Lines Matching refs:SSL
4 * This package is an SSL implementation written
6 * The implementation was written so as to conform with Netscapes SSL.
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
148 #include <openssl/ssl.h>
194 int ssl_get_version_range(const SSL *ssl, uint16_t *out_min_version,
212 /* ssl3_protocol_version returns |ssl|'s protocol version. It is an error to
214 uint16_t ssl3_protocol_version(const SSL *ssl);
367 /* SSL_TRANSCRIPT_ssl3_cert_verify_hash writes the SSL 3.0 CertificateVerify
384 /* tls1_prf computes the PRF function for |ssl|. It writes |out_len| bytes to
397 * an SSL connection. */
522 * of a record for |ssl|.
526 size_t ssl_record_prefix_len(const SSL *ssl);
560 enum ssl_open_record_t tls_open_record(SSL *ssl, uint8_t *out_type, CBS *out,
566 enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type, CBS *out,
572 * of the bulk of the ciphertext when sealing a record with |ssl|. Callers may
581 size_t ssl_seal_align_prefix_len(const SSL *ssl);
594 int tls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
604 size_t dtls_max_seal_overhead(const SSL *ssl, enum dtls1_use_epoch_t use_epoch);
608 size_t dtls_seal_prefix_len(const SSL *ssl, enum dtls1_use_epoch_t use_epoch);
614 int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
618 /* ssl_process_alert processes |in| as an alert and updates |ssl|'s shutdown
622 enum ssl_open_record_t ssl_process_alert(SSL *ssl, uint8_t *out_alert,
628 /* ssl_has_private_key returns one if |ssl| has a private key
630 int ssl_has_private_key(const SSL *ssl);
654 SSL *ssl, const uint8_t *signature, size_t signature_len,
778 * in a handshake message for |ssl|. */
779 size_t ssl_max_handshake_message_len(const SSL *ssl);
782 void dtls_clear_incoming_messages(SSL *ssl);
786 int dtls_has_incoming_messages(const SSL *ssl);
796 void dtls_clear_outgoing_messages(SSL *ssl);
801 /* ssl_do_info_callback calls |ssl|'s info callback, if set. */
802 void ssl_do_info_callback(const SSL *ssl, int type, int value);
804 /* ssl_do_msg_callback calls |ssl|'s message callback, if set. */
805 void ssl_do_msg_callback(SSL *ssl, int is_write, int content_type,
812 uint8_t *ssl_read_buffer(SSL *ssl);
815 size_t ssl_read_buffer_len(const SSL *ssl);
824 int ssl_read_buffer_extend_to(SSL *ssl, size_t len);
830 void ssl_read_buffer_consume(SSL *ssl, size_t len);
834 void ssl_read_buffer_discard(SSL *ssl);
838 void ssl_read_buffer_clear(SSL *ssl);
842 int ssl_write_buffer_is_pending(const SSL *ssl);
848 int ssl_write_buffer_init(SSL *ssl, uint8_t **out_ptr, size_t max_len);
852 void ssl_write_buffer_set_len(SSL *ssl, size_t len);
857 int ssl_write_buffer_flush(SSL *ssl);
861 void ssl_write_buffer_clear(SSL *ssl);
868 int ssl_has_certificate(const SSL *ssl);
886 /* ssl_add_cert_chain adds |ssl|'s certificate chain to |cbb| in the format used
889 int ssl_add_cert_chain(SSL *ssl, CBB *cbb);
907 ssl_parse_client_CA_list(SSL *ssl, uint8_t *out_alert, CBS *cbs);
912 int ssl_add_client_CA_list(SSL *ssl, CBB *cbb);
945 int tls13_set_traffic_key(SSL *ssl, enum evp_aead_direction_t direction,
959 int tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction);
971 int tls13_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
1013 /* ssl is a non-owning pointer to the parent |SSL| object. */
1014 SSL *ssl;
1241 SSL_HANDSHAKE *ssl_handshake_new(SSL *ssl);
1248 int ssl_check_message_type(SSL *ssl, int type);
1262 int tls13_post_handshake(SSL *ssl);
1280 int tls13_process_new_session_ticket(SSL *ssl);
1348 * |ssl|. It returns one on success and zero on failure. */
1349 int ssl_log_secret(const SSL *ssl, const char *label, const uint8_t *secret,
1355 int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out, const uint8_t *in,
1376 /* ssl_get_grease_value returns a GREASE value for |ssl|. For a given
1380 uint16_t ssl_get_grease_value(const SSL *ssl, enum ssl_grease_index_t index);
1402 int tls12_add_verify_sigalgs(const SSL *ssl, CBB *out);
1407 int tls12_check_peer_sigalg(SSL *ssl, uint8_t *out_alert, uint16_t sigalg);
1464 int (*cert_cb)(SSL *ssl, void *arg);
1504 int (*ssl_new)(SSL *ssl);
1505 void (*ssl_free)(SSL *ssl);
1507 * one and sets |ssl->s3->tmp.message_type|, |ssl->init_msg|, and
1508 * |ssl->init_num|. Otherwise, it returns <= 0. */
1509 int (*ssl_get_message)(SSL *ssl);
1512 void (*get_current_message)(const SSL *ssl, CBS *out);
1515 void (*release_current_message)(SSL *ssl, int free_buffer);
1521 int (*read_app_data)(SSL *ssl, int *out_got_handshake, uint8_t *buf, int len,
1523 int (*read_change_cipher_spec)(SSL *ssl);
1524 void (*read_close_notify)(SSL *ssl);
1525 int (*write_app_data)(SSL *ssl, int *out_needs_handshake, const uint8_t *buf,
1527 int (*dispatch_alert)(SSL *ssl);
1534 int (*init_message)(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
1539 int (*finish_message)(SSL *ssl, CBB *cbb, uint8_t **out_msg, size_t *out_len);
1543 int (*add_message)(SSL *ssl, uint8_t *msg, size_t len);
1546 int (*add_change_cipher_spec)(SSL *ssl);
1549 int (*add_alert)(SSL *ssl, uint8_t level, uint8_t desc);
1552 int (*flush_flight)(SSL *ssl);
1555 void (*expect_flight)(SSL *ssl);
1558 void (*received_flight)(SSL *ssl);
1559 /* set_read_state sets |ssl|'s read cipher state to |aead_ctx|. It takes
1562 int (*set_read_state)(SSL *ssl, SSL_AEAD_CTX *aead_ctx);
1563 /* set_write_state sets |ssl|'s write cipher state to |aead_ctx|. It takes
1566 int (*set_write_state)(SSL *ssl, SSL_AEAD_CTX *aead_ctx);
1600 int (*session_verify_cert_chain)(SSL_SESSION *session, SSL *ssl);
1604 /* ssl_new does any neccessary initialisation of |ssl|. It returns one on
1606 int (*ssl_new)(SSL *ssl);
1608 void (*ssl_free)(SSL *ssl);
1609 /* ssl_flush_cached_client_CA drops any cached |X509_NAME|s from |ssl|. */
1610 void (*ssl_flush_cached_client_CA)(SSL *ssl);
1612 * necessary. On success, it updates |ssl|'s certificate configuration as
1614 int (*ssl_auto_chain_if_needed)(SSL *ssl);
1621 void (*ssl_ctx_flush_cached_client_CA)(SSL_CTX *ssl);
1963 const void *buf, size_t len, SSL *ssl, void *arg);
1993 void (*info_callback)(const SSL *ssl, int type, int value);
1999 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
2003 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
2051 /* server is true iff the this SSL* is the server half. Note: before the SSL*
2108 int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session);
2120 * matches the one set on |ssl| and zero otherwise. */
2121 int ssl_session_is_context_valid(const SSL *ssl, const SSL_SESSION *session);
2125 int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session);
2139 void ssl_set_session(SSL *ssl, SSL_SESSION *session);
2155 SSL *ssl, SSL_SESSION **out_session, int *out_tickets_supported,
2173 void ssl_session_rebase_time(SSL *ssl, SSL_SESSION *session);
2178 void ssl_session_renew_timeout(SSL *ssl, SSL_SESSION *session,
2187 const SSL *ssl);
2192 int ssl3_send_alert(SSL *ssl, int level, int desc);
2193 int ssl3_get_message(SSL *ssl);
2194 void ssl3_get_current_message(const SSL *ssl, CBS *out);
2195 void ssl3_release_current_message(SSL *ssl, int free_buffer);
2198 int ssl3_dispatch_alert(SSL *ssl);
2199 int ssl3_read_app_data(SSL *ssl, int *out_got_handshake, uint8_t *buf, int len,
2201 int ssl3_read_change_cipher_spec(SSL *ssl);
2202 void ssl3_read_close_notify(SSL *ssl);
2203 int ssl3_read_handshake_bytes(SSL *ssl, uint8_t *buf, int len);
2204 int ssl3_write_app_data(SSL *ssl, int *out_needs_handshake, const uint8_t *buf,
2206 int ssl3_output_cert_chain(SSL *ssl);
2208 int ssl3_new(SSL *ssl);
2209 void ssl3_free(SSL *ssl);
2213 int ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
2214 int ssl3_finish_message(SSL *ssl, CBB *cbb, uint8_t **out_msg, size_t *out_len);
2215 int ssl3_add_message(SSL *ssl, uint8_t *msg, size_t len);
2216 int ssl3_add_change_cipher_spec(SSL *ssl);
2217 int ssl3_add_alert(SSL *ssl, uint8_t level, uint8_t desc);
2218 int ssl3_flush_flight(SSL *ssl);
2220 int dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
2221 int dtls1_finish_message(SSL *ssl, CBB *cbb, uint8_t **out_msg,
2223 int dtls1_add_message(SSL *ssl, uint8_t *msg, size_t len);
2224 int dtls1_add_change_cipher_spec(SSL *ssl);
2225 int dtls1_add_alert(SSL *ssl, uint8_t level, uint8_t desc);
2226 int dtls1_flush_flight(SSL *ssl);
2230 int ssl_add_message_cbb(SSL *ssl, CBB *cbb);
2237 * |ssl->s3->rrec| and returns one. Otherwise it returns <= 0 on error or if
2239 int dtls1_get_record(SSL *ssl);
2241 int dtls1_read_app_data(SSL *ssl, int *out_got_handshake, uint8_t *buf, int len,
2243 int dtls1_read_change_cipher_spec(SSL *ssl);
2244 void dtls1_read_close_notify(SSL *ssl);
2246 int dtls1_write_app_data(SSL *ssl, int *out_needs_handshake, const uint8_t *buf,
2251 int dtls1_write_record(SSL *ssl, int type, const uint8_t *buf, size_t len,
2254 int dtls1_send_finished(SSL *ssl, int a, int b, const char *sender, int slen);
2255 int dtls1_retransmit_outgoing_messages(SSL *ssl);
2256 void dtls1_clear_record_buffer(SSL *ssl);
2259 int dtls1_check_timeout_num(SSL *ssl);
2260 int dtls1_handshake_write(SSL *ssl);
2262 void dtls1_start_timer(SSL *ssl);
2263 void dtls1_stop_timer(SSL *ssl);
2264 int dtls1_is_timer_expired(SSL *ssl);
2265 void dtls1_double_timeout(SSL *ssl);
2268 int dtls1_new(SSL *ssl);
2269 int dtls1_accept(SSL *ssl);
2270 int dtls1_connect(SSL *ssl);
2271 void dtls1_free(SSL *ssl);
2273 int dtls1_get_message(SSL *ssl);
2274 void dtls1_get_current_message(const SSL *ssl, CBS *out);
2275 void dtls1_release_current_message(SSL *ssl, int free_buffer);
2276 int dtls1_dispatch_alert(SSL *ssl);
2284 void tls1_get_grouplist(SSL *ssl, const uint16_t **out_group_ids,
2289 int tls1_check_group_id(SSL *ssl, uint16_t group_id);
2333 SSL *ssl, SSL_SESSION **out_session, int *out_renew_ticket,
2343 * |cbb|. |ssl->tlsext_channel_id_private| must already be set before calling.
2354 /* ssl_do_channel_id_callback checks runs |ssl->ctx->channel_id_cb| if
2356 * success, |ssl->tlsext_channel_id_private| may be unset, in which case the
2358 int ssl_do_channel_id_callback(SSL *ssl);
2360 /* ssl3_can_false_start returns one if |ssl| is allowed to False Start and zero
2362 int ssl3_can_false_start(const SSL *ssl);
2364 /* ssl_can_write returns one if |ssl| is allowed to write and zero otherwise. */
2365 int ssl_can_write(const SSL *ssl);
2367 /* ssl_can_read returns one if |ssl| is allowed to read and zero otherwise. */
2368 int ssl_can_read(const SSL *ssl);
2370 void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock);
2373 void ssl_reset_error_state(SSL *ssl);
