Lines Matching refs:ssl
4 * This package is an SSL implementation written
6 * The implementation was written so as to conform with Netscapes SSL.
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
149 #include <openssl/ssl.h>
184 int ssl3_set_handshake_header(SSL *ssl, int htype, unsigned long len) {
185 uint8_t *p = (uint8_t *)ssl->init_buf->data;
188 ssl->init_num = (int)len + SSL3_HM_HEADER_LENGTH;
189 ssl->init_off = 0;
192 return ssl3_update_handshake_hash(ssl, (uint8_t *)ssl->init_buf->data,
193 ssl->init_num);
196 int ssl3_handshake_write(SSL *ssl) {
197 return ssl3_do_write(ssl, SSL3_RT_HANDSHAKE);
200 int ssl3_new(SSL *ssl) {
212 ssl->s3 = s3;
215 * initial state of |ssl->enc_method| and what the API reports as the version
219 ssl->version = TLS1_2_VERSION;
225 void ssl3_free(SSL *ssl) {
226 if (ssl == NULL || ssl->s3 == NULL) {
230 ssl3_cleanup_key_block(ssl);
231 ssl_read_buffer_clear(ssl);
232 ssl_write_buffer_clear(ssl);
233 SSL_ECDH_CTX_cleanup(&ssl->s3->tmp.ecdh_ctx);
234 OPENSSL_free(ssl->s3->tmp.peer_key);
236 sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free);
237 OPENSSL_free(ssl->s3->tmp.certificate_types);
238 OPENSSL_free(ssl->s3->tmp.peer_ellipticcurvelist);
239 OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint);
240 ssl3_free_handshake_buffer(ssl);
241 ssl3_free_handshake_hash(ssl);
242 OPENSSL_free(ssl->s3->alpn_selected);
244 OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3);
245 OPENSSL_free(ssl->s3);
246 ssl->s3 = NULL;
249 int SSL_session_reused(const SSL *ssl) {
250 return ssl->hit;
253 int SSL_total_renegotiations(const SSL *ssl) {
254 return ssl->s3->total_renegotiations;
257 int SSL_num_renegotiations(const SSL *ssl) {
258 return SSL_total_renegotiations(ssl);
265 int SSL_need_rsa(const SSL *ssl) {
273 int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa) {
281 OPENSSL_PUT_ERROR(SSL, ERR_R_DH_LIB);
287 int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
288 DH_free(ssl->cert->dh_tmp);
289 ssl->cert->dh_tmp = DHparams_dup(dh);
290 if (ssl->cert->dh_tmp == NULL) {
291 OPENSSL_PUT_ERROR(SSL, ERR_R_DH_LIB);
299 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
306 int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
308 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
312 return SSL_set1_curves(ssl, &nid, 1);
320 int SSL_enable_tls_channel_id(SSL *ssl) {
321 ssl->tlsext_channel_id_enabled = 1;
329 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
337 int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {
342 OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
346 EVP_PKEY_free(ssl->tlsext_channel_id_private);
347 ssl->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key);
348 ssl->tlsext_channel_id_enabled = 1;
353 size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {
354 if (!ssl->s3->tlsext_channel_id_valid) {
357 memcpy(out, ssl->s3->tlsext_channel_id, (max_out < 64) ? max_out : 64);
361 int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
362 OPENSSL_free(ssl->tlsext_hostname);
363 ssl->tlsext_hostname = NULL;
369 OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
372 ssl->tlsext_hostname = BUF_strdup(name);
373 if (ssl->tlsext_hostname == NULL) {
374 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
380 size_t SSL_get0_certificate_types(SSL *ssl, const uint8_t **out_types) {
381 if (ssl->server || !ssl->s3->tmp.cert_req) {
385 *out_types = ssl->s3->tmp.certificate_types;
386 return ssl->s3->tmp.num_certificate_types;
395 int SSL_set1_curves(SSL *ssl, const int *curves, size_t curves_len) {
396 return tls1_set_curves(&ssl->tlsext_ellipticcurvelist,
397 &ssl->tlsext_ellipticcurvelist_length, curves,
402 SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) {
417 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
432 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
443 SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
450 struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *ssl) {
451 if (ssl->cipher_list != NULL) {
452 return ssl->cipher_list;
455 if (ssl->version >= TLS1_1_VERSION && ssl->ctx != NULL &&
456 ssl->ctx->cipher_list_tls11 != NULL) {
457 return ssl->ctx->cipher_list_tls11;
460 if (ssl->version >= TLS1_VERSION && ssl->ctx != NULL &&
461 ssl->ctx->cipher_list_tls10 != NULL) {
462 return ssl->ctx->cipher_list_tls10;
465 if (ssl->ctx != NULL && ssl->ctx->cipher_list != NULL) {
466 return ssl->ctx->cipher_list;
473 SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
490 if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
500 ssl_get_compatible_server_ciphers(ssl, &mask_k, &mask_a);
509 ssl3_version_from_wire(ssl, ssl->version)) {
545 int ssl3_get_req_cert_type(SSL *ssl, uint8_t *p) {
553 siglen = tls12_get_psigalgs(ssl, &sig);
572 if (ssl->version >= TLS1_VERSION && have_ecdsa_sign) {
581 uint32_t ssl_get_algorithm_prf(SSL *ssl) {
582 uint32_t algorithm_prf = ssl->s3->tmp.new_cipher->algorithm_prf;
583 if (ssl->enc_method->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
