_passwd_cb_userdata(SSL_CTX *ctx, void *u); pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); pem_password_cb *SSL_get_default_passwd_cb(SSL *s); void *SSL_get_default_passwd_cb_userdata(SSL *s); __owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); __owur int SSL_check_private_key(const SSL *ctx); __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len); SSL *SSL_new(SSL_CTX *ctx); int SSL_up_ref(SSL *s); int SSL_is_dtls(const SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); __owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); __owur int SSL_set_purpose(SSL *ssl, int purpose); __owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); __owur int SSL_set_trust(SSL *ssl, int trust); __owur int SSL_set1_host(SSL *s, const char *hostname); __owur int SSL_add1_host(SSL *s, const char *hostname); __owur const char *SSL_get0_peername(SSL *s); void SSL_set_hostflags(SSL *s, unsigned int flags); __owur int SSL_CTX_dane_enable(SSL_CTX *ctx); __owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype, uint8_t ord); __owur int SSL_dane_enable(SSL *s, const char *basedomain); __owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, uint8_t mtype, const unsigned char *data, size_t dlen); __owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, uint8_t *mtype, const unsigned char **data, size_t *dlen); /* * Bridge opacity barrier between libcrypt and libssl, also needed to support * offline testing in test/danetest.c */ SSL_DANE *SSL_get0_dane(SSL *ssl); /* * DANE flags */ unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); __owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); __owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); __owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); __owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); # ifndef OPENSSL_NO_SRP # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb) (SSL *, void *)); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb) (SSL *, void *)); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb) (SSL *, int *, void *)); OSSL_DEPRECATEDIN_3_0 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); OSSL_DEPRECATEDIN_3_0 int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info); OSSL_DEPRECATEDIN_3_0 int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp); OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_g(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur BIGNUM *SSL_get_srp_N(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_username(SSL *s); OSSL_DEPRECATEDIN_3_0 __owur char *SSL_get_srp_userinfo(SSL *s); # endif # endif /* * ClientHello callback and helpers. */ # define SSL_CLIENT_HELLO_SUCCESS 1 # define SSL_CLIENT_HELLO_ERROR 0 # define SSL_CLIENT_HELLO_RETRY (-1) typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg); void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb, void *arg); int SSL_client_hello_isv2(SSL *s); unsigned int SSL_client_hello_get0_legacy_version(SSL *s); size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out); int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen); int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out, size_t *outlen); void SSL_certs_clear(SSL *s); void SSL_free(SSL *ssl); # ifdef OSSL_ASYNC_FD /* * Windows application developer has to include windows.h to use these. */ __owur int SSL_waiting_for_async(SSL *s); __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, OSSL_ASYNC_FD *delfd, size_t *numdelfds); __owur int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); __owur int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); __owur int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); __owur int SSL_set_async_callback_arg(SSL *s, void *arg); __owur int SSL_get_async_status(SSL *s, int *status); # endif __owur int SSL_accept(SSL *ssl); __owur int SSL_stateless(SSL *s); __owur int SSL_connect(SSL *ssl); __owur int SSL_read(SSL *ssl, void *buf, int num); __owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); # define SSL_READ_EARLY_DATA_ERROR 0 # define SSL_READ_EARLY_DATA_SUCCESS 1 # define SSL_READ_EARLY_DATA_FINISH 2 __owur int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); __owur int SSL_peek(SSL *ssl, void *buf, int num); __owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); __owur ossl_ssize_t SSL_sendfile(SSL *s, int fd, off_t offset, size_t size, int flags); __owur int SSL_write(SSL *ssl, const void *buf, int num); __owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); __owur int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); # define SSL_EARLY_DATA_NOT_SENT 0 # define SSL_EARLY_DATA_REJECTED 1 # define SSL_EARLY_DATA_ACCEPTED 2 __owur int SSL_get_early_data_status(const SSL *s); __owur int SSL_get_error(const SSL *s, int ret_code); __owur const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ # ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 __owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); # endif # ifndef OPENSSL_NO_SSL3_METHOD # ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *SSLv3_client_method(void); # endif # endif #define SSLv23_method TLS_method #define SSLv23_server_method TLS_server_method #define SSLv23_client_method TLS_client_method /* Negotiate highest available SSL/TLS version */ __owur const SSL_METHOD *TLS_method(void); __owur const SSL_METHOD *TLS_server_method(void); __owur const SSL_METHOD *TLS_client_method(void); # ifndef OPENSSL_NO_TLS1_METHOD # ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_client_method(void); # endif # endif # ifndef OPENSSL_NO_TLS1_1_METHOD # ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_1_client_method(void); # endif # endif # ifndef OPENSSL_NO_TLS1_2_METHOD # ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_client_method(void); # endif # endif # ifndef OPENSSL_NO_DTLS1_METHOD # ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_client_method(void); # endif # endif # ifndef OPENSSL_NO_DTLS1_2_METHOD /* DTLSv1.2 */ # ifndef OPENSSL_NO_DEPRECATED_1_1_0 OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_server_method(void); OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *DTLSv1_2_client_method(void); # endif # endif __owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ __owur size_t DTLS_get_data_mtu(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); __owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); __owur int SSL_do_handshake(SSL *s); int SSL_key_update(SSL *s, int updatetype); int SSL_get_key_update_type(const SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_abbreviated(SSL *s); __owur int SSL_renegotiate_pending(const SSL *s); int SSL_new_session_ticket(SSL *s); int SSL_shutdown(SSL *s); __owur int SSL_verify_client_post_handshake(SSL *s); void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); void SSL_set_post_handshake_auth(SSL *s, int val); __owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); __owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); __owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); __owur const char *SSL_alert_type_string_long(int value); __owur const char *SSL_alert_type_string(int value); __owur const char *SSL_alert_desc_string_long(int value); __owur const char *SSL_alert_desc_string(int value); void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); __owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); __owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); __owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); __owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); __owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); __owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); __owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); __owur int SSL_add_client_CA(SSL *ssl, X509 *x); __owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); __owur long SSL_get_default_timeout(const SSL *s); # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define SSL_library_init() OPENSSL_init_ssl(0, NULL) # endif __owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); __owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); __owur SSL *SSL_dup(SSL *ssl); __owur X509 *SSL_get_certificate(const SSL *ssl); /* * EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); __owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); __owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); __owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); void SSL_set_quiet_shutdown(SSL *ssl, int mode); __owur int SSL_get_quiet_shutdown(const SSL *ssl); void SSL_set_shutdown(SSL *ssl, int mode); __owur int SSL_get_shutdown(const SSL *ssl); __owur int SSL_version(const SSL *ssl); __owur int SSL_client_version(const SSL *s); __owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); __owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); __owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); __owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); # define SSL_get0_session SSL_get_session/* just peek at pointer */ __owur SSL_SESSION *SSL_get_session(const SSL *ssl); __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ __owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)); void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); __owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); void SSL_set_verify_result(SSL *ssl, long v); __owur long SSL_get_verify_result(const SSL *ssl); __owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); __owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); __owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); __owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess, unsigned char *out, size_t outlen); __owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, size_t len); uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess); #define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) __owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); void *SSL_get_ex_data(const SSL *ssl, int idx); #define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) __owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); #define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) __owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); # define SSL_CTX_sess_set_cache_size(ctx,t) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) # define SSL_CTX_sess_get_cache_size(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) # define SSL_CTX_set_session_cache_mode(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) # define SSL_CTX_get_session_cache_mode(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) # define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) # define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) # define SSL_CTX_get_read_ahead(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) # define SSL_CTX_set_read_ahead(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) # define SSL_CTX_get_max_cert_list(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) # define SSL_CTX_set_max_cert_list(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) # define SSL_get_max_cert_list(ssl) \ SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) # define SSL_set_max_cert_list(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) # define SSL_CTX_set_max_send_fragment(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) # define SSL_set_max_send_fragment(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) # define SSL_CTX_set_split_send_fragment(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) # define SSL_set_split_send_fragment(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) # define SSL_CTX_set_max_pipelines(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) # define SSL_set_max_pipelines(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) # define SSL_set_retry_verify(ssl) \ (SSL_ctrl(ssl,SSL_CTRL_SET_RETRY_VERIFY,0,NULL) > 0) void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); void SSL_set_default_read_buffer_len(SSL *s, size_t len); # ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_DEPRECATED_3_0 /* NB: the |keylength| is only applicable when is_export is true */ OSSL_DEPRECATEDIN_3_0 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh) (SSL *ssl, int is_export, int keylength)); OSSL_DEPRECATEDIN_3_0 void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, int keylength)); # endif # endif __owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); __owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); __owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); __owur int SSL_COMP_get_id(const SSL_COMP *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define SSL_COMP_free_compression_methods() while(0) continue # endif __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, int isv2format, STACK_OF(SSL_CIPHER) **sk, STACK_OF(SSL_CIPHER) **scsvs); /* TLS extensions functions */ __owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); __owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, void *arg); /* Pre-shared secret session resumption functions */ __owur int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn session_secret_cb, void *arg); void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb) (SSL *ssl, int is_forward_secure)); void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb) (SSL *ssl, int is_forward_secure)); void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb) (SSL *ssl, int type, size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); int SSL_set_record_padding_callback(SSL *ssl, size_t (*cb) (SSL *ssl, int type, size_t len, void *arg)); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_set_block_padding(SSL *ssl, size_t block_size); int SSL_set_num_tickets(SSL *s, size_t num_tickets); size_t SSL_get_num_tickets(const SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); # ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif __owur int SSL_session_reused(const SSL *s); __owur int SSL_is_server(const SSL *s); __owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); __owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); __owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); __owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); __owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); __owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); void SSL_add_ssl_module(void); int SSL_config(SSL *s, const char *name); int SSL_CTX_config(SSL_CTX *ctx, const char *name); # ifndef OPENSSL_NO_SSL_TRACE void SSL_trace(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); # endif # ifndef OPENSSL_NO_SOCK int DTLSv1_listen(SSL *s, BIO_ADDR *client); # endif # ifndef OPENSSL_NO_CT /* * A callback for verifying that the received SCTs are sufficient. * Expected to return 1 if they are sufficient, otherwise 0. * May return a negative integer if an error occurs. * A connection should be aborted if the SCTs are deemed insufficient. */ typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, const STACK_OF(SCT) *scts, void *arg); /* * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate * the received SCTs. * If the callback returns a non-positive result, the connection is terminated. * Call this function before beginning a handshake. * If a NULL |callback| is provided, SCT validation is disabled. * |arg| is arbitrary userdata that will be passed to the callback whenever it * is invoked. Ownership of |arg| remains with the caller. * * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response * will be requested. */ int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, void *arg); int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg); #define SSL_disable_ct(s) \ ((void) SSL_set_validation_callback((s), NULL, NULL)) #define SSL_CTX_disable_ct(ctx) \ ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) /* * The validation type enumerates the available behaviours of the built-in SSL * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). * The underlying callback is a static function in libssl. */ enum { SSL_CT_VALIDATION_PERMISSIVE = 0, SSL_CT_VALIDATION_STRICT }; /* * Enable CT by setting up a callback that implements one of the built-in * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always * continues the handshake, the application can make appropriate decisions at * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at * least one valid SCT, or else handshake termination will be requested. The * handshake may continue anyway if SSL_VERIFY_NONE is in effect. */ int SSL_enable_ct(SSL *s, int validation_mode); int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); /* * Report whether a non-NULL callback is enabled. */ int SSL_ct_is_enabled(const SSL *s); int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); /* Gets the SCTs received from a connection */ const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); /* * Loads the CT log list from the default location. * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, * the log information loaded from this file will be appended to the * CTLOG_STORE. * Returns 1 on success, 0 otherwise. */ int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); /* * Loads the CT log list from the specified file path. * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, * the log information loaded from this file will be appended to the * CTLOG_STORE. * Returns 1 on success, 0 otherwise. */ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); /* * Sets the CT log list used by all SSL connections created from this SSL_CTX. * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. */ void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); /* * Gets the CT log list used by all SSL connections created from this SSL_CTX. * This will be NULL unless one of the following functions has been called: * - SSL_CTX_set_default_ctlog_list_file * - SSL_CTX_set_ctlog_list_file * - SSL_CTX_set_ctlog_store */ const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); # endif /* OPENSSL_NO_CT */ /* What the "other" parameter contains in security callback */ /* Mask for type */ # define SSL_SECOP_OTHER_TYPE 0xffff0000 # define SSL_SECOP_OTHER_NONE 0 # define SSL_SECOP_OTHER_CIPHER (1 << 16) # define SSL_SECOP_OTHER_CURVE (2 << 16) # define SSL_SECOP_OTHER_DH (3 << 16) # define SSL_SECOP_OTHER_PKEY (4 << 16) # define SSL_SECOP_OTHER_SIGALG (5 << 16) # define SSL_SECOP_OTHER_CERT (6 << 16) /* Indicated operation refers to peer key or certificate */ # define SSL_SECOP_PEER 0x1000 /* Values for "op" parameter in security callback */ /* Called to filter ciphers */ /* Ciphers client supports */ # define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) /* Cipher shared by client/server */ # define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) /* Sanity check of cipher server selects */ # define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) /* Curves supported by client */ # define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) /* Curves shared by client/server */ # define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) /* Sanity check of curve server selects */ # define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) /* Temporary DH key */ # define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) /* SSL/TLS version */ # define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) /* Session tickets */ # define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) /* Supported signature algorithms sent to peer */ # define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) /* Shared signature algorithm */ # define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) /* Sanity check signature algorithm allowed */ # define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) /* Used to get mask of supported public key signature algorithms */ # define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) /* Use to see if compression is allowed */ # define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) /* EE key in certificate */ # define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) /* CA key in certificate */ # define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) /* CA digest algorithm in certificate */ # define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) /* Peer EE key in certificate */ # define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) /* Peer CA key in certificate */ # define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) /* Peer CA digest algorithm in certificate */ # define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) void SSL_set_security_level(SSL *s, int level); __owur int SSL_get_security_level(const SSL *s); void SSL_set_security_callback(SSL *s, int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)); int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex); void SSL_set0_security_ex_data(SSL *s, void *ex); __owur void *SSL_get0_security_ex_data(const SSL *s); void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); __owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); void SSL_CTX_set_security_callback(SSL_CTX *ctx, int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)); int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex); void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); __owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); /* OPENSSL_INIT flag 0x010000 reserved for internal use */ # define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L # define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L # define OPENSSL_INIT_SSL_DEFAULT \ (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); # ifndef OPENSSL_NO_UNIT_TEST __owur const struct openssl_ssl_test_functions *SSL_test_functions(void); # endif __owur int SSL_free_buffers(SSL *ssl); __owur int SSL_alloc_buffers(SSL *ssl); /* Status codes passed to the decrypt session ticket callback. Some of these * are for internal use only and are never passed to the callback. */ typedef int SSL_TICKET_STATUS; /* Support for ticket appdata */ /* fatal error, malloc failure */ # define SSL_TICKET_FATAL_ERR_MALLOC 0 /* fatal error, either from parsing or decrypting the ticket */ # define SSL_TICKET_FATAL_ERR_OTHER 1 /* No ticket present */ # define SSL_TICKET_NONE 2 /* Empty ticket present */ # define SSL_TICKET_EMPTY 3 /* the ticket couldn't be decrypted */ # define SSL_TICKET_NO_DECRYPT 4 /* a ticket was successfully decrypted */ # define SSL_TICKET_SUCCESS 5 /* same as above but the ticket needs to be renewed */ # define SSL_TICKET_SUCCESS_RENEW 6 /* Return codes for the decrypt session ticket callback */ typedef int SSL_TICKET_RETURN; /* An error occurred */ #define SSL_TICKET_RETURN_ABORT 0 /* Do not use the ticket, do not send a renewed ticket to the client */ #define SSL_TICKET_RETURN_IGNORE 1 /* Do not use the ticket, send a renewed ticket to the client */ #define SSL_TICKET_RETURN_IGNORE_RENEW 2 /* Use the ticket, do not send a renewed ticket to the client */ #define SSL_TICKET_RETURN_USE 3 /* Use the ticket, send a renewed ticket to the client */ #define SSL_TICKET_RETURN_USE_RENEW 4 typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, const unsigned char *keyname, size_t keyname_length, SSL_TICKET_STATUS status, void *arg); int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, SSL_CTX_generate_session_ticket_fn gen_cb, SSL_CTX_decrypt_session_ticket_fn dec_cb, void *arg); int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, SSL_allow_early_data_cb_fn cb, void *arg); void SSL_set_allow_early_data_cb(SSL *s, SSL_allow_early_data_cb_fn cb, void *arg); /* store the default cipher strings inside the library */ const char *OSSL_default_cipher_list(void); const char *OSSL_default_ciphersuites(void); # ifndef OPENSSL_NO_QUIC /* * QUIC integration - The QUIC interface matches BoringSSL * * ssl_encryption_level_t represents a specific QUIC encryption level used to * transmit handshake messages. BoringSSL has this as an 'enum'. */ #include /* Used by Chromium/QUIC - moved from evp.h to avoid breaking FIPS checksums */ # define X25519_PRIVATE_KEY_LEN 32 # define X25519_PUBLIC_VALUE_LEN 32 /* moved from types.h to avoid breaking FIPS checksums */ typedef struct ssl_quic_method_st SSL_QUIC_METHOD; typedef enum ssl_encryption_level_t { ssl_encryption_initial = 0, ssl_encryption_early_data, ssl_encryption_handshake, ssl_encryption_application } OSSL_ENCRYPTION_LEVEL; struct ssl_quic_method_st { int (*set_encryption_secrets)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, const uint8_t *read_secret, const uint8_t *write_secret, size_t secret_len); int (*add_handshake_data)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len); int (*flush_flight)(SSL *ssl); int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert); }; __owur int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); __owur int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); __owur int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, size_t params_len); void SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params, size_t *out_params_len); __owur size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level); __owur OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl); __owur OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl); __owur int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len); __owur int SSL_process_quic_post_handshake(SSL *ssl); __owur int SSL_is_quic(SSL *ssl); /* BoringSSL API */ void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy); /* * Set an explicit value that you want to use * If 0 (default) the server will use the highest extenstion the client sent * If 0 (default) the client will send both extensions */ void SSL_set_quic_transport_version(SSL *ssl, int version); __owur int SSL_get_quic_transport_version(const SSL *ssl); /* Returns the negotiated version, or -1 on error */ __owur int SSL_get_peer_quic_transport_version(const SSL *ssl); int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c); void SSL_set_quic_early_data_enabled(SSL *ssl, int enabled); # endif # ifdef __cplusplus } # endif #endif