diff options
Diffstat (limited to 'src/lib/libssl/ssl.h')
-rw-r--r-- | src/lib/libssl/ssl.h | 507 |
1 files changed, 250 insertions, 257 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index bf4b2f2cb6..97e4a3f96c 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
@@ -260,9 +260,9 @@ extern "C" { | |||
260 | #define SSL_TXT_aKRB5 "aKRB5" | 260 | #define SSL_TXT_aKRB5 "aKRB5" |
261 | #define SSL_TXT_aECDSA "aECDSA" | 261 | #define SSL_TXT_aECDSA "aECDSA" |
262 | #define SSL_TXT_aPSK "aPSK" | 262 | #define SSL_TXT_aPSK "aPSK" |
263 | #define SSL_TXT_aGOST94 "aGOST94" | 263 | #define SSL_TXT_aGOST94 "aGOST94" |
264 | #define SSL_TXT_aGOST01 "aGOST01" | 264 | #define SSL_TXT_aGOST01 "aGOST01" |
265 | #define SSL_TXT_aGOST "aGOST" | 265 | #define SSL_TXT_aGOST "aGOST" |
266 | 266 | ||
267 | #define SSL_TXT_DSS "DSS" | 267 | #define SSL_TXT_DSS "DSS" |
268 | #define SSL_TXT_DH "DH" | 268 | #define SSL_TXT_DH "DH" |
@@ -369,23 +369,22 @@ typedef struct ssl_session_st SSL_SESSION; | |||
369 | DECLARE_STACK_OF(SSL_CIPHER) | 369 | DECLARE_STACK_OF(SSL_CIPHER) |
370 | 370 | ||
371 | /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ | 371 | /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ |
372 | typedef struct srtp_protection_profile_st | 372 | typedef struct srtp_protection_profile_st { |
373 | { | 373 | const char *name; |
374 | const char *name; | 374 | unsigned long id; |
375 | unsigned long id; | 375 | } SRTP_PROTECTION_PROFILE; |
376 | } SRTP_PROTECTION_PROFILE; | ||
377 | 376 | ||
378 | DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) | 377 | DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) |
379 | 378 | ||
380 | typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg); | 379 | typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, |
381 | typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); | 380 | int len, void *arg); |
382 | 381 | typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, | |
382 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); | ||
383 | 383 | ||
384 | #ifndef OPENSSL_NO_SSL_INTERN | 384 | #ifndef OPENSSL_NO_SSL_INTERN |
385 | 385 | ||
386 | /* used to hold info on the particular ciphers used */ | 386 | /* used to hold info on the particular ciphers used */ |
387 | struct ssl_cipher_st | 387 | struct ssl_cipher_st { |
388 | { | ||
389 | int valid; | 388 | int valid; |
390 | const char *name; /* text name */ | 389 | const char *name; /* text name */ |
391 | unsigned long id; /* id, 4 bytes, first is version */ | 390 | unsigned long id; /* id, 4 bytes, first is version */ |
@@ -401,34 +400,33 @@ struct ssl_cipher_st | |||
401 | unsigned long algorithm2; /* Extra flags */ | 400 | unsigned long algorithm2; /* Extra flags */ |
402 | int strength_bits; /* Number of bits really used */ | 401 | int strength_bits; /* Number of bits really used */ |
403 | int alg_bits; /* Number of bits for algorithm */ | 402 | int alg_bits; /* Number of bits for algorithm */ |
404 | }; | 403 | }; |
405 | 404 | ||
406 | 405 | ||
407 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ | 406 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ |
408 | struct ssl_method_st | 407 | struct ssl_method_st { |
409 | { | ||
410 | int version; | 408 | int version; |
411 | int (*ssl_new)(SSL *s); | 409 | int (*ssl_new)(SSL *s); |
412 | void (*ssl_clear)(SSL *s); | 410 | void (*ssl_clear)(SSL *s); |
413 | void (*ssl_free)(SSL *s); | 411 | void (*ssl_free)(SSL *s); |
414 | int (*ssl_accept)(SSL *s); | 412 | int (*ssl_accept)(SSL *s); |
415 | int (*ssl_connect)(SSL *s); | 413 | int (*ssl_connect)(SSL *s); |
416 | int (*ssl_read)(SSL *s,void *buf,int len); | 414 | int (*ssl_read)(SSL *s, void *buf, int len); |
417 | int (*ssl_peek)(SSL *s,void *buf,int len); | 415 | int (*ssl_peek)(SSL *s, void *buf, int len); |
418 | int (*ssl_write)(SSL *s,const void *buf,int len); | 416 | int (*ssl_write)(SSL *s, const void *buf, int len); |
419 | int (*ssl_shutdown)(SSL *s); | 417 | int (*ssl_shutdown)(SSL *s); |
420 | int (*ssl_renegotiate)(SSL *s); | 418 | int (*ssl_renegotiate)(SSL *s); |
421 | int (*ssl_renegotiate_check)(SSL *s); | 419 | int (*ssl_renegotiate_check)(SSL *s); |
422 | long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long | 420 | long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, |
423 | max, int *ok); | 421 | long max, int *ok); |
424 | int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, | 422 | int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, |
425 | int peek); | 423 | int len, int peek); |
426 | int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); | 424 | int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); |
427 | int (*ssl_dispatch_alert)(SSL *s); | 425 | int (*ssl_dispatch_alert)(SSL *s); |
428 | long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); | 426 | long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); |
429 | long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); | 427 | long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); |
430 | const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); | 428 | const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); |
431 | int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); | 429 | int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr); |
432 | int (*ssl_pending)(const SSL *s); | 430 | int (*ssl_pending)(const SSL *s); |
433 | int (*num_ciphers)(void); | 431 | int (*num_ciphers)(void); |
434 | const SSL_CIPHER *(*get_cipher)(unsigned ncipher); | 432 | const SSL_CIPHER *(*get_cipher)(unsigned ncipher); |
@@ -438,7 +436,7 @@ struct ssl_method_st | |||
438 | int (*ssl_version)(void); | 436 | int (*ssl_version)(void); |
439 | long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); | 437 | long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); |
440 | long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); | 438 | long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); |
441 | }; | 439 | }; |
442 | 440 | ||
443 | /* Lets make this into an ASN.1 type structure as follows | 441 | /* Lets make this into an ASN.1 type structure as follows |
444 | * SSL_SESSION_ID ::= SEQUENCE { | 442 | * SSL_SESSION_ID ::= SEQUENCE { |
@@ -465,8 +463,7 @@ struct ssl_method_st | |||
465 | * Look in ssl/ssl_asn1.c for more details | 463 | * Look in ssl/ssl_asn1.c for more details |
466 | * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). | 464 | * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). |
467 | */ | 465 | */ |
468 | struct ssl_session_st | 466 | struct ssl_session_st { |
469 | { | ||
470 | int ssl_version; /* what ssl version session info is | 467 | int ssl_version; /* what ssl version session info is |
471 | * being kept in here? */ | 468 | * being kept in here? */ |
472 | 469 | ||
@@ -485,8 +482,8 @@ struct ssl_session_st | |||
485 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | 482 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; |
486 | 483 | ||
487 | #ifndef OPENSSL_NO_KRB5 | 484 | #ifndef OPENSSL_NO_KRB5 |
488 | unsigned int krb5_client_princ_len; | 485 | unsigned int krb5_client_princ_len; |
489 | unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; | 486 | unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; |
490 | #endif /* OPENSSL_NO_KRB5 */ | 487 | #endif /* OPENSSL_NO_KRB5 */ |
491 | #ifndef OPENSSL_NO_PSK | 488 | #ifndef OPENSSL_NO_PSK |
492 | char *psk_identity_hint; | 489 | char *psk_identity_hint; |
@@ -526,7 +523,7 @@ struct ssl_session_st | |||
526 | 523 | ||
527 | /* These are used to make removal of session-ids more | 524 | /* These are used to make removal of session-ids more |
528 | * efficient and to implement a maximum cache size. */ | 525 | * efficient and to implement a maximum cache size. */ |
529 | struct ssl_session_st *prev,*next; | 526 | struct ssl_session_st *prev, *next; |
530 | #ifndef OPENSSL_NO_TLSEXT | 527 | #ifndef OPENSSL_NO_TLSEXT |
531 | char *tlsext_hostname; | 528 | char *tlsext_hostname; |
532 | #ifndef OPENSSL_NO_EC | 529 | #ifndef OPENSSL_NO_EC |
@@ -543,7 +540,7 @@ struct ssl_session_st | |||
543 | #ifndef OPENSSL_NO_SRP | 540 | #ifndef OPENSSL_NO_SRP |
544 | char *srp_username; | 541 | char *srp_username; |
545 | #endif | 542 | #endif |
546 | }; | 543 | }; |
547 | 544 | ||
548 | #endif | 545 | #endif |
549 | 546 | ||
@@ -684,8 +681,11 @@ struct ssl_session_st | |||
684 | #define SSL_get_secure_renegotiation_support(ssl) \ | 681 | #define SSL_get_secure_renegotiation_support(ssl) \ |
685 | SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) | 682 | SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) |
686 | 683 | ||
687 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | 684 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, |
688 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | 685 | int version, int content_type, const void *buf, size_t len, SSL *ssl, |
686 | void *arg)); | ||
687 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, | ||
688 | int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | ||
689 | #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | 689 | #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) |
690 | #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | 690 | #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) |
691 | 691 | ||
@@ -693,8 +693,7 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con | |||
693 | 693 | ||
694 | #ifndef OPENSSL_NO_SSL_INTERN | 694 | #ifndef OPENSSL_NO_SSL_INTERN |
695 | 695 | ||
696 | typedef struct srp_ctx_st | 696 | typedef struct srp_ctx_st { |
697 | { | ||
698 | /* param for all the callbacks */ | 697 | /* param for all the callbacks */ |
699 | void *SRP_cb_arg; | 698 | void *SRP_cb_arg; |
700 | /* set client Hello login callback */ | 699 | /* set client Hello login callback */ |
@@ -705,13 +704,13 @@ typedef struct srp_ctx_st | |||
705 | char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); | 704 | char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); |
706 | 705 | ||
707 | char *login; | 706 | char *login; |
708 | BIGNUM *N,*g,*s,*B,*A; | 707 | BIGNUM *N, *g, *s, *B, *A; |
709 | BIGNUM *a,*b,*v; | 708 | BIGNUM *a, *b, *v; |
710 | char *info; | 709 | char *info; |
711 | int strength; | 710 | int strength; |
712 | 711 | ||
713 | unsigned long srp_Mask; | 712 | unsigned long srp_Mask; |
714 | } SRP_CTX; | 713 | } SRP_CTX; |
715 | 714 | ||
716 | #endif | 715 | #endif |
717 | 716 | ||
@@ -721,9 +720,9 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); | |||
721 | int SSL_SRP_CTX_free(SSL *ctx); | 720 | int SSL_SRP_CTX_free(SSL *ctx); |
722 | int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); | 721 | int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); |
723 | int SSL_srp_server_param_with_username(SSL *s, int *ad); | 722 | int SSL_srp_server_param_with_username(SSL *s, int *ad); |
724 | int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key); | 723 | int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); |
725 | int SRP_Calc_A_param(SSL *s); | 724 | int SRP_Calc_A_param(SSL *s); |
726 | int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key); | 725 | int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); |
727 | 726 | ||
728 | #endif | 727 | #endif |
729 | 728 | ||
@@ -745,14 +744,13 @@ int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key); | |||
745 | * returns in this case. It is also an error for the callback to set the size to | 744 | * returns in this case. It is also an error for the callback to set the size to |
746 | * zero. */ | 745 | * zero. */ |
747 | typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, | 746 | typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, |
748 | unsigned int *id_len); | 747 | unsigned int *id_len); |
749 | 748 | ||
750 | typedef struct ssl_comp_st SSL_COMP; | 749 | typedef struct ssl_comp_st SSL_COMP; |
751 | 750 | ||
752 | #ifndef OPENSSL_NO_SSL_INTERN | 751 | #ifndef OPENSSL_NO_SSL_INTERN |
753 | 752 | ||
754 | struct ssl_comp_st | 753 | struct ssl_comp_st { |
755 | { | ||
756 | int id; | 754 | int id; |
757 | const char *name; | 755 | const char *name; |
758 | #ifndef OPENSSL_NO_COMP | 756 | #ifndef OPENSSL_NO_COMP |
@@ -760,13 +758,12 @@ struct ssl_comp_st | |||
760 | #else | 758 | #else |
761 | char *method; | 759 | char *method; |
762 | #endif | 760 | #endif |
763 | }; | 761 | }; |
764 | 762 | ||
765 | DECLARE_STACK_OF(SSL_COMP) | 763 | DECLARE_STACK_OF(SSL_COMP) |
766 | DECLARE_LHASH_OF(SSL_SESSION); | 764 | DECLARE_LHASH_OF(SSL_SESSION); |
767 | 765 | ||
768 | struct ssl_ctx_st | 766 | struct ssl_ctx_st { |
769 | { | ||
770 | const SSL_METHOD *method; | 767 | const SSL_METHOD *method; |
771 | 768 | ||
772 | STACK_OF(SSL_CIPHER) *cipher_list; | 769 | STACK_OF(SSL_CIPHER) *cipher_list; |
@@ -801,13 +798,12 @@ struct ssl_ctx_st | |||
801 | * If remove_session_cb is not null, it will be called when | 798 | * If remove_session_cb is not null, it will be called when |
802 | * a session-id is removed from the cache. After the call, | 799 | * a session-id is removed from the cache. After the call, |
803 | * OpenSSL will SSL_SESSION_free() it. */ | 800 | * OpenSSL will SSL_SESSION_free() it. */ |
804 | int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); | 801 | int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); |
805 | void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); | 802 | void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); |
806 | SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, | 803 | SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, |
807 | unsigned char *data,int len,int *copy); | 804 | unsigned char *data, int len, int *copy); |
808 | 805 | ||
809 | struct | 806 | struct { |
810 | { | ||
811 | int sess_connect; /* SSL new conn - started */ | 807 | int sess_connect; /* SSL new conn - started */ |
812 | int sess_connect_renegotiate;/* SSL reneg - requested */ | 808 | int sess_connect_renegotiate;/* SSL reneg - requested */ |
813 | int sess_connect_good; /* SSL new conne/reneg - finished */ | 809 | int sess_connect_good; /* SSL new conne/reneg - finished */ |
@@ -824,7 +820,7 @@ struct ssl_ctx_st | |||
824 | * indicates that the application is | 820 | * indicates that the application is |
825 | * supplying session-id's from other | 821 | * supplying session-id's from other |
826 | * processes - spooky :-) */ | 822 | * processes - spooky :-) */ |
827 | } stats; | 823 | } stats; |
828 | 824 | ||
829 | int references; | 825 | int references; |
830 | 826 | ||
@@ -843,19 +839,19 @@ struct ssl_ctx_st | |||
843 | /* get client cert callback */ | 839 | /* get client cert callback */ |
844 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | 840 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
845 | 841 | ||
846 | /* cookie generate callback */ | 842 | /* cookie generate callback */ |
847 | int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | 843 | int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, |
848 | unsigned int *cookie_len); | 844 | unsigned int *cookie_len); |
849 | 845 | ||
850 | /* verify cookie callback */ | 846 | /* verify cookie callback */ |
851 | int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, | 847 | int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, |
852 | unsigned int cookie_len); | 848 | unsigned int cookie_len); |
853 | 849 | ||
854 | CRYPTO_EX_DATA ex_data; | 850 | CRYPTO_EX_DATA ex_data; |
855 | 851 | ||
856 | const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ | 852 | const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ |
857 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | 853 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ |
858 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ | 854 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ |
859 | 855 | ||
860 | STACK_OF(X509) *extra_certs; | 856 | STACK_OF(X509) *extra_certs; |
861 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ | 857 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ |
@@ -879,7 +875,8 @@ struct ssl_ctx_st | |||
879 | int read_ahead; | 875 | int read_ahead; |
880 | 876 | ||
881 | /* callback that allows applications to peek at protocol messages */ | 877 | /* callback that allows applications to peek at protocol messages */ |
882 | void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); | 878 | void (*msg_callback)(int write_p, int version, int content_type, |
879 | const void *buf, size_t len, SSL *ssl, void *arg); | ||
883 | void *msg_callback_arg; | 880 | void *msg_callback_arg; |
884 | 881 | ||
885 | int verify_mode; | 882 | int verify_mode; |
@@ -920,10 +917,8 @@ struct ssl_ctx_st | |||
920 | unsigned char tlsext_tick_hmac_key[16]; | 917 | unsigned char tlsext_tick_hmac_key[16]; |
921 | unsigned char tlsext_tick_aes_key[16]; | 918 | unsigned char tlsext_tick_aes_key[16]; |
922 | /* Callback to support customisation of ticket key setting */ | 919 | /* Callback to support customisation of ticket key setting */ |
923 | int (*tlsext_ticket_key_cb)(SSL *ssl, | 920 | int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name, |
924 | unsigned char *name, unsigned char *iv, | 921 | unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); |
925 | EVP_CIPHER_CTX *ectx, | ||
926 | HMAC_CTX *hctx, int enc); | ||
927 | 922 | ||
928 | /* certificate status request info */ | 923 | /* certificate status request info */ |
929 | /* Callback for status request */ | 924 | /* Callback for status request */ |
@@ -931,17 +926,18 @@ struct ssl_ctx_st | |||
931 | void *tlsext_status_arg; | 926 | void *tlsext_status_arg; |
932 | 927 | ||
933 | /* draft-rescorla-tls-opaque-prf-input-00.txt information */ | 928 | /* draft-rescorla-tls-opaque-prf-input-00.txt information */ |
934 | int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); | 929 | int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, |
930 | size_t len, void *arg); | ||
935 | void *tlsext_opaque_prf_input_callback_arg; | 931 | void *tlsext_opaque_prf_input_callback_arg; |
936 | #endif | 932 | #endif |
937 | 933 | ||
938 | #ifndef OPENSSL_NO_PSK | 934 | #ifndef OPENSSL_NO_PSK |
939 | char *psk_identity_hint; | 935 | char *psk_identity_hint; |
940 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, | 936 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, |
941 | unsigned int max_identity_len, unsigned char *psk, | 937 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
942 | unsigned int max_psk_len); | 938 | unsigned int max_psk_len); |
943 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | 939 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, |
944 | unsigned char *psk, unsigned int max_psk_len); | 940 | unsigned char *psk, unsigned int max_psk_len); |
945 | #endif | 941 | #endif |
946 | 942 | ||
947 | #ifndef OPENSSL_NO_BUF_FREELISTS | 943 | #ifndef OPENSSL_NO_BUF_FREELISTS |
@@ -963,21 +959,20 @@ struct ssl_ctx_st | |||
963 | /* For a server, this contains a callback function by which the set of | 959 | /* For a server, this contains a callback function by which the set of |
964 | * advertised protocols can be provided. */ | 960 | * advertised protocols can be provided. */ |
965 | int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, | 961 | int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, |
966 | unsigned int *len, void *arg); | 962 | unsigned int *len, void *arg); |
967 | void *next_protos_advertised_cb_arg; | 963 | void *next_protos_advertised_cb_arg; |
968 | /* For a client, this contains a callback function that selects the | 964 | /* For a client, this contains a callback function that selects the |
969 | * next protocol from the list provided by the server. */ | 965 | * next protocol from the list provided by the server. */ |
970 | int (*next_proto_select_cb)(SSL *s, unsigned char **out, | 966 | int (*next_proto_select_cb)(SSL *s, unsigned char **out, |
971 | unsigned char *outlen, | 967 | unsigned char *outlen, const unsigned char *in, |
972 | const unsigned char *in, | 968 | unsigned int inlen, void *arg); |
973 | unsigned int inlen, | ||
974 | void *arg); | ||
975 | void *next_proto_select_cb_arg; | 969 | void *next_proto_select_cb_arg; |
976 | # endif | 970 | # endif |
977 | /* SRTP profiles we are willing to do from RFC 5764 */ | 971 | /* SRTP profiles we are willing to do from RFC 5764 */ |
978 | STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; | 972 | STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; |
973 | |||
979 | #endif | 974 | #endif |
980 | }; | 975 | }; |
981 | 976 | ||
982 | #endif | 977 | #endif |
983 | 978 | ||
@@ -1018,42 +1013,49 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); | |||
1018 | #define SSL_CTX_sess_cache_full(ctx) \ | 1013 | #define SSL_CTX_sess_cache_full(ctx) \ |
1019 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) | 1014 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) |
1020 | 1015 | ||
1021 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); | 1016 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, |
1022 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); | 1017 | int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess)); |
1023 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); | 1018 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, |
1024 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); | 1019 | SSL_SESSION *sess); |
1025 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); | 1020 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, |
1026 | SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); | 1021 | void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess)); |
1027 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); | 1022 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, |
1028 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); | 1023 | SSL_SESSION *sess); |
1029 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); | 1024 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, |
1030 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | 1025 | SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data, |
1026 | int len, int *copy)); | ||
1027 | SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, | ||
1028 | unsigned char *Data, int len, int *copy); | ||
1029 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl, | ||
1030 | int type, int val)); | ||
1031 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, | ||
1032 | int val); | ||
1033 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | ||
1034 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); | ||
1035 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, | ||
1036 | EVP_PKEY **pkey); | ||
1031 | #ifndef OPENSSL_NO_ENGINE | 1037 | #ifndef OPENSSL_NO_ENGINE |
1032 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); | 1038 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); |
1033 | #endif | 1039 | #endif |
1034 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); | 1040 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, |
1035 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); | 1041 | int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, |
1042 | unsigned int *cookie_len)); | ||
1043 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | ||
1044 | int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
1045 | unsigned int cookie_len)); | ||
1036 | #ifndef OPENSSL_NO_NEXTPROTONEG | 1046 | #ifndef OPENSSL_NO_NEXTPROTONEG |
1037 | void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, | 1047 | void |
1038 | int (*cb) (SSL *ssl, | 1048 | SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl, |
1039 | const unsigned char **out, | 1049 | const unsigned char **out, unsigned int *outlen, void *arg), void *arg); |
1040 | unsigned int *outlen, | 1050 | void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl, |
1041 | void *arg), | 1051 | unsigned char **out, unsigned char *outlen, const unsigned char *in, |
1042 | void *arg); | 1052 | unsigned int inlen, void *arg), void *arg); |
1043 | void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, | ||
1044 | int (*cb) (SSL *ssl, | ||
1045 | unsigned char **out, | ||
1046 | unsigned char *outlen, | ||
1047 | const unsigned char *in, | ||
1048 | unsigned int inlen, | ||
1049 | void *arg), | ||
1050 | void *arg); | ||
1051 | 1053 | ||
1052 | int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, | 1054 | int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, |
1053 | const unsigned char *in, unsigned int inlen, | 1055 | const unsigned char *in, unsigned int inlen, const unsigned char *client, |
1054 | const unsigned char *client, unsigned int client_len); | 1056 | unsigned int client_len); |
1055 | void SSL_get0_next_proto_negotiated(const SSL *s, | 1057 | void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, |
1056 | const unsigned char **data, unsigned *len); | 1058 | unsigned *len); |
1057 | 1059 | ||
1058 | #define OPENSSL_NPN_UNSUPPORTED 0 | 1060 | #define OPENSSL_NPN_UNSUPPORTED 0 |
1059 | #define OPENSSL_NPN_NEGOTIATED 1 | 1061 | #define OPENSSL_NPN_NEGOTIATED 1 |
@@ -1065,20 +1067,20 @@ void SSL_get0_next_proto_negotiated(const SSL *s, | |||
1065 | * resulting identity/psk */ | 1067 | * resulting identity/psk */ |
1066 | #define PSK_MAX_IDENTITY_LEN 128 | 1068 | #define PSK_MAX_IDENTITY_LEN 128 |
1067 | #define PSK_MAX_PSK_LEN 256 | 1069 | #define PSK_MAX_PSK_LEN 256 |
1068 | void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | 1070 | void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, |
1069 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, | 1071 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, |
1070 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 1072 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
1071 | unsigned int max_psk_len)); | 1073 | unsigned int max_psk_len)); |
1072 | void SSL_set_psk_client_callback(SSL *ssl, | 1074 | void SSL_set_psk_client_callback(SSL *ssl, |
1073 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, | 1075 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, |
1074 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 1076 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
1075 | unsigned int max_psk_len)); | 1077 | unsigned int max_psk_len)); |
1076 | void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | 1078 | void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, |
1077 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | 1079 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, |
1078 | unsigned char *psk, unsigned int max_psk_len)); | 1080 | unsigned char *psk, unsigned int max_psk_len)); |
1079 | void SSL_set_psk_server_callback(SSL *ssl, | 1081 | void SSL_set_psk_server_callback(SSL *ssl, |
1080 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | 1082 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, |
1081 | unsigned char *psk, unsigned int max_psk_len)); | 1083 | unsigned char *psk, unsigned int max_psk_len)); |
1082 | int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); | 1084 | int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); |
1083 | int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); | 1085 | int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); |
1084 | const char *SSL_get_psk_identity_hint(const SSL *s); | 1086 | const char *SSL_get_psk_identity_hint(const SSL *s); |
@@ -1101,8 +1103,7 @@ const char *SSL_get_psk_identity(const SSL *s); | |||
1101 | 1103 | ||
1102 | #ifndef OPENSSL_NO_SSL_INTERN | 1104 | #ifndef OPENSSL_NO_SSL_INTERN |
1103 | 1105 | ||
1104 | struct ssl_st | 1106 | struct ssl_st { |
1105 | { | ||
1106 | /* protocol version | 1107 | /* protocol version |
1107 | * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) | 1108 | * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) |
1108 | */ | 1109 | */ |
@@ -1146,9 +1147,9 @@ struct ssl_st | |||
1146 | int server; /* are we the server side? - mostly used by SSL_clear*/ | 1147 | int server; /* are we the server side? - mostly used by SSL_clear*/ |
1147 | 1148 | ||
1148 | int new_session;/* Generate a new session or reuse an old one. | 1149 | int new_session;/* Generate a new session or reuse an old one. |
1149 | * NB: For servers, the 'new' session may actually be a previously | 1150 | * NB: For servers, the 'new' session may actually be a previously |
1150 | * cached session or even the previous session unless | 1151 | * cached session or even the previous session unless |
1151 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ | 1152 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ |
1152 | int quiet_shutdown;/* don't send shutdown packets */ | 1153 | int quiet_shutdown;/* don't send shutdown packets */ |
1153 | int shutdown; /* we have shut things down, 0x01 sent, 0x02 | 1154 | int shutdown; /* we have shut things down, 0x01 sent, 0x02 |
1154 | * for received */ | 1155 | * for received */ |
@@ -1156,7 +1157,7 @@ struct ssl_st | |||
1156 | int rstate; /* where we are when reading */ | 1157 | int rstate; /* where we are when reading */ |
1157 | 1158 | ||
1158 | BUF_MEM *init_buf; /* buffer used during init */ | 1159 | BUF_MEM *init_buf; /* buffer used during init */ |
1159 | void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ | 1160 | void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ |
1160 | int init_num; /* amount read/written */ | 1161 | int init_num; /* amount read/written */ |
1161 | int init_off; /* amount read/written */ | 1162 | int init_off; /* amount read/written */ |
1162 | 1163 | ||
@@ -1169,10 +1170,11 @@ struct ssl_st | |||
1169 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | 1170 | struct dtls1_state_st *d1; /* DTLSv1 variables */ |
1170 | 1171 | ||
1171 | int read_ahead; /* Read as many input bytes as possible | 1172 | int read_ahead; /* Read as many input bytes as possible |
1172 | * (for non-blocking reads) */ | 1173 | * (for non-blocking reads) */ |
1173 | 1174 | ||
1174 | /* callback that allows applications to peek at protocol messages */ | 1175 | /* callback that allows applications to peek at protocol messages */ |
1175 | void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); | 1176 | void (*msg_callback)(int write_p, int version, int content_type, |
1177 | const void *buf, size_t len, SSL *ssl, void *arg); | ||
1176 | void *msg_callback_arg; | 1178 | void *msg_callback_arg; |
1177 | 1179 | ||
1178 | int hit; /* reusing a previous session */ | 1180 | int hit; /* reusing a previous session */ |
@@ -1190,9 +1192,10 @@ struct ssl_st | |||
1190 | 1192 | ||
1191 | /* These are the ones being used, the ones in SSL_SESSION are | 1193 | /* These are the ones being used, the ones in SSL_SESSION are |
1192 | * the ones to be 'copied' into these ones */ | 1194 | * the ones to be 'copied' into these ones */ |
1193 | int mac_flags; | 1195 | int mac_flags; |
1196 | |||
1194 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ | 1197 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ |
1195 | EVP_MD_CTX *read_hash; /* used for mac generation */ | 1198 | EVP_MD_CTX *read_hash; /* used for mac generation */ |
1196 | #ifndef OPENSSL_NO_COMP | 1199 | #ifndef OPENSSL_NO_COMP |
1197 | COMP_CTX *expand; /* uncompress */ | 1200 | COMP_CTX *expand; /* uncompress */ |
1198 | #else | 1201 | #else |
@@ -1200,11 +1203,12 @@ struct ssl_st | |||
1200 | #endif | 1203 | #endif |
1201 | 1204 | ||
1202 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | 1205 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ |
1203 | EVP_MD_CTX *write_hash; /* used for mac generation */ | 1206 | EVP_MD_CTX *write_hash; /* used for mac generation */ |
1204 | #ifndef OPENSSL_NO_COMP | 1207 | #ifndef OPENSSL_NO_COMP |
1205 | COMP_CTX *compress; /* compression */ | 1208 | COMP_CTX *compress; /* compression */ |
1206 | #else | 1209 | #else |
1207 | char *compress; | 1210 | char *compress; |
1211 | |||
1208 | #endif | 1212 | #endif |
1209 | 1213 | ||
1210 | /* session info */ | 1214 | /* session info */ |
@@ -1235,21 +1239,22 @@ struct ssl_st | |||
1235 | int error_code; /* actual code */ | 1239 | int error_code; /* actual code */ |
1236 | 1240 | ||
1237 | #ifndef OPENSSL_NO_KRB5 | 1241 | #ifndef OPENSSL_NO_KRB5 |
1238 | KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ | 1242 | KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ |
1239 | #endif /* OPENSSL_NO_KRB5 */ | 1243 | #endif /* OPENSSL_NO_KRB5 */ |
1240 | 1244 | ||
1241 | #ifndef OPENSSL_NO_PSK | 1245 | #ifndef OPENSSL_NO_PSK |
1242 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, | 1246 | unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, |
1243 | unsigned int max_identity_len, unsigned char *psk, | 1247 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
1244 | unsigned int max_psk_len); | 1248 | unsigned int max_psk_len); |
1245 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, | 1249 | unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, |
1246 | unsigned char *psk, unsigned int max_psk_len); | 1250 | unsigned char *psk, unsigned int max_psk_len); |
1247 | #endif | 1251 | #endif |
1248 | 1252 | ||
1249 | SSL_CTX *ctx; | 1253 | SSL_CTX *ctx; |
1250 | /* set this flag to 1 and a sleep(1) is put into all SSL_read() | 1254 | /* set this flag to 1 and a sleep(1) is put into all SSL_read() |
1251 | * and SSL_write() calls, good for nbio debuging :-) */ | 1255 | * and SSL_write() calls, good for nbio debuging :-) */ |
1252 | int debug; | 1256 | int debug; |
1257 | |||
1253 | 1258 | ||
1254 | /* extra application data */ | 1259 | /* extra application data */ |
1255 | long verify_result; | 1260 | long verify_result; |
@@ -1269,15 +1274,14 @@ struct ssl_st | |||
1269 | #ifndef OPENSSL_NO_TLSEXT | 1274 | #ifndef OPENSSL_NO_TLSEXT |
1270 | /* TLS extension debug callback */ | 1275 | /* TLS extension debug callback */ |
1271 | void (*tlsext_debug_cb)(SSL *s, int client_server, int type, | 1276 | void (*tlsext_debug_cb)(SSL *s, int client_server, int type, |
1272 | unsigned char *data, int len, | 1277 | unsigned char *data, int len, void *arg); |
1273 | void *arg); | ||
1274 | void *tlsext_debug_arg; | 1278 | void *tlsext_debug_arg; |
1275 | char *tlsext_hostname; | 1279 | char *tlsext_hostname; |
1276 | int servername_done; /* no further mod of servername | 1280 | int servername_done; /* no further mod of servername |
1277 | 0 : call the servername extension callback. | 1281 | 0 : call the servername extension callback. |
1278 | 1 : prepare 2, allow last ack just after in server callback. | 1282 | 1 : prepare 2, allow last ack just after in server callback. |
1279 | 2 : don't call servername callback, no ack in server hello | 1283 | 2 : don't call servername callback, no ack in server hello |
1280 | */ | 1284 | */ |
1281 | /* certificate status request info */ | 1285 | /* certificate status request info */ |
1282 | /* Status type or -1 if no status type */ | 1286 | /* Status type or -1 if no status type */ |
1283 | int tlsext_status_type; | 1287 | int tlsext_status_type; |
@@ -1330,28 +1334,28 @@ struct ssl_st | |||
1330 | 1334 | ||
1331 | #define session_ctx initial_ctx | 1335 | #define session_ctx initial_ctx |
1332 | 1336 | ||
1333 | STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ | 1337 | STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ |
1334 | SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ | 1338 | SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ |
1335 | 1339 | ||
1336 | unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated? | 1340 | unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated? |
1337 | 0: disabled | 1341 | 0: disabled |
1338 | 1: enabled | 1342 | 1: enabled |
1339 | 2: enabled, but not allowed to send Requests | 1343 | 2: enabled, but not allowed to send Requests |
1340 | */ | 1344 | */ |
1341 | unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ | 1345 | unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ |
1342 | unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ | 1346 | unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ |
1343 | #else | 1347 | #else |
1344 | #define session_ctx ctx | 1348 | #define session_ctx ctx |
1345 | #endif /* OPENSSL_NO_TLSEXT */ | 1349 | #endif /* OPENSSL_NO_TLSEXT */ |
1346 | 1350 | ||
1347 | int renegotiate;/* 1 if we are renegotiating. | 1351 | int renegotiate;/* 1 if we are renegotiating. |
1348 | * 2 if we are a server and are inside a handshake | 1352 | * 2 if we are a server and are inside a handshake |
1349 | * (i.e. not just sending a HelloRequest) */ | 1353 | * (i.e. not just sending a HelloRequest) */ |
1350 | 1354 | ||
1351 | #ifndef OPENSSL_NO_SRP | 1355 | #ifndef OPENSSL_NO_SRP |
1352 | SRP_CTX srp_ctx; /* ctx for SRP authentication */ | 1356 | SRP_CTX srp_ctx; /* ctx for SRP authentication */ |
1353 | #endif | 1357 | #endif |
1354 | }; | 1358 | }; |
1355 | 1359 | ||
1356 | #endif | 1360 | #endif |
1357 | 1361 | ||
@@ -1361,10 +1365,10 @@ struct ssl_st | |||
1361 | 1365 | ||
1362 | #include <openssl/ssl2.h> | 1366 | #include <openssl/ssl2.h> |
1363 | #include <openssl/ssl3.h> | 1367 | #include <openssl/ssl3.h> |
1364 | #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ | 1368 | #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ |
1365 | #include <openssl/dtls1.h> /* Datagram TLS */ | 1369 | #include <openssl/dtls1.h> /* Datagram TLS */ |
1366 | #include <openssl/ssl23.h> | 1370 | #include <openssl/ssl23.h> |
1367 | #include <openssl/srtp.h> /* Support for the use_srtp extension */ | 1371 | #include <openssl/srtp.h> /* Support for the use_srtp extension */ |
1368 | 1372 | ||
1369 | #ifdef __cplusplus | 1373 | #ifdef __cplusplus |
1370 | extern "C" { | 1374 | extern "C" { |
@@ -1417,9 +1421,9 @@ extern "C" { | |||
1417 | 1421 | ||
1418 | /* The following 2 states are kept in ssl->rstate when reads fail, | 1422 | /* The following 2 states are kept in ssl->rstate when reads fail, |
1419 | * you should not need these */ | 1423 | * you should not need these */ |
1420 | #define SSL_ST_READ_HEADER 0xF0 | 1424 | #define SSL_ST_READ_HEADER 0xF0 |
1421 | #define SSL_ST_READ_BODY 0xF1 | 1425 | #define SSL_ST_READ_BODY 0xF1 |
1422 | #define SSL_ST_READ_DONE 0xF2 | 1426 | #define SSL_ST_READ_DONE 0xF2 |
1423 | 1427 | ||
1424 | /* Obtain latest Finished message | 1428 | /* Obtain latest Finished message |
1425 | * -- that we sent (SSL_get_finished) | 1429 | * -- that we sent (SSL_get_finished) |
@@ -1646,28 +1650,27 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | |||
1646 | 1650 | ||
1647 | #ifndef OPENSSL_NO_BIO | 1651 | #ifndef OPENSSL_NO_BIO |
1648 | BIO_METHOD *BIO_f_ssl(void); | 1652 | BIO_METHOD *BIO_f_ssl(void); |
1649 | BIO *BIO_new_ssl(SSL_CTX *ctx,int client); | 1653 | BIO *BIO_new_ssl(SSL_CTX *ctx, int client); |
1650 | BIO *BIO_new_ssl_connect(SSL_CTX *ctx); | 1654 | BIO *BIO_new_ssl_connect(SSL_CTX *ctx); |
1651 | BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); | 1655 | BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); |
1652 | int BIO_ssl_copy_session_id(BIO *to,BIO *from); | 1656 | int BIO_ssl_copy_session_id(BIO *to, BIO *from); |
1653 | void BIO_ssl_shutdown(BIO *ssl_bio); | 1657 | void BIO_ssl_shutdown(BIO *ssl_bio); |
1654 | |||
1655 | #endif | 1658 | #endif |
1656 | 1659 | ||
1657 | int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); | 1660 | int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); |
1658 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); | 1661 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); |
1659 | void SSL_CTX_free(SSL_CTX *); | 1662 | void SSL_CTX_free(SSL_CTX *); |
1660 | long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); | 1663 | long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); |
1661 | long SSL_CTX_get_timeout(const SSL_CTX *ctx); | 1664 | long SSL_CTX_get_timeout(const SSL_CTX *ctx); |
1662 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); | 1665 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); |
1663 | void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); | 1666 | void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); |
1664 | int SSL_want(const SSL *s); | 1667 | int SSL_want(const SSL *s); |
1665 | int SSL_clear(SSL *s); | 1668 | int SSL_clear(SSL *s); |
1666 | 1669 | ||
1667 | void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); | 1670 | void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); |
1668 | 1671 | ||
1669 | const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); | 1672 | const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); |
1670 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); | 1673 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); |
1671 | char * SSL_CIPHER_get_version(const SSL_CIPHER *c); | 1674 | char * SSL_CIPHER_get_version(const SSL_CIPHER *c); |
1672 | const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); | 1675 | const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); |
1673 | unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); | 1676 | unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); |
@@ -1675,7 +1678,7 @@ unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); | |||
1675 | int SSL_get_fd(const SSL *s); | 1678 | int SSL_get_fd(const SSL *s); |
1676 | int SSL_get_rfd(const SSL *s); | 1679 | int SSL_get_rfd(const SSL *s); |
1677 | int SSL_get_wfd(const SSL *s); | 1680 | int SSL_get_wfd(const SSL *s); |
1678 | const char * SSL_get_cipher_list(const SSL *s,int n); | 1681 | const char * SSL_get_cipher_list(const SSL *s, int n); |
1679 | char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); | 1682 | char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); |
1680 | int SSL_get_read_ahead(const SSL * s); | 1683 | int SSL_get_read_ahead(const SSL * s); |
1681 | int SSL_pending(const SSL *s); | 1684 | int SSL_pending(const SSL *s); |
@@ -1685,7 +1688,7 @@ int SSL_set_rfd(SSL *s, int fd); | |||
1685 | int SSL_set_wfd(SSL *s, int fd); | 1688 | int SSL_set_wfd(SSL *s, int fd); |
1686 | #endif | 1689 | #endif |
1687 | #ifndef OPENSSL_NO_BIO | 1690 | #ifndef OPENSSL_NO_BIO |
1688 | void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); | 1691 | void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); |
1689 | BIO * SSL_get_rbio(const SSL *s); | 1692 | BIO * SSL_get_rbio(const SSL *s); |
1690 | BIO * SSL_get_wbio(const SSL *s); | 1693 | BIO * SSL_get_wbio(const SSL *s); |
1691 | #endif | 1694 | #endif |
@@ -1693,16 +1696,16 @@ int SSL_set_cipher_list(SSL *s, const char *str); | |||
1693 | void SSL_set_read_ahead(SSL *s, int yes); | 1696 | void SSL_set_read_ahead(SSL *s, int yes); |
1694 | int SSL_get_verify_mode(const SSL *s); | 1697 | int SSL_get_verify_mode(const SSL *s); |
1695 | int SSL_get_verify_depth(const SSL *s); | 1698 | int SSL_get_verify_depth(const SSL *s); |
1696 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); | 1699 | int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *); |
1697 | void SSL_set_verify(SSL *s, int mode, | 1700 | void SSL_set_verify(SSL *s, int mode, |
1698 | int (*callback)(int ok,X509_STORE_CTX *ctx)); | 1701 | int (*callback)(int ok, X509_STORE_CTX *ctx)); |
1699 | void SSL_set_verify_depth(SSL *s, int depth); | 1702 | void SSL_set_verify_depth(SSL *s, int depth); |
1700 | #ifndef OPENSSL_NO_RSA | 1703 | #ifndef OPENSSL_NO_RSA |
1701 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); | 1704 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); |
1702 | #endif | 1705 | #endif |
1703 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); | 1706 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); |
1704 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); | 1707 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); |
1705 | int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); | 1708 | int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len); |
1706 | int SSL_use_certificate(SSL *ssl, X509 *x); | 1709 | int SSL_use_certificate(SSL *ssl, X509 *x); |
1707 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); | 1710 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); |
1708 | 1711 | ||
@@ -1716,9 +1719,9 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); | |||
1716 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ | 1719 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ |
1717 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); | 1720 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); |
1718 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, | 1721 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, |
1719 | const char *file); | 1722 | const char *file); |
1720 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, | 1723 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, |
1721 | const char *dir); | 1724 | const char *dir); |
1722 | #endif | 1725 | #endif |
1723 | 1726 | ||
1724 | void SSL_load_error_strings(void ); | 1727 | void SSL_load_error_strings(void ); |
@@ -1730,32 +1733,34 @@ long SSL_SESSION_get_time(const SSL_SESSION *s); | |||
1730 | long SSL_SESSION_set_time(SSL_SESSION *s, long t); | 1733 | long SSL_SESSION_set_time(SSL_SESSION *s, long t); |
1731 | long SSL_SESSION_get_timeout(const SSL_SESSION *s); | 1734 | long SSL_SESSION_get_timeout(const SSL_SESSION *s); |
1732 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); | 1735 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); |
1733 | void SSL_copy_session_id(SSL *to,const SSL *from); | 1736 | void SSL_copy_session_id(SSL *to, const SSL *from); |
1734 | X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); | 1737 | X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); |
1735 | int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, | 1738 | int |
1736 | unsigned int sid_ctx_len); | 1739 | SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, |
1740 | unsigned int sid_ctx_len); | ||
1737 | 1741 | ||
1738 | SSL_SESSION *SSL_SESSION_new(void); | 1742 | SSL_SESSION *SSL_SESSION_new(void); |
1739 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, | 1743 | const unsigned char |
1740 | unsigned int *len); | 1744 | *SSL_SESSION_get_id(const SSL_SESSION *s, |
1745 | unsigned int *len); | ||
1741 | unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); | 1746 | unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); |
1742 | #ifndef OPENSSL_NO_FP_API | 1747 | #ifndef OPENSSL_NO_FP_API |
1743 | int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); | 1748 | int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); |
1744 | #endif | 1749 | #endif |
1745 | #ifndef OPENSSL_NO_BIO | 1750 | #ifndef OPENSSL_NO_BIO |
1746 | int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); | 1751 | int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); |
1747 | #endif | 1752 | #endif |
1748 | void SSL_SESSION_free(SSL_SESSION *ses); | 1753 | void SSL_SESSION_free(SSL_SESSION *ses); |
1749 | int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); | 1754 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); |
1750 | int SSL_set_session(SSL *to, SSL_SESSION *session); | 1755 | int SSL_set_session(SSL *to, SSL_SESSION *session); |
1751 | int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); | 1756 | int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); |
1752 | int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); | 1757 | int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); |
1753 | int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); | 1758 | int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); |
1754 | int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); | 1759 | int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); |
1755 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | 1760 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, |
1756 | unsigned int id_len); | 1761 | unsigned int id_len); |
1757 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, | 1762 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
1758 | long length); | 1763 | long length); |
1759 | 1764 | ||
1760 | #ifdef HEADER_X509_H | 1765 | #ifdef HEADER_X509_H |
1761 | X509 * SSL_get_peer_certificate(const SSL *s); | 1766 | X509 * SSL_get_peer_certificate(const SSL *s); |
@@ -1765,18 +1770,17 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); | |||
1765 | 1770 | ||
1766 | int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); | 1771 | int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); |
1767 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); | 1772 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); |
1768 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); | 1773 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); |
1769 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, | 1774 | void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, |
1770 | int (*callback)(int, X509_STORE_CTX *)); | 1775 | int (*callback)(int, X509_STORE_CTX *)); |
1771 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); | 1776 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); |
1772 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); | 1777 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg); |
1773 | #ifndef OPENSSL_NO_RSA | 1778 | #ifndef OPENSSL_NO_RSA |
1774 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); | 1779 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); |
1775 | #endif | 1780 | #endif |
1776 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); | 1781 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); |
1777 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); | 1782 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); |
1778 | int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, | 1783 | int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); |
1779 | const unsigned char *d, long len); | ||
1780 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); | 1784 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); |
1781 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); | 1785 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); |
1782 | 1786 | ||
@@ -1786,12 +1790,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); | |||
1786 | int SSL_CTX_check_private_key(const SSL_CTX *ctx); | 1790 | int SSL_CTX_check_private_key(const SSL_CTX *ctx); |
1787 | int SSL_check_private_key(const SSL *ctx); | 1791 | int SSL_check_private_key(const SSL *ctx); |
1788 | 1792 | ||
1789 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | 1793 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len); |
1790 | unsigned int sid_ctx_len); | ||
1791 | 1794 | ||
1792 | SSL * SSL_new(SSL_CTX *ctx); | 1795 | SSL *SSL_new(SSL_CTX *ctx); |
1793 | int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, | 1796 | int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); |
1794 | unsigned int sid_ctx_len); | ||
1795 | 1797 | ||
1796 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); | 1798 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); |
1797 | int SSL_set_purpose(SSL *s, int purpose); | 1799 | int SSL_set_purpose(SSL *s, int purpose); |
@@ -1802,21 +1804,16 @@ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); | |||
1802 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); | 1804 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); |
1803 | 1805 | ||
1804 | #ifndef OPENSSL_NO_SRP | 1806 | #ifndef OPENSSL_NO_SRP |
1805 | int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name); | 1807 | int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); |
1806 | int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password); | 1808 | int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); |
1807 | int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); | 1809 | int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); |
1808 | int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, | 1810 | int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *)); |
1809 | char *(*cb)(SSL *,void *)); | 1811 | int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *)); |
1810 | int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, | 1812 | int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *)); |
1811 | int (*cb)(SSL *,void *)); | ||
1812 | int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, | ||
1813 | int (*cb)(SSL *,int *,void *)); | ||
1814 | int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); | 1813 | int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); |
1815 | 1814 | ||
1816 | int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, | 1815 | int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info); |
1817 | BIGNUM *sa, BIGNUM *v, char *info); | 1816 | int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp); |
1818 | int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, | ||
1819 | const char *grp); | ||
1820 | 1817 | ||
1821 | BIGNUM *SSL_get_srp_g(SSL *s); | 1818 | BIGNUM *SSL_get_srp_g(SSL *s); |
1822 | BIGNUM *SSL_get_srp_N(SSL *s); | 1819 | BIGNUM *SSL_get_srp_N(SSL *s); |
@@ -1828,15 +1825,15 @@ char *SSL_get_srp_userinfo(SSL *s); | |||
1828 | void SSL_free(SSL *ssl); | 1825 | void SSL_free(SSL *ssl); |
1829 | int SSL_accept(SSL *ssl); | 1826 | int SSL_accept(SSL *ssl); |
1830 | int SSL_connect(SSL *ssl); | 1827 | int SSL_connect(SSL *ssl); |
1831 | int SSL_read(SSL *ssl,void *buf,int num); | 1828 | int SSL_read(SSL *ssl, void *buf, int num); |
1832 | int SSL_peek(SSL *ssl,void *buf,int num); | 1829 | int SSL_peek(SSL *ssl, void *buf, int num); |
1833 | int SSL_write(SSL *ssl,const void *buf,int num); | 1830 | int SSL_write(SSL *ssl, const void *buf, int num); |
1834 | long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); | 1831 | long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); |
1835 | long SSL_callback_ctrl(SSL *, int, void (*)(void)); | 1832 | long SSL_callback_ctrl(SSL *, int, void (*)(void)); |
1836 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); | 1833 | long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); |
1837 | long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); | 1834 | long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); |
1838 | 1835 | ||
1839 | int SSL_get_error(const SSL *s,int ret_code); | 1836 | int SSL_get_error(const SSL *s, int ret_code); |
1840 | const char *SSL_get_version(const SSL *s); | 1837 | const char *SSL_get_version(const SSL *s); |
1841 | 1838 | ||
1842 | /* This sets the 'default' SSL version that SSL_new() will create */ | 1839 | /* This sets the 'default' SSL version that SSL_new() will create */ |
@@ -1852,7 +1849,7 @@ const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ | |||
1852 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ | 1849 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ |
1853 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ | 1850 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ |
1854 | 1851 | ||
1855 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ | 1852 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ |
1856 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ | 1853 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ |
1857 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ | 1854 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ |
1858 | 1855 | ||
@@ -1892,8 +1889,8 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); | |||
1892 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); | 1889 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); |
1893 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); | 1890 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); |
1894 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); | 1891 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); |
1895 | int SSL_add_client_CA(SSL *ssl,X509 *x); | 1892 | int SSL_add_client_CA(SSL *ssl, X509 *x); |
1896 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); | 1893 | int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); |
1897 | 1894 | ||
1898 | void SSL_set_connect_state(SSL *s); | 1895 | void SSL_set_connect_state(SSL *s); |
1899 | void SSL_set_accept_state(SSL *s); | 1896 | void SSL_set_accept_state(SSL *s); |
@@ -1902,7 +1899,7 @@ long SSL_get_default_timeout(const SSL *s); | |||
1902 | 1899 | ||
1903 | int SSL_library_init(void ); | 1900 | int SSL_library_init(void ); |
1904 | 1901 | ||
1905 | char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); | 1902 | char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); |
1906 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); | 1903 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); |
1907 | 1904 | ||
1908 | SSL *SSL_dup(SSL *ssl); | 1905 | SSL *SSL_dup(SSL *ssl); |
@@ -1919,35 +1916,36 @@ int SSL_get_shutdown(const SSL *ssl); | |||
1919 | int SSL_version(const SSL *ssl); | 1916 | int SSL_version(const SSL *ssl); |
1920 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); | 1917 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); |
1921 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | 1918 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
1922 | const char *CApath); | 1919 | const char *CApath); |
1923 | #define SSL_get0_session SSL_get_session /* just peek at pointer */ | 1920 | #define SSL_get0_session SSL_get_session /* just peek at pointer */ |
1924 | SSL_SESSION *SSL_get_session(const SSL *ssl); | 1921 | SSL_SESSION *SSL_get_session(const SSL *ssl); |
1925 | SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ | 1922 | SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ |
1926 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); | 1923 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); |
1927 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); | 1924 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); |
1928 | void SSL_set_info_callback(SSL *ssl, | 1925 | void SSL_set_info_callback(SSL *ssl, |
1929 | void (*cb)(const SSL *ssl,int type,int val)); | 1926 | void (*cb)(const SSL *ssl, int type, int val)); |
1930 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); | 1927 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val); |
1931 | int SSL_state(const SSL *ssl); | 1928 | int SSL_state(const SSL *ssl); |
1932 | void SSL_set_state(SSL *ssl, int state); | 1929 | void SSL_set_state(SSL *ssl, int state); |
1933 | 1930 | ||
1934 | void SSL_set_verify_result(SSL *ssl,long v); | 1931 | void SSL_set_verify_result(SSL *ssl, long v); |
1935 | long SSL_get_verify_result(const SSL *ssl); | 1932 | long SSL_get_verify_result(const SSL *ssl); |
1936 | 1933 | ||
1937 | int SSL_set_ex_data(SSL *ssl,int idx,void *data); | 1934 | int SSL_set_ex_data(SSL *ssl, int idx, void *data); |
1938 | void *SSL_get_ex_data(const SSL *ssl,int idx); | 1935 | void *SSL_get_ex_data(const SSL *ssl, int idx); |
1939 | int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 1936 | int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
1940 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | 1937 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
1941 | 1938 | ||
1942 | int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); | 1939 | int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); |
1943 | void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); | 1940 | void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); |
1944 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 1941 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, |
1945 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | 1942 | CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, |
1943 | CRYPTO_EX_free *free_func); | ||
1946 | 1944 | ||
1947 | int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); | 1945 | int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); |
1948 | void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); | 1946 | void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); |
1949 | int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 1947 | int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
1950 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | 1948 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
1951 | 1949 | ||
1952 | int SSL_get_ex_data_X509_STORE_CTX_idx(void ); | 1950 | int SSL_get_ex_data_X509_STORE_CTX_idx(void ); |
1953 | 1951 | ||
@@ -1980,31 +1978,25 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); | |||
1980 | #define SSL_set_max_send_fragment(ssl,m) \ | 1978 | #define SSL_set_max_send_fragment(ssl,m) \ |
1981 | SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) | 1979 | SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) |
1982 | 1980 | ||
1983 | /* NB: the keylength is only applicable when is_export is true */ | 1981 | /* NB: the keylength is only applicable when is_export is true */ |
1984 | #ifndef OPENSSL_NO_RSA | 1982 | #ifndef OPENSSL_NO_RSA |
1985 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, | 1983 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, |
1986 | RSA *(*cb)(SSL *ssl,int is_export, | 1984 | RSA *(*cb)(SSL *ssl, int is_export, int keylength)); |
1987 | int keylength)); | ||
1988 | 1985 | ||
1989 | void SSL_set_tmp_rsa_callback(SSL *ssl, | 1986 | void SSL_set_tmp_rsa_callback(SSL *ssl, |
1990 | RSA *(*cb)(SSL *ssl,int is_export, | 1987 | RSA *(*cb)(SSL *ssl, int is_export, int keylength)); |
1991 | int keylength)); | ||
1992 | #endif | 1988 | #endif |
1993 | #ifndef OPENSSL_NO_DH | 1989 | #ifndef OPENSSL_NO_DH |
1994 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, | 1990 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, |
1995 | DH *(*dh)(SSL *ssl,int is_export, | 1991 | DH *(*dh)(SSL *ssl, int is_export, int keylength)); |
1996 | int keylength)); | ||
1997 | void SSL_set_tmp_dh_callback(SSL *ssl, | 1992 | void SSL_set_tmp_dh_callback(SSL *ssl, |
1998 | DH *(*dh)(SSL *ssl,int is_export, | 1993 | DH *(*dh)(SSL *ssl, int is_export, int keylength)); |
1999 | int keylength)); | ||
2000 | #endif | 1994 | #endif |
2001 | #ifndef OPENSSL_NO_ECDH | 1995 | #ifndef OPENSSL_NO_ECDH |
2002 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, | 1996 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, |
2003 | EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 1997 | EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); |
2004 | int keylength)); | ||
2005 | void SSL_set_tmp_ecdh_callback(SSL *ssl, | 1998 | void SSL_set_tmp_ecdh_callback(SSL *ssl, |
2006 | EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 1999 | EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); |
2007 | int keylength)); | ||
2008 | #endif | 2000 | #endif |
2009 | 2001 | ||
2010 | #ifndef OPENSSL_NO_COMP | 2002 | #ifndef OPENSSL_NO_COMP |
@@ -2012,23 +2004,24 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s); | |||
2012 | const COMP_METHOD *SSL_get_current_expansion(SSL *s); | 2004 | const COMP_METHOD *SSL_get_current_expansion(SSL *s); |
2013 | const char *SSL_COMP_get_name(const COMP_METHOD *comp); | 2005 | const char *SSL_COMP_get_name(const COMP_METHOD *comp); |
2014 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); | 2006 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); |
2015 | int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); | 2007 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); |
2016 | #else | 2008 | #else |
2017 | const void *SSL_get_current_compression(SSL *s); | 2009 | const void *SSL_get_current_compression(SSL *s); |
2018 | const void *SSL_get_current_expansion(SSL *s); | 2010 | const void *SSL_get_current_expansion(SSL *s); |
2019 | const char *SSL_COMP_get_name(const void *comp); | 2011 | const char *SSL_COMP_get_name(const void *comp); |
2020 | void *SSL_COMP_get_compression_methods(void); | 2012 | void *SSL_COMP_get_compression_methods(void); |
2021 | int SSL_COMP_add_compression_method(int id,void *cm); | 2013 | int SSL_COMP_add_compression_method(int id, void *cm); |
2022 | #endif | 2014 | #endif |
2023 | 2015 | ||
2024 | /* TLS extensions functions */ | 2016 | /* TLS extensions functions */ |
2025 | int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); | 2017 | int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); |
2026 | 2018 | ||
2027 | int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, | 2019 | int SSL_set_session_ticket_ext_cb(SSL *s, |
2028 | void *arg); | 2020 | tls_session_ticket_ext_cb_fn cb, void *arg); |
2029 | 2021 | ||
2030 | /* Pre-shared secret session resumption functions */ | 2022 | /* Pre-shared secret session resumption functions */ |
2031 | int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); | 2023 | int SSL_set_session_secret_cb(SSL *s, |
2024 | tls_session_secret_cb_fn tls_session_secret_cb, void *arg); | ||
2032 | 2025 | ||
2033 | void SSL_set_debug(SSL *s, int debug); | 2026 | void SSL_set_debug(SSL *s, int debug); |
2034 | int SSL_cache_hit(SSL *s); | 2027 | int SSL_cache_hit(SSL *s); |