Lines Matching defs:ssl
0 /* ssl/ssl.h */
5 * This package is an SSL implementation written
7 * The implementation was written so as to conform with Netscapes SSL.
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
160 /* wpa_supplicant expects to get the version functions from ssl.h */
173 /* SSL implementation. */
178 /* SSL_library_init initializes the crypto and SSL libraries and returns one. */
191 /* The following are internal fields. See ssl/internal.h for their values. */
200 /* algorithm2 contains extra flags. See ssl/internal.h. */
254 /* SSL contexts. */
274 /* SSL connections. */
276 /* SSL_new returns a newly-allocated |SSL| using |ctx| or NULL on error. An
277 * |SSL| object represents a single TLS or DTLS connection. It inherits settings
281 * On creation, an |SSL| is not configured to be either a client or server. Call
283 OPENSSL_EXPORT SSL *SSL_new(SSL_CTX *ctx);
285 /* SSL_free releases memory associated with |ssl|. */
286 OPENSSL_EXPORT void SSL_free(SSL *ssl);
288 /* SSL_set_connect_state configures |ssl| to be a client. */
289 OPENSSL_EXPORT void SSL_set_connect_state(SSL *ssl);
291 /* SSL_set_accept_state configures |ssl| to be a server. */
292 OPENSSL_EXPORT void SSL_set_accept_state(SSL *ssl);
315 /* SSL_set_min_version sets the minimum protocol version for |ssl| to
317 OPENSSL_EXPORT void SSL_set_min_version(SSL *ssl, uint16_t version);
319 /* SSL_set_max_version sets the maximum protocol version for |ssl| to
321 OPENSSL_EXPORT void SSL_set_max_version(SSL *ssl, uint16_t version);
399 * more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask
401 OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options);
404 * or more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a
406 OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options);
409 * options enabled for |ssl|. */
410 OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl);
441 /* SSL_MODE_CBC_RECORD_SPLITTING causes multi-byte CBC records in SSL 3.0 and
449 * session resumption is used for a given SSL*. */
480 * the modes enabled for |ssl|. */
484 * the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask
486 OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode);
489 * of the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask
491 OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode);
494 * modes enabled for |ssl|. */
495 OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl);
501 * for |ssl| to |out| and sets |*out_len| to the number of bytes written. It
515 * return zero if |ssl| performed session resumption unless EMS was used when
517 OPENSSL_EXPORT int SSL_get_tls_unique(const SSL *ssl, uint8_t *out,
601 /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
627 /* An SSL_SESSION represents an SSL session that may be resumed in an
630 int ssl_version; /* what ssl version session info is being kept in here? */
718 /* SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success
720 OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu);
724 OPENSSL_EXPORT int SSL_get_secure_renegotiation_support(const SSL *ssl);
742 const void *buf, size_t len, SSL *ssl, void *arg));
748 /* SSL_set_msg_callback installs |cb| as the message callback of |ssl|. See
751 SSL *ssl, void (*cb)(int write_p, int version, int content_type,
752 const void *buf, size_t len, SSL *ssl, void *arg));
755 OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
757 /* SSL_CTX_set_keylog_bio sets configures all SSL objects attached to |ctx| to
775 /* This callback type is used inside SSL_CTX, SSL, and in the functions that
776 * set them. It is used to override the generation of SSL/TLS session IDs in a
779 * otherwise the SSL handshake will fail with an error - callbacks can do this
780 * using the 'ssl' value they're passed by;
781 * SSL_has_matching_session_id(ssl, id, *id_len)
788 typedef int (*GEN_SESSION_CB)(const SSL *ssl, uint8_t *id,
792 * early on during the server handshake. At this point, much of the SSL* hasn't
795 SSL *ssl;
875 * minimum supported version, currently SSL 3.0 and DTLS 1.0, is used */
916 int (*new_session_cb)(SSL *ssl, SSL_SESSION *sess);
918 SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *data, int len,
936 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
939 void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
946 /* Default values used when no per-SSL value is defined follow */
948 void (*info_callback)(const SSL *ssl, int type,
949 int val); /* used if SSL's info_callback is NULL */
955 /* Default values to use in SSL structures follow (these are copied by
966 const void *buf, size_t len, SSL *ssl, void *arg);
973 int ok, X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
1002 int (*tlsext_servername_callback)(SSL *, int *, void *);
1009 int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv,
1016 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
1020 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1034 int (*next_protos_advertised_cb)(SSL *s, const uint8_t **buf,
1039 int (*next_proto_select_cb)(SSL *s, uint8_t **out, uint8_t *outlen,
1054 int (*alpn_select_cb)(SSL *s, const uint8_t **out, uint8_t *outlen,
1066 /* EC extension values inherited by SSL structure */
1094 void (*current_time_cb)(const SSL *ssl, struct timeval *out_clock);
1104 SSL_CTX *ctx, int (*new_session_cb)(SSL *ssl, SSL_SESSION *sess));
1105 OPENSSL_EXPORT int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl,
1114 SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *data, int len,
1117 SSL *ssl, uint8_t *data, int len, int *copy);
1124 void (*cb)(const SSL *ssl,
1126 OPENSSL_EXPORT void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,
1131 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
1132 OPENSSL_EXPORT int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl,
1136 SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
1137 OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl,
1140 /* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end
1143 OPENSSL_EXPORT int SSL_enable_signed_cert_timestamps(SSL *ssl);
1145 /* SSL_CTX_enable_signed_cert_timestamps enables SCT requests on all client SSL
1149 /* SSL_enable_ocsp_stapling causes |ssl| (which must be the client end of a
1152 OPENSSL_EXPORT int SSL_enable_ocsp_stapling(SSL *ssl);
1154 /* SSL_CTX_enable_ocsp_stapling enables OCSP stapling on all client SSL objects
1160 * |ssl
1166 OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl,
1175 OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
1180 int (*cb)(SSL *ssl, const uint8_t **out, unsigned int *outlen, void *arg),
1183 SSL_CTX *s, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *outlen,
1186 OPENSSL_EXPORT void SSL_get0_next_proto_negotiated(const SSL *s,
1208 /* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
1214 OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos,
1218 SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *outlen,
1221 OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl, const uint8_t **data,
1225 * on |ssl|. If it is, ClientHello messages are padded to 1024 bytes. This
1227 OPENSSL_EXPORT void SSL_enable_fastradio_padding(SSL *ssl, char on_off);
1233 OPENSSL_EXPORT void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject);
1242 SSL *ssl, const char *hint, char *identity,
1245 SSL *ssl, unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
1252 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1256 SSL *ssl,
1257 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1262 OPENSSL_EXPORT int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
1263 OPENSSL_EXPORT const char *SSL_get_psk_identity_hint(const SSL *s);
1264 OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *s);
1301 * minimum supported version, currently SSL 3.0 and DTLS 1.0, is used */
1319 int (*handshake_func)(SSL *);
1327 /* server is true iff the this SSL* is the server half. Note: before the SSL*
1356 const void *buf, size_t len, SSL *ssl, void *arg);
1393 void (*info_callback)(const SSL *ssl, int type,
1400 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
1404 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1497 /* The following are the possible values for ssl->state are are used to
1498 * indicate where we are up to in the SSL connection establishment. The macros
1534 OPENSSL_EXPORT int SSL_in_false_start(const SSL *s);
1536 /* The following 2 states are kept in ssl->rstate when reads fail,
1546 OPENSSL_EXPORT size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
1547 OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1676 OPENSSL_EXPORT int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out);
1683 * NOTE: The caller's external timer should be compatible with the one |ssl|
1688 OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
1690 /* SSL_session_reused returns one if |ssl| performed an abbreviated handshake
1695 OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl);
1698 * peformed by |ssl|. This includes the pending renegotiation, if any. */
1699 OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
1706 /* SSL_set_tmp_dh configures |ssl| to use the group from |dh| as the group for
1709 OPENSSL_EXPORT int SSL_set_tmp_dh(SSL *ssl, const DH *dh);
1718 /* SSL_set_tmp_ecdh configures |ssl| to use the curve from |ecdh| as the curve
1723 OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
1733 OPENSSL_EXPORT int SSL_enable_tls_channel_id(SSL *ssl);
1744 OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key);
1746 /* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL*
1751 OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out,
1859 OPENSSL_EXPORT int SSL_want(const SSL *s);
1865 OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1867 OPENSSL_EXPORT int SSL_get_fd(const SSL *s);
1868 OPENSSL_EXPORT int SSL_get_rfd(const SSL *s);
1869 OPENSSL_EXPORT int SSL_get_wfd(const SSL *s);
1870 OPENSSL_EXPORT const char *SSL_get_cipher_list(const SSL *s, int n);
1871 OPENSSL_EXPORT int SSL_pending(const SSL *s);
1872 OPENSSL_EXPORT int SSL_set_fd(SSL *s, int fd);
1873 OPENSSL_EXPORT int SSL_set_rfd(SSL *s, int fd);
1874 OPENSSL_EXPORT int SSL_set_wfd(SSL *s, int fd);
1875 OPENSSL_EXPORT void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
1876 OPENSSL_EXPORT BIO *SSL_get_rbio(const SSL *s);
1877 OPENSSL_EXPORT BIO *SSL_get_wbio(const SSL *s);
1878 OPENSSL_EXPORT int SSL_set_cipher_list(SSL *s, const char *str);
1879 OPENSSL_EXPORT int SSL_get_verify_mode(const SSL *s);
1880 OPENSSL_EXPORT int SSL_get_verify_depth(const SSL *s);
1881 SSL *s))(int,
1883 OPENSSL_EXPORT void SSL_set_verify(SSL *s, int mode,
1886 OPENSSL_EXPORT void SSL_set_verify_depth(SSL *s, int depth);
1887 OPENSSL_EXPORT void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg),
1889 OPENSSL_EXPORT int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1890 OPENSSL_EXPORT int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, uint8_t *d, long len);
1891 OPENSSL_EXPORT int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
1892 OPENSSL_EXPORT int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const uint8_t *d,
1894 OPENSSL_EXPORT int SSL_use_certificate(SSL *ssl, X509 *x);
1895 OPENSSL_EXPORT int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *d,
1898 OPENSSL_EXPORT int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file,
1900 OPENSSL_EXPORT int SSL_use_PrivateKey_file(SSL *ssl, const char *file,
1902 OPENSSL_EXPORT int SSL_use_certificate_file(SSL *ssl, const char *file,
1923 OPENSSL_EXPORT const char *SSL_state_string(const SSL *s);
1924 OPENSSL_EXPORT const char *SSL_rstate_string(const SSL *s);
1925 OPENSSL_EXPORT const char *SSL_state_string_long(const SSL *s);
1926 OPENSSL_EXPORT const char *SSL_rstate_string_long(const SSL *s);
1950 OPENSSL_EXPORT int SSL_set_session(SSL *to, SSL_SESSION *session);
1954 OPENSSL_EXPORT int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
1955 OPENSSL_EXPORT int SSL_has_matching_session_id(const SSL *ssl,
1994 OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *s);
1996 OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
2008 int (*cb)(SSL *ssl, void *arg),
2026 OPENSSL_EXPORT int SSL_check_private_key(const SSL *ctx);
2032 OPENSSL_EXPORT int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx,
2036 OPENSSL_EXPORT int SSL_set_purpose(SSL *s, int purpose);
2038 OPENSSL_EXPORT int SSL_set_trust(SSL *s, int trust);
2041 OPENSSL_EXPORT int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
2044 OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
2046 OPENSSL_EXPORT void SSL_certs_clear(SSL *s);
2047 OPENSSL_EXPORT int SSL_accept(SSL *ssl);
2048 OPENSSL_EXPORT int SSL_connect(SSL *ssl);
2049 OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num);
2050 OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num);
2051 OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num);
2052 OPENSSL_EXPORT long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
2055 OPENSSL_EXPORT int SSL_get_error(const SSL *s, int ret_code);
2058 OPENSSL_EXPORT const char *SSL_get_version(const SSL *s);
2063 OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
2065 OPENSSL_EXPORT int SSL_do_handshake(SSL *s);
2067 /* SSL_renegotiate_pending returns one if |ssl| is in the middle of a
2069 OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl);
2071 OPENSSL_EXPORT int SSL_shutdown(SSL *s);
2078 OPENSSL_EXPORT void SSL_set_client_CA_list(SSL *s,
2082 OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
2085 OPENSSL_EXPORT int SSL_add_client_CA(SSL *ssl, X509 *x);
2088 OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *s);
2092 OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl);
2093 OPENSSL_EXPORT EVP_PKEY *SSL_get_privatekey(const SSL *ssl);
2100 OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode);
2101 OPENSSL_EXPORT int SSL_get_quiet_shutdown(const SSL *ssl);
2102 OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode);
2103 OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl);
2104 OPENSSL_EXPORT int SSL_version(const SSL *ssl);
2110 OPENSSL_EXPORT SSL_SESSION *SSL_get_session(const SSL *ssl);
2112 SSL *ssl); /* obtain a reference count */
2113 OPENSSL_EXPORT SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
2114 OPENSSL_EXPORT SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
2115 OPENSSL_EXPORT void SSL_set_info_callback(SSL *ssl,
2116 void (*cb)(const SSL *ssl, int type,
2118 OPENSSL_EXPORT void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,
2120 OPENSSL_EXPORT int SSL_state(const SSL *ssl);
2122 OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long v);
2123 OPENSSL_EXPORT long SSL_get_verify_result(const SSL *ssl);
2125 OPENSSL_EXPORT int SSL_set_ex_data(SSL *ssl, int idx, void *data);
2126 OPENSSL_EXPORT void *SSL_get_ex_data(const SSL *ssl, int idx);
2140 OPENSSL_EXPORT int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
2141 OPENSSL_EXPORT void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
2189 * certificate chain accepted by |ssl|. */
2190 OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl);
2195 OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
2204 * sent by |ssl|. Beyond this length, handshake messages and application data
2206 OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
2217 SSL_CTX *ctx, DH *(*callback)(SSL *ssl, int is_export, int keylength));
2219 /* SSL_set_tmp_dh_callback configures |ssl| to use |callback| to determine the
2226 OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl,
2227 DH *(*dh)(SSL *ssl, int is_export,
2242 SSL_CTX *ctx, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength));
2244 /* SSL_set_tmp_ecdh_callback configures |ssl| to use |callback| to determine the
2256 SSL *ssl, EC_KEY *(*callback)(SSL *ssl, int is_export, int keylength));
2258 OPENSSL_EXPORT const void *SSL_get_current_compression(SSL *s);
2259 OPENSSL_EXPORT const void *SSL_get_current_expansion(SSL *s);
2261 OPENSSL_EXPORT int SSL_cache_hit(SSL *s);
2262 OPENSSL_EXPORT int SSL_is_server(SSL *s);
2270 /* SSL_get_structure_sizes returns the sizes of the SSL, SSL_CTX and
2280 * the read and write directions. It returns one on success or zero if |ssl|
2282 OPENSSL_EXPORT int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key,
2343 /* SSL_clear resets |ssl| to allow another connection and returns one on success
2347 * Free |ssl| and create a new one instead. */
2348 OPENSSL_EXPORT int SSL_clear(SSL *ssl);
2352 SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength));
2355 OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl,
2356 RSA *(*cb)(SSL *ssl, int is_export,
2393 OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s);
2396 OPENSSL_EXPORT int SSL_num_renegotiations(const SSL *ssl);
2402 OPENSSL_EXPORT int SSL_need_tmp_RSA(const SSL *ssl);
2408 OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa);
2417 OPENSSL_EXPORT int SSL_get_read_ahead(const SSL *s);
2420 OPENSSL_EXPORT void SSL_set_read_ahead(SSL *s, int yes);
2423 OPENSSL_EXPORT int SSL_renegotiate(SSL *ssl);
2426 OPENSSL_EXPORT void SSL_set_state(SSL *ssl, int state);
2437 OPENSSL_EXPORT int SSL_set_session_ticket_ext(SSL *s, void *ext_data,
2439 OPENSSL_EXPORT int SSL_set_session_secret_cb(SSL *s, void *cb, void *arg);
2440 OPENSSL_EXPORT int SSL_set_session_ticket_ext_cb(SSL *s, void *cb, void *arg);
2441 OPENSSL_EXPORT int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
2556 /* Library consumers assume these headers are included by ssl.h, but they depend
2557 * on ssl.h, so include them after all declarations.
2559 * TODO(davidben): The separation between ssl.h and these version-specific
2561 * declarations should move to ssl.h. Many of the constants can probably be
