Lines Matching refs:SSL
4 * This package is an SSL implementation written
6 * The implementation was written so as to conform with Netscapes SSL.
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
171 /* SSL implementation. */
174 /* SSL contexts.
205 /* SSL connections.
207 * An |SSL| object represents a single TLS or DTLS connection. Although the
208 * shared |SSL_CTX| is thread-safe, an |SSL| is not thread-safe and may only be
211 /* SSL_new returns a newly-allocated |SSL| using |ctx| or NULL on error. The new
215 * On creation, an |SSL| is not configured to be either a client or server. Call
217 OPENSSL_EXPORT SSL *SSL_new(SSL_CTX *ctx);
219 /* SSL_free releases memory associated with |ssl|. */
220 OPENSSL_EXPORT void SSL_free(SSL *ssl);
222 /* SSL_get_SSL_CTX returns the |SSL_CTX| associated with |ssl|. If
225 OPENSSL_EXPORT SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
227 /* SSL_set_connect_state configures |ssl| to be a client. */
228 OPENSSL_EXPORT void SSL_set_connect_state(SSL *ssl);
230 /* SSL_set_accept_state configures |ssl| to be a server. */
231 OPENSSL_EXPORT void SSL_set_accept_state(SSL *ssl);
233 /* SSL_is_server returns one if |ssl| is configured as a server and zero
235 OPENSSL_EXPORT int SSL_is_server(const SSL *ssl);
237 /* SSL_is_dtls returns one if |ssl| is a DTLS connection and zero otherwise. */
238 OPENSSL_EXPORT int SSL_is_dtls(const SSL *ssl);
240 /* SSL_set_bio configures |ssl| to read from |rbio| and write to |wbio|. |ssl|
241 * takes ownership of the two |BIO|s. If |rbio| and |wbio| are the same, |ssl|
250 * If |wbio| is the same as the currently configured |BIO| for writing AND |ssl|
256 * function if |ssl| already has |BIO|s configured is deprecated. Prefer
258 OPENSSL_EXPORT void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
260 /* SSL_set0_rbio configures |ssl| to write to |rbio|. It takes ownership of
265 OPENSSL_EXPORT void SSL_set0_rbio(SSL *ssl, BIO *rbio);
267 /* SSL_set0_wbio configures |ssl| to write to |wbio|. It takes ownership of
272 OPENSSL_EXPORT void SSL_set0_wbio(SSL *ssl, BIO *wbio);
274 /* SSL_get_rbio returns the |BIO| that |ssl| reads from. */
275 OPENSSL_EXPORT BIO *SSL_get_rbio(const SSL *ssl);
277 /* SSL_get_wbio returns the |BIO| that |ssl| writes to. */
278 OPENSSL_EXPORT BIO *SSL_get_wbio(const SSL *ssl);
281 OPENSSL_EXPORT int SSL_get_fd(const SSL *ssl);
283 /* SSL_get_rfd returns the file descriptor that |ssl| is configured to read
284 * from. If |ssl|'s read |BIO| is not configured or doesn't wrap a file
288 * to int), depending on whether |ssl| was configured with a file descriptor or
290 OPENSSL_EXPORT int SSL_get_rfd(const SSL *ssl);
292 /* SSL_get_wfd returns the file descriptor that |ssl| is configured to write
293 * to. If |ssl|'s write |BIO| is not configured or doesn't wrap a file
297 * to int), depending on whether |ssl| was configured with a file descriptor or
299 OPENSSL_EXPORT int SSL_get_wfd(const SSL *ssl);
301 /* SSL_set_fd configures |ssl| to read from and write to |fd|. It returns one
306 OPENSSL_EXPORT int SSL_set_fd(SSL *ssl, int fd);
308 /* SSL_set_rfd configures |ssl| to read from |fd|. It returns one on success and
312 OPENSSL_EXPORT int SSL_set_rfd(SSL *ssl, int fd);
314 /* SSL_set_wfd configures |ssl| to write to |fd|. It returns one on success and
318 OPENSSL_EXPORT int SSL_set_wfd(SSL *ssl, int fd);
333 OPENSSL_EXPORT int SSL_do_handshake(SSL *ssl);
335 /* SSL_connect configures |ssl| as a client, if unconfigured, and calls
337 OPENSSL_EXPORT int SSL_connect(SSL *ssl);
339 /* SSL_accept configures |ssl| as a server, if unconfigured, and calls
341 OPENSSL_EXPORT int SSL_accept(SSL *ssl);
343 /* SSL_read reads up to |num| bytes from |ssl| into |buf|. It implicitly runs
350 OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num);
353 OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num);
355 /* SSL_pending returns the number of bytes available in |ssl|. It does not read
357 OPENSSL_EXPORT int SSL_pending(const SSL *ssl);
359 /* SSL_write writes up to |num| bytes from |buf| into |ssl|. It implicitly runs
385 OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num);
387 /* SSL_shutdown shuts down |ssl|. On success, it completes in two stages. First,
388 * it returns 0 if |ssl| completed uni-directional shutdown; close_notify has
401 OPENSSL_EXPORT int SSL_shutdown(SSL *ssl);
412 /* SSL_set_quiet_shutdown sets quiet shutdown on |ssl| to |mode|. If enabled,
415 OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode);
418 * |ssl|. */
419 OPENSSL_EXPORT int SSL_get_quiet_shutdown(const SSL *ssl);
422 * |ssl|. It should be called after an operation failed to determine whether the
424 OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code);
520 /* SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success
522 OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu);
531 OPENSSL_EXPORT void DTLSv1_set_initial_timeout_duration(SSL *ssl,
543 OPENSSL_EXPORT int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out);
550 * The caller's external timer should be compatible with the one |ssl| queries
562 OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
595 /* SSL_set_min_proto_version sets the minimum protocol version for |ssl| to
598 OPENSSL_EXPORT int SSL_set_min_proto_version(SSL *ssl, uint16_t version);
600 /* SSL_set_max_proto_version sets the maximum protocol version for |ssl| to
603 OPENSSL_EXPORT int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
605 /* SSL_version returns the TLS or DTLS protocol version used by |ssl|, which is
608 OPENSSL_EXPORT int SSL_version(const SSL *ssl);
653 * more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask
655 OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options);
658 * or more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a
660 OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options);
663 * options enabled for |ssl|. */
664 OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl);
701 /* SSL_MODE_CBC_RECORD_SPLITTING causes multi-byte CBC records in SSL 3.0 and
709 * session resumption is used for a given SSL*. */
731 * the modes enabled for |ssl|. */
735 * the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask
737 OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode);
740 * of the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask
742 OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode);
745 * modes enabled for |ssl|. */
746 OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl);
753 * that |pool| outlives |ctx| and all objects linked to it, including |SSL|,
773 /* SSL_use_certificate sets |ssl|'s leaf certificate to |x509|. It returns one
775 OPENSSL_EXPORT int SSL_use_certificate(SSL *ssl, X509 *x509);
781 /* SSL_use_PrivateKey sets |ssl|'s private key to |pkey|. It returns one on
783 OPENSSL_EXPORT int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
795 /* SSL_set0_chain sets |ssl|'s certificate chain, excluding the leaf, to
798 OPENSSL_EXPORT int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain);
800 /* SSL_set1_chain sets |ssl|'s certificate chain, excluding the leaf, to
803 OPENSSL_EXPORT int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain);
817 OPENSSL_EXPORT int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
825 OPENSSL_EXPORT int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
834 /* SSL_clear_chain_certs clears |ssl|'s certificate chain and returns one. */
835 OPENSSL_EXPORT int SSL_clear_chain_certs(SSL *ssl);
849 int (*cb)(SSL *ssl, void *arg),
860 OPENSSL_EXPORT void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg),
870 OPENSSL_EXPORT size_t SSL_get0_certificate_types(SSL *ssl,
874 * chain of |ssl|. */
875 OPENSSL_EXPORT void SSL_certs_clear(SSL *ssl);
882 * configured in |ssl| are consistent and zero otherwise. */
883 OPENSSL_EXPORT int SSL_check_private_key(const SSL *ssl);
888 /* SSL_get_certificate returns |ssl|'s leaf certificate. */
889 OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl);
894 /* SSL_get_privatekey returns |ssl|'s private key. */
895 OPENSSL_EXPORT EVP_PKEY *SSL_get_privatekey(const SSL *ssl);
906 /* SSL_get0_chain_certs sets |*out_chain| to |ssl|'s certificate chain and
908 OPENSSL_EXPORT int SSL_get0_chain_certs(const SSL *ssl,
927 OPENSSL_EXPORT int SSL_set_signed_cert_timestamp_list(SSL *ctx,
941 OPENSSL_EXPORT int SSL_set_ocsp_response(SSL *ssl,
972 /* SSL_set_signing_algorithm_prefs configures |ssl| to use |prefs| as the
973 * preference list when signing with |ssl|'s private key. It returns one on
976 OPENSSL_EXPORT int SSL_set_signing_algorithm_prefs(SSL *ssl,
996 SSL *ssl, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey,
1005 OPENSSL_EXPORT int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1013 OPENSSL_EXPORT int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der,
1019 OPENSSL_EXPORT int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
1025 OPENSSL_EXPORT int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const uint8_t *der,
1039 OPENSSL_EXPORT int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file,
1044 OPENSSL_EXPORT int SSL_use_certificate_file(SSL *ssl, const char *file,
1049 OPENSSL_EXPORT int SSL_use_PrivateKey_file(SSL *ssl, const char *file,
1087 int (*type)(SSL *ssl);
1090 size_t (*max_signature_len)(SSL *ssl);
1097 * arrange for the high-level operation on |ssl| to be retried when the
1107 * progress on |ssl|. */
1108 enum ssl_private_key_result_t (*sign)(SSL *ssl, uint8_t *out, size_t *out_len,
1118 * should arrange for the high-level operation on |ssl| to be retried when the
1126 * in progress on |ssl|.
1131 enum ssl_private_key_result_t (*sign_digest)(SSL *ssl, uint8_t *out,
1142 * arrange for the high-level operation on |ssl| to be retried when the
1148 * progress on |ssl|. */
1149 enum ssl_private_key_result_t (*decrypt)(SSL *ssl, uint8_t *out,
1160 * on |ssl|. */
1161 enum ssl_private_key_result_t (*complete)(SSL *ssl, uint8_t *out,
1165 /* SSL_set_private_key_method configures a custom private key on |ssl|.
1166 * |key_method| must remain valid for the lifetime of |ssl|. */
1168 SSL *ssl, const SSL_PRIVATE_KEY_METHOD *key_method);
1388 /* SSL_set_strict_cipher_list configures the cipher list for |ssl|, evaluating
1391 OPENSSL_EXPORT int SSL_set_strict_cipher_list(SSL *ssl, const char *str);
1393 /* SSL_set_cipher_list configures the cipher list for |ssl|, evaluating |str| as
1398 OPENSSL_EXPORT int SSL_set_cipher_list(SSL *ssl, const char *str);
1404 /* SSL_get_ciphers returns the cipher list for |ssl|, in order of preference. */
1405 OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
1410 /* SSL_is_init_finished returns one if |ssl| has completed its initial handshake
1412 OPENSSL_EXPORT int SSL_is_init_finished(const SSL *ssl);
1414 /* SSL_in_init returns one if |ssl| has a pending handshake and zero
1416 OPENSSL_EXPORT int SSL_in_init(const SSL *ssl);
1418 /* SSL_in_false_start returns one if |ssl| has a pending handshake that is in
1424 OPENSSL_EXPORT int SSL_in_false_start(const SSL *ssl);
1429 OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl);
1437 * |ssl| is a server, the returned chain does not include the leaf certificate.
1439 OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
1450 * |ssl| is a server. */
1451 OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_full_cert_chain(const SSL *ssl);
1460 SSL_get0_peer_certificates(const SSL *ssl);
1464 * |ssl| is a client. The SCT information is a SignedCertificateTimestampList
1470 OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl,
1479 OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out,
1483 * for |ssl| to |out| and sets |*out_len| to the number of bytes written. It
1497 * return zero if |ssl| performed session resumption unless EMS was used when
1499 OPENSSL_EXPORT int SSL_get_tls_unique(const SSL *ssl, uint8_t *out,
1504 OPENSSL_EXPORT int SSL_get_extms_support(const SSL *ssl);
1508 OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
1510 /* SSL_session_reused returns one if |ssl| performed an abbreviated handshake
1515 OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl);
1519 OPENSSL_EXPORT int SSL_get_secure_renegotiation_support(const SSL *ssl);
1528 SSL *ssl, uint8_t *out, size_t out_len, const char *label, size_t label_len,
1554 typedef int (*SSL_custom_ext_add_cb)(SSL *ssl, unsigned extension_value,
1563 typedef void (*SSL_custom_ext_free_cb)(SSL *ssl, unsigned extension_value,
1576 typedef int (*SSL_custom_ext_parse_cb)(SSL *ssl, unsigned extension_value,
1620 * An |SSL_SESSION| represents an SSL session that may be resumed in an
1622 * established, an |SSL_SESSION| may be shared by multiple |SSL| objects on
1782 /* SSL_set_session, for a client, configures |ssl| to offer to resume |session|
1787 OPENSSL_EXPORT int SSL_set_session(SSL *ssl, SSL_SESSION *session);
1828 /* SSL_set_session_id_context sets |ssl|'s session ID context to |sid_ctx|. It
1831 OPENSSL_EXPORT int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx,
1834 /* SSL_get0_session_id_context returns a pointer to |ssl|'s session ID context
1836 OPENSSL_EXPORT const uint8_t *SSL_get0_session_id_context(const SSL *ssl,
1891 SSL_CTX *ctx, int (*new_session_cb)(SSL *ssl, SSL_SESSION *session));
1896 SSL *ssl, SSL_SESSION *session);
1918 * For historical reasons, if |*out_copy| is set to one (default), the SSL
1922 * removed and invalidated before the SSL library calls |SSL_SESSION_up_ref|,
1936 SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *id, int id_len,
1942 SSL *ssl, uint8_t *id, int id_len, int *out_copy);
2025 SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
2052 size_t (*max_overhead)(SSL *ssl);
2058 int (*seal)(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len,
2066 * arrange for the high-level operation on |ssl| to be retried when the
2068 enum ssl_ticket_aead_result_t (*open)(SSL *ssl, uint8_t *out, size_t *out_len,
2098 /* SSL_set1_curves sets the preferred curves for |ssl| to be |curves|. Each
2104 OPENSSL_EXPORT int SSL_set1_curves(SSL *ssl, const int *curves,
2113 /* SSL_set1_curves_list sets the preferred curves for |ssl| to be the
2117 OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves);
2126 /* SSL_get_curve_id returns the ID of the curve used by |ssl|'s most recently
2131 OPENSSL_EXPORT uint16_t SSL_get_curve_id(const SSL *ssl);
2140 * SSL may authenticate either endpoint with an X.509 certificate. Typically
2157 * be added to use the SSL stack without dependency on any part of the legacy
2189 * |X509_STORE_CTX_get_ex_data| to look up the |SSL| from |store_ctx|. */
2199 * |X509_STORE_CTX_get_ex_data| to look up the |SSL| from |store_ctx|. */
2200 OPENSSL_EXPORT void SSL_set_verify(SSL *ssl, int mode,
2208 /* SSL_get_verify_mode returns |ssl|'s verify mode, set by |SSL_CTX_set_verify|
2210 OPENSSL_EXPORT int SSL_get_verify_mode(const SSL *ssl);
2219 OPENSSL_EXPORT int (*SSL_get_verify_callback(const SSL *ssl))(
2230 OPENSSL_EXPORT void SSL_set_verify_depth(SSL *ssl, int depth);
2238 OPENSSL_EXPORT int SSL_get_verify_depth(const SSL *ssl);
2247 OPENSSL_EXPORT int SSL_set1_param(SSL *ssl,
2255 /* SSL_get0_param returns |ssl|'s |X509_VERIFY_PARAM| for certificate
2258 OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
2264 /* SSL_set_purpose sets |ssl|'s |X509_VERIFY_PARAM|'s 'purpose' parameter to
2266 OPENSSL_EXPORT int SSL_set_purpose(SSL *ssl, int purpose);
2272 /* SSL_set_trust sets |ssl|'s |X509_VERIFY_PARAM|'s 'trust' parameter to
2274 OPENSSL_EXPORT int SSL_set_trust(SSL *ssl, int trust);
2297 * https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_load_verify_locations.html
2305 OPENSSL_EXPORT long SSL_get_verify_result(const SSL *ssl);
2308 * the |SSL| associated with an |X509_STORE_CTX| in the verify callback. */
2318 * |SSL| object from |store_ctx|. */
2330 /* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end
2336 OPENSSL_EXPORT void SSL_enable_signed_cert_timestamps(SSL *ssl);
2338 /* SSL_CTX_enable_signed_cert_timestamps enables SCT requests on all client SSL
2345 /* SSL_enable_ocsp_stapling causes |ssl| (which must be the client end of a
2350 OPENSSL_EXPORT void SSL_enable_ocsp_stapling(SSL *ssl);
2352 /* SSL_CTX_enable_ocsp_stapling enables OCSP stapling on all client SSL objects
2373 * |store| is transferred to the |SSL|. */
2374 OPENSSL_EXPORT int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store);
2379 OPENSSL_EXPORT int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store);
2400 /* SSL_set_client_CA_list sets |ssl|'s client certificate CA list to
2402 OPENSSL_EXPORT void SSL_set_client_CA_list(SSL *ssl,
2410 /* SSL_get_client_CA_list returns |ssl|'s client certificate CA list. If |ssl|
2418 OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl);
2425 * The returned stack is owned by |ssl|, as are its contents. It should not be
2428 const SSL *ssl);
2437 OPENSSL_EXPORT int SSL_add_client_CA(SSL *ssl, X509 *x509);
2469 /* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name|
2471 OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name);
2476 OPENSSL_EXPORT const char *SSL_get_servername(const SSL *ssl, const int type);
2480 OPENSSL_EXPORT int SSL_get_servername_type(const SSL *ssl);
2494 SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg));
2506 /* SSL_set_SSL_CTX changes |ssl|'s |SSL_CTX|. |ssl| will use the
2519 OPENSSL_EXPORT SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
2538 /* SSL_set_alpn_protos sets the client ALPN protocol list on |ssl| to |protos|.
2545 OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos,
2563 SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len,
2567 /* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
2571 OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl,
2592 * will not be modified, but one should assume that |ssl| keeps a reference to
2599 int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg),
2614 SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
2625 OPENSSL_EXPORT void SSL_get0_next_proto_negotiated(const SSL *ssl,
2663 /* SSL_set_tls_channel_id_enabled configures whether |ssl| should enable Channel
2665 OPENSSL_EXPORT void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled);
2676 OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key);
2678 /* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server |SSL*|
2683 OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out,
2693 SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey));
2698 SSL *ssl, EVP_PKEY **out_pkey);
2724 /* SSL_CTX_set_srtp_profiles enables SRTP for all SSL objects created from
2730 /* SSL_set_srtp_profiles enables SRTP for |ssl|. |profile| contains a
2733 OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL *ssl, const char *profiles);
2735 /* SSL_get_srtp_profiles returns the SRTP profiles supported by |ssl|. */
2737 SSL *ssl);
2742 SSL *ssl);
2776 SSL *ssl, const char *hint, char *identity,
2783 SSL *ssl, unsigned (*psk_client_callback)(SSL *ssl, const char *hint,
2798 unsigned (*psk_server_callback)(SSL *ssl, const char *identity,
2806 SSL *ssl,
2807 unsigned (*psk_server_callback)(SSL *ssl, const char *identity,
2820 OPENSSL_EXPORT int SSL_use_psk_identity_hint(SSL *ssl,
2823 /* SSL_get_psk_identity_hint returns the PSK identity hint advertised for |ssl|
2825 OPENSSL_EXPORT const char *SSL_get_psk_identity_hint(const SSL *ssl);
2828 * that was negotiated by |ssl| or NULL if PSK was not used. */
2829 OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *ssl);
2887 * with resumptions using |ssl|. See |SSL_CTX_set_early_data_enabled| for more
2889 OPENSSL_EXPORT void SSL_set_early_data_enabled(SSL *ssl, int enabled);
2891 /* SSL_in_early_data returns one if |ssl| has a pending handshake that has
2896 OPENSSL_EXPORT int SSL_in_early_data(const SSL *ssl);
2899 * handshake performed by |ssl|. */
2900 OPENSSL_EXPORT int SSL_early_data_accepted(const SSL *ssl);
2902 /* SSL_reset_early_data_reject resets |ssl| after an early data reject. All
2904 * should treat |ssl| as a logically fresh connection, usually by driving the
2907 * It is an error to call this function on an |SSL| object that is not signaling
2909 OPENSSL_EXPORT void SSL_reset_early_data_reject(SSL *ssl);
2914 * TLS and SSL 3.0 use alerts to signal error conditions. Alerts have a type
2929 /* SSL_AD_* are alert descriptions for SSL 3.0 and TLS. */
2973 /* SSL_send_fatal_alert sends a fatal alert over |ssl| of the specified type,
2981 OPENSSL_EXPORT int SSL_send_fatal_alert(SSL *ssl, uint8_t alert);
2988 OPENSSL_EXPORT int SSL_set_ex_data(SSL *ssl, int idx, void *data);
2989 OPENSSL_EXPORT void *SSL_get_ex_data(const SSL *ssl, int idx);
3015 * underlying |ssl| and sets |*out_read_iv| and |*out_write_iv| to point to the
3020 OPENSSL_EXPORT int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
3024 /* SSL_get_key_block_len returns the length of |ssl|'s key block. */
3025 OPENSSL_EXPORT size_t SSL_get_key_block_len(const SSL *ssl);
3027 /* SSL_generate_key_block generates |out_len| bytes of key material for |ssl|'s
3029 OPENSSL_EXPORT int SSL_generate_key_block(const SSL *ssl, uint8_t *out,
3036 OPENSSL_EXPORT uint64_t SSL_get_read_sequence(const SSL *ssl);
3041 OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl);
3046 /* SSL_get_structure_sizes returns the sizes of the SSL, SSL_CTX and
3072 const void *buf, size_t len, SSL *ssl, void *arg));
3078 /* SSL_set_msg_callback installs |cb| as the message callback of |ssl|. See
3081 SSL *ssl, void (*cb)(int write_p, int version, int content_type,
3082 const void *buf, size_t len, SSL *ssl, void *arg));
3085 OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
3095 SSL_CTX *ctx, void (*cb)(const SSL *ssl, const char *line));
3100 const SSL *ssl, const char *line);
3107 SSL_CTX *ctx, void (*cb)(const SSL *ssl, struct timeval *out_clock));
3116 /* SSL_set_renegotiate_mode configures how |ssl|, a client, reacts to
3117 * renegotiation attempts by a server. If |ssl| is a server, peer-initiated
3129 OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl,
3132 /* SSL_renegotiate_pending returns one if |ssl| is in the middle of a
3134 OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl);
3137 * performed by |ssl|. This includes the pending renegotiation, if any. */
3138 OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
3155 OPENSSL_EXPORT void SSL_set_tls13_variant(SSL *ssl,
3173 * certificate chain accepted by |ssl|. */
3174 OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl);
3179 OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
3189 * by |ssl|. Beyond this length, handshake messages and application data will
3192 OPENSSL_EXPORT int SSL_set_max_send_fragment(SSL *ssl,
3197 * point, much of the SSL* hasn't been filled out and only the ClientHello can
3200 SSL *ssl;
3246 * high-level operation on |ssl| to be retried at a later time, which will
3319 SSL_CTX *ctx, void (*cb)(const SSL *ssl, int type, int value));
3323 OPENSSL_EXPORT void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,
3330 SSL *ssl, void (*cb)(const SSL *ssl, int type, int value));
3333 OPENSSL_EXPORT void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,
3339 OPENSSL_EXPORT const char *SSL_state_string_long(const SSL *ssl);
3347 OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl);
3351 OPENSSL_EXPORT uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl);
3356 OPENSSL_EXPORT size_t SSL_get_client_random(const SSL *ssl, uint8_t *out,
3362 OPENSSL_EXPORT size_t SSL_get_server_random(const SSL *ssl, uint8_t *out,
3367 OPENSSL_EXPORT const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
3374 OPENSSL_EXPORT void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl,
3390 * record with |ssl|. */
3391 OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl);
3396 OPENSSL_EXPORT int32_t SSL_get_ticket_age_skew(const SSL *ssl);
3476 /* SSL_clear resets |ssl| to allow another connection and returns one on success
3480 * Free |ssl| and create a new one instead. */
3481 OPENSSL_EXPORT int SSL_clear(SSL *ssl);
3485 SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength));
3488 OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl,
3489 RSA *(*cb)(SSL *ssl, int is_export,
3526 OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *s);
3529 OPENSSL_EXPORT int SSL_num_renegotiations(const SSL *ssl);
3535 OPENSSL_EXPORT int SSL_need_tmp_RSA(const SSL *ssl);
3541 OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa);
3550 OPENSSL_EXPORT int SSL_get_read_ahead(const SSL *s);
3553 OPENSSL_EXPORT void SSL_set_read_ahead(SSL *s, int yes);
3556 OPENSSL_EXPORT int SSL_renegotiate(SSL *ssl);
3559 OPENSSL_EXPORT void SSL_set_state(SSL *ssl, int state);
3563 OPENSSL_EXPORT char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len);
3615 OPENSSL_EXPORT int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
3618 OPENSSL_EXPORT const COMP_METHOD *SSL_get_current_compression(SSL *s);
3621 OPENSSL_EXPORT const COMP_METHOD *SSL_get_current_expansion(SSL *s);
3624 OPENSSL_EXPORT int *SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **out_key);
3630 OPENSSL_EXPORT int SSL_set_tmp_dh(SSL *ssl, const DH *dh);
3634 SSL_CTX *ctx, DH *(*callback)(SSL *ssl, int is_export, int keylength));
3637 OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl,
3638 DH *(*dh)(SSL *ssl, int is_export,
3654 #define SSL_get_cipher(ssl) SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))
3655 #define SSL_get_cipher_bits(ssl, out_alg_bits) \
3656 SSL_CIPHER_get_bits(SSL_get_current_cipher(ssl), out_alg_bits)
3657 #define SSL_get_cipher_version(ssl) \
3658 SSL_CIPHER_get_version(SSL_get_current_cipher(ssl))
3659 #define SSL_get_cipher_name(ssl) \
3660 SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))
3710 OPENSSL_EXPORT int SSL_cache_hit(SSL *ssl);
3713 OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *ssl);
3715 /* SSL_get_version returns a string describing the TLS version used by |ssl|.
3717 OPENSSL_EXPORT const char *SSL_get_version(const SSL *ssl);
3721 OPENSSL_EXPORT const char *SSL_get_cipher_list(const SSL *ssl, int n);
3739 int (*client_cert_cb)(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey));
3753 * operation on |ssl| was blocked on. Use |SSL_get_error| instead. */
3754 OPENSSL_EXPORT int SSL_want(const SSL *ssl);
3756 #define SSL_want_read(ssl) (SSL_want(ssl) == SSL_READING)
3757 #define SSL_want_write(ssl) (SSL_want(ssl) == SSL_WRITING)
3760 * |ssl| to |buf|. It returns the total untruncated length or zero if none has
3761 * been sent yet. At SSL 3.0 or TLS 1.3 and later, it returns zero.
3764 OPENSSL_EXPORT size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count);
3767 * received from |ssl|'s peer to |buf|. It returns the total untruncated length
3768 * or zero if none has been received yet. At SSL 3.0 or TLS 1.3 and later, it
3772 OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *ssl, void *buf,
3831 OPENSSL_EXPORT int SSL_state(const SSL *ssl);
3833 #define SSL_get_state(ssl) SSL_state(ssl)
3838 OPENSSL_EXPORT const char *SSL_state_string(const SSL *ssl);
3840 /* SSL_set_shutdown causes |ssl| to behave as if the shutdown bitmask (see
3850 OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode);
3858 OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
3868 * into |ssl|. These digests will be used, in decreasing order of preference,
3869 * when signing with |ssl|'s private key. It returns one on success and zero on
3875 OPENSSL_EXPORT int SSL_set_private_key_digest_prefs(SSL *ssl,
3883 OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long result);
3889 OPENSSL_EXPORT int SSL_enable_tls_channel_id(SSL *ssl);
3891 /* BIO_f_ssl returns a |BIO_METHOD| that can wrap an |SSL*| in a |BIO*|. Note
3898 /* BIO_set_ssl sets |ssl| as the underlying connection for |bio|, which must
3900 * call |SSL_free| on |ssl| when closed. It returns one on success or something
3902 OPENSSL_EXPORT long BIO_set_ssl(BIO *bio, SSL *ssl, int take_owership);
3908 #define SSL_set_ecdh_auto(ssl, onoff) 1
3910 /* SSL_get_session returns a non-owning pointer to |ssl|'s session. For
3911 * historical reasons, which session it returns depends on |ssl|'s state.
3923 * If querying properties of the connection, use APIs on the |SSL| object. */
3924 OPENSSL_EXPORT SSL_SESSION *SSL_get_session(const SSL *ssl);
3931 OPENSSL_EXPORT SSL_SESSION *SSL_get1_session(SSL *ssl);
3950 /* algorithm_* are internal fields. See ssl/internal.h for their values. */
3964 int ssl_version; /* what ssl version session info is being kept in here? */
4127 /* ssl_ctx_st (aka |SSL_CTX|) contains configuration common to several SSL
4186 int (*new_session_cb)(SSL *ssl, SSL_SESSION *sess);
4188 SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *data, int len,
4204 int (*client_cert_cb)(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey);
4207 void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey);
4216 /* Default values used when no per-SSL value is defined follow */
4218 void (*info_callback)(const SSL *ssl, int type, int value);
4228 /* Default values to use in SSL structures follow (these are copied by
4239 const void *buf, size_t len, SSL *ssl, void *arg);
4244 int ok, X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
4264 int (*tlsext_servername_callback)(SSL *, int *, void *);
4271 int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv,
4278 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
4282 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
4296 int (*next_protos_advertised_cb)(SSL *ssl, const uint8_t **out,
4301 int (*next_proto_select_cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
4316 int (*alpn_select_cb)(SSL *s, const uint8_t **out, uint8_t *out_len,
4328 /* Supported group values inherited by SSL structure */
4337 void (*keylog_callback)(const SSL *ssl, const char *line);
4342 void (*current_time_cb)(const SSL *ssl, struct timeval *out_clock);
4541 BORINGSSL_MAKE_DELETER(SSL, SSL_free)
