Lines Matching refs:ssl
4 * This package is an SSL implementation written
6 * The implementation was written so as to conform with Netscapes SSL.
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
149 #include <openssl/ssl.h>
264 * an SSL connection. */
350 * of a record for |ssl|.
354 size_t ssl_record_prefix_len(const SSL *ssl);
384 SSL *ssl, uint8_t *out_type, uint8_t *out, size_t *out_len,
391 SSL *ssl, uint8_t *out_type, uint8_t *out, size_t *out_len,
396 * when sealing a record with |ssl|. Note that this value may differ from
402 size_t ssl_seal_prefix_len(const SSL *ssl);
405 * |ssl|. This includes |ssl_seal_prefix_len|.
409 size_t ssl_max_seal_overhead(const SSL *ssl);
421 int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
431 int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
438 /* ssl_has_private_key returns one if |ssl| has a private key
440 int ssl_has_private_key(SSL *ssl);
443 * |SSL_PRIVATE_KEY_METHOD| for |ssl|, if configured. Otherwise, they implement
446 int ssl_private_key_type(SSL *ssl);
448 size_t ssl_private_key_max_signature_len(SSL *ssl);
451 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, const EVP_MD *md,
455 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out);
458 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
462 SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out);
480 int custom_ext_add_clienthello(SSL *ssl, CBB *extensions);
481 int custom_ext_parse_serverhello(SSL *ssl, int *out_alert, uint16_t value,
483 int custom_ext_parse_clienthello(SSL *ssl, int *out_alert, uint16_t value,
485 int custom_ext_add_serverhello(SSL *ssl, CBB *extensions);
496 int ssl3_init_handshake_buffer(SSL *ssl);
503 int ssl3_init_handshake_hash(SSL *ssl);
507 void ssl3_free_handshake_buffer(SSL *ssl);
510 void ssl3_free_handshake_hash(SSL *ssl);
514 int ssl3_update_handshake_hash(SSL *ssl, const uint8_t *in, size_t in_len);
576 uint8_t *ssl_read_buffer(SSL *ssl);
579 size_t ssl_read_buffer_len(const SSL *ssl);
588 int ssl_read_buffer_extend_to(SSL *ssl, size_t len);
594 void ssl_read_buffer_consume(SSL *ssl, size_t len);
598 void ssl_read_buffer_discard(SSL *ssl);
602 void ssl_read_buffer_clear(SSL *ssl);
606 int ssl_write_buffer_is_pending(const SSL *ssl);
612 int ssl_write_buffer_init(SSL *ssl, uint8_t **out_ptr, size_t max_len);
616 void ssl_write_buffer_set_len(SSL *ssl, size_t len);
621 int ssl_write_buffer_flush(SSL *ssl);
625 void ssl_write_buffer_clear(SSL *ssl);
736 /* Check if an SSL structure is using DTLS */
737 #define SSL_IS_DTLS(ssl) (ssl->method->is_dtls)
739 #define SSL_USE_EXPLICIT_IV(ssl) \
740 (ssl->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
743 #define SSL_USE_SIGALGS(ssl) (ssl->enc_method->enc_flags & SSL_ENC_FLAG_SIGALGS)
778 DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
798 int (*cert_cb)(SSL *ssl, void *arg);
817 int (*ssl_new)(SSL *ssl);
818 void (*ssl_free)(SSL *ssl);
819 int (*ssl_accept)(SSL *ssl);
820 int (*ssl_connect)(SSL *ssl);
821 long (*ssl_get_message)(SSL *ssl, int header_state, int body_state,
824 int (*ssl_read_app_data)(SSL *ssl, uint8_t *buf, int len, int peek);
825 int (*ssl_read_change_cipher_spec)(SSL *ssl);
826 void (*ssl_read_close_notify)(SSL *ssl);
827 int (*ssl_write_app_data)(SSL *ssl, const void *buf_, int len);
828 int (*ssl_dispatch_alert)(SSL *ssl);
835 int (*set_handshake_header)(SSL *ssl, int type, unsigned long len);
837 int (*do_write)(SSL *ssl);
843 int (*prf)(SSL *, uint8_t *, size_t, const uint8_t *, size_t, const char *,
845 int (*setup_key_block)(SSL *);
846 int (*generate_master_secret)(SSL *, uint8_t *, const uint8_t *, size_t);
847 int (*change_cipher_state)(SSL *, int);
848 int (*final_finish_mac)(SSL *, const char *, int, uint8_t *);
849 int (*cert_verify_mac)(SSL *, int, uint8_t *);
855 int (*export_keying_material)(SSL *, uint8_t *, size_t, const char *, size_t,
861 #define SSL_HM_HEADER_LENGTH(ssl) ssl->method->hhlen
862 #define ssl_handshake_start(ssl) \
863 (((uint8_t *)ssl->init_buf->data) + ssl->method->hhlen)
864 #define ssl_set_handshake_header(ssl, htype, len) \
865 ssl->method->set_handshake_header(ssl, htype, len)
866 #define ssl_do_write(ssl) ssl->method->do_write(ssl)
974 void ssl_clear_cipher_ctx(SSL *ssl);
975 int ssl_clear_bad_session(SSL *ssl);
980 int ssl_get_new_session(SSL *ssl, int is_server);
995 SSL *ssl, SSL_SESSION **out_session, int *out_send_ticket,
998 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *ssl, const CBS *cbs);
1001 struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *ssl);
1008 int (*cb)(SSL *ssl, void *arg), void *arg);
1010 int ssl_verify_cert_chain(SSL *ssl, STACK_OF(X509) *cert_chain);
1011 int ssl_add_cert_chain(SSL *ssl, unsigned long *l);
1012 void ssl_update_cache(SSL *ssl, int mode);
1016 * and current ClientHello parameters of |ssl|. It sets |*out_mask_k| to the key
1018 void ssl_get_compatible_server_ciphers(SSL *ssl, uint32_t *out_mask_k,
1021 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *ssl);
1028 int ssl3_send_server_certificate(SSL *ssl);
1029 int ssl3_send_new_session_ticket(SSL *ssl);
1030 int ssl3_send_certificate_status(SSL *ssl);
1031 int ssl3_get_finished(SSL *ssl, int state_a, int state_b);
1032 int ssl3_send_change_cipher_spec(SSL *ssl, int state_a, int state_b);
1033 int ssl3_prf(SSL *ssl, uint8_t *out, size_t out_len, const uint8_t *secret,
1037 void ssl3_cleanup_key_block(SSL *ssl);
1038 int ssl3_do_write(SSL *ssl, int type);
1039 int ssl3_send_alert(SSL *ssl, int level, int desc);
1040 int ssl3_get_req_cert_type(SSL *ssl, uint8_t *p);
1041 long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type,
1046 int ssl3_hash_current_message(SSL *ssl);
1054 int ssl3_cert_verify_hash(SSL *ssl, uint8_t *out, size_t *out_len,
1057 int ssl3_send_finished(SSL *ssl, int a, int b, const char *sender, int slen);
1059 int ssl3_dispatch_alert(SSL *ssl);
1060 int ssl3_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek);
1061 int ssl3_read_change_cipher_spec(SSL *ssl);
1062 void ssl3_read_close_notify(SSL *ssl);
1063 int ssl3_read_bytes(SSL *ssl, int type, uint8_t *buf, int len, int peek);
1064 int ssl3_write_app_data(SSL *ssl, const void *buf, int len);
1065 int ssl3_write_bytes(SSL *ssl, int type, const void *buf, int len);
1066 int ssl3_final_finish_mac(SSL *ssl, const char *sender, int slen, uint8_t *p);
1067 int ssl3_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p);
1068 int ssl3_output_cert_chain(SSL *ssl);
1070 SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
1073 int ssl3_new(SSL *ssl);
1074 void ssl3_free(SSL *ssl);
1075 int ssl3_accept(SSL *ssl);
1076 int ssl3_connect(SSL *ssl);
1082 int ssl3_do_change_cipher_spec(SSL *ssl);
1084 int ssl3_set_handshake_header(SSL *ssl, int htype, unsigned long len);
1085 int ssl3_handshake_write(SSL *ssl);
1087 int dtls1_do_handshake_write(SSL *ssl, enum dtls1_use_epoch_t use_epoch);
1088 int dtls1_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek);
1089 int dtls1_read_change_cipher_spec(SSL *ssl);
1090 void dtls1_read_close_notify(SSL *ssl);
1091 int dtls1_read_bytes(SSL *ssl, int type, uint8_t *buf, int len, int peek);
1092 void dtls1_set_message_header(SSL *ssl, uint8_t mt, unsigned long len,
1096 int dtls1_write_app_data(SSL *ssl, const void *buf, int len);
1097 int dtls1_write_bytes(SSL *ssl, int type, const void *buf, int len,
1100 int dtls1_send_change_cipher_spec(SSL *ssl, int a, int b);
1101 int dtls1_send_finished(SSL *ssl, int a, int b, const char *sender, int slen);
1102 int dtls1_read_failed(SSL *ssl, int code);
1103 int dtls1_buffer_message(SSL *ssl);
1104 int dtls1_retransmit_buffered_messages(SSL *ssl);
1105 void dtls1_clear_record_buffer(SSL *ssl);
1107 int dtls1_check_timeout_num(SSL *ssl);
1108 int dtls1_set_handshake_header(SSL *ssl, int type, unsigned long len);
1109 int dtls1_handshake_write(SSL *ssl);
1112 void dtls1_start_timer(SSL *ssl);
1113 void dtls1_stop_timer(SSL *ssl);
1114 int dtls1_is_timer_expired(SSL *ssl);
1115 void dtls1_double_timeout(SSL *ssl);
1120 int ssl3_send_client_hello(SSL *ssl);
1121 int ssl3_get_server_hello(SSL *ssl);
1122 int ssl3_get_certificate_request(SSL *ssl);
1123 int ssl3_get_new_session_ticket(SSL *ssl);
1124 int ssl3_get_cert_status(SSL *ssl);
1125 int ssl3_get_server_done(SSL *ssl);
1126 int ssl3_send_cert_verify(SSL *ssl);
1127 int ssl3_send_client_certificate(SSL *ssl);
1128 int ssl_do_client_cert_cb(SSL *ssl, X509 **px509, EVP_PKEY **ppkey);
1129 int ssl3_send_client_key_exchange(SSL *ssl);
1130 int ssl3_get_server_key_exchange(SSL *ssl);
1131 int ssl3_get_server_certificate(SSL *ssl);
1132 int ssl3_send_next_proto(SSL *ssl);
1133 int ssl3_send_channel_id(SSL *ssl);
1134 int ssl3_verify_server_cert(SSL *ssl);
1137 int ssl3_get_initial_bytes(SSL *ssl);
1138 int ssl3_get_v2_client_hello(SSL *ssl);
1139 int ssl3_get_client_hello(SSL *ssl);
1140 int ssl3_send_server_hello(SSL *ssl);
1141 int ssl3_send_server_key_exchange(SSL *ssl);
1142 int ssl3_send_certificate_request(SSL *ssl);
1143 int ssl3_send_server_done(SSL *ssl);
1144 int ssl3_get_client_certificate(SSL *ssl);
1145 int ssl3_get_client_key_exchange(SSL *ssl);
1146 int ssl3_get_cert_verify(SSL *ssl);
1147 int ssl3_get_next_proto(SSL *ssl);
1148 int ssl3_get_channel_id(SSL *ssl);
1150 int dtls1_new(SSL *ssl);
1151 int dtls1_accept(SSL *ssl);
1152 int dtls1_connect(SSL *ssl);
1153 void dtls1_free(SSL *ssl);
1155 long dtls1_get_message(SSL *ssl, int st1, int stn, int mt, long max,
1157 int dtls1_dispatch_alert(SSL *ssl);
1159 int ssl_init_wbio_buffer(SSL *ssl, int push);
1160 void ssl_free_wbio_buffer(SSL *ssl);
1162 /* tls1_prf computes the TLS PRF function for |ssl| as described in RFC 5246,
1167 int tls1_prf(SSL *ssl
1172 int tls1_change_cipher_state(SSL *ssl, int which);
1173 int tls1_setup_key_block(SSL *ssl);
1174 int tls1_handshake_digest(SSL *ssl, uint8_t *out, size_t out_len);
1175 int tls1_final_finish_mac(SSL *ssl, const char *str, int slen, uint8_t *p);
1176 int tls1_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p);
1177 int tls1_generate_master_secret(SSL *ssl, uint8_t *out, const uint8_t *premaster,
1179 int tls1_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
1191 int tls1_check_curve_id(SSL *ssl, uint16_t curve_id);
1196 int tls1_get_shared_curve(SSL *ssl, uint16_t *out_curve_id);
1208 int tls1_check_ec_cert(SSL *ssl, X509 *x);
1214 int ssl_add_clienthello_tlsext(SSL *ssl, CBB *out, size_t header_len);
1216 int ssl_add_serverhello_tlsext(SSL *ssl, CBB *out);
1217 int ssl_parse_clienthello_tlsext(SSL *ssl, CBS *cbs);
1218 int ssl_parse_serverhello_tlsext(SSL *ssl, CBS *cbs);
1227 int tls_process_ticket(SSL *ssl, SSL_SESSION **out_session,
1233 * |ssl|'s private key and |md|. The two-byte value is written to |out|. It
1235 int tls12_add_sigandhash(SSL *ssl, CBB *out, const EVP_MD *md);
1243 int tls1_channel_id_hash(SSL *ssl, uint8_t *out, size_t *out_len);
1245 int tls1_record_handshake_hashes_for_channel_id(SSL *ssl);
1248 * |ssl|. It returns one on success and zero on failure. The entry is identified
1250 int ssl_log_rsa_client_key_exchange(const SSL *ssl,
1256 /* ssl_log_master_secret logs |master|, if logging is enabled for |ssl|. It
1259 int ssl_log_master_secret(const SSL *ssl, const uint8_t *client_random,
1263 /* ssl3_can_false_start returns one if |ssl| is allowed to False Start and zero
1265 int ssl3_can_false_start(const SSL *ssl);
1271 /* ssl3_get_max_server_version returns the maximum SSL/TLS version number
1272 * supported by |ssl| as a server, or zero if all versions are disabled. */
1273 uint16_t ssl3_get_max_server_version(const SSL *ssl);
1275 /* ssl3_get_mutual_version selects the protocol version on |ssl| for a client
1278 uint16_t ssl3_get_mutual_version(SSL *ssl, uint16_t client_version);
1284 uint16_t ssl3_get_max_client_version(SSL *ssl);
1287 * version for |ssl| and zero otherwise. */
1288 int ssl3_is_version_enabled(SSL *ssl, uint16_t version);
1297 uint16_t ssl3_version_from_wire(SSL *ssl, uint16_t wire_version);
1299 uint32_t ssl_get_algorithm_prf(SSL *ssl);
1300 int tls1_parse_peer_sigalgs(SSL *ssl, const CBS *sigalgs);
1302 /* tls1_choose_signing_digest returns a digest for use with |ssl|'s private key
1304 const EVP_MD *tls1_choose_signing_digest(SSL *ssl);
1306 size_t tls12_get_psigalgs(SSL *ssl, const uint8_t **psigs);
1309 * with |pkey| and |ssl|'s sent, supported signature algorithms and, if so,
1312 int tls12_check_peer_sigalg(SSL *ssl, const EVP_MD **out_md, int *out_alert,
1314 void ssl_set_client_disabled(SSL *ssl);
