROR_ZERO_RETURN indicates the operation failed because the connection 426 * was cleanly shut down with a close_notify alert. */ 427#define SSL_ERROR_ZERO_RETURN 6 428 429/* SSL_ERROR_WANT_CONNECT indicates the operation failed attempting to connect 430 * the transport (the |BIO| signaled |BIO_RR_CONNECT|). The caller may retry the 431 * operation when the transport is ready. */ 432#define SSL_ERROR_WANT_CONNECT 7 433 434/* SSL_ERROR_WANT_ACCEPT indicates the operation failed attempting to accept a 435 * connection from the transport (the |BIO| signaled |BIO_RR_ACCEPT|). The 436 * caller may retry the operation when the transport is ready. 437 * 438 * TODO(davidben): Remove this. It's used by accept BIOs which are bizarre. */ 439#define SSL_ERROR_WANT_ACCEPT 8 440 441/* SSL_ERROR_WANT_CHANNEL_ID_LOOKUP indicates the operation failed looking up 442 * the Channel ID key. The caller may retry the operation when |channel_id_cb| 443 * is ready to return a key or one has been configured with 444 * |SSL_set1_tls_channel_id|. 445 * 446 * See also |SSL_CTX_set_channel_id_cb|. */ 447#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 448 449/* SSL_ERROR_PENDING_SESSION indicates the operation failed because the session 450 * lookup callback indicated the session was unavailable. The caller may retry 451 * the operation when lookup has completed. 452 * 453 * See also |SSL_CTX_sess_set_get_cb| and |SSL_magic_pending_session_ptr|. */ 454#define SSL_ERROR_PENDING_SESSION 11 455 456/* SSL_ERROR_PENDING_CERTIFICATE indicates the operation failed because the 457 * early callback indicated certificate lookup was incomplete. The caller may 458 * retry the operation when lookup has completed. Note: when the operation is 459 * retried, the early callback will not be called a second time. 460 * 461 * See also |SSL_CTX_set_select_certificate_cb|. */ 462#define SSL_ERROR_PENDING_CERTIFICATE 12 463 464/* SSL_ERROR_WANT_PRIVATE_KEY_OPERATION indicates the operation failed because 465 * a private key operation was unfinished. The caller may retry the operation 466 * when the private key operation is complete. 467 * 468 * See also |SSL_set_private_key_method|. */ 469#define SSL_ERROR_WANT_PRIVATE_KEY_OPERATION 13 470 471/* SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success 472 * and zero on failure. */ 473OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu); 474 475/* DTLSv1_get_timeout queries the next DTLS handshake timeout. If there is a 476 * timeout in progress, it sets |*out| to the time remaining and returns one. 477 * Otherwise, it returns zero. 478 * 479 * When the timeout expires, call |DTLSv1_handle_timeout| to handle the 480 * retransmit behavior. 481 * 482 * NOTE: This function must be queried again whenever the handshake state 483 * machine changes, including when |DTLSv1_handle_timeout| is called. */ 484OPENSSL_EXPORT int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out); 485 486/* DTLSv1_handle_timeout is called when a DTLS handshake timeout expires. If no 487 * timeout had expired, it returns 0. Otherwise, it retransmits the previous 488 * flight of handshake messages and returns 1. If too many timeouts had expired 489 * without progress or an error occurs, it returns -1. 490 * 491 * The caller's external timer should be compatible with the one |ssl| queries 492 * within some fudge factor. Otherwise, the call will be a no-op, but 493 * |DTLSv1_get_timeout| will return an updated timeout. 494 * 495 * If the function returns -1, checking if |SSL_get_error| returns 496 * |SSL_ERROR_WANT_WRITE| may be used to determine if the retransmit failed due 497 * to a non-fatal error at the write |BIO|. However, the operation may not be 498 * retried until the next timeout fires. 499 * 500 * WARNING: This function breaks the usual return value convention. 501 * 502 * TODO(davidben): This |SSL_ERROR_WANT_WRITE| behavior is kind of bizarre. */ 503OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl); 504 505 506/* Protocol versions. */ 507 508#define DTLS1_VERSION_MAJOR 0xfe 509#define SSL3_VERSION_MAJOR 0x03 510 511#define SSL3_VERSION 0x0300 512#define TLS1_VERSION 0x0301 513#define TLS1_1_VERSION 0x0302 514#define TLS1_2_VERSION 0x0303 515 516#define DTLS1_VERSION 0xfeff 517#define DTLS1_2_VERSION 0xfefd 518 519/* SSL_CTX_set_min_version sets the minimum protocol version for |ctx| to 520 * |version|. */ 521OPENSSL_EXPORT void SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version); 522 523/* SSL_CTX_set_max_version sets the maximum protocol version for |ctx| to 524 * |version|. */ 525OPENSSL_EXPORT void SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version); 526 527/* SSL_set_min_version sets the minimum protocol version for |ssl| to 528 * |version|. */ 529OPENSSL_EXPORT void SSL_set_min_version(SSL *ssl, uint16_t version); 530 531/* SSL_set_max_version sets the maximum protocol version for |ssl| to 532 * |version|. */ 533OPENSSL_EXPORT void SSL_set_max_version(SSL *ssl, uint16_t version); 534 535/* SSL_version returns the TLS or DTLS protocol version used by |ssl|, which is 536 * one of the |*_VERSION| values. (E.g. |TLS1_2_VERSION|.) Before the version 537 * is negotiated, the result is undefined. */ 538OPENSSL_EXPORT int SSL_version(const SSL *ssl); 539 540 541/* Options. 542 * 543 * Options configure protocol behavior. */ 544 545/* SSL_OP_LEGACY_SERVER_CONNECT allows initial connections to servers that don't 546 * support the renegotiation_info extension (RFC 5746). It is on by default. */ 547#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L 548 549/* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER allows for record sizes |SSL3_RT_MAX_EXTRA| 550 * bytes above the maximum record size. */ 551#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 552 553/* SSL_OP_TLS_D5_BUG accepts an RSAClientKeyExchange in TLS encoded as in SSL3 554 * (i.e. without a length prefix). */ 555#define SSL_OP_TLS_D5_BUG 0x00000100L 556 557/* SSL_OP_ALL enables the above bug workarounds that are enabled by many 558 * consumers. 559 * TODO(davidben): Determine which of the remaining may be removed now. */ 560#define SSL_OP_ALL 0x00000BFFL 561 562/* SSL_OP_NO_QUERY_MTU, in DTLS, disables querying the MTU from the underlying 563 * |BIO|. Instead, the MTU is configured with |SSL_set_mtu|. */ 564#define SSL_OP_NO_QUERY_MTU 0x00001000L 565 566/* SSL_OP_NO_TICKET disables session ticket support (RFC 5077). */ 567#define SSL_OP_NO_TICKET 0x00004000L 568 569/* SSL_OP_CIPHER_SERVER_PREFERENCE configures servers to select ciphers and 570 * ECDHE curves according to the server's preferences instead of the 571 * client's. */ 572#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L 573 574/* SSL_OP_DISABLE_NPN configures an individual |SSL| to not advertise NPN, 575 * despite |SSL_CTX_set_next_proto_select_cb| being configured on the 576 * |SSL_CTX|. */ 577#define SSL_OP_DISABLE_NPN 0x00800000L 578 579/* SSL_CTX_set_options enables all options set in |options| (which should be one 580 * or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a 581 * bitmask representing the resulting enabled options. */ 582OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options); 583 584/* SSL_CTX_clear_options disables all options set in |options| (which should be 585 * one or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a 586 * bitmask representing the resulting enabled options. */ 587OPENSSL_EXPORT uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options); 588 589/* SSL_CTX_get_options returns a bitmask of |SSL_OP_*| values that represent all 590 * the options enabled for |ctx|. */ 591OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx); 592 593/* SSL_set_options enables all options set in |options| (which should be one or 594 * more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask 595 * representing the resulting enabled options. */ 596OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options); 597 598/* SSL_clear_options disables all options set in |options| (which should be one 599 * or more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a 600 * bitmask representing the resulting enabled options. */ 601OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options); 602 603/* SSL_get_options returns a bitmask of |SSL_OP_*| values that represent all the 604 * options enabled for |ssl|. */ 605OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl); 606 607 608/* Modes. 609 * 610 * Modes configure API behavior. */ 611 612/* SSL_MODE_ENABLE_PARTIAL_WRITE, in TLS, allows |SSL_write| to complete with a 613 * partial result when the only part of the input was written in a single 614 * record. In DTLS, it does nothing. */ 615#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L 616 617/* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, in TLS, allows retrying an incomplete 618 * |SSL_write| with a different buffer. However, |SSL_write| still assumes the 619 * buffer contents are unchanged. This is not the default to avoid the 620 * misconception that non-blocking |SSL_write| behaves like non-blocking 621 * |write|. In DTLS, it does nothing. */ 622#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L 623 624/* SSL_MODE_NO_AUTO_CHAIN disables automatically building a certificate chain 625 * before sending certificates to the peer. 626 * TODO(davidben): Remove this behavior. https://crbug.com/486295. */ 627#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L 628 629/* SSL_MODE_ENABLE_FALSE_START allows clients to send application data before 630 * receipt of ChangeCipherSpec and Finished. This mode enables full-handshakes 631 * to 'complete' in one RTT. See draft-bmoeller-tls-falsestart-01. 632 * 633 * When False Start is enabled, |SSL_do_handshake| may succeed before the 634 * handshake has completely finished. |SSL_write| will function at this point, 635 * and |SSL_read| will transparently wait for the final handshake leg before 636 * returning application data. To determine if False Start occurred or when the 637 * handshake is completely finished, see |SSL_in_false_start|, |SSL_in_init|, 638 * and |SSL_CB_HANDSHAKE_DONE| from |SSL_CTX_set_info_callback|. */ 639#define SSL_MODE_ENABLE_FALSE_START 0x00000080L 640 641/* SSL_MODE_CBC_RECORD_SPLITTING causes multi-byte CBC records in SSL 3.0 and 642 * TLS 1.0 to be split in two: the first record will contain a single byte and 643 * the second will contain the remainder. This effectively randomises the IV and 644 * prevents BEAST attacks. */ 645#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L 646 647/* SSL_MODE_NO_SESSION_CREATION will cause any attempts to create a session to 648 * fail with SSL_R_SESSION_MAY_NOT_BE_CREATED. This can be used to enforce that 649 * session resumption is used for a given SSL*. */ 650#define SSL_MODE_NO_SESSION_CREATION 0x00000200L 651 652/* SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello. 653 * To be set only by applications that reconnect with a downgraded protocol 654 * version; see RFC 7507 for details. 655 * 656 * DO NOT ENABLE THIS if your application attempts a normal handshake. Only use 657 * this in explicit fallback retries, following the guidance in RFC 7507. */ 658#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L 659 660/* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more 661 * of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask 662 * representing the resulting enabled modes. */ 663OPENSSL_EXPORT uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode); 664 665/* SSL_CTX_clear_mode disables all modes set in |mode| (which should be one or 666 * more of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a 667 * bitmask representing the resulting enabled modes. */ 668OPENSSL_EXPORT uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode); 669 670/* SSL_CTX_get_mode returns a bitmask of |SSL_MODE_*| values that represent all 671 * the modes enabled for |ssl|. */ 672OPENSSL_EXPORT uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx); 673 674/* SSL_set_mode enables all modes set in |mode| (which should be one or more of 675 * the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask 676 * representing the resulting enabled modes. */ 677OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode); 678 679/* SSL_clear_mode disables all modes set in |mode| (which should be one or more 680 * of the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask 681 * representing the resulting enabled modes. */ 682OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode); 683 684/* SSL_get_mode returns a bitmask of |SSL_MODE_*| values that represent all the 685 * modes enabled for |ssl|. */ 686OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl); 687 688 689/* Configuring certificates and private keys. 690 * 691 * These functions configure the connection's leaf certificate, private key, and 692 * certificate chain. The certificate chain is ordered leaf to root (as sent on 693 * the wire) but does not include the leaf. Both client and server certificates 694 * use these functions. 695 * 696 * Certificates and keys may be configured before the handshake or dynamically 697 * in the early callback and certificate callback. */ 698 699/* SSL_CTX_use_certificate sets |ctx|'s leaf certificate to |x509|. It returns 700 * one on success and zero on failure. */ 701OPENSSL_EXPORT int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x509); 702 703/* SSL_use_certificate sets |ssl|'s leaf certificate to |x509|. It returns one 704 * on success and zero on failure. */ 705OPENSSL_EXPORT int SSL_use_certificate(SSL *ssl, X509 *x509); 706 707/* SSL_CTX_use_PrivateKey sets |ctx|'s private key to |pkey|. It returns one on 708 * success and zero on failure. */ 709OPENSSL_EXPORT int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 710 711/* SSL_use_PrivateKey sets |ssl|'s private key to |pkey|. It returns one on 712 * success and zero on failure. */ 713OPENSSL_EXPORT int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); 714 715/* SSL_CTX_set0_chain sets |ctx|'s certificate chain, excluding the leaf, to 716 * |chain|. On success, it returns one and takes ownership of |chain|. 717 * Otherwise, it returns zero. */ 718OPENSSL_EXPORT int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain); 719 720/* SSL_CTX_set1_chain sets |ctx|'s certificate chain, excluding the leaf, to 721 * |chain|. It returns one on success and zero on failure. The caller retains 722 * ownership of |chain| and may release it freely. */ 723OPENSSL_EXPORT int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain); 724 725/* SSL_set0_chain sets |ssl|'s certificate chain, excluding the leaf, to 726 * |chain|. On success, it returns one and takes ownership of |chain|. 727 * Otherwise, it returns zero. */ 728OPENSSL_EXPORT int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain); 729 730/* SSL_set1_chain sets |ssl|'s certificate chain, excluding the leaf, to 731 * |chain|. It returns one on success and zero on failure. The caller retains 732 * ownership of |chain| and may release it freely. */ 733OPENSSL_EXPORT int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain); 734 735/* SSL_CTX_add0_chain_cert appends |x509| to |ctx|'s certificate chain. On 736 * success, it returns one and takes ownership of |x509|. Otherwise, it returns 737 * zero. */ 738OPENSSL_EXPORT int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); 739 740/* SSL_CTX_add1_chain_cert appends |x509| to |ctx|'s certificate chain. It 741 * returns one on success and zero on failure. The caller retains ownership of 742 * |x509| and may release it freely. */ 743OPENSSL_EXPORT int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); 744 745/* SSL_add0_chain_cert appends |x509| to |ctx|'s certificate chain. On success, 746 * it returns one and takes ownership of |x509|. Otherwise, it returns zero. */ 747OPENSSL_EXPORT int SSL_add0_chain_cert(SSL *ssl, X509 *x509); 748 749/* SSL_CTX_add_extra_chain_cert calls |SSL_CTX_add0_chain_cert|. */ 750OPENSSL_EXPORT int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); 751 752/* SSL_add1_chain_cert appends |x509| to |ctx|'s certificate chain. It returns 753 * one on success and zero on failure. The caller retains ownership of |x509| 754 * and may release it freely. */ 755OPENSSL_EXPORT int SSL_add1_chain_cert(SSL *ssl, X509 *x509); 756 757/* SSL_CTX_clear_chain_certs clears |ctx|'s certificate chain and returns 758 * one. */ 759OPENSSL_EXPORT int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); 760 761/* SSL_CTX_clear_extra_chain_certs calls |SSL_CTX_clear_chain_certs|. */ 762OPENSSL_EXPORT int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); 763 764/* SSL_clear_chain_certs clears |ssl|'s certificate chain and returns one. */ 765OPENSSL_EXPORT int SSL_clear_chain_certs(SSL *ssl); 766 767/* SSL_CTX_set_cert_cb sets a callback that is called to select a certificate. 768 * The callback returns one on success, zero on internal error, and a negative 769 * number on failure or to pause the handshake. If the handshake is paused, 770 * |SSL_get_error| will return |SSL_ERROR_WANT_X509_LOOKUP|. 771 * 772 * On the client, the callback may call |SSL_get0_certificate_types| and 773 * |SSL_get_client_CA_list| for information on the server's certificate 774 * request. */ 775OPENSSL_EXPORT void SSL_CTX_set_cert_cb(SSL_CTX *ctx, 776 int (*cb)(SSL *ssl, void *arg), 777 void *arg); 778 779/* SSL_set_cert_cb sets a callback that is called to select a certificate. The 780 * callback returns one on success, zero on internal error, and a negative 781 * number on failure or to pause the handshake. If the handshake is paused, 782 * |SSL_get_error| will return |SSL_ERROR_WANT_X509_LOOKUP|. 783 * 784 * On the client, the callback may call |SSL_get0_certificate_types| and 785 * |SSL_get_client_CA_list| for information on the server's certificate 786 * request. */ 787OPENSSL_EXPORT void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), 788 void *arg); 789 790/* SSL_get0_certificate_types, for a client, sets |*out_types| to an array 791 * containing the client certificate types requested by a server. It returns the 792 * length of the array. 793 * 794 * The behavior of this function is undefined except during the callbacks set by 795 * by |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb| or when the 796 * handshake is paused because of them. */ 797OPENSSL_EXPORT size_t SSL_get0_certificate_types(SSL *ssl, 798 const uint8_t **out_types); 799 800/* SSL_certs_clear resets the private key, leaf certificate, and certificate 801 * chain of |ssl|. */ 802OPENSSL_EXPORT void SSL_certs_clear(SSL *ssl); 803 804/* SSL_CTX_check_private_key returns one if the certificate and private key 805 * configured in |ctx| are consistent and zero otherwise. */ 806OPENSSL_EXPORT int SSL_CTX_check_private_key(const SSL_CTX *ctx); 807 808/* SSL_check_private_key returns one if the certificate and private key 809 * configured in |ssl| are consistent and zero otherwise. */ 810OPENSSL_EXPORT int SSL_check_private_key(const SSL *ssl); 811 812/* SSL_CTX_get0_certificate returns |ctx|'s leaf certificate. */ 813OPENSSL_EXPORT X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); 814 815/* SSL_get_certificate returns |ssl|'s leaf certificate. */ 816OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl); 817 818/* SSL_CTX_get0_privatekey returns |ctx|'s private key. */ 819OPENSSL_EXPORT EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); 820 821/* SSL_get_privatekey returns |ssl|'s private key. */ 822OPENSSL_EXPORT EVP_PKEY *SSL_get_privatekey(const SSL *ssl); 823 824/* SSL_CTX_get0_chain_certs sets |*out_chain| to |ctx|'s certificate chain and 825 * returns one. */ 826OPENSSL_EXPORT int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, 827 STACK_OF(X509) **out_chain); 828 829/* SSL_CTX_get_extra_chain_certs calls |SSL_CTX_get0_chain_certs|. */ 830OPENSSL_EXPORT int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx, 831 STACK_OF(X509) **out_chain); 832 833/* SSL_get0_chain_certs sets |*out_chain| to |ssl|'s certificate chain and 834 * returns one. */ 835OPENSSL_EXPORT int SSL_get0_chain_certs(const SSL *ssl, 836 STACK_OF(X509) **out_chain); 837 838/* SSL_CTX_set_signed_cert_timestamp_list sets the list of signed certificate 839 * timestamps that is sent to clients that request it. The |list| argument must 840 * contain one or more SCT structures serialised as a SignedCertificateTimestamp 841 * List (see https://tools.ietf.org/html/rfc6962#section-3.3) – i.e. each SCT 842 * is prefixed by a big-endian, uint16 length and the concatenation of one or 843 * more such prefixed SCTs are themselves also prefixed by a uint16 length. It 844 * returns one on success and zero on error. The caller retains ownership of 845 * |list|. */ 846OPENSSL_EXPORT int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, 847 const uint8_t *list, 848 size_t list_len); 849 850/* SSL_CTX_set_ocsp_response sets the OCSP reponse that is sent to clients 851 * which request it. It returns one on success and zero on error. The caller 852 * retains ownership of |response|. */ 853OPENSSL_EXPORT int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, 854 const uint8_t *response, 855 size_t response_len); 856 857/* SSL_set_private_key_digest_prefs copies |num_digests| NIDs from |digest_nids| 858 * into |ssl|. These digests will be used, in decreasing order of preference, 859 * when signing with |ssl|'s private key. It returns one on success and zero on 860 * error. */ 861OPENSSL_EXPORT int SSL_set_private_key_digest_prefs(SSL *ssl, 862 const int *digest_nids, 863 size_t num_digests); 864 865 866/* Certificate and private key convenience functions. */ 867 868/* SSL_CTX_use_RSAPrivateKey sets |ctx|'s private key to |rsa|. It returns one 869 * on success and zero on failure. */ 870OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 871 872/* SSL_use_RSAPrivateKey sets |ctx|'s private key to |rsa|. It returns one on 873 * success and zero on failure. */ 874OPENSSL_EXPORT int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); 875 876/* The following functions configure certificates or private keys but take as 877 * input DER-encoded structures. They return one on success and zero on 878 * failure. */ 879 880OPENSSL_EXPORT int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, 881 const uint8_t *d); 882OPENSSL_EXPORT int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, 883 int len); 884 885OPENSSL_EXPORT int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, 886 const uint8_t *d, long len); 887OPENSSL_EXPORT int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, 888 const uint8_t *d, long len); 889 890OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, 891 const uint8_t *der, 892 size_t der_len); 893OPENSSL_EXPORT int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const uint8_t *der, 894 size_t der_len); 895 896/* The following functions configure certificates or private keys but take as 897 * input files to read from. They return one on success and zero on failure. The 898 * |type| parameter is one of the |SSL_FILETYPE_*| values and determines whether 899 * the file's contents are read as PEM or DER. */ 900 901#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 902#define SSL_FILETYPE_PEM X509_FILETYPE_PEM 903 904OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, 905 const char *file, 906 int type); 907OPENSSL_EXPORT int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, 908 int type); 909 910OPENSSL_EXPORT int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, 911 int type); 912OPENSSL_EXPORT int SSL_use_certificate_file(SSL *ssl, const char *file, 913 int type); 914 915OPENSSL_EXPORT int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, 916 int type); 917OPENSSL_EXPORT int SSL_use_PrivateKey_file(SSL *ssl, const char *file, 918 int type); 919 920/* SSL_CTX_use_certificate_chain_file configures certificates for |ctx|. It 921 * reads the contents of |file| as a PEM-encoded leaf certificate followed 922 * optionally by the certificate chain to send to the peer. It returns one on 923 * success and zero on failure. */ 924OPENSSL_EXPORT int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, 925 const char *file); 926 927/* SSL_CTX_set_default_passwd_cb sets the password callback for PEM-based 928 * convenience functions called on |ctx|. */ 929OPENSSL_EXPORT void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, 930 pem_password_cb *cb); 931 932/* SSL_CTX_set_default_passwd_cb_userdata sets the userdata parameter for 933 * |ctx|'s password callback. */ 934OPENSSL_EXPORT void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, 935 void *data); 936 937 938/* Custom private keys. */ 939 940enum ssl_private_key_result_t { 941 ssl_private_key_success, 942 ssl_private_key_retry, 943 ssl_private_key_failure, 944}; 945 946/* SSL_PRIVATE_KEY_METHOD describes private key hooks. This is used to off-load 947 * signing operations to a custom, potentially asynchronous, backend. */ 948typedef struct ssl_private_key_method_st { 949 /* type returns either |EVP_PKEY_RSA| or |EVP_PKEY_EC| to denote the type of 950 * key used by |ssl|. */ 951 int (*type)(SSL *ssl); 952 953 /* max_signature_len returns the maximum length of a signature signed by the 954 * key used by |ssl|. This must be a constant value for a given |ssl|. */ 955 size_t (*max_signature_len)(SSL *ssl); 956 957 /* sign signs |in_len| bytes of digest from |in|. |md| is the hash function 958 * used to calculate |in|. On success, it returns |ssl_private_key_success| 959 * and writes at most |max_out| bytes of signature data to |out|. On failure, 960 * it returns |ssl_private_key_failure|. If the operation has not completed, 961 * it returns |ssl_private_key_retry|. |sign| should arrange for the 962 * high-level operation on |ssl| to be retried when the operation is 963 * completed. This will result in a call to |sign_complete|. 964 * 965 * If the key is an RSA key, implementations must use PKCS#1 padding. |in| is 966 * the digest itself, so the DigestInfo prefix, if any, must be prepended by 967 * |sign|. If |md| is |EVP_md5_sha1|, there is no prefix. 968 * 969 * It is an error to call |sign| while another private key operation is in 970 * progress on |ssl|. */ 971 enum ssl_private_key_result_t (*sign)(SSL *ssl, uint8_t *out, size_t *out_len, 972 size_t max_out, const EVP_MD *md, 973 const uint8_t *in, size_t in_len); 974 975 /* sign_complete completes a pending |sign| operation. If the operation has 976 * completed, it returns |ssl_private_key_success| and writes the result to 977 * |out| as in |sign|. Otherwise, it returns |ssl_private_key_failure| on 978 * failure and |ssl_private_key_retry| if the operation is still in progress. 979 * 980 * |sign_complete| may be called arbitrarily many times before completion, but 981 * it is an error to call |sign_complete| if there is no pending |sign| 982 * operation in progress on |ssl|. */ 983 enum ssl_private_key_result_t (*sign_complete)(SSL *ssl, uint8_t *out, 984 size_t *out_len, 985 size_t max_out); 986 987 /* decrypt decrypts |in_len| bytes of encrypted data from |in|. On success it 988 * returns |ssl_private_key_success|, writes at most |max_out| bytes of 989 * decrypted data to |out| and sets |*out_len| to the actual number of bytes 990 * written. On failure it returns |ssl_private_key_failure|. If the operation 991 * has not completed, it returns |ssl_private_key_retry|. The caller should 992 * arrange for the high-level operation on |ssl| to be retried when the 993 * operation is completed, which will result in a call to |decrypt_complete|. 994 * This function only works with RSA keys and should perform a raw RSA 995 * decryption operation with no padding. 996 * 997 * It is an error to call |decrypt| while another private key operation is in 998 * progress on |ssl|. */ 999 enum ssl_private_key_result_t (*decrypt)(SSL *ssl, uint8_t *out, 1000 size_t *out_len, size_t max_out, 1001 const uint8_t *in, size_t in_len); 1002 1003 /* decrypt_complete completes a pending |decrypt| operation. If the operation 1004 * has completed, it returns |ssl_private_key_success| and writes the result 1005 * to |out| as in |decrypt|. Otherwise, it returns |ssl_private_key_failure| 1006 * on failure and |ssl_private_key_retry| if the operation is still in 1007 * progress. 1008 * 1009 * |decrypt_complete| may be called arbitrarily many times before completion, 1010 * but it is an error to call |decrypt_complete| if there is no pending 1011 * |decrypt| operation in progress on |ssl|. */ 1012 enum ssl_private_key_result_t (*decrypt_complete)(SSL *ssl, uint8_t *out, 1013 size_t *out_len, 1014 size_t max_out); 1015} SSL_PRIVATE_KEY_METHOD; 1016 1017/* SSL_set_private_key_method configures a custom private key on |ssl|. 1018 * |key_method| must remain valid for the lifetime of |ssl|. */ 1019OPENSSL_EXPORT void SSL_set_private_key_method( 1020 SSL *ssl, const SSL_PRIVATE_KEY_METHOD *key_method); 1021 1022 1023/* Cipher suites. 1024 * 1025 * |SSL_CIPHER| objects represent cipher suites. */ 1026 1027DECLARE_STACK_OF(SSL_CIPHER) 1028 1029/* SSL_get_cipher_by_value returns the structure representing a TLS cipher 1030 * suite based on its assigned number, or NULL if unknown. See 1031 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. */ 1032OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); 1033 1034/* SSL_CIPHER_get_id returns |cipher|'s id. It may be cast to a |uint16_t| to 1035 * get the cipher suite value. */ 1036OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher); 1037 1038/* SSL_CIPHER_is_AES returns one if |cipher| uses AES (either GCM or CBC 1039 * mode). */ 1040OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher); 1041 1042/* SSL_CIPHER_has_MD5_HMAC returns one if |cipher| uses HMAC-MD5. */ 1043OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher); 1044 1045/* SSL_CIPHER_has_SHA1_HMAC returns one if |cipher| uses HMAC-SHA1. */ 1046OPENSSL_EXPORT int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher); 1047 1048/* SSL_CIPHER_is_AESGCM returns one if |cipher| uses AES-GCM. */ 1049OPENSSL_EXPORT int SSL_CIPHER_is_AESGCM(const SSL_CIPHER *cipher); 1050 1051/* SSL_CIPHER_is_AES128GCM returns one if |cipher| uses 128-bit AES-GCM. */ 1052OPENSSL_EXPORT int SSL_CIPHER_is_AES128GCM(const SSL_CIPHER *cipher); 1053 1054/* SSL_CIPHER_is_CHACHA20POLY1305 returns one if |cipher| uses 1055 * CHACHA20_POLY1305. */ 1056OPENSSL_EXPORT int SSL_CIPHER_is_CHACHA20POLY1305(const SSL_CIPHER *cipher); 1057 1058/* SSL_CIPHER_is_NULL returns one if |cipher| does not encrypt. */ 1059OPENSSL_EXPORT int SSL_CIPHER_is_NULL(const SSL_CIPHER *cipher); 1060 1061/* SSL_CIPHER_is_RC4 returns one if |cipher| uses RC4. */ 1062OPENSSL_EXPORT int SSL_CIPHER_is_RC4(const SSL_CIPHER *cipher); 1063 1064/* SSL_CIPHER_is_block_cipher returns one if |cipher| is a block cipher. */ 1065OPENSSL_EXPORT int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher); 1066 1067/* SSL_CIPHER_is_ECDSA returns one if |cipher| uses ECDSA. */ 1068OPENSSL_EXPORT int SSL_CIPHER_is_ECDSA(const SSL_CIPHER *cipher); 1069 1070/* SSL_CIPHER_get_min_version returns the minimum protocol version required 1071 * for |cipher|. */ 1072OPENSSL_EXPORT uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher); 1073 1074/* SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. */ 1075OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); 1076 1077/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange 1078 * method used by |cipher|. For example, "ECDHE_ECDSA". */ 1079OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher); 1080 1081/* SSL_CIPHER_get_rfc_name returns a newly-allocated string with the standard 1082 * name for |cipher| or NULL on error. For example, 1083 * "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". The caller is responsible for 1084 * calling |OPENSSL_free| on the result. */ 1085OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher); 1086 1087/* SSL_CIPHER_get_bits returns the strength, in bits, of |cipher|. If 1088 * |out_alg_bits| is not NULL, it writes the number of bits consumed by the 1089 * symmetric algorithm to |*out_alg_bits|. */ 1090OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, 1091 int *out_alg_bits); 1092 1093 1094/* Cipher suite configuration. 1095 * 1096 * OpenSSL uses a mini-language to configure cipher suites. The language 1097 * maintains an ordered list of enabled ciphers, along with an ordered list of 1098 * disabled but available ciphers. Initially, all ciphers are disabled with a 1099 * default ordering. The cipher string is then interpreted as a sequence of 1100 * directives, separated by colons, each of which modifies this state. 1101 * 1102 * Most directives consist of a one character or empty opcode followed by a 1103 * selector which matches a subset of available ciphers. 1104 * 1105 * Available opcodes are: 1106 * 1107 * The empty opcode enables and appends all matching disabled ciphers to the 1108 * end of the enabled list. The newly appended ciphers are ordered relative to 1109 * each other matching their order in the disabled list. 1110 * 1111 * |-| disables all matching enabled ciphers and prepends them to the disabled 1112 * list, with relative order from the enabled list preserved. This means the 1113 * most recently disabled ciphers get highest preference relative to other 1114 * disabled ciphers if re-enabled. 1115 * 1116 * |+| moves all matching enabled ciphers to the end of the enabled list, with 1117 * relative order preserved. 1118 * 1119 * |!| deletes all matching ciphers, enabled or not, from either list. Deleted 1120 * ciphers will not matched by future operations. 1121 * 1122 * A selector may be a specific cipher (using the OpenSSL name for the cipher) 1123 * or one or more rules separated by |+|. The final selector matches the 1124 * intersection of each rule. For instance, |AESGCM+aECDSA| matches 1125 * ECDSA-authenticated AES-GCM ciphers. 1126 * 1127 * Available cipher rules are: 1128 * 1129 * |ALL| matches all ciphers. 1130 * 1131 * |kRSA|, |kDHE|, |kECDHE|, and |kPSK| match ciphers using plain RSA, DHE, 1132 * ECDHE, and plain PSK key exchanges, respectively. Note that ECDHE_PSK is 1133 * matched by |kECDHE| and not |kPSK|. 1134 * 1135 * |aRSA|, |aECDSA|, and |aPSK| match ciphers authenticated by RSA, ECDSA, and 1136 * a pre-shared key, respectively. 1137 * 1138 * |RSA|, |DHE|, |ECDHE|, |PSK|, |ECDSA|, and |PSK| are aliases for the 1139 * corresponding |k*| or |a*| cipher rule. |RSA| is an alias for |kRSA|, not 1140 * |aRSA|. 1141 * 1142 * |3DES|, |RC4|, |AES128|, |AES256|, |AES|, |AESGCM|, |CHACHA20| match 1143 * ciphers whose bulk cipher use the corresponding encryption scheme. Note 1144 * that |AES|, |AES128|, and |AES256| match both CBC and GCM ciphers. 1145 * 1146 * |MD5|, |SHA1|, |SHA256|, and |SHA384| match legacy cipher suites using the 1147 * corresponding hash function in their MAC. AEADs are matched by none of 1148 * these. 1149 * 1150 * |SHA| is an alias for |SHA1|. 1151 * 1152 * Although implemented, authentication-only ciphers match no rules and must be 1153 * explicitly selected by name. 1154 * 1155 * Deprecated cipher rules: 1156 * 1157 * |kEDH|, |EDH|, |kEECDH|, and |EECDH| are legacy aliases for |kDHE|, |DHE|, 1158 * |kECDHE|, and |ECDHE|, respectively. 1159 * 1160 * |MEDIUM| and |HIGH| match ciphers historically labeled by OpenSSL as 1161 * 'medium' and 'high', respectively. 1162 * 1163 * |FIPS| matches ciphers historically FIPS-approved in OpenSSL. 1164 * 1165 * |SSLv3| and |TLSv1| match ciphers available in TLS 1.1 or earlier. 1166 * |TLSv1_2| matches ciphers new in TLS 1.2. This is confusing and should not 1167 * be used. 1168 * 1169 * Unknown rules silently match nothing. 1170 * 1171 * The special |@STRENGTH| directive will sort all enabled ciphers by strength. 1172 * 1173 * The |DEFAULT| directive, when appearing at the front of the string, expands 1174 * to the default ordering of available ciphers. 1175 * 1176 * If configuring a server, one may also configure equal-preference groups to 1177 * partially respect the client's preferences when 1178 * |SSL_OP_CIPHER_SERVER_PREFERENCE| is enabled. Ciphers in an equal-preference 1179 * group have equal priority and use the client order. This may be used to 1180 * enforce that AEADs are preferred but select AES-GCM vs. ChaCha20-Poly1305 1181 * based on client preferences. An equal-preference is specified with square 1182 * brackets, combining multiple selectors separated by |. For example: 1183 * 1184 * [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256] 1185 * 1186 * Once an equal-preference group is used, future directives must be 1187 * opcode-less. */ 1188 1189/* SSL_DEFAULT_CIPHER_LIST is the default cipher suite configuration. It is 1190 * substituted when a cipher string starts with 'DEFAULT'. */ 1191#define SSL_DEFAULT_CIPHER_LIST "ALL" 1192 1193/* SSL_CTX_set_cipher_list configures the cipher list for |ctx|, evaluating 1194 * |str| as a cipher string. It returns one on success and zero on failure. */ 1195OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); 1196 1197/* SSL_CTX_set_cipher_list_tls10 configures the TLS 1.0+ cipher list for |ctx|, 1198 * evaluating |str| as a cipher string. It returns one on success and zero on 1199 * failure. If set, servers will use this cipher suite list for TLS 1.0 or 1200 * higher. */ 1201OPENSSL_EXPORT int SSL_CTX_set_cipher_list_tls10(SSL_CTX *ctx, const char *str); 1202 1203/* SSL_CTX_set_cipher_list_tls11 configures the TLS 1.1+ cipher list for |ctx|, 1204 * evaluating |str| as a cipher string. It returns one on success and zero on 1205 * failure. If set, servers will use this cipher suite list for TLS 1.1 or 1206 * higher. */ 1207OPENSSL_EXPORT int SSL_CTX_set_cipher_list_tls11(SSL_CTX *ctx, const char *str); 1208 1209/* SSL_set_cipher_list configures the cipher list for |ssl|, evaluating |str| as 1210 * a cipher string. It returns one on success and zero on failure. */ 1211OPENSSL_EXPORT int SSL_set_cipher_list(SSL *ssl, const char *str); 1212 1213/* SSL_get_ciphers returns the cipher list for |ssl|, in order of preference. If 1214 * |SSL_CTX_set_cipher_list_tls10| or |SSL_CTX_set_cipher_list_tls11| has been 1215 * used, the corresponding list for the current version is returned. */ 1216OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); 1217 1218 1219/* Connection information. */ 1220 1221/* SSL_is_init_finished returns one if |ssl| has completed its initial handshake 1222 * and has no pending handshake. It returns zero otherwise. */ 1223OPENSSL_EXPORT int SSL_is_init_finished(const SSL *ssl); 1224 1225/* SSL_in_init returns one if |ssl| has a pending handshake and zero 1226 * otherwise. */ 1227OPENSSL_EXPORT int SSL_in_init(const SSL *ssl); 1228 1229/* SSL_in_false_start returns one if |ssl| has a pending handshake that is in 1230 * False Start. |SSL_write| may be called at this point without waiting for the 1231 * peer, but |SSL_read| will complete the handshake before accepting application 1232 * data. 1233 * 1234 * See also |SSL_MODE_ENABLE_FALSE_START|. */ 1235OPENSSL_EXPORT int SSL_in_false_start(const SSL *ssl); 1236 1237/* SSL_get_peer_certificate returns the peer's leaf certificate or NULL if the 1238 * peer did not use certificates. The caller must call |X509_free| on the 1239 * result to release it. */ 1240OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl); 1241 1242/* SSL_get_peer_cert_chain returns the peer's certificate chain or NULL if 1243 * unavailable or the peer did not use certificates. This is the unverified 1244 * list of certificates as sent by the peer, not the final chain built during 1245 * verification. For historical reasons, this value may not be available if 1246 * resuming a serialized |SSL_SESSION|. The caller does not take ownership of 1247 * the result. 1248 * 1249 * WARNING: This function behaves differently between client and server. If 1250 * |ssl| is a server, the returned chain does not include the leaf certificate. 1251 * If a client, it does. */ 1252OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); 1253 1254/* SSL_get0_signed_cert_timestamp_list sets |*out| and |*out_len| to point to 1255 * |*out_len| bytes of SCT information from the server. This is only valid if 1256 * |ssl| is a client. The SCT information is a SignedCertificateTimestampList 1257 * (including the two leading length bytes). 1258 * See https://tools.ietf.org/html/rfc6962#section-3.3 1259 * If no SCT was received then |*out_len| will be zero on return. 1260 * 1261 * WARNING: the returned data is not guaranteed to be well formed. */ 1262OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, 1263 const uint8_t **out, 1264 size_t *out_len); 1265 1266/* SSL_get0_ocsp_response sets |*out| and |*out_len| to point to |*out_len| 1267 * bytes of an OCSP response from the server. This is the DER encoding of an 1268 * OCSPResponse type as defined in RFC 2560. 1269 * 1270 * WARNING: the returned data is not guaranteed to be well formed. */ 1271OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out, 1272 size_t *out_len); 1273 1274/* SSL_get_tls_unique writes at most |max_out| bytes of the tls-unique value 1275 * for |ssl| to |out| and sets |*out_len| to the number of bytes written. It 1276 * returns one on success or zero on error. In general |max_out| should be at 1277 * least 12. 1278 * 1279 * This function will always fail if the initial handshake has not completed. 1280 * The tls-unique value will change after a renegotiation but, since 1281 * renegotiations can be initiated by the server at any point, the higher-level 1282 * protocol must either leave them disabled or define states in which the 1283 * tls-unique value can be read. 1284 * 1285 * The tls-unique value is defined by 1286 * https://tools.ietf.org/html/rfc5929#section-3.1. Due to a weakness in the 1287 * TLS protocol, tls-unique is broken for resumed connections unless the 1288 * Extended Master Secret extension is negotiated. Thus this function will 1289 * return zero if |ssl| performed session resumption unless EMS was used when 1290 * negotiating the original session. */ 1291OPENSSL_EXPORT int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, 1292 size_t *out_len, size_t max_out); 1293 1294/* SSL_get_extms_support returns one if the Extended Master Secret 1295 * extension was negotiated. Otherwise, it returns zero. */ 1296OPENSSL_EXPORT int SSL_get_extms_support(const SSL *ssl); 1297 1298/* SSL_get_current_cipher returns the cipher used in the current outgoing 1299 * connection state, or NULL if the null cipher is active. */ 1300OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); 1301 1302/* SSL_session_reused returns one if |ssl| performed an abbreviated handshake 1303 * and zero otherwise. 1304 * 1305 * TODO(davidben): Hammer down the semantics of this API while a handshake, 1306 * initial or renego, is in progress. */ 1307OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl); 1308 1309/* SSL_get_secure_renegotiation_support returns one if the peer supports secure 1310 * renegotiation (RFC 5746) and zero otherwise. */ 1311OPENSSL_EXPORT int SSL_get_secure_renegotiation_support(const SSL *ssl); 1312 1313/* SSL_export_keying_material exports a value derived from the master secret, as 1314 * specified in RFC 5705. It writes |out_len| bytes to |out| given a label and 1315 * optional context. (Since a zero length context is allowed, the |use_context| 1316 * flag controls whether a context is included.) 1317 * 1318 * It returns one on success and zero otherwise. */ 1319OPENSSL_EXPORT int SSL_export_keying_material( 1320 SSL *ssl, uint8_t *out, size_t out_len, const char *label, size_t label_len, 1321 const uint8_t *context, size_t context_len, int use_context); 1322 1323 1324/* Custom extensions. 1325 * 1326 * The custom extension functions allow TLS extensions to be added to 1327 * ClientHello and ServerHello messages. */ 1328 1329/* SSL_custom_ext_add_cb is a callback function that is called when the 1330 * ClientHello (for clients) or ServerHello (for servers) is constructed. In 1331 * the case of a server, this callback will only be called for a given 1332 * extension if the ClientHello contained that extension – it's not possible to 1333 * inject extensions into a ServerHello that the client didn't request. 1334 * 1335 * When called, |extension_value| will contain the extension number that is 1336 * being considered for addition (so that a single callback can handle multiple 1337 * extensions). If the callback wishes to include the extension, it must set 1338 * |*out| to point to |*out_len| bytes of extension contents and return one. In 1339 * this case, the corresponding |SSL_custom_ext_free_cb| callback will later be 1340 * called with the value of |*out| once that data has been copied. 1341 * 1342 * If the callback does not wish to add an extension it must return zero. 1343 * 1344 * Alternatively, the callback can abort the connection by setting 1345 * |*out_alert_value| to a TLS alert number and returning -1. */ 1346typedef int (*SSL_custom_ext_add_cb)(SSL *ssl, unsigned extension_value, 1347 const uint8_t **out, size_t *out_len, 1348 int *out_alert_value, void *add_arg); 1349 1350/* SSL_custom_ext_free_cb is a callback function that is called by OpenSSL iff 1351 * an |SSL_custom_ext_add_cb| callback previously returned one. In that case, 1352 * this callback is called and passed the |out| pointer that was returned by 1353 * the add callback. This is to free any dynamically allocated data created by 1354 * the add callback. */ 1355typedef void (*SSL_custom_ext_free_cb)(SSL *ssl, unsigned extension_value, 1356 const uint8_t *out, void *add_arg); 1357 1358/* SSL_custom_ext_parse_cb is a callback function that is called by OpenSSL to 1359 * parse an extension from the peer: that is from the ServerHello for a client 1360 * and from the ClientHello for a server. 1361 * 1362 * When called, |extension_value| will contain the extension number and the 1363 * contents of the extension are |contents_len| bytes at |contents|. 1364 * 1365 * The callback must return one to continue the handshake. Otherwise, if it 1366 * returns zero, a fatal alert with value |*out_alert_value| is sent and the 1367 * handshake is aborted. */ 1368typedef int (*SSL_custom_ext_parse_cb)(SSL *ssl, unsigned extension_value, 1369 const uint8_t *contents, 1370 size_t contents_len, 1371 int *out_alert_value, void *parse_arg); 1372 1373/* SSL_extension_supported returns one iff OpenSSL internally handles 1374 * extensions of type |extension_value|. This can be used to avoid registering 1375 * custom extension handlers for extensions that a future version of OpenSSL 1376 * may handle internally. */ 1377OPENSSL_EXPORT int SSL_extension_supported(unsigned extension_value); 1378 1379/* SSL_CTX_add_client_custom_ext registers callback functions for handling 1380 * custom TLS extensions for client connections. 1381 * 1382 * If |add_cb| is NULL then an empty extension will be added in each 1383 * ClientHello. Otherwise, see the comment for |SSL_custom_ext_add_cb| about 1384 * this callback. 1385 * 1386 * The |free_cb| may be NULL if |add_cb| doesn't dynamically allocate data that 1387 * needs to be freed. 1388 * 1389 * It returns one on success or zero on error. It's always an error to register 1390 * callbacks for the same extension twice, or to register callbacks for an 1391 * extension that OpenSSL handles internally. See |SSL_extension_supported| to 1392 * discover, at runtime, which extensions OpenSSL handles internally. */ 1393OPENSSL_EXPORT int SSL_CTX_add_client_custom_ext( 1394 SSL_CTX *ctx, unsigned extension_value, SSL_custom_ext_add_cb add_cb, 1395 SSL_custom_ext_free_cb free_cb, void *add_arg, 1396 SSL_custom_ext_parse_cb parse_cb, void *parse_arg); 1397 1398/* SSL_CTX_add_server_custom_ext is the same as 1399 * |SSL_CTX_add_client_custom_ext|, but for server connections. 1400 * 1401 * Unlike on the client side, if |add_cb| is NULL no extension will be added. 1402 * The |add_cb|, if any, will only be called if the ClientHello contained a 1403 * matching extension. */ 1404OPENSSL_EXPORT int SSL_CTX_add_server_custom_ext( 1405 SSL_CTX *ctx, unsigned extension_value, SSL_custom_ext_add_cb add_cb, 1406 SSL_custom_ext_free_cb free_cb, void *add_arg, 1407 SSL_custom_ext_parse_cb parse_cb, void *parse_arg); 1408 1409 1410/* Sessions. 1411 * 1412 * An |SSL_SESSION| represents an SSL session that may be resumed in an 1413 * abbreviated handshake. It is reference-counted and immutable. Once 1414 * established, an |SSL_SESSION| may be shared by multiple |SSL| objects on 1415 * different threads and must not be modified. */ 1416 1417DECLARE_LHASH_OF(SSL_SESSION) 1418DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 1419 1420/* SSL_SESSION_new returns a newly-allocated blank |SSL_SESSION| or NULL on 1421 * error. This may be useful in writing tests but otherwise should not be 1422 * used outside the library. */ 1423OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_new(void); 1424 1425/* SSL_SESSION_up_ref, if |session| is not NULL, increments the reference count 1426 * of |session|. It then returns |session|. */ 1427OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_up_ref(SSL_SESSION *session); 1428 1429/* SSL_SESSION_free decrements the reference count of |session|. If it reaches 1430 * zero, all data referenced by |session| and |session| itself are released. */ 1431OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session); 1432 1433/* SSL_SESSION_to_bytes serializes |in| into a newly allocated buffer and sets 1434 * |*out_data| to that buffer and |*out_len| to its length. The caller takes 1435 * ownership of the buffer and must call |OPENSSL_free| when done. It returns 1436 * one on success and zero on error. */ 1437OPENSSL_EXPORT int SSL_SESSION_to_bytes(const SSL_SESSION *in, 1438 uint8_t **out_data, size_t *out_len); 1439 1440/* SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the session 1441 * identification information, namely the session ID and ticket. */ 1442OPENSSL_EXPORT int SSL_SESSION_to_bytes_for_ticket(const SSL_SESSION *in, 1443 uint8_t **out_data, 1444 size_t *out_len); 1445 1446/* SSL_SESSION_from_bytes parses |in_len| bytes from |in| as an SSL_SESSION. It 1447 * returns a newly-allocated |SSL_SESSION| on success or NULL on error. */ 1448OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes(const uint8_t *in, 1449 size_t in_len); 1450 1451/* SSL_SESSION_get_version returns a string describing the TLS version |session| 1452 * was established at. For example, "TLSv1.2" or "SSLv3". */ 1453OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *session); 1454 1455/* SSL_SESSION_get_id returns a pointer to a buffer containg |session|'s session 1456 * ID and sets |*out_len| to its length. */ 1457OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session, 1458 unsigned *out_len); 1459 1460/* SSL_SESSION_get_time returns the time at which |session| was established in 1461 * seconds since the UNIX epoch. */ 1462OPENSSL_EXPORT long SSL_SESSION_get_time(const SSL_SESSION *session); 1463 1464/* SSL_SESSION_get_timeout returns the lifetime of |session| in seconds. */ 1465OPENSSL_EXPORT long SSL_SESSION_get_timeout(const SSL_SESSION *session); 1466 1467/* SSL_SESSION_get_key_exchange_info returns a value that describes the 1468 * strength of the asymmetric operation that provides confidentiality to 1469 * |session|. Its interpretation depends on the operation used. See the 1470 * documentation for this value in the |SSL_SESSION| structure. */ 1471OPENSSL_EXPORT uint32_t SSL_SESSION_get_key_exchange_info( 1472 const SSL_SESSION *session); 1473 1474/* SSL_SESSION_get0_peer return's the peer leaf certificate stored in 1475 * |session|. 1476 * 1477 * TODO(davidben): This should return a const X509 *. */ 1478OPENSSL_EXPORT X509 *SSL_SESSION_get0_peer(const SSL_SESSION *session); 1479 1480/* SSL_SESSION_set_time sets |session|'s creation time to |time| and returns 1481 * |time|. This function may be useful in writing tests but otherwise should not 1482 * be used. */ 1483OPENSSL_EXPORT long SSL_SESSION_set_time(SSL_SESSION *session, long time); 1484 1485/* SSL_SESSION_set_timeout sets |session|'s timeout to |timeout| and returns 1486 * one. This function may be useful in writing tests but otherwise should not 1487 * be used. */ 1488OPENSSL_EXPORT long SSL_SESSION_set_timeout(SSL_SESSION *session, long timeout); 1489 1490/* SSL_SESSION_set1_id_context sets |session|'s session ID context (see 1491 * |SSL_CTX_set_session_id_context|) to |sid_ctx|. It returns one on success and 1492 * zero on error. This function may be useful in writing tests but otherwise 1493 * should not be used. */ 1494OPENSSL_EXPORT int SSL_SESSION_set1_id_context(SSL_SESSION *session, 1495 const uint8_t *sid_ctx, 1496 unsigned sid_ctx_len); 1497 1498 1499/* Session caching. 1500 * 1501 * Session caching allows clients to reconnect to a server based on saved 1502 * parameters from a previous connection. 1503 * 1504 * For a server, the library implements a built-in internal session cache as an 1505 * in-memory hash table. One may also register callbacks to implement a custom 1506 * external session cache. An external cache may be used in addition to or 1507 * instead of the internal one. Use |SSL_CTX_set_session_cache_mode| to toggle 1508 * the internal cache. 1509 * 1510 * For a client, the only option is an external session cache. Prior to 1511 * handshaking, the consumer should look up a session externally (keyed, for 1512 * instance, by hostname) and use |SSL_set_session| to configure which session 1513 * to offer. The callbacks may be used to determine when new sessions are 1514 * available. 1515 * 1516 * Note that offering or accepting a session short-circuits most parameter 1517 * negotiation. Resuming sessions across different configurations may result in 1518 * surprising behavor. So, for instance, a client implementing a version 1519 * fallback should shard its session cache by maximum protocol version. */ 1520 1521/* SSL_SESS_CACHE_OFF disables all session caching. */ 1522#define SSL_SESS_CACHE_OFF 0x0000 1523 1524/* SSL_SESS_CACHE_CLIENT enables session caching for a client. The internal 1525 * cache is never used on a client, so this only enables the callbacks. */ 1526#define SSL_SESS_CACHE_CLIENT 0x0001 1527 1528/* SSL_SESS_CACHE_SERVER enables session caching for a server. */ 1529#define SSL_SESS_CACHE_SERVER 0x0002 1530 1531/* SSL_SESS_CACHE_SERVER enables session caching for both client and server. */ 1532#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER) 1533 1534/* SSL_SESS_CACHE_NO_AUTO_CLEAR disables automatically calling 1535 * |SSL_CTX_flush_sessions| every 255 connections. */ 1536#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 1537 1538/* SSL_SESS_CACHE_NO_INTERNAL_LOOKUP, on a server, disables looking up a session 1539 * from the internal session cache. */ 1540#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 1541 1542/* SSL_SESS_CACHE_NO_INTERNAL_STORE, on a server, disables storing sessions in 1543 * the internal session cache. */ 1544#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 1545 1546/* SSL_SESS_CACHE_NO_INTERNAL, on a server, disables the internal session 1547 * cache. */ 1548#define SSL_SESS_CACHE_NO_INTERNAL \ 1549 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE) 1550 1551/* SSL_CTX_set_session_cache_mode sets the session cache mode bits for |ctx| to 1552 * |mode|. It returns the previous value. */ 1553OPENSSL_EXPORT int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode); 1554 1555/* SSL_CTX_get_session_cache_mode returns the session cache mode bits for 1556 * |ctx| */ 1557OPENSSL_EXPORT int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx); 1558 1559/* SSL_set_session, for a client, configures |ssl| to offer to resume |session| 1560 * in the initial handshake and returns one. The caller retains ownership of 1561 * |session|. */ 1562OPENSSL_EXPORT int SSL_set_session(SSL *ssl, SSL_SESSION *session); 1563 1564/* SSL_get_session returns a non-owning pointer to |ssl|'s session. Prior to the 1565 * initial handshake beginning, this is the session to be offered, set by 1566 * |SSL_set_session|. After a handshake has finished, this is the currently 1567 * active session. Its behavior is undefined while a handshake is progress. */ 1568OPENSSL_EXPORT SSL_SESSION *SSL_get_session(const SSL *ssl); 1569 1570/* SSL_get0_session is an alias for |SSL_get_session|. */ 1571#define SSL_get0_session SSL_get_session 1572 1573/* SSL_get1_session acts like |SSL_get_session| but returns a new reference to 1574 * the session. */ 1575OPENSSL_EXPORT SSL_SESSION *SSL_get1_session(SSL *ssl); 1576 1577/* SSL_DEFAULT_SESSION_TIMEOUT is the default lifetime, in seconds, of a 1578 * session. */ 1579#define SSL_DEFAULT_SESSION_TIMEOUT (2 * 60 * 60) 1580 1581/* SSL_CTX_set_timeout sets the lifetime, in seconds, of sessions created in 1582 * |ctx| to |timeout|. */ 1583OPENSSL_EXPORT long SSL_CTX_set_timeout(SSL_CTX *ctx, long timeout); 1584 1585/* SSL_CTX_get_timeout returns the lifetime, in seconds, of sessions created in 1586 * |ctx|. */ 1587OPENSSL_EXPORT long SSL_CTX_get_timeout(const SSL_CTX *ctx); 1588 1589/* SSL_CTX_set_session_id_context sets |ctx|'s session ID context to |sid_ctx|. 1590 * It returns one on success and zero on error. The session ID context is an 1591 * application-defined opaque byte string. A session will not be used in a 1592 * connection without a matching session ID context. 1593 * 1594 * For a server, if |SSL_VERIFY_PEER| is enabled, it is an error to not set a 1595 * session ID context. 1596 * 1597 * TODO(davidben): Is that check needed? That seems a special case of taking 1598 * care not to cross-resume across configuration changes, and this is only 1599 * relevant if a server requires client auth. */ 1600OPENSSL_EXPORT int SSL_CTX_set_session_id_context(SSL_CTX *ctx, 1601 const uint8_t *sid_ctx, 1602 unsigned sid_ctx_len); 1603 1604/* SSL_set_session_id_context sets |ssl|'s session ID context to |sid_ctx|. It 1605 * returns one on success and zero on error. See also 1606 * |SSL_CTX_set_session_id_context|. */ 1607OPENSSL_EXPORT int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, 1608 unsigned sid_ctx_len); 1609 1610/* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT is the default maximum size of a session 1611 * cache. */ 1612#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024 * 20) 1613 1614/* SSL_CTX_sess_set_cache_size sets the maximum size of |ctx|'s internal session 1615 * cache to |size|. It returns the previous value. */ 1616OPENSSL_EXPORT unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, 1617 unsigned long size); 1618 1619/* SSL_CTX_sess_get_cache_size returns the maximum size of |ctx|'s internal 1620 * session cache. */ 1621OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx); 1622 1623/* SSL_CTX_sessions returns |ctx|'s internal session cache. */ 1624OPENSSL_EXPORT LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); 1625 1626/* SSL_CTX_sess_number returns the number of sessions in |ctx|'s internal 1627 * session cache. */ 1628OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx); 1629 1630/* SSL_CTX_add_session inserts |session| into |ctx|'s internal session cache. It 1631 * returns one on success and zero on error or if |session| is already in the 1632 * cache. The caller retains its reference to |session|. */ 1633OPENSSL_EXPORT int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); 1634 1635/* SSL_CTX_remove_session removes |session| from |ctx|'s internal session cache. 1636 * It returns one on success and zero if |session| was not in the cache. */ 1637OPENSSL_EXPORT int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); 1638 1639/* SSL_CTX_flush_sessions removes all sessions from |ctx| which have expired as 1640 * of time |time|. If |time| is zero, all sessions are removed. */ 1641OPENSSL_EXPORT void SSL_CTX_flush_sessions(SSL_CTX *ctx, long time); 1642 1643/* SSL_CTX_sess_set_new_cb sets the callback to be called when a new session is 1644 * established and ready to be cached. If the session cache is disabled (the 1645 * appropriate one of |SSL_SESS_CACHE_CLIENT| or |SSL_SESS_CACHE_SERVER| is 1646 * unset), the callback is not called. 1647 * 1648 * The callback is passed a reference to |session|. It returns one if it takes 1649 * ownership and zero otherwise. 1650 * 1651 * Note: For a client, the callback may be called on abbreviated handshakes if a 1652 * ticket is renewed. Further, it may not be called until some time after 1653 * |SSL_do_handshake| or |SSL_connect| completes if False Start is enabled. Thus 1654 * it's recommended to use this callback over checking |SSL_session_reused| on 1655 * handshake completion. 1656 * 1657 * TODO(davidben): Conditioning callbacks on |SSL_SESS_CACHE_CLIENT| or 1658 * |SSL_SESS_CACHE_SERVER| doesn't make any sense when one could just as easily 1659 * not supply the callbacks. Removing that condition and the client internal 1660 * cache would simplify things. */ 1661OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb( 1662 SSL_CTX *ctx, int (*new_session_cb)(SSL *ssl, SSL_SESSION *session)); 1663 1664/* SSL_CTX_sess_get_new_cb returns the callback set by 1665 * |SSL_CTX_sess_set_new_cb|. */ 1666OPENSSL_EXPORT int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))( 1667 SSL *ssl, SSL_SESSION *session); 1668 1669/* SSL_CTX_sess_set_remove_cb sets a callback which is called when a session is 1670 * removed from the internal session cache. 1671 * 1672 * TODO(davidben): What is the point of this callback? It seems useless since it 1673 * only fires on sessions in the internal cache. */ 1674OPENSSL_EXPORT void SSL_CTX_sess_set_remove_cb( 1675 SSL_CTX *ctx, 1676 void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *session)); 1677 1678/* SSL_CTX_sess_get_remove_cb returns the callback set by 1679 * |SSL_CTX_sess_set_remove_cb|. */ 1680OPENSSL_EXPORT void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))( 1681 SSL_CTX *ctx, SSL_SESSION *session); 1682 1683/* SSL_CTX_sess_set_get_cb sets a callback to look up a session by ID for a 1684 * server. The callback is passed the session ID and should return a matching 1685 * |SSL_SESSION| or NULL if not found. It should set |*out_copy| to zero and 1686 * return a new reference to the session. This callback is not used for a 1687 * client. 1688 * 1689 * For historical reasons, if |*out_copy| is set to one (default), the SSL 1690 * library will take a new reference to the returned |SSL_SESSION|, expecting 1691 * the callback to return a non-owning pointer. This is not recommended. If 1692 * |ctx| and thus the callback is used on multiple threads, the session may be 1693 * removed and invalidated before the SSL library calls |SSL_SESSION_up_ref|, 1694 * whereas the callback may synchronize internally. 1695 * 1696 * To look up a session asynchronously, the callback may return 1697 * |SSL_magic_pending_session_ptr|. See the documentation for that function and 1698 * |SSL_ERROR_PENDING_SESSION|. 1699 * 1700 * If the internal session cache is enabled, the callback is only consulted if 1701 * the internal cache does not return a match. 1702 * 1703 * The callback's |id| parameter is not const for historical reasons, but the 1704 * contents may not be modified. */ 1705OPENSSL_EXPORT void SSL_CTX_sess_set_get_cb( 1706 SSL_CTX *ctx, 1707 SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *id, int id_len, 1708 int *out_copy)); 1709 1710/* SSL_CTX_sess_get_get_cb returns the callback set by 1711 * |SSL_CTX_sess_set_get_cb|. */ 1712OPENSSL_EXPORT SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))( 1713 SSL *ssl, uint8_t *id, int id_len, int *out_copy); 1714 1715/* SSL_magic_pending_session_ptr returns a magic |SSL_SESSION|* which indicates 1716 * that the session isn't currently unavailable. |SSL_get_error| will then 1717 * return |SSL_ERROR_PENDING_SESSION| and the handshake can be retried later 1718 * when the lookup has completed. */ 1719OPENSSL_EXPORT SSL_SESSION *SSL_magic_pending_session_ptr(void); 1720 1721 1722/* Session tickets. 1723 * 1724 * Session tickets, from RFC 5077, allow session resumption without server-side 1725 * state. Session tickets are supported in by default but may be disabled with 1726 * |SSL_OP_NO_TICKET|. 1727 * 1728 * On the client, ticket-based sessions use the same APIs as ID-based tickets. 1729 * Callers do not need to handle them differently. 1730 * 1731 * On the server, tickets are encrypted and authenticated with a secret key. By 1732 * default, an |SSL_CTX| generates a key on creation. Tickets are minted and 1733 * processed transparently. The following functions may be used to configure a 1734 * persistent key or implement more custom behavior. */ 1735 1736/* SSL_CTX_get_tlsext_ticket_keys writes |ctx|'s session ticket key material to 1737 * |len| bytes of |out|. It returns one on success and zero if |len| is not 1738 * 48. If |out| is NULL, it returns 48 instead. */ 1739OPENSSL_EXPORT int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, void *out, 1740 size_t len); 1741 1742/* SSL_CTX_set_tlsext_ticket_keys sets |ctx|'s session ticket key material to 1743 * |len| bytes of |in|. It returns one on success and zero if |len| is not 1744 * 48. If |in| is NULL, it returns 48 instead. */ 1745OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, 1746 size_t len); 1747 1748/* SSL_TICKET_KEY_NAME_LEN is the length of the key name prefix of a session 1749 * ticket. */ 1750#define SSL_TICKET_KEY_NAME_LEN 16 1751 1752/* SSL_CTX_set_tlsext_ticket_key_cb sets the ticket callback to |callback| and 1753 * returns one. |callback| will be called when encrypting a new ticket and when 1754 * decrypting a ticket from the client. 1755 * 1756 * In both modes, |ctx| and |hmac_ctx| will already have been initialized with 1757 * |EVP_CIPHER_CTX_init| and |HMAC_CTX_init|, respectively. |callback| 1758 * configures |hmac_ctx| with an HMAC digest and key, and configures |ctx| 1759 * for encryption or decryption, based on the mode. 1760 * 1761 * When encrypting a new ticket, |encrypt| will be one. It writes a public 1762 * 16-byte key name to |key_name| and a fresh IV to |iv|. The output IV length 1763 * must match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, 1764 * |callback| returns 1 on success and -1 on error. 1765 * 1766 * When decrypting a ticket, |encrypt| will be zero. |key_name| will point to a 1767 * 16-byte key name and |iv| points to an IV. The length of the IV consumed must 1768 * match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, 1769 * |callback| returns -1 to abort the handshake, 0 if decrypting the ticket 1770 * failed, and 1 or 2 on success. If it returns 2, the ticket will be renewed. 1771 * This may be used to re-key the ticket. 1772 * 1773 * WARNING: |callback| wildly breaks the usual return value convention and is 1774 * called in two different modes. */ 1775OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( 1776 SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, 1777 EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, 1778 int encrypt)); 1779 1780 1781/* Elliptic curve Diffie-Hellman. 1782 * 1783 * Cipher suites using an ECDHE key exchange perform Diffie-Hellman over an 1784 * elliptic curve negotiated by both endpoints. See RFC 4492. Only named curves 1785 * are supported. ECDHE is always enabled, but the curve preferences may be 1786 * configured with these functions. 1787 * 1788 * A client may use |SSL_SESSION_get_key_exchange_info| to determine the curve 1789 * selected. */ 1790 1791/* SSL_CTX_set1_curves sets the preferred curves for |ctx| to be |curves|. Each 1792 * element of |curves| should be a curve nid. It returns one on success and 1793 * zero on failure. */ 1794OPENSSL_EXPORT int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves, 1795 size_t curves_len); 1796 1797/* SSL_set1_curves sets the preferred curves for |ssl| to be |curves|. Each 1798 * element of |curves| should be a curve nid. It returns one on success and 1799 * zero on failure. */ 1800OPENSSL_EXPORT int SSL_set1_curves(SSL *ssl, const int *curves, 1801 size_t curves_len); 1802 1803/* SSL_CTX_set_tmp_ecdh configures |ctx| to use the curve from |ecdh| as the 1804 * curve for ephemeral ECDH keys. For historical reasons, this API expects an 1805 * |EC_KEY|, but only the curve is used. It returns one on success and zero on 1806 * error. If unset, an appropriate curve will be chosen based on curve 1807 * preferences. (This is recommended.) */ 1808OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key); 1809 1810/* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| as the curve 1811 * for ephemeral ECDH keys. For historical reasons, this API expects an 1812 * |EC_KEY|, but only the curve is used. It returns one on success and zero on 1813 * error. If unset, an appropriate curve will be chosen based on curve 1814 * preferences. (This is recommended.) */ 1815OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key); 1816 1817/* SSL_CTX_set_tmp_ecdh_callback configures |ctx| to use |callback| to determine 1818 * the curve for ephemeral ECDH keys. |callback| should ignore |is_export| and 1819 * |keylength| and return an |EC_KEY| of the selected curve or NULL on 1820 * error. Only the curve is used, so the |EC_KEY| needn't have a generated 1821 * keypair. 1822 * 1823 * If the callback is unset, an appropriate curve will be chosen based on curve 1824 * preferences. (This is recommended.) 1825 * 1826 * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so 1827 * |callback| must save and release the object elsewhere. */ 1828OPENSSL_EXPORT void SSL_CTX_set_tmp_ecdh_callback( 1829 SSL_CTX *ctx, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength)); 1830 1831/* SSL_set_tmp_ecdh_callback configures |ssl| to use |callback| to determine the 1832 * curve for ephemeral ECDH keys. |callback| should ignore |is_export| and 1833 * |keylength| and return an |EC_KEY| of the selected curve or NULL on 1834 * error. Only the curve is used, so the |EC_KEY| needn't have a generated 1835 * keypair. 1836 * 1837 * If the callback is unset, an appropriate curve will be chosen based on curve 1838 * preferences. (This is recommended.) 1839 * 1840 * WARNING: The caller does not take ownership of the resulting |EC_KEY|, so 1841 * |callback| must save and release the object elsewhere. */ 1842OPENSSL_EXPORT void SSL_set_tmp_ecdh_callback( 1843 SSL *ssl, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength)); 1844 1845/* SSL_get_curve_name returns a human-readable name for the elliptic curve 1846 * specified by the given TLS curve id, or NULL if the curve if unknown. */ 1847OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id); 1848 1849 1850/* Multiplicative Diffie-Hellman. 1851 * 1852 * Cipher suites using a DHE key exchange perform Diffie-Hellman over a 1853 * multiplicative group selected by the server. These ciphers are disabled for a 1854 * server unless a group is chosen with one of these functions. 1855 * 1856 * A client may use |SSL_SESSION_get_key_exchange_info| to determine the size of 1857 * the selected group's prime, but note that servers may select degenerate 1858 * groups. */ 1859 1860/* SSL_CTX_set_tmp_dh configures |ctx| to use the group from |dh| as the group 1861 * for DHE. Only the group is used, so |dh| needn't have a keypair. It returns 1862 * one on success and zero on error. */ 1863OPENSSL_EXPORT int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh); 1864 1865/* SSL_set_tmp_dh configures |ssl| to use the group from |dh| as the group for 1866 * DHE. Only the group is used, so |dh| needn't have a keypair. It returns one 1867 * on success and zero on error. */ 1868OPENSSL_EXPORT int SSL_set_tmp_dh(SSL *ssl, const DH *dh); 1869 1870/* SSL_CTX_set_tmp_dh_callback configures |ctx| to use |callback| to determine 1871 * the group for DHE ciphers. |callback| should ignore |is_export| and 1872 * |keylength| and return a |DH| of the selected group or NULL on error. Only 1873 * the parameters are used, so the |DH| needn't have a generated keypair. 1874 * 1875 * WARNING: The caller does not take ownership of the resulting |DH|, so 1876 * |callback| must save and release the object elsewhere. */ 1877OPENSSL_EXPORT void SSL_CTX_set_tmp_dh_callback( 1878 SSL_CTX *ctx, DH *(*callback)(SSL *ssl, int is_export, int keylength)); 1879 1880/* SSL_set_tmp_dh_callback configures |ssl| to use |callback| to determine the 1881 * group for DHE ciphers. |callback| should ignore |is_export| and |keylength| 1882 * and return a |DH| of the selected group or NULL on error. Only the 1883 * parameters are used, so the |DH| needn't have a generated keypair. 1884 * 1885 * WARNING: The caller does not take ownership of the resulting |DH|, so 1886 * |callback| must save and release the object elsewhere. */ 1887OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl, 1888 DH *(*dh)(SSL *ssl, int is_export, 1889 int keylength)); 1890 1891 1892/* Certificate verification. 1893 * 1894 * SSL may authenticate either endpoint with an X.509 certificate. Typically 1895 * this is used to authenticate the server to the client. These functions 1896 * configure certificate verification. 1897 * 1898 * WARNING: By default, certificate verification errors on a client are not 1899 * fatal. See |SSL_VERIFY_NONE| This may be configured with 1900 * |SSL_CTX_set_verify|. 1901 * 1902 * By default clients are anonymous but a server may request a certificate from 1903 * the client by setting |SSL_VERIFY_PEER|. 1904 * 1905 * Many of these functions use OpenSSL's legacy X.509 stack which is 1906 * underdocumented and deprecated, but the replacement isn't ready yet. For 1907 * now, consumers may use the existing stack or bypass it by performing 1908 * certificate verification externally. This may be done with 1909 * |SSL_CTX_set_cert_verify_callback| or by extracting the chain with 1910 * |SSL_get_peer_cert_chain| after the handshake. In the future, functions will 1911 * be added to use the SSL stack without dependency on any part of the legacy 1912 * X.509 and ASN.1 stack. 1913 * 1914 * To augment certificate verification, a client may also enable OCSP stapling 1915 * (RFC 6066) and Certificate Transparency (RFC 6962) extensions. */ 1916 1917/* SSL_VERIFY_NONE, on a client, verifies the server certificate but does not 1918 * make errors fatal. The result may be checked with |SSL_get_verify_result|. On 1919 * a server it does not request a client certificate. This is the default. */ 1920#define SSL_VERIFY_NONE 0x00 1921 1922/* SSL_VERIFY_PEER, on a client, makes server certificate errors fatal. On a 1923 * server it requests a client certificate and makes errors fatal. However, 1924 * anonymous clients are still allowed. See 1925 * |SSL_VERIFY_FAIL_IF_NO_PEER_CERT|. */ 1926#define SSL_VERIFY_PEER 0x01 1927 1928/* SSL_VERIFY_FAIL_IF_NO_PEER_CERT configures a server to reject connections if 1929 * the client declines to send a certificate. Otherwise |SSL_VERIFY_PEER| still 1930 * allows anonymous clients. */ 1931#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 1932 1933/* SSL_VERIFY_PEER_IF_NO_OBC configures a server to request a client certificate 1934 * if and only if Channel ID is not negotiated. */ 1935#define SSL_VERIFY_PEER_IF_NO_OBC 0x04 1936 1937/* SSL_CTX_set_verify configures certificate verification behavior. |mode| is 1938 * one of the |SSL_VERIFY_*| values defined above. |callback|, if not NULL, is 1939 * used to customize certificate verification. See the behavior of 1940 * |X509_STORE_CTX_set_verify_cb|. 1941 * 1942 * The callback may use |SSL_get_ex_data_X509_STORE_CTX_idx| with 1943 * |X509_STORE_CTX_get_ex_data| to look up the |SSL| from |store_ctx|. */ 1944OPENSSL_EXPORT void SSL_CTX_set_verify( 1945 SSL_CTX *ctx, int mode, int (*callback)(int ok, X509_STORE_CTX *store_ctx)); 1946 1947/* SSL_set_verify configures certificate verification behavior. |mode| is one of 1948 * the |SSL_VERIFY_*| values defined above. |callback|, if not NULL, is used to 1949 * customize certificate verification. See the behavior of 1950 * |X509_STORE_CTX_set_verify_cb|. 1951 * 1952 * The callback may use |SSL_get_ex_data_X509_STORE_CTX_idx| with 1953 * |X509_STORE_CTX_get_ex_data| to look up the |SSL| from |store_ctx|. */ 1954OPENSSL_EXPORT void SSL_set_verify(SSL *ssl, int mode, 1955 int (*callback)(int ok, 1956 X509_STORE_CTX *store_ctx)); 1957 1958/* SSL_CTX_get_verify_mode returns |ctx|'s verify mode, set by 1959 * |SSL_CTX_set_verify|. */ 1960OPENSSL_EXPORT int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); 1961 1962/* SSL_get_verify_mode returns |ssl|'s verify mode, set by |SSL_CTX_set_verify| 1963 * or |SSL_set_verify|. */ 1964OPENSSL_EXPORT int SSL_get_verify_mode(const SSL *ssl); 1965 1966/* SSL_CTX_get_verify_callback returns the callback set by 1967 * |SSL_CTX_set_verify|. */ 1968OPENSSL_EXPORT int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))( 1969 int ok, X509_STORE_CTX *store_ctx); 1970 1971/* SSL_get_verify_callback returns the callback set by |SSL_CTX_set_verify| or 1972 * |SSL_set_verify|. */ 1973OPENSSL_EXPORT int (*SSL_get_verify_callback(const SSL *ssl))( 1974 int ok, X509_STORE_CTX *store_ctx); 1975 1976/* SSL_CTX_set_verify_depth sets the maximum depth of a certificate chain 1977 * accepted in verification. This number does not include the leaf, so a depth 1978 * of 1 allows the leaf and one CA certificate. */ 1979OPENSSL_EXPORT void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); 1980 1981/* SSL_set_verify_depth sets the maximum depth of a certificate chain accepted 1982 * in verification. This number does not include the leaf, so a depth of 1 1983 * allows the leaf and one CA certificate. */ 1984OPENSSL_EXPORT void SSL_set_verify_depth(SSL *ssl, int depth); 1985 1986/* SSL_CTX_get_verify_depth returns the maximum depth of a certificate accepted 1987 * in verification. */ 1988OPENSSL_EXPORT int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); 1989 1990/* SSL_get_verify_depth returns the maximum depth of a certificate accepted in 1991 * verification. */ 1992OPENSSL_EXPORT int SSL_get_verify_depth(const SSL *ssl); 1993 1994/* SSL_CTX_set1_param sets verification parameters from |param|. It returns one 1995 * on success and zero on failure. The caller retains ownership of |param|. */ 1996OPENSSL_EXPORT int SSL_CTX_set1_param(SSL_CTX *ctx, 1997 const X509_VERIFY_PARAM *param); 1998 1999/* SSL_set1_param sets verification parameters from |param|. It returns one on 2000 * success and zero on failure. The caller retains ownership of |param|. */ 2001OPENSSL_EXPORT int SSL_set1_param(SSL *ssl, 2002 const X509_VERIFY_PARAM *param); 2003 2004/* SSL_CTX_get0_param returns |ctx|'s |X509_VERIFY_PARAM| for certificate 2005 * verification. The caller must not release the returned pointer but may call 2006 * functions on it to configure it. */ 2007OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); 2008 2009/* SSL_get0_param returns |ssl|'s |X509_VERIFY_PARAM| for certificate 2010 * verification. The caller must not release the returned pointer but may call 2011 * functions on it to configure it. */ 2012OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); 2013 2014/* SSL_CTX_set_purpose sets |ctx|'s |X509_VERIFY_PARAM|'s 'purpose' parameter to 2015 * |purpose|. It returns one on success and zero on error. */ 2016OPENSSL_EXPORT int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); 2017 2018/* SSL_set_purpose sets |ssl|'s |X509_VERIFY_PARAM|'s 'purpose' parameter to 2019 * |purpose|. It returns one on success and zero on error. */ 2020OPENSSL_EXPORT int SSL_set_purpose(SSL *ssl, int purpose); 2021 2022/* SSL_CTX_set_trust sets |ctx|'s |X509_VERIFY_PARAM|'s 'trust' parameter to 2023 * |trust|. It returns one on success and zero on error. */ 2024OPENSSL_EXPORT int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); 2025 2026/* SSL_set_trust sets |ssl|'s |X509_VERIFY_PARAM|'s 'trust' parameter to 2027 * |trust|. It returns one on success and zero on error. */ 2028OPENSSL_EXPORT int SSL_set_trust(SSL *ssl, int trust); 2029 2030/* SSL_CTX_set_cert_store sets |ctx|'s certificate store to |store|. It takes 2031 * ownership of |store|. The store is used for certificate verification. 2032 * 2033 * The store is also used for the auto-chaining feature, but this is deprecated. 2034 * See also |SSL_MODE_NO_AUTO_CHAIN|. */ 2035OPENSSL_EXPORT void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); 2036 2037/* SSL_CTX_get_cert_store returns |ctx|'s certificate store. */ 2038OPENSSL_EXPORT X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); 2039 2040/* SSL_CTX_set_default_verify_paths loads the OpenSSL system-default trust 2041 * anchors into |ctx|'s store. It returns one on success and zero on failure. */ 2042OPENSSL_EXPORT int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); 2043 2044/* SSL_CTX_load_verify_locations loads trust anchors into |ctx|'s store from 2045 * |ca_file| and |ca_dir|, either of which may be NULL. If |ca_file| is passed, 2046 * it is opened and PEM-encoded CA certificates are read. If |ca_dir| is passed, 2047 * it is treated as a directory in OpenSSL's hashed directory format. It returns 2048 * one on success and zero on failure. 2049 * 2050 * See 2051 * https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_load_verify_locations.html 2052 * for documentation on the directory format. */ 2053OPENSSL_EXPORT int SSL_CTX_load_verify_locations(SSL_CTX *ctx, 2054 const char *ca_file, 2055 const char *ca_dir); 2056 2057/* SSL_get_verify_result returns the result of certificate verification. It is 2058 * either |X509_V_OK| or a |X509_V_ERR_*| value. */ 2059OPENSSL_EXPORT long SSL_get_verify_result(const SSL *ssl); 2060 2061/* SSL_set_verify_result overrides the result of certificate verification. */ 2062OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long result); 2063 2064/* SSL_get_ex_data_X509_STORE_CTX_idx returns the ex_data index used to look up 2065 * the |SSL| associated with an |X509_STORE_CTX| in the verify callback. */ 2066OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void); 2067 2068/* SSL_CTX_set_cert_verify_callback sets a custom callback to be called on 2069 * certificate verification rather than |X509_verify_cert|. |store_ctx| contains 2070 * the verification parameters. The callback should return one on success and 2071 * zero on fatal error. It may use |X509_STORE_CTX_set_error| to set a 2072 * verification result. 2073 * 2074 * The callback may use either the |arg| parameter or 2075 * |SSL_get_ex_data_X509_STORE_CTX_idx| to recover the associated |SSL| 2076 * object. */ 2077OPENSSL_EXPORT void SSL_CTX_set_cert_verify_callback( 2078 SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *store_ctx, void *arg), 2079 void *arg); 2080 2081/* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end 2082 * of a connection) to request SCTs from the server. See 2083 * https://tools.ietf.org/html/rfc6962. It returns one. 2084 * 2085 * Call |SSL_get0_signed_cert_timestamp_list| to recover the SCT after the 2086 * handshake. */ 2087OPENSSL_EXPORT int SSL_enable_signed_cert_timestamps(SSL *ssl); 2088 2089/* SSL_CTX_enable_signed_cert_timestamps enables SCT requests on all client SSL 2090 * objects created from |ctx|. 2091 * 2092 * Call |SSL_get0_signed_cert_timestamp_list| to recover the SCT after the 2093 * handshake. */ 2094OPENSSL_EXPORT void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx); 2095 2096/* SSL_enable_ocsp_stapling causes |ssl| (which must be the client end of a 2097 * connection) to request a stapled OCSP response from the server. It returns 2098 * one. 2099 * 2100 * Call |SSL_get0_ocsp_response| to recover the OCSP response after the 2101 * handshake. */ 2102OPENSSL_EXPORT int SSL_enable_ocsp_stapling(SSL *ssl); 2103 2104/* SSL_CTX_enable_ocsp_stapling enables OCSP stapling on all client SSL objects 2105 * created from |ctx|. 2106 * 2107 * Call |SSL_get0_ocsp_response| to recover the OCSP response after the 2108 * handshake. */ 2109OPENSSL_EXPORT void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx); 2110 2111 2112/* Client certificate CA list. 2113 * 2114 * When requesting a client certificate, a server may advertise a list of 2115 * certificate authorities which are accepted. These functions may be used to 2116 * configure this list. */ 2117 2118/* SSL_set_client_CA_list sets |ssl|'s client certificate CA list to 2119 * |name_list|. It takes ownership of |name_list|. */ 2120OPENSSL_EXPORT void SSL_set_client_CA_list(SSL *ssl, 2121 STACK_OF(X509_NAME) *name_list); 2122 2123/* SSL_CTX_set_client_CA_list sets |ctx|'s client certificate CA list to 2124 * |name_list|. It takes ownership of |name_list|. */ 2125OPENSSL_EXPORT void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, 2126 STACK_OF(X509_NAME) *name_list); 2127 2128/* SSL_get_client_CA_list returns |ssl|'s client certificate CA list. If |ssl| 2129 * has not been configured as a client, this is the list configured by 2130 * |SSL_CTX_set_client_CA_list|. 2131 * 2132 * If configured as a client, it returns the client certificate CA list sent by 2133 * the server. In this mode, the behavior is undefined except during the 2134 * callbacks set by |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb| or 2135 * when the handshake is paused because of them. */ 2136OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); 2137 2138/* SSL_CTX_get_client_CA_list returns |ctx|'s client certificate CA list. */ 2139OPENSSL_EXPORT STACK_OF(X509_NAME) * 2140 SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); 2141 2142/* SSL_add_client_CA appends |x509|'s subject to the client certificate CA list. 2143 * It returns one on success or zero on error. The caller retains ownership of 2144 * |x509|. */ 2145OPENSSL_EXPORT int SSL_add_client_CA(SSL *ssl, X509 *x509); 2146 2147/* SSL_CTX_add_client_CA appends |x509|'s subject to the client certificate CA 2148 * list. It returns one on success or zero on error. The caller retains 2149 * ownership of |x509|. */ 2150OPENSSL_EXPORT int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509); 2151 2152/* SSL_load_client_CA_file opens |file| and reads PEM-encoded certificates from 2153 * it. It returns a newly-allocated stack of the certificate subjects or NULL 2154 * on error. */ 2155OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 2156 2157/* SSL_dup_CA_list makes a deep copy of |list|. It returns the new list on 2158 * success or NULL on allocation error. */ 2159OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list); 2160 2161/* SSL_add_file_cert_subjects_to_stack behaves like |SSL_load_client_CA_file| 2162 * but appends the result to |out|. It returns one on success or zero on 2163 * error. */ 2164OPENSSL_EXPORT int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, 2165 const char *file); 2166 2167/* SSL_add_dir_cert_subjects_to_stack lists files in directory |dir|. It calls 2168 * |SSL_add_file_cert_subjects_to_stack| on each file and returns one on success 2169 * or zero on error. */ 2170OPENSSL_EXPORT int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, 2171 const char *dir); 2172 2173 2174/* Server name indication. 2175 * 2176 * The server_name extension (RFC 3546) allows the client to advertise the name 2177 * of the server it is connecting to. This is used in virtual hosting 2178 * deployments to select one of a several certificates on a single IP. Only the 2179 * host_name name type is supported. */ 2180 2181#define TLSEXT_NAMETYPE_host_name 0 2182 2183/* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name| 2184 * in the server_name extension. It returns one on success and zero on error. */ 2185OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name); 2186 2187/* SSL_get_servername, for a server, returns the hostname supplied by the 2188 * client or NULL if there was none. The |type| argument must be 2189 * |TLSEXT_NAMETYPE_host_name|. */ 2190OPENSSL_EXPORT const char *SSL_get_servername(const SSL *ssl, const int type); 2191 2192/* SSL_get_servername_type, for a server, returns |TLSEXT_NAMETYPE_host_name| 2193 * if the client sent a hostname and -1 otherwise. */ 2194OPENSSL_EXPORT int SSL_get_servername_type(const SSL *ssl); 2195 2196/* SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on 2197 * the server after ClientHello extensions have been parsed and returns one. 2198 * The callback may use |SSL_get_servername| to examine the server_name extension 2199 * and returns a |SSL_TLSEXT_ERR_*| value. The value of |arg| may be set by 2200 * calling |SSL_CTX_set_tlsext_servername_arg|. 2201 * 2202 * If the callback returns |SSL_TLSEXT_ERR_NOACK|, the server_name extension is 2203 * not acknowledged in the ServerHello. If the return value is 2204 * |SSL_TLSEXT_ERR_ALERT_FATAL| or |SSL_TLSEXT_ERR_ALERT_WARNING| then 2205 * |*out_alert| must be set to the alert value to send. */ 2206OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( 2207 SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)); 2208 2209/* SSL_CTX_set_tlsext_servername_arg sets the argument to the servername 2210 * callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. */ 2211OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); 2212 2213/* SSL_TLSEXT_ERR_* are values returned by some extension-related callbacks. */ 2214#define SSL_TLSEXT_ERR_OK 0 2215#define SSL_TLSEXT_ERR_ALERT_WARNING 1 2216#define SSL_TLSEXT_ERR_ALERT_FATAL 2 2217#define SSL_TLSEXT_ERR_NOACK 3 2218 2219 2220/* Application-layer protocol negotation. 2221 * 2222 * The ALPN extension (RFC 7301) allows negotiating different application-layer 2223 * protocols over a single port. This is used, for example, to negotiate 2224 * HTTP/2. */ 2225 2226/* SSL_CTX_set_alpn_protos sets the client ALPN protocol list on |ctx| to 2227 * |protos|. |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 2228 * length-prefixed strings). It returns zero on success and one on failure. 2229 * Configuring this list enables ALPN on a client. 2230 * 2231 * WARNING: this function is dangerous because it breaks the usual return value 2232 * convention. */ 2233OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, 2234 unsigned protos_len); 2235 2236/* SSL_set_alpn_protos sets the client ALPN protocol list on |ssl| to |protos|. 2237 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit 2238 * length-prefixed strings). It returns zero on success and one on failure. 2239 * Configuring this list enables ALPN on a client. 2240 * 2241 * WARNING: this function is dangerous because it breaks the usual return value 2242 * convention. */ 2243OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, 2244 unsigned protos_len); 2245 2246/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called 2247 * during ClientHello processing in order to select an ALPN protocol from the 2248 * client's list of offered protocols. Configuring this callback enables ALPN on 2249 * a server. 2250 * 2251 * The callback is passed a wire-format (i.e. a series of non-empty, 8-bit 2252 * length-prefixed strings) ALPN protocol list in |in|. It should set |*out| and 2253 * |*out_len| to the selected protocol and return |SSL_TLSEXT_ERR_OK| on 2254 * success. It does not pass ownership of the buffer. Otherwise, it should 2255 * return |SSL_TLSEXT_ERR_NOACK|. Other |SSL_TLSEXT_ERR_*| values are 2256 * unimplemented and will be treated as |SSL_TLSEXT_ERR_NOACK|. */ 2257OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb( 2258 SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len, 2259 const uint8_t *in, unsigned in_len, void *arg), 2260 void *arg); 2261 2262/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|. 2263 * On return it sets |*out_data| to point to |*out_len| bytes of protocol name 2264 * (not including the leading length-prefix byte). If the server didn't respond 2265 * with a negotiated protocol then |*out_len| will be zero. */ 2266OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl, 2267 const uint8_t **out_data, 2268 unsigned *out_len); 2269 2270 2271/* Next protocol negotiation. 2272 * 2273 * The NPN extension (draft-agl-tls-nextprotoneg-03) is the predecessor to ALPN 2274 * and deprecated in favor of it. */ 2275 2276/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a 2277 * TLS server needs a list of supported protocols for Next Protocol 2278 * Negotiation. The returned list must be in wire format. The list is returned 2279 * by setting |*out| to point to it and |*out_len| to its length. This memory 2280 * will not be modified, but one should assume that |ssl| keeps a reference to 2281 * it. 2282 * 2283 * The callback should return |SSL_TLSEXT_ERR_OK| if it wishes to advertise. 2284 * Otherwise, no such extension will be included in the ServerHello. */ 2285OPENSSL_EXPORT void SSL_CTX_set_next_protos_advertised_cb( 2286 SSL_CTX *ctx, 2287 int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg), 2288 void *arg); 2289 2290/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a client 2291 * needs to select a protocol from the server's provided list. |*out| must be 2292 * set to point to the selected protocol (which may be within |in|). The length 2293 * of the protocol name must be written into |*out_len|. The server's advertised 2294 * protocols are provided in |in| and |in_len|. The callback can assume that 2295 * |in| is syntactically valid. 2296 * 2297 * The client must select a protocol. It is fatal to the connection if this 2298 * callback returns a value other than |SSL_TLSEXT_ERR_OK|. 2299 * 2300 * Configuring this callback enables NPN on a client. */ 2301OPENSSL_EXPORT void SSL_CTX_set_next_proto_select_cb( 2302 SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len, 2303 const uint8_t *in, unsigned in_len, void *arg), 2304 void *arg); 2305 2306/* SSL_get0_next_proto_negotiated sets |*out_data| and |*out_len| to point to 2307 * the client's requested protocol for this connection. If the client didn't 2308 * request any protocol, then |*out_data| is set to NULL. 2309 * 2310 * Note that the client can request any protocol it chooses. The value returned 2311 * from this function need not be a member of the list of supported protocols 2312 * provided by the server. */ 2313OPENSSL_EXPORT void SSL_get0_next_proto_negotiated(const SSL *ssl, 2314 const uint8_t **out_data, 2315 unsigned *out_len); 2316 2317/* SSL_select_next_proto implements the standard protocol selection. It is 2318 * expected that this function is called from the callback set by 2319 * |SSL_CTX_set_next_proto_select_cb|. 2320 * 2321 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte 2322 * strings. The length byte itself is not included in the length. A byte 2323 * string of length 0 is invalid. No byte string may be truncated. 2324 * 2325 * The current, but experimental algorithm for selecting the protocol is: 2326 * 2327 * 1) If the server doesn't support NPN then this is indicated to the 2328 * callback. In this case, the client application has to abort the connection 2329 * or have a default application level protocol. 2330 * 2331 * 2) If the server supports NPN, but advertises an empty list then the 2332 * client selects the first protcol in its list, but indicates via the 2333 * API that this fallback case was enacted. 2334 * 2335 * 3) Otherwise, the client finds the first protocol in the server's list 2336 * that it supports and selects this protocol. This is because it's 2337 * assumed that the server has better information about which protocol 2338 * a client should use. 2339 * 2340 * 4) If the client doesn't support any of the server's advertised 2341 * protocols, then this is treated the same as case 2. 2342 * 2343 * It returns either |OPENSSL_NPN_NEGOTIATED| if a common protocol was found, or 2344 * |OPENSSL_NPN_NO_OVERLAP| if the fallback case was reached. */ 2345OPENSSL_EXPORT int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, 2346 const uint8_t *server, 2347 unsigned server_len, 2348 const uint8_t *client, 2349 unsigned client_len); 2350 2351#define OPENSSL_NPN_UNSUPPORTED 0 2352#define OPENSSL_NPN_NEGOTIATED 1 2353#define OPENSSL_NPN_NO_OVERLAP 2 2354 2355 2356/* Channel ID. 2357 * 2358 * See draft-balfanz-tls-channelid-01. */ 2359 2360/* SSL_CTX_enable_tls_channel_id either configures a TLS server to accept TLS 2361 * Channel IDs from clients, or configures a client to send TLS Channel IDs to 2362 * a server. It returns one. */ 2363OPENSSL_EXPORT int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx); 2364 2365/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS 2366 * Channel IDs from clients, or configures a client to send TLS Channel IDs to 2367 * server. It returns one. */ 2368OPENSSL_EXPORT int SSL_enable_tls_channel_id(SSL *ssl); 2369 2370/* SSL_CTX_set1_tls_channel_id configures a TLS client to send a TLS Channel ID 2371 * to compatible servers. |private_key| must be a P-256 EC key. It returns one 2372 * on success and zero on error. */ 2373OPENSSL_EXPORT int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, 2374 EVP_PKEY *private_key); 2375 2376/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to 2377 * compatible servers. |private_key| must be a P-256 EC key. It returns one on 2378 * success and zero on error. */ 2379OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key); 2380 2381/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server |SSL*| 2382 * and copies up to the first |max_out| bytes into |out|. The Channel ID 2383 * consists of the client's P-256 public key as an (x,y) pair where each is a 2384 * 32-byte, big-endian field element. It returns 0 if the client didn't offer a 2385 * Channel ID and the length of the complete Channel ID otherwise. */ 2386OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, 2387 size_t max_out); 2388 2389/* SSL_CTX_set_channel_id_cb sets a callback to be called when a TLS Channel ID 2390 * is requested. The callback may set |*out_pkey| to a key, passing a reference 2391 * to the caller. If none is returned, the handshake will pause and 2392 * |SSL_get_error| will return |SSL_ERROR_WANT_CHANNEL_ID_LOOKUP|. 2393 * 2394 * See also |SSL_ERROR_WANT_CHANNEL_ID_LOOKUP|. */ 2395OPENSSL_EXPORT void SSL_CTX_set_channel_id_cb( 2396 SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey)); 2397 2398/* SSL_CTX_get_channel_id_cb returns the callback set by 2399 * |SSL_CTX_set_channel_id_cb|. */ 2400OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))( 2401 SSL *ssl, EVP_PKEY **out_pkey); 2402 2403 2404/* DTLS-SRTP. 2405 * 2406 * See RFC 5764. */ 2407 2408/* An SRTP_PROTECTION_PROFILE is an SRTP profile for use with the use_srtp 2409 * extension. */ 2410struct srtp_protection_profile_st { 2411 const char *name; 2412 unsigned long id; 2413} /* SRTP_PROTECTION_PROFILE */; 2414 2415DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) 2416 2417/* SRTP_* define constants for SRTP profiles. */ 2418#define SRTP_AES128_CM_SHA1_80 0x0001 2419#define SRTP_AES128_CM_SHA1_32 0x0002 2420#define SRTP_AES128_F8_SHA1_80 0x0003 2421#define SRTP_AES128_F8_SHA1_32 0x0004 2422#define SRTP_NULL_SHA1_80 0x0005 2423#define SRTP_NULL_SHA1_32 0x0006 2424 2425/* SSL_CTX_set_srtp_profiles enables SRTP for all SSL objects created from 2426 * |ctx|. |profile| contains a colon-separated list of profile names. It returns 2427 * one on success and zero on failure. */ 2428OPENSSL_EXPORT int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx, 2429 const char *profiles); 2430 2431/* SSL_set_srtp_profiles enables SRTP for |ssl|. |profile| contains a 2432 * colon-separated list of profile names. It returns one on success and zero on 2433 * failure. */ 2434OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL *ssl, const char *profiles); 2435 2436/* SSL_get_srtp_profiles returns the SRTP profiles supported by |ssl|. */ 2437OPENSSL_EXPORT STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles( 2438 SSL *ssl); 2439 2440/* SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if 2441 * SRTP was not negotiated. */ 2442OPENSSL_EXPORT const SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile( 2443 SSL *ssl); 2444 2445 2446/* Pre-shared keys. 2447 * 2448 * Connections may be configured with PSK (Pre-Shared Key) cipher suites. These 2449 * authenticate using out-of-band pre-shared keys rather than certificates. See 2450 * RFC 4279. 2451 * 2452 * This implementation uses NUL-terminated C strings for identities and identity 2453 * hints, so values with a NUL character are not supported. (RFC 4279 does not 2454 * specify the format of an identity.) */ 2455 2456/* PSK_MAX_IDENTITY_LEN is the maximum supported length of a PSK identity, 2457 * excluding the NUL terminator. */ 2458#define PSK_MAX_IDENTITY_LEN 128 2459 2460/* PSK_MAX_PSK_LEN is the maximum supported length of a pre-shared key. */ 2461#define PSK_MAX_PSK_LEN 256 2462 2463/* SSL_CTX_set_psk_client_callback sets the callback to be called when PSK is 2464 * negotiated on the client. This callback must be set to enable PSK cipher 2465 * suites on the client. 2466 * 2467 * The callback is passed the identity hint in |hint| or NULL if none was 2468 * provided. It should select a PSK identity and write the identity and the 2469 * corresponding PSK to |identity| and |psk|, respectively. The identity is 2470 * written as a NUL-terminated C string of length (excluding the NUL terminator) 2471 * at most |max_identity_len|. The PSK's length must be at most |max_psk_len|. 2472 * The callback returns the length of the PSK or 0 if no suitable identity was 2473 * found. */ 2474OPENSSL_EXPORT void SSL_CTX_set_psk_client_callback( 2475 SSL_CTX *ctx, 2476 unsigned (*psk_client_callback)( 2477 SSL *ssl, const char *hint, char *identity, 2478 unsigned max_identity_len, uint8_t *psk, unsigned max_psk_len)); 2479 2480/* SSL_set_psk_client_callback sets the callback to be called when PSK is 2481 * negotiated on the client. This callback must be set to enable PSK cipher 2482 * suites on the client. See also |SSL_CTX_set_psk_client_callback|. */ 2483OPENSSL_EXPORT void SSL_set_psk_client_callback( 2484 SSL *ssl, unsigned (*psk_client_callback)(SSL *ssl, const char *hint, 2485 char *identity, 2486 unsigned max_identity_len, 2487 uint8_t *psk, 2488 unsigned max_psk_len)); 2489 2490/* SSL_CTX_set_psk_server_callback sets the callback to be called when PSK is 2491 * negotiated on the server. This callback must be set to enable PSK cipher 2492 * suites on the server. 2493 * 2494 * The callback is passed the identity in |identity|. It should write a PSK of 2495 * length at most |max_psk_len| to |psk| and return the number of bytes written 2496 * or zero if the PSK identity is unknown. */ 2497OPENSSL_EXPORT void SSL_CTX_set_psk_server_callback( 2498 SSL_CTX *ctx, 2499 unsigned (*psk_server_callback)(SSL *ssl, const char *identity, 2500 uint8_t *psk, 2501 unsigned max_psk_len)); 2502 2503/* SSL_set_psk_server_callback sets the callback to be called when PSK is 2504 * negotiated on the server. This callback must be set to enable PSK cipher 2505 * suites on the server. See also |SSL_CTX_set_psk_server_callback|. */ 2506OPENSSL_EXPORT void SSL_set_psk_server_callback( 2507 SSL *ssl, 2508 unsigned (*psk_server_callback)(SSL *ssl, const char *identity, 2509 uint8_t *psk, 2510 unsigned max_psk_len)); 2511 2512/* SSL_CTX_use_psk_identity_hint configures server connections to advertise an 2513 * identity hint of |identity_hint|. It returns one on success and zero on 2514 * error. */ 2515OPENSSL_EXPORT int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, 2516 const char *identity_hint); 2517 2518/* SSL_use_psk_identity_hint configures server connections to advertise an 2519 * identity hint of |identity_hint|. It returns one on success and zero on 2520 * error. */ 2521OPENSSL_EXPORT int SSL_use_psk_identity_hint(SSL *ssl, 2522 const char *identity_hint); 2523 2524/* SSL_get_psk_identity_hint returns the PSK identity hint advertised for |ssl| 2525 * or NULL if there is none. */ 2526OPENSSL_EXPORT const char *SSL_get_psk_identity_hint(const SSL *ssl); 2527 2528/* SSL_get_psk_identity, after the handshake completes, returns the PSK identity 2529 * that was negotiated by |ssl| or NULL if PSK was not used. */ 2530OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *ssl); 2531 2532 2533/* Alerts. 2534 * 2535 * TLS and SSL 3.0 use alerts to signal error conditions. Alerts have a type 2536 * (warning or fatal) and description. OpenSSL internally handles fatal alerts 2537 * with dedicated error codes (see |SSL_AD_REASON_OFFSET|). Except for 2538 * close_notify, warning alerts are silently ignored and may only be surfaced 2539 * with |SSL_CTX_set_info_callback|. */ 2540 2541/* SSL_AD_REASON_OFFSET is the offset between error reasons and |SSL_AD_*| 2542 * values. Any error code under |ERR_LIB_SSL| with an error reason above this 2543 * value corresponds to an alert description. Consumers may add or subtract 2544 * |SSL_AD_REASON_OFFSET| to convert between them. 2545 * 2546 * make_errors.go reserves error codes above 1000 for manually-assigned errors. 2547 * This value must be kept in sync with reservedReasonCode in make_errors.h */ 2548#define SSL_AD_REASON_OFFSET 1000 2549 2550/* SSL_AD_* are alert descriptions for SSL 3.0 and TLS. */ 2551#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY 2552#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE 2553#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC 2554#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED 2555#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW 2556#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE 2557#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE 2558#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not used in TLS */ 2559#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE 2560#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE 2561#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED 2562#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED 2563#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN 2564#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER 2565#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA 2566#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED 2567#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR 2568#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR 2569#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION 2570#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION 2571#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY 2572#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR 2573#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED 2574#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION 2575#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION 2576#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE 2577#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME 2578#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE \ 2579 TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 2580#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 2581#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY 2582#define SSL_AD_INAPPROPRIATE_FALLBACK SSL3_AD_INAPPROPRIATE_FALLBACK 2583 2584/* SSL_alert_type_string_long returns a string description of |value| as an 2585 * alert type (warning or fatal). */ 2586OPENSSL_EXPORT const char *SSL_alert_type_string_long(int value); 2587 2588/* SSL_alert_desc_string_long returns a string description of |value| as an 2589 * alert description or "unknown" if unknown. */ 2590OPENSSL_EXPORT const char *SSL_alert_desc_string_long(int value); 2591 2592 2593/* ex_data functions. 2594 * 2595 * See |ex_data.h| for details. */ 2596 2597OPENSSL_EXPORT int SSL_set_ex_data(SSL *ssl, int idx, void *data); 2598OPENSSL_EXPORT void *SSL_get_ex_data(const SSL *ssl, int idx); 2599OPENSSL_EXPORT int SSL_get_ex_new_index(long argl, void *argp, 2600 CRYPTO_EX_new *new_func, 2601 CRYPTO_EX_dup *dup_func, 2602 CRYPTO_EX_free *free_func); 2603 2604OPENSSL_EXPORT int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, 2605 void *data); 2606OPENSSL_EXPORT void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, 2607 int idx); 2608OPENSSL_EXPORT int SSL_SESSION_get_ex_new_index(long argl, void *argp, 2609 CRYPTO_EX_new *new_func, 2610 CRYPTO_EX_dup *dup_func, 2611 CRYPTO_EX_free *free_func); 2612 2613OPENSSL_EXPORT int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data); 2614OPENSSL_EXPORT void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); 2615OPENSSL_EXPORT int SSL_CTX_get_ex_new_index(long argl, void *argp, 2616 CRYPTO_EX_new *new_func, 2617 CRYPTO_EX_dup *dup_func, 2618 CRYPTO_EX_free *free_func); 2619 2620 2621/* Obscure functions. */ 2622 2623/* SSL_get_rc4_state sets |*read_key| and |*write_key| to the RC4 states for 2624 * the read and write directions. It returns one on success or zero if |ssl| 2625 * isn't using an RC4-based cipher suite. */ 2626OPENSSL_EXPORT int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key, 2627 const RC4_KEY **write_key); 2628 2629/* SSL_get_ivs sets |*out_iv_len| to the length of the IVs for the ciphers 2630 * underlying |ssl| and sets |*out_read_iv| and |*out_write_iv| to point to the 2631 * current IVs for the read and write directions. This is only meaningful for 2632 * connections with implicit IVs (i.e. CBC mode with SSLv3 or TLS 1.0). 2633 * 2634 * It returns one on success or zero on error. */ 2635OPENSSL_EXPORT int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv, 2636 const uint8_t **out_write_iv, 2637 size_t *out_iv_len); 2638 2639/* SSL_get_structure_sizes returns the sizes of the SSL, SSL_CTX and 2640 * SSL_SESSION structures so that a test can ensure that outside code agrees on 2641 * these values. */ 2642OPENSSL_EXPORT void SSL_get_structure_sizes(size_t *ssl_size, 2643 size_t *ssl_ctx_size, 2644 size_t *ssl_session_size); 2645 2646/* SSL_CTX_set_msg_callback installs |cb| as the message callback for |ctx|. 2647 * This callback will be called when sending or receiving low-level record 2648 * headers, complete handshake messages, ChangeCipherSpec, and alerts. 2649 * |write_p| is one for outgoing messages and zero for incoming messages. 2650 * 2651 * For each record header, |cb| is called with |version| = 0 and |content_type| 2652 * = |SSL3_RT_HEADER|. The |len| bytes from |buf| contain the header. Note that 2653 * this does not include the record body. If the record is sealed, the length 2654 * in the header is the length of the ciphertext. 2655 * 2656 * For each handshake message, ChangeCipherSpec, and alert, |version| is the 2657 * protocol version and |content_type| is the corresponding record type. The 2658 * |len| bytes from |buf| contain the handshake message, one-byte 2659 * ChangeCipherSpec body, and two-byte alert, respectively. */ 2660OPENSSL_EXPORT void SSL_CTX_set_msg_callback( 2661 SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, 2662 const void *buf, size_t len, SSL *ssl, void *arg)); 2663 2664/* SSL_CTX_set_msg_callback_arg sets the |arg| parameter of the message 2665 * callback. */ 2666OPENSSL_EXPORT void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); 2667 2668/* SSL_set_msg_callback installs |cb| as the message callback of |ssl|. See 2669 * |SSL_CTX_set_msg_callback| for when this callback is called. */ 2670OPENSSL_EXPORT void SSL_set_msg_callback( 2671 SSL *ssl, void (*cb)(int write_p, int version, int content_type, 2672 const void *buf, size_t len, SSL *ssl, void *arg)); 2673 2674/* SSL_set_msg_callback_arg sets the |arg| parameter of the message callback. */ 2675OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg); 2676 2677/* SSL_CTX_set_keylog_bio sets configures all SSL objects attached to |ctx| to 2678 * log session material to |keylog_bio|. This is intended for debugging use 2679 * with tools like Wireshark. |ctx| takes ownership of |keylog_bio|. 2680 * 2681 * The format is described in 2682 * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. */ 2683OPENSSL_EXPORT void SSL_CTX_set_keylog_bio(SSL_CTX *ctx, BIO *keylog_bio); 2684 2685enum ssl_renegotiate_mode_t { 2686 ssl_renegotiate_never = 0, 2687 ssl_renegotiate_once, 2688 ssl_renegotiate_freely, 2689 ssl_renegotiate_ignore, 2690}; 2691 2692/* SSL_set_renegotiate_mode configures how |ssl|, a client, reacts to 2693 * renegotiation attempts by a server. If |ssl| is a server, peer-initiated 2694 * renegotiations are *always* rejected and this function does nothing. 2695 * 2696 * The renegotiation mode defaults to |ssl_renegotiate_never|, but may be set 2697 * at any point in a connection's lifetime. Set it to |ssl_renegotiate_once| to 2698 * allow one renegotiation, |ssl_renegotiate_freely| to allow all 2699 * renegotiations or |ssl_renegotiate_ignore| to ignore HelloRequest messages. 2700 * Note that ignoring HelloRequest messages may cause the connection to stall 2701 * if the server waits for the renegotiation to complete. 2702 * 2703 * There is no support in BoringSSL for initiating renegotiations as a client 2704 * or server. */ 2705OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl, 2706 enum ssl_renegotiate_mode_t mode); 2707 2708/* SSL_renegotiate_pending returns one if |ssl| is in the middle of a 2709 * renegotiation. */ 2710OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl); 2711 2712/* SSL_total_renegotiations returns the total number of renegotiation handshakes 2713 * peformed by |ssl|. This includes the pending renegotiation, if any. */ 2714OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl); 2715 2716/* SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer 2717 * certificate chain. */ 2718#define SSL_MAX_CERT_LIST_DEFAULT 1024 * 100 2719 2720/* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer 2721 * certificate chain accepted by |ctx|. */ 2722OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx); 2723 2724/* SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer 2725 * certificate chain to |max_cert_list|. This affects how much memory may be 2726 * consumed during the handshake. */ 2727OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, 2728 size_t max_cert_list); 2729 2730/* SSL_get_max_cert_list returns the maximum length, in bytes, of a peer 2731 * certificate chain accepted by |ssl|. */ 2732OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl); 2733 2734/* SSL_set_max_cert_list sets the maximum length, in bytes, of a peer 2735 * certificate chain to |max_cert_list|. This affects how much memory may be 2736 * consumed during the handshake. */ 2737OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list); 2738 2739/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records 2740 * sent by |ctx|. Beyond this length, handshake messages and application data 2741 * will be split into multiple records. */ 2742OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, 2743 size_t max_send_fragment); 2744 2745/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records 2746 * sent by |ssl|. Beyond this length, handshake messages and application data 2747 * will be split into multiple records. */ 2748OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl, 2749 size_t max_send_fragment); 2750 2751/* OPENSSL_get_big_buffer_use_count returns the total number of invalid TLS 2752 * records that were accepted because of |SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER|. 2753 * 2754 * TODO(davidben): Remove this when (hopefully!) the quirk is demonstrated to be 2755 * unnecessary. */ 2756OPENSSL_EXPORT uint64_t OPENSSL_get_big_buffer_use_count(void); 2757 2758/* OPENSSL_get_d5_bug_use_count returns the total number of invalid RSA 2759 * ClientKeyExchanges that were accepted because of |SSL_OP_TLS_D5_BUG|. 2760 * 2761 * TODO(davidben): Remove this when (hopefully!) the quirk is demonstrated to be 2762 * unnecessary. */ 2763OPENSSL_EXPORT uint64_t OPENSSL_get_d5_bug_use_count(void); 2764 2765/* ssl_early_callback_ctx is passed to certain callbacks that are called very 2766 * early on during the server handshake. At this point, much of the SSL* hasn't 2767 * been filled out and only the ClientHello can be depended on. */ 2768struct ssl_early_callback_ctx { 2769 SSL *ssl; 2770 const uint8_t *client_hello; 2771 size_t client_hello_len; 2772 const uint8_t *session_id; 2773 size_t session_id_len; 2774 const uint8_t *cipher_suites; 2775 size_t cipher_suites_len; 2776 const uint8_t *compression_methods; 2777 size_t compression_methods_len; 2778 const uint8_t *extensions; 2779 size_t extensions_len; 2780}; 2781 2782/* SSL_early_callback_ctx_extension_get searches the extensions in |ctx| for an 2783 * extension of the given type. If not found, it returns zero. Otherwise it 2784 * sets |out_data| to point to the extension contents (not including the type 2785 * and length bytes), sets |out_len| to the length of the extension contents 2786 * and returns one. */ 2787OPENSSL_EXPORT int SSL_early_callback_ctx_extension_get( 2788 const struct ssl_early_callback_ctx *ctx, uint16_t extension_type, 2789 const uint8_t **out_data, size_t *out_len); 2790 2791/* SSL_CTX_set_select_certificate_cb sets a callback that is called before most 2792 * ClientHello processing and before the decision whether to resume a session 2793 * is made. The callback may inspect the ClientHello and configure the 2794 * connection. It may then return one to continue the handshake or zero to 2795 * pause the handshake to perform an asynchronous operation. If paused, 2796 * |SSL_get_error| will return |SSL_ERROR_PENDING_CERTIFICATE|. 2797 * 2798 * Note: The |ssl_early_callback_ctx| is only valid for the duration of the 2799 * callback and is not valid while the handshake is paused. Further, unlike with 2800 * most callbacks, when the handshake loop is resumed, it will not call the 2801 * callback a second time. The caller must finish reconfiguring the connection 2802 * before resuming the handshake. */ 2803OPENSSL_EXPORT void SSL_CTX_set_select_certificate_cb( 2804 SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)); 2805 2806/* SSL_CTX_set_dos_protection_cb sets a callback that is called once the 2807 * resumption decision for a ClientHello has been made. It can return one to 2808 * allow the handshake to continue or zero to cause the handshake to abort. */ 2809OPENSSL_EXPORT void SSL_CTX_set_dos_protection_cb( 2810 SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)); 2811 2812/* SSL_ST_* are possible values for |SSL_state| and the bitmasks that make them 2813 * up. */ 2814#define SSL_ST_CONNECT 0x1000 2815#define SSL_ST_ACCEPT 0x2000 2816#define SSL_ST_MASK 0x0FFF 2817#define SSL_ST_INIT (SSL_ST_CONNECT | SSL_ST_ACCEPT) 2818#define SSL_ST_OK 0x03 2819#define SSL_ST_RENEGOTIATE (0x04 | SSL_ST_INIT) 2820 2821/* SSL_CB_* are possible values for the |type| parameter in the info 2822 * callback and the bitmasks that make them up. */ 2823#define SSL_CB_LOOP 0x01 2824#define SSL_CB_EXIT 0x02 2825#define SSL_CB_READ 0x04 2826#define SSL_CB_WRITE 0x08 2827#define SSL_CB_ALERT 0x4000 2828#define SSL_CB_READ_ALERT (SSL_CB_ALERT | SSL_CB_READ) 2829#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT | SSL_CB_WRITE) 2830#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT | SSL_CB_LOOP) 2831#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT | SSL_CB_EXIT) 2832#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT | SSL_CB_LOOP) 2833#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT | SSL_CB_EXIT) 2834#define SSL_CB_HANDSHAKE_START 0x10 2835#define SSL_CB_HANDSHAKE_DONE 0x20 2836 2837/* SSL_CTX_set_info_callback configures a callback to be run when various 2838 * events occur during a connection's lifetime. The |type| argumentj determines 2839 * the type of event and the meaning of the |value| argument. Callbacks must 2840 * ignore unexpected |type| values. 2841 * 2842 * |SSL_CB_READ_ALERT| is signaled for each alert received, warning or fatal. 2843 * The |value| argument is a 16-bit value where the alert level (either 2844 * |SSL3_AL_WARNING| or |SSL3_AL_FATAL|) is in the most-significant eight bits and 2845 * the alert type (one of |SSL_AD_*|) is in the least-significant eight. 2846 * 2847 * |SSL_CB_WRITE_ALERT| is signaled for each alert sent. The |value| argument 2848 * is constructed as with |SSL_CB_READ_ALERT|. 2849 * 2850 * |SSL_CB_HANDSHAKE_START| is signaled when a handshake begins. The |value| 2851 * argument is always one. 2852 * 2853 * |SSL_CB_HANDSHAKE_DONE| is signaled when a handshake completes successfully. 2854 * The |value| argument is always one. If a handshake False Starts, this event 2855 * may be used to determine when the Finished message is received. 2856 * 2857 * The following event types expose implementation details of the handshake 2858 * state machine. Consuming them is deprecated. 2859 * 2860 * |SSL_CB_ACCEPT_LOOP| (respectively, |SSL_CB_CONNECT_LOOP|) is signaled when 2861 * a server (respectively, client) handshake progresses. The |value| argument 2862 * is always one. For the duration of the callback, |SSL_state| will return the 2863 * previous state. 2864 * 2865 * |SSL_CB_ACCEPT_EXIT| (respectively, |SSL_CB_CONNECT_EXIT|) is signaled when 2866 * a server (respectively, client) handshake completes, fails, or is paused. 2867 * The |value| argument is one if the handshake succeeded and <= 0 2868 * otherwise. */ 2869OPENSSL_EXPORT void SSL_CTX_set_info_callback( 2870 SSL_CTX *ctx, void (*cb)(const SSL *ssl, int type, int value)); 2871 2872/* SSL_CTX_get_info_callback returns the callback set by 2873 * |SSL_CTX_set_info_callback|. */ 2874OPENSSL_EXPORT void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, 2875 int type, 2876 int value); 2877 2878/* SSL_set_info_callback configures a callback to be run at various events 2879 * during a connection's lifetime. See |SSL_CTX_set_info_callback|. */ 2880OPENSSL_EXPORT void SSL_set_info_callback( 2881 SSL *ssl, void (*cb)(const SSL *ssl, int type, int value)); 2882 2883/* SSL_get_info_callback returns the callback set by |SSL_set_info_callback|. */ 2884OPENSSL_EXPORT void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, 2885 int type, 2886 int value); 2887 2888/* SSL_state_string_long returns the current state of the handshake state 2889 * machine as a string. This may be useful for debugging and logging. */ 2890OPENSSL_EXPORT const char *SSL_state_string_long(const SSL *ssl); 2891 2892/* SSL_set_SSL_CTX partially changes |ssl|'s |SSL_CTX|. |ssl| will use the 2893 * certificate and session_id_context from |ctx|, and |SSL_get_SSL_CTX| will 2894 * report |ctx|. However most settings and the session cache itself will 2895 * continue to use the initial |SSL_CTX|. It is often used as part of SNI. 2896 * 2897 * TODO(davidben): Make a better story here and get rid of this API. Also 2898 * determine if there's anything else affected by |SSL_set_SSL_CTX| that 2899 * matters. Not as many values are affected as one might initially think. The 2900 * session cache explicitly selects the initial |SSL_CTX|. Most settings are 2901 * copied at |SSL_new| so |ctx|'s versions don't apply. This, notably, has some 2902 * consequences for any plans to make |SSL| copy-on-write most of its 2903 * configuration. */ 2904OPENSSL_EXPORT SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); 2905 2906#define SSL_SENT_SHUTDOWN 1 2907#define SSL_RECEIVED_SHUTDOWN 2 2908 2909/* SSL_get_shutdown returns a bitmask with a subset of |SSL_SENT_SHUTDOWN| and 2910 * |SSL_RECEIVED_SHUTDOWN| to query whether close_notify was sent or received, 2911 * respectively. */ 2912OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl); 2913 2914/* SSL_get_server_key_exchange_hash, on a client, returns the hash the server 2915 * used to sign the ServerKeyExchange in TLS 1.2. If not applicable, it returns 2916 * |TLSEXT_hash_none|. */ 2917OPENSSL_EXPORT uint8_t SSL_get_server_key_exchange_hash(const SSL *ssl); 2918 2919 2920/* Deprecated functions. */ 2921 2922/* SSL_library_init calls |CRYPTO_library_init| and returns one. */ 2923OPENSSL_EXPORT int SSL_library_init(void); 2924 2925/* SSL_set_reject_peer_renegotiations calls |SSL_set_renegotiate_mode| with 2926 * |ssl_never_renegotiate| if |reject| is one and |ssl_renegotiate_freely| if 2927 * zero. */ 2928OPENSSL_EXPORT void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject); 2929 2930/* SSL_CIPHER_description writes a description of |cipher| into |buf| and 2931 * returns |buf|. If |buf| is NULL, it returns a newly allocated string, to be 2932 * freed with |OPENSSL_free|, or NULL on error. 2933 * 2934 * The description includes a trailing newline and has the form: 2935 * AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 2936 * 2937 * Consider |SSL_CIPHER_get_name| or |SSL_CIPHER_get_rfc_name| instead. */ 2938OPENSSL_EXPORT const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, 2939 char *buf, int len); 2940 2941/* SSL_CIPHER_get_version returns the string "TLSv1/SSLv3". */ 2942OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); 2943 2944typedef void COMP_METHOD; 2945 2946/* SSL_COMP_get_compression_methods returns NULL. */ 2947OPENSSL_EXPORT COMP_METHOD *SSL_COMP_get_compression_methods(void); 2948 2949/* SSL_COMP_add_compression_method returns one. */ 2950OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); 2951 2952/* SSL_COMP_get_name returns NULL. */ 2953OPENSSL_EXPORT const char *SSL_COMP_get_name(const COMP_METHOD *comp); 2954 2955/* SSLv23_method calls |TLS_method|. */ 2956OPENSSL_EXPORT const SSL_METHOD *SSLv23_method(void); 2957 2958/* These version-specific methods behave exactly like |TLS_method| and 2959 * |DTLS_method| except they also call |SSL_CTX_set_min_version| and 2960 * |SSL_CTX_set_max_version| to lock connections to that protocol version. */ 2961OPENSSL_EXPORT const SSL_METHOD *SSLv3_method(void); 2962OPENSSL_EXPORT const SSL_METHOD *TLSv1_method(void); 2963OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_method(void); 2964OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_method(void); 2965OPENSSL_EXPORT const SSL_METHOD *DTLSv1_method(void); 2966OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_method(void); 2967 2968/* These client- and server-specific methods call their corresponding generic 2969 * methods. */ 2970OPENSSL_EXPORT const SSL_METHOD *SSLv23_server_method(void); 2971OPENSSL_EXPORT const SSL_METHOD *SSLv23_client_method(void); 2972OPENSSL_EXPORT const SSL_METHOD *SSLv3_server_method(void); 2973OPENSSL_EXPORT const SSL_METHOD *SSLv3_client_method(void); 2974OPENSSL_EXPORT const SSL_METHOD *TLSv1_server_method(void); 2975OPENSSL_EXPORT const SSL_METHOD *TLSv1_client_method(void); 2976OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_server_method(void); 2977OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_client_method(void); 2978OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_server_method(void); 2979OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_client_method(void); 2980OPENSSL_EXPORT const SSL_METHOD *DTLS_server_method(void); 2981OPENSSL_EXPORT const SSL_METHOD *DTLS_client_method(void); 2982OPENSSL_EXPORT const SSL_METHOD *DTLSv1_server_method(void); 2983OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void); 2984OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void); 2985OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void); 2986 2987/* SSL_clear resets |ssl| to allow another connection and returns one on success 2988 * or zero on failure. It returns most configuration state but releases memory 2989 * associated with the current connection. 2990 * 2991 * Free |ssl| and create a new one instead. */ 2992OPENSSL_EXPORT int SSL_clear(SSL *ssl); 2993 2994/* SSL_CTX_set_tmp_rsa_callback does nothing. */ 2995OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback( 2996 SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); 2997 2998/* SSL_set_tmp_rsa_callback does nothing. */ 2999OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl, 3000 RSA *(*cb)(SSL *ssl, int is_export, 3001 int keylength)); 3002 3003/* SSL_CTX_sess_connect returns zero. */ 3004OPENSSL_EXPORT int SSL_CTX_sess_connect(const SSL_CTX *ctx); 3005 3006/* SSL_CTX_sess_connect_good returns zero. */ 3007OPENSSL_EXPORT int SSL_CTX_sess_connect_good(const SSL_CTX *ctx); 3008 3009/* SSL_CTX_sess_connect_renegotiate returns zero. */ 3010OPENSSL_EXPORT int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx); 3011 3012/* SSL_CTX_sess_accept returns zero. */ 3013OPENSSL_EXPORT int SSL_CTX_sess_accept(const SSL_CTX *ctx); 3014 3015/* SSL_CTX_sess_accept_renegotiate returns zero. */ 3016OPENSSL_EXPORT int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx); 3017 3018/* SSL_CTX_sess_accept_good returns zero. */ 3019OPENSSL_EXPORT int SSL_CTX_sess_accept_good(const SSL_CTX *ctx); 3020 3021/* SSL_CTX_sess_hits returns zero. */ 3022OPENSSL_EXPORT int SSL_CTX_sess_hits(const SSL_CTX *ctx); 3023 3024/* SSL_CTX_sess_cb_hits returns zero. */ 3025OPENSSL_EXPORT int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx); 3026 3027/* SSL_CTX_sess_misses returns zero. */ 3028OPENSSL_EXPORT int SSL_CTX_sess_misses(const SSL_CTX *ctx); 3029 3030/* SSL_CTX_sess_timeouts returns zero. */ 3031OPENSSL_EXPORT int SSL_CTX_sess_timeouts(const SSL_CTX *ctx); 3032 3033/* SSL_CTX_sess_cache_full returns zero. */ 3034OPENSSL_EXPORT int SSL_CTX_sess_cache_full(const SSL_CTX *ctx); 3035 3036/* SSL_cutthrough_complete calls |SSL_in_false_start|. */ 3037OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s); 3038 3039/* SSL_num_renegotiations calls |SSL_total_renegotiations|. */ 3040OPENSSL_EXPORT int SSL_num_renegotiations(const SSL *ssl); 3041 3042/* SSL_CTX_need_tmp_RSA returns zero. */ 3043OPENSSL_EXPORT int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx); 3044 3045/* SSL_need_tmp_RSA returns zero. */ 3046OPENSSL_EXPORT int SSL_need_tmp_RSA(const SSL *ssl); 3047 3048/* SSL_CTX_set_tmp_rsa returns one. */ 3049OPENSSL_EXPORT int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa); 3050 3051/* SSL_set_tmp_rsa returns one. */ 3052OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa); 3053 3054/* SSL_CTX_get_read_ahead returns zero. */ 3055OPENSSL_EXPORT int SSL_CTX_get_read_ahead(const SSL_CTX *ctx); 3056 3057/* SSL_CTX_set_read_ahead does nothing. */ 3058OPENSSL_EXPORT void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); 3059 3060/* SSL_get_read_ahead returns zero. */ 3061OPENSSL_EXPORT int SSL_get_read_ahead(const SSL *s); 3062 3063/* SSL_set_read_ahead does nothing. */ 3064OPENSSL_EXPORT void SSL_set_read_ahead(SSL *s, int yes); 3065 3066/* SSL_renegotiate put an error on the error queue and returns zero. */ 3067OPENSSL_EXPORT int SSL_renegotiate(SSL *ssl); 3068 3069/* SSL_set_state does nothing. */ 3070OPENSSL_EXPORT void SSL_set_state(SSL *ssl, int state); 3071 3072/* SSL_MODE_HANDSHAKE_CUTTHROUGH is the same as SSL_MODE_ENABLE_FALSE_START. */ 3073#define SSL_MODE_HANDSHAKE_CUTTHROUGH SSL_MODE_ENABLE_FALSE_START 3074 3075/* i2d_SSL_SESSION serializes |in| to the bytes pointed to by |*pp|. On success, 3076 * it returns the number of bytes written and advances |*pp| by that many bytes. 3077 * On failure, it returns -1. If |pp| is NULL, no bytes are written and only the 3078 * length is returned. 3079 * 3080 * Use |SSL_SESSION_to_bytes| instead. */ 3081OPENSSL_EXPORT int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp); 3082 3083/* d2i_SSL_SESSION parses a serialized session from the |length| bytes pointed 3084 * to by |*pp|. It returns the new |SSL_SESSION| and advances |*pp| by the 3085 * number of bytes consumed on success and NULL on failure. The caller takes 3086 * ownership of the new session and must call |SSL_SESSION_free| when done. 3087 * 3088 * If |a| is non-NULL, |*a| is released and set the new |SSL_SESSION|. 3089 * 3090 * Use |SSL_SESSION_from_bytes| instead. */ 3091OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, 3092 long length); 3093 3094/* i2d_SSL_SESSION_bio serializes |session| and writes the result to |bio|. It 3095 * returns the number of bytes written on success and <= 0 on error. */ 3096OPENSSL_EXPORT int i2d_SSL_SESSION_bio(BIO *bio, const SSL_SESSION *session); 3097 3098/* d2i_SSL_SESSION_bio reads a serialized |SSL_SESSION| from |bio| and returns a 3099 * newly-allocated |SSL_SESSION| or NULL on error. If |out| is not NULL, it also 3100 * frees |*out| and sets |*out| to the new |SSL_SESSION|. */ 3101OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION_bio(BIO *bio, SSL_SESSION **out); 3102 3103/* ERR_load_SSL_strings does nothing. */ 3104OPENSSL_EXPORT void ERR_load_SSL_strings(void); 3105 3106/* SSL_load_error_strings does nothing. */ 3107OPENSSL_EXPORT void SSL_load_error_strings(void); 3108 3109/* SSL_CTX_set_tlsext_use_srtp calls |SSL_CTX_set_srtp_profiles|. It returns 3110 * zero on success and one on failure. 3111 * 3112 * WARNING: this function is dangerous because it breaks the usual return value 3113 * convention. Use |SSL_CTX_set_srtp_profiles| instead. */ 3114OPENSSL_EXPORT int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, 3115 const char *profiles); 3116 3117/* SSL_set_tlsext_use_srtp calls |SSL_set_srtp_profiles|. It returns zero on 3118 * success and one on failure. 3119 * 3120 * WARNING: this function is dangerous because it breaks the usual return value 3121 * convention. Use |SSL_set_srtp_profiles| instead. */ 3122OPENSSL_EXPORT int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); 3123 3124/* SSL_get_current_compression returns NULL. */ 3125OPENSSL_EXPORT const COMP_METHOD *SSL_get_current_compression(SSL *s); 3126 3127/* SSL_get_current_expansion returns NULL. */ 3128OPENSSL_EXPORT const COMP_METHOD *SSL_get_current_expansion(SSL *s); 3129 3130#define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)arg)) 3131#define SSL_get_app_data(s) (SSL_get_ex_data(s, 0)) 3132#define SSL_SESSION_set_app_data(s, a) \ 3133 (SSL_SESSION_set_ex_data(s, 0, (char *)a)) 3134#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s, 0)) 3135#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx, 0)) 3136#define SSL_CTX_set_app_data(ctx, arg) \ 3137 (SSL_CTX_set_ex_data(ctx, 0, (char *)arg)) 3138 3139#define OpenSSL_add_ssl_algorithms() SSL_library_init() 3140#define SSLeay_add_ssl_algorithms() SSL_library_init() 3141 3142#define SSL_get_cipher(ssl) SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)) 3143#define SSL_get_cipher_bits(ssl, out_alg_bits) \ 3144 SSL_CIPHER_get_bits(SSL_get_current_cipher(ssl), out_alg_bits) 3145#define SSL_get_cipher_version(ssl) \ 3146 SSL_CIPHER_get_version(SSL_get_current_cipher(ssl)) 3147#define SSL_get_cipher_name(ssl) \ 3148 SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)) 3149#define SSL_get_time(session) SSL_SESSION_get_time(session) 3150#define SSL_set_time(session, time) SSL_SESSION_set_time((session), (time)) 3151#define SSL_get_timeout(session) SSL_SESSION_get_timeout(session) 3152#define SSL_set_timeout(session, timeout) \ 3153 SSL_SESSION_set_timeout((session), (timeout)) 3154 3155typedef struct ssl_comp_st SSL_COMP; 3156 3157struct ssl_comp_st { 3158 int id; 3159 const char *name; 3160 char *method; 3161}; 3162 3163DECLARE_STACK_OF(SSL_COMP) 3164 3165/* The following flags toggle individual protocol versions. This is deprecated. 3166 * Use |SSL_CTX_set_min_version| and |SSL_CTX_set_max_version| instead. */ 3167#define SSL_OP_NO_SSLv3 0x02000000L 3168#define SSL_OP_NO_TLSv1 0x04000000L 3169#define SSL_OP_NO_TLSv1_2 0x08000000L 3170#define SSL_OP_NO_TLSv1_1 0x10000000L 3171#define SSL_OP_NO_DTLSv1 SSL_OP_NO_TLSv1 3172#define SSL_OP_NO_DTLSv1_2 SSL_OP_NO_TLSv1_2 3173 3174/* The following flags do nothing and are included only to make it easier to 3175 * compile code with BoringSSL. */ 3176#define SSL_MODE_AUTO_RETRY 0 3177#define SSL_MODE_RELEASE_BUFFERS 0 3178#define SSL_MODE_SEND_CLIENTHELLO_TIME 0 3179#define SSL_MODE_SEND_SERVERHELLO_TIME 0 3180#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0 3181#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0 3182#define SSL_OP_EPHEMERAL_RSA 0 3183#define SSL_OP_MICROSOFT_SESS_ID_BUG 0 3184#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0 3185#define SSL_OP_NETSCAPE_CA_DN_BUG 0 3186#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0 3187#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0 3188#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0 3189#define SSL_OP_NO_COMPRESSION 0 3190#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0 3191#define SSL_OP_NO_SSLv2 0 3192#define SSL_OP_PKCS1_CHECK_1 0 3193#define SSL_OP_PKCS1_CHECK_2 0 3194#define SSL_OP_SINGLE_DH_USE 0 3195#define SSL_OP_SINGLE_ECDH_USE 0 3196#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0 3197#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0 3198#define SSL_OP_TLS_BLOCK_PADDING_BUG 0 3199#define SSL_OP_TLS_ROLLBACK_BUG 0 3200#define SSL_VERIFY_CLIENT_ONCE 0 3201 3202/* SSL_cache_hit calls |SSL_session_resumed|. */ 3203OPENSSL_EXPORT int SSL_cache_hit(SSL *ssl); 3204 3205/* SSL_get_default_timeout returns |SSL_DEFAULT_SESSION_TIMEOUT|. */ 3206OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *ssl); 3207 3208/* SSL_get_version returns a string describing the TLS version used by |ssl|. 3209 * For example, "TLSv1.2" or "SSLv3". */ 3210OPENSSL_EXPORT const char *SSL_get_version(const SSL *ssl); 3211 3212/* SSL_get_cipher_list returns the name of the |n|th cipher in the output of 3213 * |SSL_get_ciphers| or NULL if out of range. Use |SSL_get_ciphers| insteads. */ 3214OPENSSL_EXPORT const char *SSL_get_cipher_list(const SSL *ssl, int n); 3215 3216/* SSL_CTX_set_client_cert_cb sets a callback which is called on the client if 3217 * the server requests a client certificate and none is configured. On success, 3218 * the callback should return one and set |*out_x509| to |*out_pkey| to a leaf 3219 * certificate and private key, respectively, passing ownership. It should 3220 * return zero to send no certificate and -1 to fail or pause the handshake. If 3221 * the handshake is paused, |SSL_get_error| will return 3222 * |SSL_ERROR_WANT_X509_LOOKUP|. 3223 * 3224 * The callback may call |SSL_get0_certificate_types| and 3225 * |SSL_get_client_CA_list| for information on the server's certificate request. 3226 * 3227 * Use |SSL_CTX_set_cert_cb| instead. Configuring intermediate certificates with 3228 * this function is confusing. */ 3229OPENSSL_EXPORT void SSL_CTX_set_client_cert_cb( 3230 SSL_CTX *ctx, 3231 int (*client_cert_cb)(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey)); 3232 3233/* SSL_CTX_get_client_cert_cb returns the callback set by 3234 * |SSL_CTX_set_client_cert_cb|. */ 3235OPENSSL_EXPORT int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))( 3236 SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey); 3237 3238#define SSL_NOTHING 1 3239#define SSL_WRITING 2 3240#define SSL_READING 3 3241#define SSL_X509_LOOKUP 4 3242#define SSL_CHANNEL_ID_LOOKUP 5 3243#define SSL_PENDING_SESSION 7 3244#define SSL_CERTIFICATE_SELECTION_PENDING 8 3245#define SSL_PRIVATE_KEY_OPERATION 9 3246 3247/* SSL_want returns one of the above values to determine what the most recent 3248 * operation on |ssl| was blocked on. Use |SSL_get_error| instead. */ 3249OPENSSL_EXPORT int SSL_want(const SSL *ssl); 3250 3251#define SSL_want_nothing(ssl) (SSL_want(ssl) == SSL_NOTHING) 3252#define SSL_want_read(ssl) (SSL_want(ssl) == SSL_READING) 3253#define SSL_want_write(ssl) (SSL_want(ssl) == SSL_WRITING) 3254#define SSL_want_x509_lookup(ssl) (SSL_want(ssl) == SSL_X509_LOOKUP) 3255#define SSL_want_channel_id_lookup(ssl) (SSL_want(ssl) == SSL_CHANNEL_ID_LOOKUP) 3256#define SSL_want_session(ssl) (SSL_want(ssl) == SSL_PENDING_SESSION) 3257#define SSL_want_certificate(ssl) \ 3258 (SSL_want(ssl) == SSL_CERTIFICATE_SELECTION_PENDING) 3259#define SSL_want_private_key_operation(ssl) \ 3260 (SSL_want(ssl) == SSL_PRIVATE_KEY_OPERATION) 3261 3262 /* SSL_get_finished writes up to |count| bytes of the Finished message sent by 3263 * |ssl| to |buf|. It returns the total untruncated length or zero if none has 3264 * been sent yet. 3265 * 3266 * Use |SSL_get_tls_unique| instead. */ 3267OPENSSL_EXPORT size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count); 3268 3269 /* SSL_get_peer_finished writes up to |count| bytes of the Finished message 3270 * received from |ssl|'s peer to |buf|. It returns the total untruncated length 3271 * or zero if none has been received yet. 3272 * 3273 * Use |SSL_get_tls_unique| instead. */ 3274OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *ssl, void *buf, 3275 size_t count); 3276 3277/* SSL_alert_type_string returns "!". Use |SSL_alert_type_string_long| 3278 * instead. */ 3279OPENSSL_EXPORT const char *SSL_alert_type_string(int value); 3280 3281/* SSL_alert_desc_string returns "!!". Use |SSL_alert_desc_string_long| 3282 * instead. */ 3283OPENSSL_EXPORT const char *SSL_alert_desc_string(int value); 3284 3285/* SSL_TXT_* expand to strings. */ 3286#define SSL_TXT_MEDIUM "MEDIUM" 3287#define SSL_TXT_HIGH "HIGH" 3288#define SSL_TXT_FIPS "FIPS" 3289#define SSL_TXT_kRSA "kRSA" 3290#define SSL_TXT_kDHE "kDHE" 3291#define SSL_TXT_kEDH "kEDH" 3292#define SSL_TXT_kECDHE "kECDHE" 3293#define SSL_TXT_kEECDH "kEECDH" 3294#define SSL_TXT_kPSK "kPSK" 3295#define SSL_TXT_aRSA "aRSA" 3296#define SSL_TXT_aECDSA "aECDSA" 3297#define SSL_TXT_aPSK "aPSK" 3298#define SSL_TXT_DH "DH" 3299#define SSL_TXT_DHE "DHE" 3300#define SSL_TXT_EDH "EDH" 3301#define SSL_TXT_RSA "RSA" 3302#define SSL_TXT_ECDH "ECDH" 3303#define SSL_TXT_ECDHE "ECDHE" 3304#define SSL_TXT_EECDH "EECDH" 3305#define SSL_TXT_ECDSA "ECDSA" 3306#define SSL_TXT_PSK "PSK" 3307#define SSL_TXT_3DES "3DES" 3308#define SSL_TXT_RC4 "RC4" 3309#define SSL_TXT_AES128 "AES128" 3310#define SSL_TXT_AES256 "AES256" 3311#define SSL_TXT_AES "AES" 3312#define SSL_TXT_AES_GCM "AESGCM" 3313#define SSL_TXT_CHACHA20 "CHACHA20" 3314#define SSL_TXT_MD5 "MD5" 3315#define SSL_TXT_SHA1 "SHA1" 3316#define SSL_TXT_SHA "SHA" 3317#define SSL_TXT_SHA256 "SHA256" 3318#define SSL_TXT_SHA384 "SHA384" 3319#define SSL_TXT_SSLV3 "SSLv3" 3320#define SSL_TXT_TLSV1 "TLSv1" 3321#define SSL_TXT_TLSV1_1 "TLSv1.1" 3322#define SSL_TXT_TLSV1_2 "TLSv1.2" 3323#define SSL_TXT_ALL "ALL" 3324#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" 3325 3326typedef struct ssl_conf_ctx_st SSL_CONF_CTX; 3327 3328/* SSL_state returns the current state of the handshake state machine. */ 3329OPENSSL_EXPORT int SSL_state(const SSL *ssl); 3330 3331#define SSL_get_state(ssl) SSL_state(ssl) 3332 3333/* SSL_state_string returns the current state of the handshake state machine as 3334 * a six-letter string. Use |SSL_state_string_long| for a more intelligible 3335 * string. */ 3336OPENSSL_EXPORT const char *SSL_state_string(const SSL *ssl); 3337 3338/* SSL_set_shutdown causes |ssl| to behave as if the shutdown bitmask (see 3339 * |SSL_get_shutdown|) were |mode|. This may be used to skip sending or 3340 * receiving close_notify in |SSL_shutdown| by causing the implementation to 3341 * believe the events already happened. 3342 * 3343 * It is an error to use |SSL_set_shutdown| to unset a bit that has already been 3344 * set. Doing so will trigger an |assert| in debug builds and otherwise be 3345 * ignored. 3346 * 3347 * Use |SSL_CTX_set_quiet_shutdown| instead. */ 3348OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode); 3349 3350 3351/* Private structures. 3352 * 3353 * This structures are exposed for historical reasons, but access to them is 3354 * deprecated. */ 3355 3356typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD; 3357typedef struct ssl3_enc_method SSL3_ENC_METHOD; 3358typedef struct ssl_aead_ctx_st SSL_AEAD_CTX; 3359 3360struct ssl_cipher_st { 3361 /* name is the OpenSSL name for the cipher. */ 3362 const char *name; 3363 /* id is the cipher suite value bitwise OR-d with 0x03000000. */ 3364 uint32_t id; 3365 3366 /* The following are internal fields. See ssl/internal.h for their values. */ 3367 3368 uint32_t algorithm_mkey; 3369 uint32_t algorithm_auth; 3370 uint32_t algorithm_enc; 3371 uint32_t algorithm_mac; 3372 uint32_t algorithm_ssl; 3373 uint32_t algo_strength; 3374 uint32_t algorithm_prf; 3375 3376 /* strength_bits is the strength of the cipher in bits. */ 3377 int strength_bits; 3378 /* alg_bits is the number of bits of key material used by the algorithm. */ 3379 int alg_bits; 3380}; 3381 3382#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 3383#define SSL_MAX_SID_CTX_LENGTH 32 3384#define SSL_MAX_MASTER_KEY_LENGTH 48 3385 3386struct ssl_session_st { 3387 CRYPTO_refcount_t references; 3388 int ssl_version; /* what ssl version session info is being kept in here? */ 3389 3390 /* key_exchange_info contains an indication of the size of the asymmetric 3391 * primitive used in the handshake that created this session. In the event 3392 * that two asymmetric operations are used, this value applies to the one 3393 * that controls the confidentiality of the connection. Its interpretation 3394 * depends on the primitive that was used; as specified by the cipher suite: 3395 * DHE: the size, in bits, of the multiplicative group. 3396 * RSA: the size, in bits, of the modulus. 3397 * ECDHE: the TLS id for the curve. 3398 * 3399 * A zero indicates that the value is unknown. */ 3400 uint32_t key_exchange_info; 3401 3402 int master_key_length; 3403 uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH]; 3404 3405 /* session_id - valid? */ 3406 unsigned int session_id_length; 3407 uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; 3408 /* this is used to determine whether the session is being reused in 3409 * the appropriate context. It is up to the application to set this, 3410 * via SSL_new */ 3411 unsigned int sid_ctx_length; 3412 uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 3413 3414 char *psk_identity; 3415 /* peer is the peer's certificate. */ 3416 X509 *peer; 3417 3418 /* cert_chain is the certificate chain sent by the peer. NOTE: for historical 3419 * reasons, when a client (so the peer is a server), the chain includes 3420 * |peer|, but when a server it does not. */ 3421 STACK_OF(X509) *cert_chain; 3422 3423 /* when app_verify_callback accepts a session where the peer's certificate is 3424 * not ok, we must remember the error for session reuse: */ 3425 long verify_result; /* only for servers */ 3426 3427 long timeout; 3428 long time; 3429 3430 const SSL_CIPHER *cipher; 3431 3432 CRYPTO_EX_DATA ex_data; /* application specific data */ 3433 3434 /* These are used to make removal of session-ids more efficient and to 3435 * implement a maximum cache size. */ 3436 SSL_SESSION *prev, *next; 3437 char *tlsext_hostname; 3438 3439 /* RFC4507 info */ 3440 uint8_t *tlsext_tick; /* Session ticket */ 3441 size_t tlsext_ticklen; /* Session ticket length */ 3442 3443 size_t tlsext_signed_cert_timestamp_list_length; 3444 uint8_t *tlsext_signed_cert_timestamp_list; /* Server's list. */ 3445 3446 /* The OCSP response that came with the session. */ 3447 size_t ocsp_response_length; 3448 uint8_t *ocsp_response; 3449 3450 /* peer_sha256 contains the SHA-256 hash of the peer's certificate if 3451 * |peer_sha256_valid| is true. */ 3452 uint8_t peer_sha256[SHA256_DIGEST_LENGTH]; 3453 3454 /* original_handshake_hash contains the handshake hash (either SHA-1+MD5 or 3455 * SHA-2, depending on TLS version) for the original, full handshake that 3456 * created a session. This is used by Channel IDs during resumption. */ 3457 uint8_t original_handshake_hash[EVP_MAX_MD_SIZE]; 3458 unsigned original_handshake_hash_len; 3459 3460 uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 3461 3462 /* extended_master_secret is true if the master secret in this session was 3463 * generated using EMS and thus isn't vulnerable to the Triple Handshake 3464 * attack. */ 3465 unsigned extended_master_secret:1; 3466 3467 /* peer_sha256_valid is non-zero if |peer_sha256| is valid. */ 3468 unsigned peer_sha256_valid:1; /* Non-zero if peer_sha256 is valid */ 3469 3470 /* not_resumable is used to indicate that session resumption is not allowed. 3471 * Applications can also set this bit for a new session via 3472 * not_resumable_session_cb to disable session caching and tickets. */ 3473 unsigned not_resumable:1; 3474}; 3475 3476/* ssl_cipher_preference_list_st contains a list of SSL_CIPHERs with 3477 * equal-preference groups. For TLS clients, the groups are moot because the 3478 * server picks the cipher and groups cannot be expressed on the wire. However, 3479 * for servers, the equal-preference groups allow the client's preferences to 3480 * be partially respected. (This only has an effect with 3481 * SSL_OP_CIPHER_SERVER_PREFERENCE). 3482 * 3483 * The equal-preference groups are expressed by grouping SSL_CIPHERs together. 3484 * All elements of a group have the same priority: no ordering is expressed 3485 * within a group. 3486 * 3487 * The values in |ciphers| are in one-to-one correspondence with 3488 * |in_group_flags|. (That is, sk_SSL_CIPHER_num(ciphers) is the number of 3489 * bytes in |in_group_flags|.) The bytes in |in_group_flags| are either 1, to 3490 * indicate that the corresponding SSL_CIPHER is not the last element of a 3491 * group, or 0 to indicate that it is. 3492 * 3493 * For example, if |in_group_flags| contains all zeros then that indicates a 3494 * traditional, fully-ordered preference. Every SSL_CIPHER is the last element 3495 * of the group (i.e. they are all in a one-element group). 3496 * 3497 * For a more complex example, consider: 3498 * ciphers: A B C D E F 3499 * in_group_flags: 1 1 0 0 1 0 3500 * 3501 * That would express the following, order: 3502 * 3503 * A E 3504 * B -> D -> F 3505 * C 3506 */ 3507struct ssl_cipher_preference_list_st { 3508 STACK_OF(SSL_CIPHER) *ciphers; 3509 uint8_t *in_group_flags; 3510}; 3511 3512struct ssl_ctx_st { 3513 const SSL_PROTOCOL_METHOD *method; 3514 3515 /* lock is used to protect various operations on this object. */ 3516 CRYPTO_MUTEX lock; 3517 3518 /* max_version is the maximum acceptable protocol version. If zero, the 3519 * maximum supported version, currently (D)TLS 1.2, is used. */ 3520 uint16_t max_version; 3521 3522 /* min_version is the minimum acceptable protocl version. If zero, the 3523 * minimum supported version, currently SSL 3.0 and DTLS 1.0, is used */ 3524 uint16_t min_version; 3525 3526 struct ssl_cipher_preference_list_st *cipher_list; 3527 /* same as above but sorted for lookup */ 3528 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 3529 3530 /* cipher_list_tls10 is the list of ciphers when TLS 1.0 or greater is in 3531 * use. This only applies to server connections as, for clients, the version 3532 * number is known at connect time and so the cipher list can be set then. If 3533 * |cipher_list_tls11| is non-NULL then this applies only to TLS 1.0 3534 * connections. 3535 * 3536 * TODO(agl): this exists to assist in the death of SSLv3. It can hopefully 3537 * be removed after that. */ 3538 struct ssl_cipher_preference_list_st *cipher_list_tls10; 3539 3540 /* cipher_list_tls11 is the list of ciphers when TLS 1.1 or greater is in 3541 * use. This only applies to server connections as, for clients, the version 3542 * number is known at connect time and so the cipher list can be set then. */ 3543 struct ssl_cipher_preference_list_st *cipher_list_tls11; 3544 3545 X509_STORE *cert_store; 3546 LHASH_OF(SSL_SESSION) *sessions; 3547 /* Most session-ids that will be cached, default is 3548 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ 3549 unsigned long session_cache_size; 3550 SSL_SESSION *session_cache_head; 3551 SSL_SESSION *session_cache_tail; 3552 3553 /* handshakes_since_cache_flush is the number of successful handshakes since 3554 * the last cache flush. */ 3555 int handshakes_since_cache_flush; 3556 3557 /* This can have one of 2 values, ored together, 3558 * SSL_SESS_CACHE_CLIENT, 3559 * SSL_SESS_CACHE_SERVER, 3560 * Default is SSL_SESSION_CACHE_SERVER, which means only 3561 * SSL_accept which cache SSL_SESSIONS. */ 3562 int session_cache_mode; 3563 3564 /* If timeout is not 0, it is the default timeout value set when SSL_new() is 3565 * called. This has been put in to make life easier to set things up */ 3566 long session_timeout; 3567 3568 /* If this callback is not null, it will be called each time a session id is 3569 * added to the cache. If this function returns 1, it means that the 3570 * callback will do a SSL_SESSION_free() when it has finished using it. 3571 * Otherwise, on 0, it means the callback has finished with it. If 3572 * remove_session_cb is not null, it will be called when a session-id is 3573 * removed from the cache. After the call, OpenSSL will SSL_SESSION_free() 3574 * it. */ 3575 int (*new_session_cb)(SSL *ssl, SSL_SESSION *sess); 3576 void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *sess); 3577 SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *data, int len, 3578 int *copy); 3579 3580 CRYPTO_refcount_t references; 3581 3582 /* if defined, these override the X509_verify_cert() calls */ 3583 int (*app_verify_callback)(X509_STORE_CTX *store_ctx, void *arg); 3584 void *app_verify_arg; 3585 3586 /* Default password callback. */ 3587 pem_password_cb *default_passwd_callback; 3588 3589 /* Default password callback user data. */ 3590 void *default_passwd_callback_userdata; 3591 3592 /* get client cert callback */ 3593 int (*client_cert_cb)(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey); 3594 3595 /* get channel id callback */ 3596 void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey); 3597 3598 CRYPTO_EX_DATA ex_data; 3599 3600 /* custom_*_extensions stores any callback sets for custom extensions. Note 3601 * that these pointers will be NULL if the stack would otherwise be empty. */ 3602 STACK_OF(SSL_CUSTOM_EXTENSION) *client_custom_extensions; 3603 STACK_OF(SSL_CUSTOM_EXTENSION) *server_custom_extensions; 3604 3605 /* Default values used when no per-SSL value is defined follow */ 3606 3607 void (*info_callback)(const SSL *ssl, int type, int value); 3608 3609 /* what we put in client cert requests */ 3610 STACK_OF(X509_NAME) *client_CA; 3611 3612 3613 /* Default values to use in SSL structures follow (these are copied by 3614 * SSL_new) */ 3615 3616 uint32_t options; 3617 uint32_t mode; 3618 uint32_t max_cert_list; 3619 3620 struct cert_st /* CERT */ *cert; 3621 3622 /* callback that allows applications to peek at protocol messages */ 3623 void (*msg_callback)(int write_p, int version, int content_type, 3624 const void *buf, size_t len, SSL *ssl, void *arg); 3625 void *msg_callback_arg; 3626 3627 int verify_mode; 3628 unsigned int sid_ctx_length; 3629 uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 3630 int (*default_verify_callback)( 3631 int ok, X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ 3632 3633 X509_VERIFY_PARAM *param; 3634 3635 /* select_certificate_cb is called before most ClientHello processing and 3636 * before the decision whether to resume a session is made. It may return one 3637 * to continue the handshake or zero to cause the handshake loop to return 3638 * with an error and cause SSL_get_error to return 3639 * SSL_ERROR_PENDING_CERTIFICATE. Note: when the handshake loop is resumed, it 3640 * will not call the callback a second time. */ 3641 int (*select_certificate_cb)(const struct ssl_early_callback_ctx *); 3642 3643 /* dos_protection_cb is called once the resumption decision for a ClientHello 3644 * has been made. It returns one to continue the handshake or zero to 3645 * abort. */ 3646 int (*dos_protection_cb) (const struct ssl_early_callback_ctx *); 3647 3648 /* Maximum amount of data to send in one fragment. actual record size can be 3649 * more than this due to padding and MAC overheads. */ 3650 uint16_t max_send_fragment; 3651 3652 /* TLS extensions servername callback */ 3653 int (*tlsext_servername_callback)(SSL *, int *, void *); 3654 void *tlsext_servername_arg; 3655 /* RFC 4507 session ticket keys */ 3656 uint8_t tlsext_tick_key_name[SSL_TICKET_KEY_NAME_LEN]; 3657 uint8_t tlsext_tick_hmac_key[16]; 3658 uint8_t tlsext_tick_aes_key[16]; 3659 /* Callback to support customisation of ticket key setting */ 3660 int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv, 3661 EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); 3662 3663 /* Server-only: psk_identity_hint is the default identity hint to send in 3664 * PSK-based key exchanges. */ 3665 char *psk_identity_hint; 3666 3667 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 3668 char *identity, 3669 unsigned int max_identity_len, 3670 uint8_t *psk, unsigned int max_psk_len); 3671 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 3672 uint8_t *psk, unsigned int max_psk_len); 3673 3674 3675 /* retain_only_sha256_of_client_certs is true if we should compute the SHA256 3676 * hash of the peer's certifiate and then discard it to save memory and 3677 * session space. Only effective on the server side. */ 3678 char retain_only_sha256_of_client_certs; 3679 3680 /* Next protocol negotiation information */ 3681 /* (for experimental NPN extension). */ 3682 3683 /* For a server, this contains a callback function by which the set of 3684 * advertised protocols can be provided. */ 3685 int (*next_protos_advertised_cb)(SSL *ssl, const uint8_t **out, 3686 unsigned *out_len, void *arg); 3687 void *next_protos_advertised_cb_arg; 3688 /* For a client, this contains a callback function that selects the 3689 * next protocol from the list provided by the server. */ 3690 int (*next_proto_select_cb)(SSL *ssl, uint8_t **out, uint8_t *out_len, 3691 const uint8_t *in, unsigned in_len, void *arg); 3692 void *next_proto_select_cb_arg; 3693 3694 /* ALPN information 3695 * (we are in the process of transitioning from NPN to ALPN.) */ 3696 3697 /* For a server, this contains a callback function that allows the 3698 * server to select the protocol for the connection. 3699 * out: on successful return, this must point to the raw protocol 3700 * name (without the length prefix). 3701 * outlen: on successful return, this contains the length of |*out|. 3702 * in: points to the client's list of supported protocols in 3703 * wire-format. 3704 * inlen: the length of |in|. */ 3705 int (*alpn_select_cb)(SSL *s, const uint8_t **out, uint8_t *out_len, 3706 const uint8_t *in, unsigned in_len, void *arg); 3707 void *alpn_select_cb_arg; 3708 3709 /* For a client, this contains the list of supported protocols in wire 3710 * format. */ 3711 uint8_t *alpn_client_proto_list; 3712 unsigned alpn_client_proto_list_len; 3713 3714 /* SRTP profiles we are willing to do from RFC 5764 */ 3715 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 3716 3717 /* EC extension values inherited by SSL structure */ 3718 size_t tlsext_ellipticcurvelist_length; 3719 uint16_t *tlsext_ellipticcurvelist; 3720 3721 /* The client's Channel ID private key. */ 3722 EVP_PKEY *tlsext_channel_id_private; 3723 3724 /* Signed certificate timestamp list to be sent to the client, if requested */ 3725 uint8_t *signed_cert_timestamp_list; 3726 size_t signed_cert_timestamp_list_length; 3727 3728 /* OCSP response to be sent to the client, if requested. */ 3729 uint8_t *ocsp_response; 3730 size_t ocsp_response_length; 3731 3732 /* If not NULL, session key material will be logged to this BIO for debugging 3733 * purposes. The format matches NSS's and is readable by Wireshark. */ 3734 BIO *keylog_bio; 3735 3736 /* current_time_cb, if not NULL, is the function to use to get the current 3737 * time. It sets |*out_clock| to the current time. */ 3738 void (*current_time_cb)(const SSL *ssl, struct timeval *out_clock); 3739 3740 /* quiet_shutdown is true if the connection should not send a close_notify on 3741 * shutdown. */ 3742 unsigned quiet_shutdown:1; 3743 3744 /* ocsp_stapling_enabled is only used by client connections and indicates 3745 * whether OCSP stapling will be requested. */ 3746 unsigned ocsp_stapling_enabled:1; 3747 3748 /* If true, a client will request certificate timestamps. */ 3749 unsigned signed_cert_timestamps_enabled:1; 3750 3751 /* tlsext_channel_id_enabled is copied from the |SSL_CTX|. For a server, 3752 * means that we'll accept Channel IDs from clients. For a client, means that 3753 * we'll advertise support. */ 3754 unsigned tlsext_channel_id_enabled:1; 3755}; 3756 3757struct ssl_st { 3758 /* version is the protocol version. */ 3759 int version; 3760 3761 /* max_version is the maximum acceptable protocol version. If zero, the 3762 * maximum supported version, currently (D)TLS 1.2, is used. */ 3763 uint16_t max_version; 3764 3765 /* min_version is the minimum acceptable protocl version. If zero, the 3766 * minimum supported version, currently SSL 3.0 and DTLS 1.0, is used */ 3767 uint16_t min_version; 3768 3769 /* method is the method table corresponding to the current protocol (DTLS or 3770 * TLS). */ 3771 const SSL_PROTOCOL_METHOD *method; 3772 3773 /* enc_method is the method table corresponding to the current protocol 3774 * version. */ 3775 const SSL3_ENC_METHOD *enc_method; 3776 3777 /* There are 2 BIO's even though they are normally both the same. This is so 3778 * data can be read and written to different handlers */ 3779 3780 BIO *rbio; /* used by SSL_read */ 3781 BIO *wbio; /* used by SSL_write */ 3782 3783 /* bbio, if non-NULL, is a buffer placed in front of |wbio| to pack handshake 3784 * messages within one flight into a single |BIO_write|. 3785 * 3786 * TODO(davidben): This does not work right for DTLS. It assumes the MTU is 3787 * smaller than the buffer size so that the buffer's internal flushing never 3788 * kicks in. It also doesn't kick in for DTLS retransmission. Replace this 3789 * with a better mechanism. */ 3790 BIO *bbio; 3791 3792 int (*handshake_func)(SSL *); 3793 3794 /* Imagine that here's a boolean member "init" that is switched as soon as 3795 * SSL_set_{accept/connect}_state is called for the first time, so that 3796 * "state" and "handshake_func" are properly initialized. But as 3797 * handshake_func is == 0 until then, we use this test instead of an "init" 3798 * member. */ 3799 3800 int shutdown; /* we have shut things down, 0x01 sent, 0x02 3801 * for received */ 3802 int state; /* where we are */ 3803 3804 BUF_MEM *init_buf; /* buffer used during init */ 3805 uint8_t *init_msg; /* pointer to handshake message body, set by 3806 ssl3_get_message() */ 3807 int init_num; /* amount read/written */ 3808 int init_off; /* amount read/written */ 3809 3810 struct ssl3_state_st *s3; /* SSLv3 variables */ 3811 struct dtls1_state_st *d1; /* DTLSv1 variables */ 3812 3813 /* callback that allows applications to peek at protocol messages */ 3814 void (*msg_callback)(int write_p, int version, int content_type, 3815 const void *buf, size_t len, SSL *ssl, void *arg); 3816 void *msg_callback_arg; 3817 3818 X509_VERIFY_PARAM *param; 3819 3820 /* crypto */ 3821 struct ssl_cipher_preference_list_st *cipher_list; 3822 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 3823 3824 SSL_AEAD_CTX *aead_read_ctx; 3825 SSL_AEAD_CTX *aead_write_ctx; 3826 3827 /* session info */ 3828 3829 /* client cert? */ 3830 /* This is used to hold the server certificate used */ 3831 struct cert_st /* CERT */ *cert; 3832 3833 /* This holds a variable that indicates what we were doing when a 0 or -1 is 3834 * returned. This is needed for non-blocking IO so we know what request 3835 * needs re-doing when in SSL_accept or SSL_connect */ 3836 int rwstate; 3837 3838 /* the session_id_context is used to ensure sessions are only reused 3839 * in the appropriate context */ 3840 unsigned int sid_ctx_length; 3841 uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 3842 3843 /* This can also be in the session once a session is established */ 3844 SSL_SESSION *session; 3845 3846 int (*verify_callback)(int ok, 3847 X509_STORE_CTX *ctx); /* fail if callback returns 0 */ 3848 3849 void (*info_callback)(const SSL *ssl, int type, int value); 3850 3851 /* Server-only: psk_identity_hint is the identity hint to send in 3852 * PSK-based key exchanges. */ 3853 char *psk_identity_hint; 3854 3855 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 3856 char *identity, 3857 unsigned int max_identity_len, 3858 uint8_t *psk, unsigned int max_psk_len); 3859 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 3860 uint8_t *psk, unsigned int max_psk_len); 3861 3862 SSL_CTX *ctx; 3863 3864 /* extra application data */ 3865 long verify_result; 3866 CRYPTO_EX_DATA ex_data; 3867 3868 /* for server side, keep the list of CA_dn we can use */ 3869 STACK_OF(X509_NAME) *client_CA; 3870 3871 uint32_t options; /* protocol behaviour */ 3872 uint32_t mode; /* API behaviour */ 3873 uint32_t max_cert_list; 3874 int client_version; /* what was passed, used for 3875 * SSLv3/TLS rollback check */ 3876 uint16_t max_send_fragment; 3877 char *tlsext_hostname; 3878 /* RFC4507 session ticket expected to be received or sent */ 3879 int tlsext_ticket_expected; 3880 size_t tlsext_ellipticcurvelist_length; 3881 uint16_t *tlsext_ellipticcurvelist; /* our list */ 3882 3883 SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ 3884 3885 /* Next protocol negotiation. For the client, this is the protocol that we 3886 * sent in NextProtocol and is set when handling ServerHello extensions. 3887 * 3888 * For a server, this is the client's selected_protocol from NextProtocol and 3889 * is set when handling the NextProtocol message, before the Finished 3890 * message. */ 3891 uint8_t *next_proto_negotiated; 3892 size_t next_proto_negotiated_len; 3893 3894 /* srtp_profiles is the list of configured SRTP protection profiles for 3895 * DTLS-SRTP. */ 3896 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 3897 3898 /* srtp_profile is the selected SRTP protection profile for 3899 * DTLS-SRTP. */ 3900 const SRTP_PROTECTION_PROFILE *srtp_profile; 3901 3902 /* The client's Channel ID private key. */ 3903 EVP_PKEY *tlsext_channel_id_private; 3904 3905 /* For a client, this contains the list of supported protocols in wire 3906 * format. */ 3907 uint8_t *alpn_client_proto_list; 3908 unsigned alpn_client_proto_list_len; 3909 3910 /* renegotiate_mode controls how peer renegotiation attempts are handled. */ 3911 enum ssl_renegotiate_mode_t renegotiate_mode; 3912 3913 /* These fields are always NULL and exist only to keep wpa_supplicant happy 3914 * about the change to EVP_AEAD. They are only needed for EAP-FAST, which we 3915 * don't support. */ 3916 EVP_CIPHER_CTX *enc_read_ctx; 3917 EVP_MD_CTX *read_hash; 3918 3919 /* in_handshake is non-zero when we are actually in SSL_accept() or 3920 * SSL_connect() */ 3921 int in_handshake; 3922 3923 /* verify_mode is a bitmask of |SSL_VERIFY_*| values. */ 3924 uint8_t verify_mode; 3925 3926 /* hit is true if this connection is resuming a previous session. */ 3927 unsigned hit:1; 3928 3929 /* server is true iff the this SSL* is the server half. Note: before the SSL* 3930 * is initialized by either SSL_set_accept_state or SSL_set_connect_state, 3931 * the side is not determined. In this state, server is always false. */ 3932 unsigned server:1; 3933 3934 /* quiet_shutdown is true if the connection should not send a close_notify on 3935 * shutdown. */ 3936 unsigned quiet_shutdown:1; 3937 3938 /* Enable signed certificate time stamps. Currently client only. */ 3939 unsigned signed_cert_timestamps_enabled:1; 3940 3941 /* ocsp_stapling_enabled is only used by client connections and indicates 3942 * whether OCSP stapling will be requested. */ 3943 unsigned ocsp_stapling_enabled:1; 3944 3945 /* tlsext_channel_id_enabled is copied from the |SSL_CTX|. For a server, 3946 * means that we'll accept Channel IDs from clients. For a client, means that 3947 * we'll advertise support. */ 3948 unsigned tlsext_channel_id_enabled:1; 3949}; 3950 3951typedef struct ssl3_record_st { 3952 /* type is the record type. */ 3953 uint8_t type; 3954 /* length is the number of unconsumed bytes of |data|. */ 3955 uint16_t length; 3956 /* off is the number of consumed bytes of |data|. */ 3957 uint16_t off; 3958 /* data is a non-owning pointer to the record contents. The total length of 3959 * the buffer is |off| + |length|. */ 3960 uint8_t *data; 3961} SSL3_RECORD; 3962 3963typedef struct ssl3_buffer_st { 3964 /* buf is the memory allocated for this buffer. */ 3965 uint8_t *buf; 3966 /* offset is the offset into |buf| which the buffer contents start at. */ 3967 uint16_t offset; 3968 /* len is the length of the buffer contents from |buf| + |offset|. */ 3969 uint16_t len; 3970 /* cap is how much memory beyond |buf| + |offset| is available. */ 3971 uint16_t cap; 3972} SSL3_BUFFER; 3973 3974/* TODO(davidben): This flag can probably be merged into s3->change_cipher_spec 3975 * to something tri-state. (Normal / Expect CCS / Between CCS and Finished). */ 3976#define SSL3_FLAGS_EXPECT_CCS 0x0080 3977 3978typedef struct ssl3_state_st { 3979 long flags; 3980 3981 uint8_t read_sequence[8]; 3982 int read_mac_secret_size; 3983 uint8_t read_mac_secret[EVP_MAX_MD_SIZE]; 3984 uint8_t write_sequence[8]; 3985 int write_mac_secret_size; 3986 uint8_t write_mac_secret[EVP_MAX_MD_SIZE]; 3987 3988 uint8_t server_random[SSL3_RANDOM_SIZE]; 3989 uint8_t client_random[SSL3_RANDOM_SIZE]; 3990 3991 /* flags for countermeasure against known-IV weakness */ 3992 int need_record_splitting; 3993 3994 /* have_version is true if the connection's final version is known. Otherwise 3995 * the version has not been negotiated yet. */ 3996 char have_version; 3997 3998 /* initial_handshake_complete is true if the initial handshake has 3999 * completed. */ 4000 char initial_handshake_complete; 4001 4002 /* read_buffer holds data from the transport to be processed. */ 4003 SSL3_BUFFER read_buffer; 4004 /* write_buffer holds data to be written to the transport. */ 4005 SSL3_BUFFER write_buffer; 4006 4007 SSL3_RECORD rrec; /* each decoded record goes in here */ 4008 4009 /* storage for Handshake protocol data received but not yet processed by 4010 * ssl3_read_bytes: */ 4011 uint8_t handshake_fragment[4]; 4012 unsigned int handshake_fragment_len; 4013 4014 /* partial write - check the numbers match */ 4015 unsigned int wnum; /* number of bytes sent so far */ 4016 int wpend_tot; /* number bytes written */ 4017 int wpend_type; 4018 int wpend_ret; /* number of bytes submitted */ 4019 const uint8_t *wpend_buf; 4020 4021 /* handshake_buffer, if non-NULL, contains the handshake transcript. */ 4022 BUF_MEM *handshake_buffer; 4023 /* handshake_hash, if initialized with an |EVP_MD|, maintains the handshake 4024 * hash. For TLS 1.1 and below, it is the SHA-1 half. */ 4025 EVP_MD_CTX handshake_hash; 4026 /* handshake_md5, if initialized with an |EVP_MD|, maintains the MD5 half of 4027 * the handshake hash for TLS 1.1 and below. */ 4028 EVP_MD_CTX handshake_md5; 4029 4030 /* this is set whenerver we see a change_cipher_spec message come in when we 4031 * are not looking for one */ 4032 int change_cipher_spec; 4033 4034 int warn_alert; 4035 int fatal_alert; 4036 /* we allow one fatal and one warning alert to be outstanding, send close 4037 * alert via the warning alert */ 4038 int alert_dispatch; 4039 uint8_t send_alert[2]; 4040 4041 int total_renegotiations; 4042 4043 /* empty_record_count is the number of consecutive empty records received. */ 4044 uint8_t empty_record_count; 4045 4046 /* warning_alert_count is the number of consecutive warning alerts 4047 * received. */ 4048 uint8_t warning_alert_count; 4049 4050 /* State pertaining to the pending handshake. 4051 * 4052 * TODO(davidben): State is current spread all over the place. Move 4053 * pending handshake state here so it can be managed separately from 4054 * established connection state in case of renegotiations. */ 4055 struct { 4056 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ 4057 uint8_t finish_md[EVP_MAX_MD_SIZE * 2]; 4058 int finish_md_len; 4059 uint8_t peer_finish_md[EVP_MAX_MD_SIZE * 2]; 4060 int peer_finish_md_len; 4061 4062 unsigned long message_size; 4063 int message_type; 4064 4065 /* used to hold the new cipher we are going to use */ 4066 const SSL_CIPHER *new_cipher; 4067 DH *dh; 4068 4069 EC_KEY *ecdh; /* holds short lived ECDH key */ 4070 4071 /* used when SSL_ST_FLUSH_DATA is entered */ 4072 int next_state; 4073 4074 int reuse_message; 4075 4076 union { 4077 /* sent is a bitset where the bits correspond to elements of kExtensions 4078 * in t1_lib.c. Each bit is set if that extension was sent in a 4079 * ClientHello. It's not used by servers. */ 4080 uint32_t sent; 4081 /* received is a bitset, like |sent|, but is used by servers to record 4082 * which extensions were received from a client. */ 4083 uint32_t received; 4084 } extensions; 4085 4086 union { 4087 /* sent is a bitset where the bits correspond to elements of 4088 * |client_custom_extensions| in the |SSL_CTX|. Each bit is set if that 4089 * extension was sent in a ClientHello. It's not used by servers. */ 4090 uint16_t sent; 4091 /* received is a bitset, like |sent|, but is used by servers to record 4092 * which custom extensions were received from a client. The bits here 4093 * correspond to |server_custom_extensions|. */ 4094 uint16_t received; 4095 } custom_extensions; 4096 4097 /* SNI extension */ 4098 4099 /* should_ack_sni is used by a server and indicates that the SNI extension 4100 * should be echoed in the ServerHello. */ 4101 unsigned should_ack_sni:1; 4102 4103 4104 /* Client-only: cert_req determines if a client certificate is to be sent. 4105 * This is 0 if no client Certificate message is to be sent, 1 if there is 4106 * a client certificate, and 2 to send an empty client Certificate 4107 * message. */ 4108 int cert_req; 4109 4110 /* Client-only: ca_names contains the list of CAs received in a 4111 * CertificateRequest message. */ 4112 STACK_OF(X509_NAME) *ca_names; 4113 4114 /* Client-only: certificate_types contains the set of certificate types 4115 * received in a CertificateRequest message. */ 4116 uint8_t *certificate_types; 4117 size_t num_certificate_types; 4118 4119 int key_block_length; 4120 uint8_t *key_block; 4121 4122 const EVP_AEAD *new_aead; 4123 uint8_t new_mac_secret_len; 4124 uint8_t new_fixed_iv_len; 4125 uint8_t new_variable_iv_len; 4126 4127 /* Server-only: cert_request is true if a client certificate was 4128 * requested. */ 4129 int cert_request; 4130 4131 /* certificate_status_expected is true if OCSP stapling was negotiated and 4132 * the server is expected to send a CertificateStatus message. (This is 4133 * used on both the client and server sides.) */ 4134 unsigned certificate_status_expected:1; 4135 4136 /* ocsp_stapling_requested is true if a client requested OCSP stapling. */ 4137 unsigned ocsp_stapling_requested:1; 4138 4139 /* Server-only: peer_ellipticcurvelist contains the EC curve IDs advertised 4140 * by the peer. This is only set on the server's end. The server does not 4141 * advertise this extension to the client. */ 4142 uint16_t *peer_ellipticcurvelist; 4143 size_t peer_ellipticcurvelist_length; 4144 4145 /* extended_master_secret indicates whether the extended master secret 4146 * computation is used in this handshake. Note that this is different from 4147 * whether it was used for the current session. If this is a resumption 4148 * handshake then EMS might be negotiated in the client and server hello 4149 * messages, but it doesn't matter if the session that's being resumed 4150 * didn't use it to create the master secret initially. */ 4151 char extended_master_secret; 4152 4153 /* Client-only: peer_psk_identity_hint is the psk_identity_hint sent by the 4154 * server when using a PSK key exchange. */ 4155 char *peer_psk_identity_hint; 4156 4157 /* new_mac_secret_size is unused and exists only until wpa_supplicant can 4158 * be updated. It is only needed for EAP-FAST, which we don't support. */ 4159 uint8_t new_mac_secret_size; 4160 4161 /* Client-only: in_false_start is one if there is a pending handshake in 4162 * False Start. The client may write data at this point. */ 4163 char in_false_start; 4164 4165 /* server_key_exchange_hash, on a client, is the hash the server used to 4166 * sign the ServerKeyExchange in TLS 1.2. If not applicable, it is 4167 * |TLSEXT_hash_none|. */ 4168 uint8_t server_key_exchange_hash; 4169 4170 /* peer_dh_tmp, on a client, is the server's DHE public key. */ 4171 DH *peer_dh_tmp; 4172 4173 /* peer_ecdh_tmp, on a client, is the server's ECDHE public key. */ 4174 EC_KEY *peer_ecdh_tmp; 4175 } tmp; 4176 4177 /* Connection binding to prevent renegotiation attacks */ 4178 uint8_t previous_client_finished[EVP_MAX_MD_SIZE]; 4179 uint8_t previous_client_finished_len; 4180 uint8_t previous_server_finished[EVP_MAX_MD_SIZE]; 4181 uint8_t previous_server_finished_len; 4182 int send_connection_binding; /* TODOEKR */ 4183 4184 /* Set if we saw the Next Protocol Negotiation extension from our peer. */ 4185 int next_proto_neg_seen; 4186 4187 /* ALPN information 4188 * (we are in the process of transitioning from NPN to ALPN.) */ 4189 4190 /* In a server these point to the selected ALPN protocol after the 4191 * ClientHello has been processed. In a client these contain the protocol 4192 * that the server selected once the ServerHello has been processed. */ 4193 uint8_t *alpn_selected; 4194 size_t alpn_selected_len; 4195 4196 /* In a client, this means that the server supported Channel ID and that a 4197 * Channel ID was sent. In a server it means that we echoed support for 4198 * Channel IDs and that tlsext_channel_id will be valid after the 4199 * handshake. */ 4200 char tlsext_channel_id_valid; 4201 /* For a server: 4202 * If |tlsext_channel_id_valid| is true, then this contains the 4203 * verified Channel ID from the client: a P256 point, (x,y), where 4204 * each are big-endian values. */ 4205 uint8_t tlsext_channel_id[64]; 4206} SSL3_STATE; 4207 4208 4209/* Android compatibility section (hidden). 4210 * 4211 * These functions are declared, temporarily, for Android because 4212 * wpa_supplicant will take a little time to sync with upstream. Outside of 4213 * Android they'll have no definition. */ 4214 4215#define SSL_F_SSL_SET_SESSION_TICKET_EXT doesnt_exist 4216 4217OPENSSL_EXPORT int SSL_set_session_ticket_ext(SSL *s, void *ext_data, 4218 int ext_len); 4219OPENSSL_EXPORT int SSL_set_session_secret_cb(SSL *s, void *cb, void *arg); 4220OPENSSL_EXPORT int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg); 4221OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); 4222 4223 4224/* Preprocessor compatibility section (hidden). 4225 * 4226 * Historically, a number of APIs were implemented in OpenSSL as macros and 4227 * constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this 4228 * section defines a number of legacy macros. 4229 * 4230 * Although using either the CTRL values or their wrapper macros in #ifdefs is 4231 * still supported, the CTRL values may not be passed to |SSL_ctrl| and 4232 * |SSL_CTX_ctrl|. Call the functions (previously wrapper macros) instead. */ 4233 4234#define DTLS_CTRL_GET_TIMEOUT doesnt_exist 4235#define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist 4236#define SSL_CTRL_CHAIN doesnt_exist 4237#define SSL_CTRL_CHAIN_CERT doesnt_exist 4238#define SSL_CTRL_CHANNEL_ID doesnt_exist 4239#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS doesnt_exist 4240#define SSL_CTRL_CLEAR_MODE doesnt_exist 4241#define SSL_CTRL_CLEAR_OPTIONS doesnt_exist 4242#define SSL_CTRL_EXTRA_CHAIN_CERT doesnt_exist 4243#define SSL_CTRL_GET_CHAIN_CERTS doesnt_exist 4244#define SSL_CTRL_GET_CHANNEL_ID doesnt_exist 4245#define SSL_CTRL_GET_CLIENT_CERT_TYPES doesnt_exist 4246#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS doesnt_exist 4247#define SSL_CTRL_GET_MAX_CERT_LIST doesnt_exist 4248#define SSL_CTRL_GET_NUM_RENEGOTIATIONS doesnt_exist 4249#define SSL_CTRL_GET_READ_AHEAD doesnt_exist 4250#define SSL_CTRL_GET_RI_SUPPORT doesnt_exist 4251#define SSL_CTRL_GET_SESSION_REUSED doesnt_exist 4252#define SSL_CTRL_GET_SESS_CACHE_MODE doesnt_exist 4253#define SSL_CTRL_GET_SESS_CACHE_SIZE doesnt_exist 4254#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS doesnt_exist 4255#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS doesnt_exist 4256#define SSL_CTRL_MODE doesnt_exist 4257#define SSL_CTRL_NEED_TMP_RSA doesnt_exist 4258#define SSL_CTRL_OPTIONS doesnt_exist 4259#define SSL_CTRL_SESS_NUMBER doesnt_exist 4260#define SSL_CTRL_SET_CHANNEL_ID doesnt_exist 4261#define SSL_CTRL_SET_CURVES doesnt_exist 4262#define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist 4263#define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist 4264#define SSL_CTRL_SET_MSG_CALLBACK doesnt_exist 4265#define SSL_CTRL_SET_MSG_CALLBACK_ARG doesnt_exist 4266#define SSL_CTRL_SET_MTU doesnt_exist 4267#define SSL_CTRL_SET_READ_AHEAD doesnt_exist 4268#define SSL_CTRL_SET_SESS_CACHE_MODE doesnt_exist 4269#define SSL_CTRL_SET_SESS_CACHE_SIZE doesnt_exist 4270#define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist 4271#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG doesnt_exist 4272#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist 4273#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS doesnt_exist 4274#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist 4275#define SSL_CTRL_SET_TMP_DH doesnt_exist 4276#define SSL_CTRL_SET_TMP_DH_CB doesnt_exist 4277#define SSL_CTRL_SET_TMP_ECDH doesnt_exist 4278#define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist 4279#define SSL_CTRL_SET_TMP_RSA doesnt_exist 4280#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist 4281 4282#define DTLSv1_get_timeout DTLSv1_get_timeout 4283#define DTLSv1_handle_timeout DTLSv1_handle_timeout 4284#define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert 4285#define SSL_CTX_add1_chain_cert SSL_CTX_add1_chain_cert 4286#define SSL_CTX_add_extra_chain_cert SSL_CTX_add_extra_chain_cert 4287#define SSL_CTX_clear_extra_chain_certs SSL_CTX_clear_extra_chain_certs 4288#define SSL_CTX_clear_chain_certs SSL_CTX_clear_chain_certs 4289#define SSL_CTX_clear_mode SSL_CTX_clear_mode 4290#define SSL_CTX_clear_options SSL_CTX_clear_options 4291#define SSL_CTX_enable_tls_channel_id SSL_CTX_enable_tls_channel_id 4292#define SSL_CTX_get0_chain_certs SSL_CTX_get0_chain_certs 4293#define SSL_CTX_get_extra_chain_certs SSL_CTX_get_extra_chain_certs 4294#define SSL_CTX_get_max_cert_list SSL_CTX_get_max_cert_list 4295#define SSL_CTX_get_mode SSL_CTX_get_mode 4296#define SSL_CTX_get_options SSL_CTX_get_options 4297#define SSL_CTX_get_read_ahead SSL_CTX_get_read_ahead 4298#define SSL_CTX_get_session_cache_mode SSL_CTX_get_session_cache_mode 4299#define SSL_CTX_get_tlsext_ticket_keys SSL_CTX_get_tlsext_ticket_keys 4300#define SSL_CTX_need_tmp_RSA SSL_CTX_need_tmp_RSA 4301#define SSL_CTX_sess_get_cache_size SSL_CTX_sess_get_cache_size 4302#define SSL_CTX_sess_number SSL_CTX_sess_number 4303#define SSL_CTX_sess_set_cache_size SSL_CTX_sess_set_cache_size 4304#define SSL_CTX_set0_chain SSL_CTX_set0_chain 4305#define SSL_CTX_set1_chain SSL_CTX_set1_chain 4306#define SSL_CTX_set1_curves SSL_CTX_set1_curves 4307#define SSL_CTX_set1_tls_channel_id SSL_CTX_set1_tls_channel_id 4308#define SSL_CTX_set_max_cert_list SSL_CTX_set_max_cert_list 4309#define SSL_CTX_set_max_send_fragment SSL_CTX_set_max_send_fragment 4310#define SSL_CTX_set_mode SSL_CTX_set_mode 4311#define SSL_CTX_set_msg_callback_arg SSL_CTX_set_msg_callback_arg 4312#define SSL_CTX_set_options SSL_CTX_set_options 4313#define SSL_CTX_set_read_ahead SSL_CTX_set_read_ahead 4314#define SSL_CTX_set_session_cache_mode SSL_CTX_set_session_cache_mode 4315#define SSL_CTX_set_tlsext_servername_arg SSL_CTX_set_tlsext_servername_arg 4316#define SSL_CTX_set_tlsext_servername_callback \ 4317 SSL_CTX_set_tlsext_servername_callback 4318#define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb 4319#define SSL_CTX_set_tlsext_ticket_keys SSL_CTX_set_tlsext_ticket_keys 4320#define SSL_CTX_set_tmp_dh SSL_CTX_set_tmp_dh 4321#define SSL_CTX_set_tmp_ecdh SSL_CTX_set_tmp_ecdh 4322#define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa 4323#define SSL_add0_chain_cert SSL_add0_chain_cert 4324#define SSL_add1_chain_cert SSL_add1_chain_cert 4325#define SSL_clear_chain_certs SSL_clear_chain_certs 4326#define SSL_clear_mode SSL_clear_mode 4327#define SSL_clear_options SSL_clear_options 4328#define SSL_enable_tls_channel_id SSL_enable_tls_channel_id 4329#define SSL_get0_certificate_types SSL_get0_certificate_types 4330#define SSL_get0_chain_certs SSL_get0_chain_certs 4331#define SSL_get_max_cert_list SSL_get_max_cert_list 4332#define SSL_get_mode SSL_get_mode 4333#define SSL_get_options SSL_get_options 4334#define SSL_get_secure_renegotiation_support \ 4335 SSL_get_secure_renegotiation_support 4336#define SSL_get_tls_channel_id SSL_get_tls_channel_id 4337#define SSL_need_tmp_RSA SSL_need_tmp_RSA 4338#define SSL_num_renegotiations SSL_num_renegotiations 4339#define SSL_session_reused SSL_session_reused 4340#define SSL_set0_chain SSL_set0_chain 4341#define SSL_set1_chain SSL_set1_chain 4342#define SSL_set1_curves SSL_set1_curves 4343#define SSL_set1_tls_channel_id SSL_set1_tls_channel_id 4344#define SSL_set_max_cert_list SSL_set_max_cert_list 4345#define SSL_set_max_send_fragment SSL_set_max_send_fragment 4346#define SSL_set_mode SSL_set_mode 4347#define SSL_set_msg_callback_arg SSL_set_msg_callback_arg 4348#define SSL_set_mtu SSL_set_mtu 4349#define SSL_set_options SSL_set_options 4350#define SSL_set_tlsext_host_name SSL_set_tlsext_host_name 4351#define SSL_set_tmp_dh SSL_set_tmp_dh 4352#define SSL_set_tmp_ecdh SSL_set_tmp_ecdh 4353#define SSL_set_tmp_rsa SSL_set_tmp_rsa 4354#define SSL_total_renegotiations SSL_total_renegotiations 4355 4356 4357#if defined(__cplusplus) 4358} /* extern C */ 4359#endif 4360 4361#define SSL_R_APP_DATA_IN_HANDSHAKE 100 4362#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101 4363#define SSL_R_BAD_ALERT 102 4364#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 4365#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 104 4366#define SSL_R_BAD_DH_P_LENGTH 105 4367#define SSL_R_BAD_DIGEST_LENGTH 106 4368#define SSL_R_BAD_ECC_CERT 107 4369#define SSL_R_BAD_ECPOINT 108 4370#define SSL_R_BAD_HANDSHAKE_LENGTH 109 4371#define SSL_R_BAD_HANDSHAKE_RECORD 110 4372#define SSL_R_BAD_HELLO_REQUEST 111 4373#define SSL_R_BAD_LENGTH 112 4374#define SSL_R_BAD_PACKET_LENGTH 113 4375#define SSL_R_BAD_RSA_ENCRYPT 114 4376#define SSL_R_BAD_SIGNATURE 115 4377#define SSL_R_BAD_SRTP_MKI_VALUE 116 4378#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 117 4379#define SSL_R_BAD_SSL_FILETYPE 118 4380#define SSL_R_BAD_WRITE_RETRY 119 4381#define SSL_R_BIO_NOT_SET 120 4382#define SSL_R_BN_LIB 121 4383#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 122 4384#define SSL_R_CA_DN_LENGTH_MISMATCH 123 4385#define SSL_R_CA_DN_TOO_LONG 124 4386#define SSL_R_CCS_RECEIVED_EARLY 125 4387#define SSL_R_CERTIFICATE_VERIFY_FAILED 126 4388#define SSL_R_CERT_CB_ERROR 127 4389#define SSL_R_CERT_LENGTH_MISMATCH 128 4390#define SSL_R_CHANNEL_ID_NOT_P256 129 4391#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 130 4392#define SSL_R_CIPHER_CODE_WRONG_LENGTH 131 4393#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 132 4394#define SSL_R_CLIENTHELLO_PARSE_FAILED 133 4395#define SSL_R_CLIENTHELLO_TLSEXT 134 4396#define SSL_R_CONNECTION_REJECTED 135 4397#define SSL_R_CONNECTION_TYPE_NOT_SET 136 4398#define SSL_R_COOKIE_MISMATCH 137 4399#define SSL_R_D2I_ECDSA_SIG 138 4400#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 139 4401#define SSL_R_DATA_LENGTH_TOO_LONG 140 4402#define SSL_R_DECODE_ERROR 141 4403#define SSL_R_DECRYPTION_FAILED 142 4404#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 143 4405#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 144 4406#define SSL_R_DIGEST_CHECK_FAILED 145 4407#define SSL_R_DTLS_MESSAGE_TOO_BIG 146 4408#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 147 4409#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 148 4410#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 149 4411#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 150 4412#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 151 4413#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 152 4414#define SSL_R_EXCESSIVE_MESSAGE_SIZE 153 4415#define SSL_R_EXTRA_DATA_IN_MESSAGE 154 4416#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 155 4417#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 156 4418#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 157 4419#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 158 4420#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 159 4421#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 160 4422#define SSL_R_HTTPS_PROXY_REQUEST 161 4423#define SSL_R_HTTP_REQUEST 162 4424#define SSL_R_INAPPROPRIATE_FALLBACK 163 4425#define SSL_R_INVALID_COMMAND 164 4426#define SSL_R_INVALID_MESSAGE 165 4427#define SSL_R_INVALID_SSL_SESSION 166 4428#define SSL_R_INVALID_TICKET_KEYS_LENGTH 167 4429#define SSL_R_LENGTH_MISMATCH 168 4430#define SSL_R_LIBRARY_HAS_NO_CIPHERS 169 4431#define SSL_R_MISSING_DH_KEY 170 4432#define SSL_R_MISSING_ECDSA_SIGNING_CERT 171 4433#define SSL_R_MISSING_RSA_CERTIFICATE 172 4434#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 173 4435#define SSL_R_MISSING_RSA_SIGNING_CERT 174 4436#define SSL_R_MISSING_TMP_DH_KEY 175 4437#define SSL_R_MISSING_TMP_ECDH_KEY 176 4438#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 177 4439#define SSL_R_MTU_TOO_SMALL 178 4440#define SSL_R_NESTED_GROUP 179 4441#define SSL_R_NO_CERTIFICATES_RETURNED 180 4442#define SSL_R_NO_CERTIFICATE_ASSIGNED 181 4443#define SSL_R_NO_CERTIFICATE_SET 182 4444#define SSL_R_NO_CIPHERS_AVAILABLE 183 4445#define SSL_R_NO_CIPHERS_PASSED 184 4446#define SSL_R_NO_CIPHERS_SPECIFIED 185 4447#define SSL_R_NO_CIPHER_MATCH 186 4448#define SSL_R_NO_COMPRESSION_SPECIFIED 187 4449#define SSL_R_NO_METHOD_SPECIFIED 188 4450#define SSL_R_NO_P256_SUPPORT 189 4451#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 4452#define SSL_R_NO_RENEGOTIATION 191 4453#define SSL_R_NO_REQUIRED_DIGEST 192 4454#define SSL_R_NO_SHARED_CIPHER 193 4455#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 194 4456#define SSL_R_NO_SRTP_PROFILES 195 4457#define SSL_R_NULL_SSL_CTX 196 4458#define SSL_R_NULL_SSL_METHOD_PASSED 197 4459#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 198 4460#define SSL_R_PACKET_LENGTH_TOO_LONG 199 4461#define SSL_R_PARSE_TLSEXT 200 4462#define SSL_R_PATH_TOO_LONG 201 4463#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 202 4464#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 203 4465#define SSL_R_PROTOCOL_IS_SHUTDOWN 204 4466#define SSL_R_PSK_IDENTITY_NOT_FOUND 205 4467#define SSL_R_PSK_NO_CLIENT_CB 206 4468#define SSL_R_PSK_NO_SERVER_CB 207 4469#define SSL_R_READ_BIO_NOT_SET 208 4470#define SSL_R_READ_TIMEOUT_EXPIRED 209 4471#define SSL_R_RECORD_LENGTH_MISMATCH 210 4472#define SSL_R_RECORD_TOO_LARGE 211 4473#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 212 4474#define SSL_R_RENEGOTIATION_ENCODING_ERR 213 4475#define SSL_R_RENEGOTIATION_MISMATCH 214 4476#define SSL_R_REQUIRED_CIPHER_MISSING 215 4477#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 216 4478#define SSL_R_SERVERHELLO_TLSEXT 217 4479#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 218 4480#define SSL_R_SESSION_MAY_NOT_BE_CREATED 219 4481#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 220 4482#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 221 4483#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 222 4484#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 223 4485#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 224 4486#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 225 4487#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 226 4488#define SSL_R_SSL_HANDSHAKE_FAILURE 227 4489#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 228 4490#define SSL_R_SSL_SESSION_ID_CONFLICT 229 4491#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 230 4492#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 231 4493#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 4494#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 233 4495#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 234 4496#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 235 4497#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 236 4498#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 237 4499#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 238 4500#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 4501#define SSL_R_UNEXPECTED_GROUP_CLOSE 240 4502#define SSL_R_UNEXPECTED_MESSAGE 241 4503#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 242 4504#define SSL_R_UNEXPECTED_RECORD 243 4505#define SSL_R_UNINITIALIZED 244 4506#define SSL_R_UNKNOWN_ALERT_TYPE 245 4507#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 246 4508#define SSL_R_UNKNOWN_CIPHER_RETURNED 247 4509#define SSL_R_UNKNOWN_CIPHER_TYPE 248 4510#define SSL_R_UNKNOWN_DIGEST 249 4511#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 4512#define SSL_R_UNKNOWN_PROTOCOL 251 4513#define SSL_R_UNKNOWN_SSL_VERSION 252 4514#define SSL_R_UNKNOWN_STATE 253 4515#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 254 4516#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 255 4517#define SSL_R_UNSUPPORTED_CIPHER 256 4518#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 4519#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 258 4520#define SSL_R_UNSUPPORTED_PROTOCOL 259 4521#define SSL_R_UNSUPPORTED_SSL_VERSION 260 4522#define SSL_R_USE_SRTP_NOT_NEGOTIATED 261 4523#define SSL_R_WRONG_CERTIFICATE_TYPE 262 4524#define SSL_R_WRONG_CIPHER_RETURNED 263 4525#define SSL_R_WRONG_CURVE 264 4526#define SSL_R_WRONG_MESSAGE_TYPE 265 4527#define SSL_R_WRONG_SIGNATURE_TYPE 266 4528#define SSL_R_WRONG_SSL_VERSION 267 4529#define SSL_R_WRONG_VERSION_NUMBER 268 4530#define SSL_R_X509_LIB 269 4531#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 270 4532#define SSL_R_FRAGMENT_MISMATCH 271 4533#define SSL_R_BUFFER_TOO_SMALL 272 4534#define SSL_R_OLD_SESSION_VERSION_NOT_RETURNED 273 4535#define SSL_R_OUTPUT_ALIASES_INPUT 274 4536#define SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION 275 4537#define SSL_R_EMS_STATE_INCONSISTENT 276 4538#define SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION 277 4539#define SSL_R_TOO_MANY_WARNING_ALERTS 278 4540#define SSL_R_UNEXPECTED_EXTENSION 279 4541#define SSL_R_SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER 280 4542#define SSL_R_ERROR_ADDING_EXTENSION 281 4543#define SSL_R_ERROR_PARSING_EXTENSION 282 4544#define SSL_R_MISSING_EXTENSION 283 4545#define SSL_R_CUSTOM_EXTENSION_CONTENTS_TOO_LARGE 284 4546#define SSL_R_CUSTOM_EXTENSION_ERROR 285 4547#define SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN 286 4548#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 4549#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 4550#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 4551#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 4552#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 4553#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 4554#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 4555#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 4556#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 4557#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 4558#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 4559#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 4560#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 4561#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 4562#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 4563#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 4564#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 4565#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 4566#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 4567#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 4568#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 4569#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 4570#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 4571#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 4572#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 4573#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 4574#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 4575#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 4576#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 4577#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 4578 4579#endif /* OPENSSL_HEADER_SSL_H */ 4580