summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl.h
diff options
context:
space:
mode:
authordjm <>2012-10-13 21:25:14 +0000
committerdjm <>2012-10-13 21:25:14 +0000
commit93723b50b639d8dc717bc1bf463fd46e1b321239 (patch)
tree281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libssl/ssl.h
parent65e72ac55a6405783db7a12d7e35a7561d46005b (diff)
downloadopenbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.gz
openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.bz2
openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.zip
resolve conflicts
Diffstat (limited to 'src/lib/libssl/ssl.h')
-rw-r--r--src/lib/libssl/ssl.h313
1 files changed, 291 insertions, 22 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 8f922eea72..8b0c2a2dac 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -252,6 +252,7 @@ extern "C" {
252#define SSL_TXT_kEECDH "kEECDH" 252#define SSL_TXT_kEECDH "kEECDH"
253#define SSL_TXT_kPSK "kPSK" 253#define SSL_TXT_kPSK "kPSK"
254#define SSL_TXT_kGOST "kGOST" 254#define SSL_TXT_kGOST "kGOST"
255#define SSL_TXT_kSRP "kSRP"
255 256
256#define SSL_TXT_aRSA "aRSA" 257#define SSL_TXT_aRSA "aRSA"
257#define SSL_TXT_aDSS "aDSS" 258#define SSL_TXT_aDSS "aDSS"
@@ -275,6 +276,7 @@ extern "C" {
275#define SSL_TXT_ECDSA "ECDSA" 276#define SSL_TXT_ECDSA "ECDSA"
276#define SSL_TXT_KRB5 "KRB5" 277#define SSL_TXT_KRB5 "KRB5"
277#define SSL_TXT_PSK "PSK" 278#define SSL_TXT_PSK "PSK"
279#define SSL_TXT_SRP "SRP"
278 280
279#define SSL_TXT_DES "DES" 281#define SSL_TXT_DES "DES"
280#define SSL_TXT_3DES "3DES" 282#define SSL_TXT_3DES "3DES"
@@ -285,6 +287,7 @@ extern "C" {
285#define SSL_TXT_AES128 "AES128" 287#define SSL_TXT_AES128 "AES128"
286#define SSL_TXT_AES256 "AES256" 288#define SSL_TXT_AES256 "AES256"
287#define SSL_TXT_AES "AES" 289#define SSL_TXT_AES "AES"
290#define SSL_TXT_AES_GCM "AESGCM"
288#define SSL_TXT_CAMELLIA128 "CAMELLIA128" 291#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
289#define SSL_TXT_CAMELLIA256 "CAMELLIA256" 292#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
290#define SSL_TXT_CAMELLIA "CAMELLIA" 293#define SSL_TXT_CAMELLIA "CAMELLIA"
@@ -294,10 +297,14 @@ extern "C" {
294#define SSL_TXT_SHA "SHA" /* same as "SHA1" */ 297#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
295#define SSL_TXT_GOST94 "GOST94" 298#define SSL_TXT_GOST94 "GOST94"
296#define SSL_TXT_GOST89MAC "GOST89MAC" 299#define SSL_TXT_GOST89MAC "GOST89MAC"
300#define SSL_TXT_SHA256 "SHA256"
301#define SSL_TXT_SHA384 "SHA384"
297 302
298#define SSL_TXT_SSLV2 "SSLv2" 303#define SSL_TXT_SSLV2 "SSLv2"
299#define SSL_TXT_SSLV3 "SSLv3" 304#define SSL_TXT_SSLV3 "SSLv3"
300#define SSL_TXT_TLSV1 "TLSv1" 305#define SSL_TXT_TLSV1 "TLSv1"
306#define SSL_TXT_TLSV1_1 "TLSv1.1"
307#define SSL_TXT_TLSV1_2 "TLSv1.2"
301 308
302#define SSL_TXT_EXP "EXP" 309#define SSL_TXT_EXP "EXP"
303#define SSL_TXT_EXPORT "EXPORT" 310#define SSL_TXT_EXPORT "EXPORT"
@@ -356,9 +363,29 @@ extern "C" {
356 * in SSL_CTX. */ 363 * in SSL_CTX. */
357typedef struct ssl_st *ssl_crock_st; 364typedef struct ssl_st *ssl_crock_st;
358typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; 365typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
366typedef struct ssl_method_st SSL_METHOD;
367typedef struct ssl_cipher_st SSL_CIPHER;
368typedef struct ssl_session_st SSL_SESSION;
369
370DECLARE_STACK_OF(SSL_CIPHER)
371
372/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
373typedef struct srtp_protection_profile_st
374 {
375 const char *name;
376 unsigned long id;
377 } SRTP_PROTECTION_PROFILE;
378
379DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
380
381typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
382typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
383
384
385#ifndef OPENSSL_NO_SSL_INTERN
359 386
360/* used to hold info on the particular ciphers used */ 387/* used to hold info on the particular ciphers used */
361typedef struct ssl_cipher_st 388struct ssl_cipher_st
362 { 389 {
363 int valid; 390 int valid;
364 const char *name; /* text name */ 391 const char *name; /* text name */
@@ -375,15 +402,11 @@ typedef struct ssl_cipher_st
375 unsigned long algorithm2; /* Extra flags */ 402 unsigned long algorithm2; /* Extra flags */
376 int strength_bits; /* Number of bits really used */ 403 int strength_bits; /* Number of bits really used */
377 int alg_bits; /* Number of bits for algorithm */ 404 int alg_bits; /* Number of bits for algorithm */
378 } SSL_CIPHER; 405 };
379
380DECLARE_STACK_OF(SSL_CIPHER)
381 406
382typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
383typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
384 407
385/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 408/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
386typedef struct ssl_method_st 409struct ssl_method_st
387 { 410 {
388 int version; 411 int version;
389 int (*ssl_new)(SSL *s); 412 int (*ssl_new)(SSL *s);
@@ -416,7 +439,7 @@ typedef struct ssl_method_st
416 int (*ssl_version)(void); 439 int (*ssl_version)(void);
417 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); 440 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
418 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); 441 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
419 } SSL_METHOD; 442 };
420 443
421/* Lets make this into an ASN.1 type structure as follows 444/* Lets make this into an ASN.1 type structure as follows
422 * SSL_SESSION_ID ::= SEQUENCE { 445 * SSL_SESSION_ID ::= SEQUENCE {
@@ -433,14 +456,17 @@ typedef struct ssl_method_st
433 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context 456 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
434 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' 457 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
435 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension 458 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
436 * ECPointFormatList [ 7 ] OCTET STRING, -- optional EC point format list from TLS extension 459 * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
437 * PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint 460 * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
438 * PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity 461 * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
462 * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
463 * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
464 * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
439 * } 465 * }
440 * Look in ssl/ssl_asn1.c for more details 466 * Look in ssl/ssl_asn1.c for more details
441 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). 467 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
442 */ 468 */
443typedef struct ssl_session_st 469struct ssl_session_st
444 { 470 {
445 int ssl_version; /* what ssl version session info is 471 int ssl_version; /* what ssl version session info is
446 * being kept in here? */ 472 * being kept in here? */
@@ -512,8 +538,12 @@ typedef struct ssl_session_st
512 size_t tlsext_ticklen; /* Session ticket length */ 538 size_t tlsext_ticklen; /* Session ticket length */
513 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 539 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
514#endif 540#endif
515 } SSL_SESSION; 541#ifndef OPENSSL_NO_SRP
542 char *srp_username;
543#endif
544 };
516 545
546#endif
517 547
518#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 548#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
519#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 549#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
@@ -536,7 +566,7 @@ typedef struct ssl_session_st
536 566
537/* SSL_OP_ALL: various bug workarounds that should be rather harmless. 567/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
538 * This used to be 0x000FFFFFL before 0.9.7. */ 568 * This used to be 0x000FFFFFL before 0.9.7. */
539#define SSL_OP_ALL 0x80000FFFL 569#define SSL_OP_ALL 0x80000BFFL
540 570
541/* DTLS options */ 571/* DTLS options */
542#define SSL_OP_NO_QUERY_MTU 0x00001000L 572#define SSL_OP_NO_QUERY_MTU 0x00001000L
@@ -572,11 +602,17 @@ typedef struct ssl_session_st
572#define SSL_OP_NO_SSLv2 0x01000000L 602#define SSL_OP_NO_SSLv2 0x01000000L
573#define SSL_OP_NO_SSLv3 0x02000000L 603#define SSL_OP_NO_SSLv3 0x02000000L
574#define SSL_OP_NO_TLSv1 0x04000000L 604#define SSL_OP_NO_TLSv1 0x04000000L
605#define SSL_OP_NO_TLSv1_2 0x08000000L
606#define SSL_OP_NO_TLSv1_1 0x10000000L
575 607
608/* These next two were never actually used for anything since SSLeay
609 * zap so we have some more flags.
610 */
576/* The next flag deliberately changes the ciphertest, this is a check 611/* The next flag deliberately changes the ciphertest, this is a check
577 * for the PKCS#1 attack */ 612 * for the PKCS#1 attack */
578#define SSL_OP_PKCS1_CHECK_1 0x08000000L 613#define SSL_OP_PKCS1_CHECK_1 0x0
579#define SSL_OP_PKCS1_CHECK_2 0x10000000L 614#define SSL_OP_PKCS1_CHECK_2 0x0
615
580#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 616#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
581#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L 617#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
582/* Make server add server-hello extension from early version of 618/* Make server add server-hello extension from early version of
@@ -637,12 +673,53 @@ typedef struct ssl_session_st
637#define SSL_get_secure_renegotiation_support(ssl) \ 673#define SSL_get_secure_renegotiation_support(ssl) \
638 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) 674 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
639 675
676#ifndef OPENSSL_NO_HEARTBEATS
677#define SSL_heartbeat(ssl) \
678 SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
679#endif
680
640void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 681void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
641void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 682void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
642#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 683#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
643#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 684#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
644 685
686#ifndef OPENSSL_NO_SRP
645 687
688#ifndef OPENSSL_NO_SSL_INTERN
689
690typedef struct srp_ctx_st
691 {
692 /* param for all the callbacks */
693 void *SRP_cb_arg;
694 /* set client Hello login callback */
695 int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
696 /* set SRP N/g param callback for verification */
697 int (*SRP_verify_param_callback)(SSL *, void *);
698 /* set SRP client passwd callback */
699 char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
700
701 char *login;
702 BIGNUM *N,*g,*s,*B,*A;
703 BIGNUM *a,*b,*v;
704 char *info;
705 int strength;
706
707 unsigned long srp_Mask;
708 } SRP_CTX;
709
710#endif
711
712/* see tls_srp.c */
713int SSL_SRP_CTX_init(SSL *s);
714int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
715int SSL_SRP_CTX_free(SSL *ctx);
716int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
717int SSL_srp_server_param_with_username(SSL *s, int *ad);
718int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
719int SRP_Calc_A_param(SSL *s);
720int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
721
722#endif
646 723
647#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) 724#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
648#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ 725#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
@@ -668,7 +745,11 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
668typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, 745typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
669 unsigned int *id_len); 746 unsigned int *id_len);
670 747
671typedef struct ssl_comp_st 748typedef struct ssl_comp_st SSL_COMP;
749
750#ifndef OPENSSL_NO_SSL_INTERN
751
752struct ssl_comp_st
672 { 753 {
673 int id; 754 int id;
674 const char *name; 755 const char *name;
@@ -677,7 +758,7 @@ typedef struct ssl_comp_st
677#else 758#else
678 char *method; 759 char *method;
679#endif 760#endif
680 } SSL_COMP; 761 };
681 762
682DECLARE_STACK_OF(SSL_COMP) 763DECLARE_STACK_OF(SSL_COMP)
683DECLARE_LHASH_OF(SSL_SESSION); 764DECLARE_LHASH_OF(SSL_SESSION);
@@ -846,7 +927,6 @@ struct ssl_ctx_st
846 /* Callback for status request */ 927 /* Callback for status request */
847 int (*tlsext_status_cb)(SSL *ssl, void *arg); 928 int (*tlsext_status_cb)(SSL *ssl, void *arg);
848 void *tlsext_status_arg; 929 void *tlsext_status_arg;
849
850 /* draft-rescorla-tls-opaque-prf-input-00.txt information */ 930 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
851 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); 931 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
852 void *tlsext_opaque_prf_input_callback_arg; 932 void *tlsext_opaque_prf_input_callback_arg;
@@ -867,8 +947,36 @@ struct ssl_ctx_st
867 struct ssl3_buf_freelist_st *wbuf_freelist; 947 struct ssl3_buf_freelist_st *wbuf_freelist;
868 struct ssl3_buf_freelist_st *rbuf_freelist; 948 struct ssl3_buf_freelist_st *rbuf_freelist;
869#endif 949#endif
950#ifndef OPENSSL_NO_SRP
951 SRP_CTX srp_ctx; /* ctx for SRP authentication */
952#endif
953
954#ifndef OPENSSL_NO_TLSEXT
955# ifndef OPENSSL_NO_NEXTPROTONEG
956 /* Next protocol negotiation information */
957 /* (for experimental NPN extension). */
958
959 /* For a server, this contains a callback function by which the set of
960 * advertised protocols can be provided. */
961 int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
962 unsigned int *len, void *arg);
963 void *next_protos_advertised_cb_arg;
964 /* For a client, this contains a callback function that selects the
965 * next protocol from the list provided by the server. */
966 int (*next_proto_select_cb)(SSL *s, unsigned char **out,
967 unsigned char *outlen,
968 const unsigned char *in,
969 unsigned int inlen,
970 void *arg);
971 void *next_proto_select_cb_arg;
972# endif
973 /* SRTP profiles we are willing to do from RFC 5764 */
974 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
975#endif
870 }; 976 };
871 977
978#endif
979
872#define SSL_SESS_CACHE_OFF 0x0000 980#define SSL_SESS_CACHE_OFF 0x0000
873#define SSL_SESS_CACHE_CLIENT 0x0001 981#define SSL_SESS_CACHE_CLIENT 0x0001
874#define SSL_SESS_CACHE_SERVER 0x0002 982#define SSL_SESS_CACHE_SERVER 0x0002
@@ -921,6 +1029,32 @@ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
921#endif 1029#endif
922void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); 1030void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
923void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); 1031void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
1032#ifndef OPENSSL_NO_NEXTPROTONEG
1033void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
1034 int (*cb) (SSL *ssl,
1035 const unsigned char **out,
1036 unsigned int *outlen,
1037 void *arg),
1038 void *arg);
1039void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
1040 int (*cb) (SSL *ssl,
1041 unsigned char **out,
1042 unsigned char *outlen,
1043 const unsigned char *in,
1044 unsigned int inlen,
1045 void *arg),
1046 void *arg);
1047
1048int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1049 const unsigned char *in, unsigned int inlen,
1050 const unsigned char *client, unsigned int client_len);
1051void SSL_get0_next_proto_negotiated(const SSL *s,
1052 const unsigned char **data, unsigned *len);
1053
1054#define OPENSSL_NPN_UNSUPPORTED 0
1055#define OPENSSL_NPN_NEGOTIATED 1
1056#define OPENSSL_NPN_NO_OVERLAP 2
1057#endif
924 1058
925#ifndef OPENSSL_NO_PSK 1059#ifndef OPENSSL_NO_PSK
926/* the maximum length of the buffer given to callbacks containing the 1060/* the maximum length of the buffer given to callbacks containing the
@@ -961,6 +1095,8 @@ const char *SSL_get_psk_identity(const SSL *s);
961#define SSL_MAC_FLAG_READ_MAC_STREAM 1 1095#define SSL_MAC_FLAG_READ_MAC_STREAM 1
962#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 1096#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
963 1097
1098#ifndef OPENSSL_NO_SSL_INTERN
1099
964struct ssl_st 1100struct ssl_st
965 { 1101 {
966 /* protocol version 1102 /* protocol version
@@ -1005,9 +1141,7 @@ struct ssl_st
1005 1141
1006 int server; /* are we the server side? - mostly used by SSL_clear*/ 1142 int server; /* are we the server side? - mostly used by SSL_clear*/
1007 1143
1008 int new_session;/* 1 if we are to use a new session. 1144 int new_session;/* Generate a new session or reuse an old one.
1009 * 2 if we are a server and are inside a handshake
1010 * (i.e. not just sending a HelloRequest)
1011 * NB: For servers, the 'new' session may actually be a previously 1145 * NB: For servers, the 'new' session may actually be a previously
1012 * cached session or even the previous session unless 1146 * cached session or even the previous session unless
1013 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ 1147 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
@@ -1177,12 +1311,46 @@ struct ssl_st
1177 void *tls_session_secret_cb_arg; 1311 void *tls_session_secret_cb_arg;
1178 1312
1179 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ 1313 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1314
1315#ifndef OPENSSL_NO_NEXTPROTONEG
1316 /* Next protocol negotiation. For the client, this is the protocol that
1317 * we sent in NextProtocol and is set when handling ServerHello
1318 * extensions.
1319 *
1320 * For a server, this is the client's selected_protocol from
1321 * NextProtocol and is set when handling the NextProtocol message,
1322 * before the Finished message. */
1323 unsigned char *next_proto_negotiated;
1324 unsigned char next_proto_negotiated_len;
1325#endif
1326
1180#define session_ctx initial_ctx 1327#define session_ctx initial_ctx
1328
1329 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */
1330 SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */
1331
1332 unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated?
1333 0: disabled
1334 1: enabled
1335 2: enabled, but not allowed to send Requests
1336 */
1337 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
1338 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
1181#else 1339#else
1182#define session_ctx ctx 1340#define session_ctx ctx
1183#endif /* OPENSSL_NO_TLSEXT */ 1341#endif /* OPENSSL_NO_TLSEXT */
1342
1343 int renegotiate;/* 1 if we are renegotiating.
1344 * 2 if we are a server and are inside a handshake
1345 * (i.e. not just sending a HelloRequest) */
1346
1347#ifndef OPENSSL_NO_SRP
1348 SRP_CTX srp_ctx; /* ctx for SRP authentication */
1349#endif
1184 }; 1350 };
1185 1351
1352#endif
1353
1186#ifdef __cplusplus 1354#ifdef __cplusplus
1187} 1355}
1188#endif 1356#endif
@@ -1192,6 +1360,7 @@ struct ssl_st
1192#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ 1360#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
1193#include <openssl/dtls1.h> /* Datagram TLS */ 1361#include <openssl/dtls1.h> /* Datagram TLS */
1194#include <openssl/ssl23.h> 1362#include <openssl/ssl23.h>
1363#include <openssl/srtp.h> /* Support for the use_srtp extension */
1195 1364
1196#ifdef __cplusplus 1365#ifdef __cplusplus
1197extern "C" { 1366extern "C" {
@@ -1408,6 +1577,20 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1408#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 1577#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
1409 1578
1410#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 1579#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
1580
1581#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
1582#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
1583#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
1584
1585#define SSL_CTRL_SET_SRP_ARG 78
1586#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
1587#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
1588#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
1589#ifndef OPENSSL_NO_HEARTBEATS
1590#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
1591#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
1592#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
1593#endif
1411#endif 1594#endif
1412 1595
1413#define DTLS_CTRL_GET_TIMEOUT 73 1596#define DTLS_CTRL_GET_TIMEOUT 73
@@ -1418,6 +1601,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1418#define SSL_CTRL_CLEAR_OPTIONS 77 1601#define SSL_CTRL_CLEAR_OPTIONS 77
1419#define SSL_CTRL_CLEAR_MODE 78 1602#define SSL_CTRL_CLEAR_MODE 78
1420 1603
1604#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
1605#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
1606
1421#define DTLSv1_get_timeout(ssl, arg) \ 1607#define DTLSv1_get_timeout(ssl, arg) \
1422 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) 1608 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
1423#define DTLSv1_handle_timeout(ssl) \ 1609#define DTLSv1_handle_timeout(ssl) \
@@ -1454,6 +1640,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1454 1640
1455#define SSL_CTX_add_extra_chain_cert(ctx,x509) \ 1641#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
1456 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) 1642 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
1643#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
1644 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
1645#define SSL_CTX_clear_extra_chain_certs(ctx) \
1646 SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
1457 1647
1458#ifndef OPENSSL_NO_BIO 1648#ifndef OPENSSL_NO_BIO
1459BIO_METHOD *BIO_f_ssl(void); 1649BIO_METHOD *BIO_f_ssl(void);
@@ -1481,6 +1671,7 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1481int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); 1671int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
1482char * SSL_CIPHER_get_version(const SSL_CIPHER *c); 1672char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1483const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); 1673const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
1674unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
1484 1675
1485int SSL_get_fd(const SSL *s); 1676int SSL_get_fd(const SSL *s);
1486int SSL_get_rfd(const SSL *s); 1677int SSL_get_rfd(const SSL *s);
@@ -1546,10 +1737,14 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t);
1546long SSL_SESSION_get_timeout(const SSL_SESSION *s); 1737long SSL_SESSION_get_timeout(const SSL_SESSION *s);
1547long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); 1738long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1548void SSL_copy_session_id(SSL *to,const SSL *from); 1739void SSL_copy_session_id(SSL *to,const SSL *from);
1740X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
1741int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
1742 unsigned int sid_ctx_len);
1549 1743
1550SSL_SESSION *SSL_SESSION_new(void); 1744SSL_SESSION *SSL_SESSION_new(void);
1551const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, 1745const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1552 unsigned int *len); 1746 unsigned int *len);
1747unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
1553#ifndef OPENSSL_NO_FP_API 1748#ifndef OPENSSL_NO_FP_API
1554int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); 1749int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
1555#endif 1750#endif
@@ -1612,6 +1807,30 @@ int SSL_set_trust(SSL *s, int trust);
1612int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); 1807int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1613int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 1808int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1614 1809
1810#ifndef OPENSSL_NO_SRP
1811int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
1812int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
1813int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
1814int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
1815 char *(*cb)(SSL *,void *));
1816int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
1817 int (*cb)(SSL *,void *));
1818int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
1819 int (*cb)(SSL *,int *,void *));
1820int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
1821
1822int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
1823 BIGNUM *sa, BIGNUM *v, char *info);
1824int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
1825 const char *grp);
1826
1827BIGNUM *SSL_get_srp_g(SSL *s);
1828BIGNUM *SSL_get_srp_N(SSL *s);
1829
1830char *SSL_get_srp_username(SSL *s);
1831char *SSL_get_srp_userinfo(SSL *s);
1832#endif
1833
1615void SSL_free(SSL *ssl); 1834void SSL_free(SSL *ssl);
1616int SSL_accept(SSL *ssl); 1835int SSL_accept(SSL *ssl);
1617int SSL_connect(SSL *ssl); 1836int SSL_connect(SSL *ssl);
@@ -1647,6 +1866,15 @@ const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1647const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ 1866const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1648const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ 1867const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1649 1868
1869const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
1870const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
1871const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
1872
1873const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
1874const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
1875const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
1876
1877
1650const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ 1878const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
1651const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ 1879const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
1652const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ 1880const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
@@ -1655,6 +1883,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1655 1883
1656int SSL_do_handshake(SSL *s); 1884int SSL_do_handshake(SSL *s);
1657int SSL_renegotiate(SSL *s); 1885int SSL_renegotiate(SSL *s);
1886int SSL_renegotiate_abbreviated(SSL *s);
1658int SSL_renegotiate_pending(SSL *s); 1887int SSL_renegotiate_pending(SSL *s);
1659int SSL_shutdown(SSL *s); 1888int SSL_shutdown(SSL *s);
1660 1889
@@ -1706,6 +1935,7 @@ void SSL_set_info_callback(SSL *ssl,
1706 void (*cb)(const SSL *ssl,int type,int val)); 1935 void (*cb)(const SSL *ssl,int type,int val));
1707void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); 1936void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
1708int SSL_state(const SSL *ssl); 1937int SSL_state(const SSL *ssl);
1938void SSL_set_state(SSL *ssl, int state);
1709 1939
1710void SSL_set_verify_result(SSL *ssl,long v); 1940void SSL_set_verify_result(SSL *ssl,long v);
1711long SSL_get_verify_result(const SSL *ssl); 1941long SSL_get_verify_result(const SSL *ssl);
@@ -1806,6 +2036,9 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1806/* Pre-shared secret session resumption functions */ 2036/* Pre-shared secret session resumption functions */
1807int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); 2037int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
1808 2038
2039void SSL_set_debug(SSL *s, int debug);
2040int SSL_cache_hit(SSL *s);
2041
1809/* BEGIN ERROR CODES */ 2042/* BEGIN ERROR CODES */
1810/* The following lines are auto generated by the script mkerr.pl. Any changes 2043/* The following lines are auto generated by the script mkerr.pl. Any changes
1811 * made after this point may be overwritten when the script is next run. 2044 * made after this point may be overwritten when the script is next run.
@@ -1825,6 +2058,7 @@ void ERR_load_SSL_strings(void);
1825#define SSL_F_DTLS1_ACCEPT 246 2058#define SSL_F_DTLS1_ACCEPT 246
1826#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 2059#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
1827#define SSL_F_DTLS1_BUFFER_RECORD 247 2060#define SSL_F_DTLS1_BUFFER_RECORD 247
2061#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316
1828#define SSL_F_DTLS1_CLIENT_HELLO 248 2062#define SSL_F_DTLS1_CLIENT_HELLO 248
1829#define SSL_F_DTLS1_CONNECT 249 2063#define SSL_F_DTLS1_CONNECT 249
1830#define SSL_F_DTLS1_ENC 250 2064#define SSL_F_DTLS1_ENC 250
@@ -1833,6 +2067,7 @@ void ERR_load_SSL_strings(void);
1833#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 2067#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
1834#define SSL_F_DTLS1_GET_RECORD 254 2068#define SSL_F_DTLS1_GET_RECORD 254
1835#define SSL_F_DTLS1_HANDLE_TIMEOUT 297 2069#define SSL_F_DTLS1_HANDLE_TIMEOUT 297
2070#define SSL_F_DTLS1_HEARTBEAT 305
1836#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 2071#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
1837#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 2072#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
1838#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 2073#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
@@ -1901,6 +2136,7 @@ void ERR_load_SSL_strings(void);
1901#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 2136#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
1902#define SSL_F_SSL3_GET_MESSAGE 142 2137#define SSL_F_SSL3_GET_MESSAGE 142
1903#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 2138#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
2139#define SSL_F_SSL3_GET_NEXT_PROTO 306
1904#define SSL_F_SSL3_GET_RECORD 143 2140#define SSL_F_SSL3_GET_RECORD 143
1905#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 2141#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1906#define SSL_F_SSL3_GET_SERVER_DONE 145 2142#define SSL_F_SSL3_GET_SERVER_DONE 145
@@ -1925,10 +2161,12 @@ void ERR_load_SSL_strings(void);
1925#define SSL_F_SSL3_WRITE_PENDING 159 2161#define SSL_F_SSL3_WRITE_PENDING 159
1926#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 2162#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
1927#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 2163#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
2164#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307
1928#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 2165#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1929#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 2166#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1930#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 2167#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299
1931#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 2168#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278
2169#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308
1932#define SSL_F_SSL_BAD_METHOD 160 2170#define SSL_F_SSL_BAD_METHOD 160
1933#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 2171#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1934#define SSL_F_SSL_CERT_DUP 221 2172#define SSL_F_SSL_CERT_DUP 221
@@ -1945,6 +2183,7 @@ void ERR_load_SSL_strings(void);
1945#define SSL_F_SSL_CREATE_CIPHER_LIST 166 2183#define SSL_F_SSL_CREATE_CIPHER_LIST 166
1946#define SSL_F_SSL_CTRL 232 2184#define SSL_F_SSL_CTRL 232
1947#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 2185#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
2186#define SSL_F_SSL_CTX_MAKE_PROFILES 309
1948#define SSL_F_SSL_CTX_NEW 169 2187#define SSL_F_SSL_CTX_NEW 169
1949#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 2188#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1950#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 2189#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
@@ -1973,8 +2212,10 @@ void ERR_load_SSL_strings(void);
1973#define SSL_F_SSL_NEW 186 2212#define SSL_F_SSL_NEW 186
1974#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 2213#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
1975#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 2214#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
2215#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310
1976#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 2216#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
1977#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 2217#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
2218#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
1978#define SSL_F_SSL_PEEK 270 2219#define SSL_F_SSL_PEEK 270
1979#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 2220#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
1980#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 2221#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
@@ -1983,6 +2224,7 @@ void ERR_load_SSL_strings(void);
1983#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 2224#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
1984#define SSL_F_SSL_SESSION_NEW 189 2225#define SSL_F_SSL_SESSION_NEW 189
1985#define SSL_F_SSL_SESSION_PRINT_FP 190 2226#define SSL_F_SSL_SESSION_PRINT_FP 190
2227#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
1986#define SSL_F_SSL_SESS_CERT_NEW 225 2228#define SSL_F_SSL_SESS_CERT_NEW 225
1987#define SSL_F_SSL_SET_CERT 191 2229#define SSL_F_SSL_SET_CERT 191
1988#define SSL_F_SSL_SET_CIPHER_LIST 271 2230#define SSL_F_SSL_SET_CIPHER_LIST 271
@@ -1996,6 +2238,7 @@ void ERR_load_SSL_strings(void);
1996#define SSL_F_SSL_SET_TRUST 228 2238#define SSL_F_SSL_SET_TRUST 228
1997#define SSL_F_SSL_SET_WFD 196 2239#define SSL_F_SSL_SET_WFD 196
1998#define SSL_F_SSL_SHUTDOWN 224 2240#define SSL_F_SSL_SHUTDOWN 224
2241#define SSL_F_SSL_SRP_CTX_INIT 313
1999#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 2242#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
2000#define SSL_F_SSL_UNDEFINED_FUNCTION 197 2243#define SSL_F_SSL_UNDEFINED_FUNCTION 197
2001#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 2244#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
@@ -2015,6 +2258,8 @@ void ERR_load_SSL_strings(void);
2015#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 2258#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
2016#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 2259#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
2017#define SSL_F_TLS1_ENC 210 2260#define SSL_F_TLS1_ENC 210
2261#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314
2262#define SSL_F_TLS1_HEARTBEAT 315
2018#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 2263#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
2019#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 2264#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
2020#define SSL_F_TLS1_PRF 284 2265#define SSL_F_TLS1_PRF 284
@@ -2054,6 +2299,13 @@ void ERR_load_SSL_strings(void);
2054#define SSL_R_BAD_RSA_MODULUS_LENGTH 121 2299#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
2055#define SSL_R_BAD_RSA_SIGNATURE 122 2300#define SSL_R_BAD_RSA_SIGNATURE 122
2056#define SSL_R_BAD_SIGNATURE 123 2301#define SSL_R_BAD_SIGNATURE 123
2302#define SSL_R_BAD_SRP_A_LENGTH 347
2303#define SSL_R_BAD_SRP_B_LENGTH 348
2304#define SSL_R_BAD_SRP_G_LENGTH 349
2305#define SSL_R_BAD_SRP_N_LENGTH 350
2306#define SSL_R_BAD_SRP_S_LENGTH 351
2307#define SSL_R_BAD_SRTP_MKI_VALUE 352
2308#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
2057#define SSL_R_BAD_SSL_FILETYPE 124 2309#define SSL_R_BAD_SSL_FILETYPE 124
2058#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 2310#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
2059#define SSL_R_BAD_STATE 126 2311#define SSL_R_BAD_STATE 126
@@ -2092,12 +2344,15 @@ void ERR_load_SSL_strings(void);
2092#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 2344#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
2093#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 2345#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
2094#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 2346#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
2347#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
2095#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 2348#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
2096#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 2349#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
2097#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 2350#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
2098#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 2351#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
2099#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 2352#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
2100#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 2353#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
2354#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355
2355#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356
2101#define SSL_R_HTTPS_PROXY_REQUEST 155 2356#define SSL_R_HTTPS_PROXY_REQUEST 155
2102#define SSL_R_HTTP_REQUEST 156 2357#define SSL_R_HTTP_REQUEST 156
2103#define SSL_R_ILLEGAL_PADDING 283 2358#define SSL_R_ILLEGAL_PADDING 283
@@ -2106,6 +2361,7 @@ void ERR_load_SSL_strings(void);
2106#define SSL_R_INVALID_COMMAND 280 2361#define SSL_R_INVALID_COMMAND 280
2107#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 2362#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
2108#define SSL_R_INVALID_PURPOSE 278 2363#define SSL_R_INVALID_PURPOSE 278
2364#define SSL_R_INVALID_SRP_USERNAME 357
2109#define SSL_R_INVALID_STATUS_RESPONSE 328 2365#define SSL_R_INVALID_STATUS_RESPONSE 328
2110#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 2366#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
2111#define SSL_R_INVALID_TRUST 279 2367#define SSL_R_INVALID_TRUST 279
@@ -2135,6 +2391,7 @@ void ERR_load_SSL_strings(void);
2135#define SSL_R_MISSING_RSA_CERTIFICATE 168 2391#define SSL_R_MISSING_RSA_CERTIFICATE 168
2136#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 2392#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
2137#define SSL_R_MISSING_RSA_SIGNING_CERT 170 2393#define SSL_R_MISSING_RSA_SIGNING_CERT 170
2394#define SSL_R_MISSING_SRP_PARAM 358
2138#define SSL_R_MISSING_TMP_DH_KEY 171 2395#define SSL_R_MISSING_TMP_DH_KEY 171
2139#define SSL_R_MISSING_TMP_ECDH_KEY 311 2396#define SSL_R_MISSING_TMP_ECDH_KEY 311
2140#define SSL_R_MISSING_TMP_RSA_KEY 172 2397#define SSL_R_MISSING_TMP_RSA_KEY 172
@@ -2164,6 +2421,7 @@ void ERR_load_SSL_strings(void);
2164#define SSL_R_NO_RENEGOTIATION 339 2421#define SSL_R_NO_RENEGOTIATION 339
2165#define SSL_R_NO_REQUIRED_DIGEST 324 2422#define SSL_R_NO_REQUIRED_DIGEST 324
2166#define SSL_R_NO_SHARED_CIPHER 193 2423#define SSL_R_NO_SHARED_CIPHER 193
2424#define SSL_R_NO_SRTP_PROFILES 359
2167#define SSL_R_NO_VERIFY_CALLBACK 194 2425#define SSL_R_NO_VERIFY_CALLBACK 194
2168#define SSL_R_NULL_SSL_CTX 195 2426#define SSL_R_NULL_SSL_CTX 195
2169#define SSL_R_NULL_SSL_METHOD_PASSED 196 2427#define SSL_R_NULL_SSL_METHOD_PASSED 196
@@ -2207,7 +2465,12 @@ void ERR_load_SSL_strings(void);
2207#define SSL_R_SERVERHELLO_TLSEXT 275 2465#define SSL_R_SERVERHELLO_TLSEXT 275
2208#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 2466#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
2209#define SSL_R_SHORT_READ 219 2467#define SSL_R_SHORT_READ 219
2468#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
2210#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 2469#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
2470#define SSL_R_SRP_A_CALC 361
2471#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
2472#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
2473#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
2211#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 2474#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
2212#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 2475#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
2213#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 2476#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
@@ -2252,6 +2515,9 @@ void ERR_load_SSL_strings(void);
2252#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 2515#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
2253#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 2516#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
2254#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 2517#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
2518#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365
2519#define SSL_R_TLS_HEARTBEAT_PENDING 366
2520#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
2255#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 2521#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
2256#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 2522#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
2257#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 2523#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
@@ -2273,6 +2539,7 @@ void ERR_load_SSL_strings(void);
2273#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 2539#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
2274#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 2540#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
2275#define SSL_R_UNKNOWN_CIPHER_TYPE 249 2541#define SSL_R_UNKNOWN_CIPHER_TYPE 249
2542#define SSL_R_UNKNOWN_DIGEST 368
2276#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 2543#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
2277#define SSL_R_UNKNOWN_PKEY_TYPE 251 2544#define SSL_R_UNKNOWN_PKEY_TYPE 251
2278#define SSL_R_UNKNOWN_PROTOCOL 252 2545#define SSL_R_UNKNOWN_PROTOCOL 252
@@ -2287,12 +2554,14 @@ void ERR_load_SSL_strings(void);
2287#define SSL_R_UNSUPPORTED_PROTOCOL 258 2554#define SSL_R_UNSUPPORTED_PROTOCOL 258
2288#define SSL_R_UNSUPPORTED_SSL_VERSION 259 2555#define SSL_R_UNSUPPORTED_SSL_VERSION 259
2289#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 2556#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
2557#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
2290#define SSL_R_WRITE_BIO_NOT_SET 260 2558#define SSL_R_WRITE_BIO_NOT_SET 260
2291#define SSL_R_WRONG_CIPHER_RETURNED 261 2559#define SSL_R_WRONG_CIPHER_RETURNED 261
2292#define SSL_R_WRONG_MESSAGE_TYPE 262 2560#define SSL_R_WRONG_MESSAGE_TYPE 262
2293#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 2561#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
2294#define SSL_R_WRONG_SIGNATURE_LENGTH 264 2562#define SSL_R_WRONG_SIGNATURE_LENGTH 264
2295#define SSL_R_WRONG_SIGNATURE_SIZE 265 2563#define SSL_R_WRONG_SIGNATURE_SIZE 265
2564#define SSL_R_WRONG_SIGNATURE_TYPE 370
2296#define SSL_R_WRONG_SSL_VERSION 266 2565#define SSL_R_WRONG_SSL_VERSION 266
2297#define SSL_R_WRONG_VERSION_NUMBER 267 2566#define SSL_R_WRONG_VERSION_NUMBER 267
2298#define SSL_R_X509_LIB 268 2567#define SSL_R_X509_LIB 268
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 08:25:40 +0000