Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 1 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 2 | * All rights reserved. |
| 3 | * |
| 4 | * This package is an SSL implementation written |
| 5 | * by Eric Young (eay@cryptsoft.com). |
| 6 | * The implementation was written so as to conform with Netscapes SSL. |
| 7 | * |
| 8 | * This library is free for commercial and non-commercial use as long as |
| 9 | * the following conditions are aheared to. The following conditions |
| 10 | * apply to all code found in this distribution, be it the RC4, RSA, |
| 11 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| 12 | * included with this distribution is covered by the same copyright terms |
| 13 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| 14 | * |
| 15 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 16 | * the code are not to be removed. |
| 17 | * If this package is used in a product, Eric Young should be given attribution |
| 18 | * as the author of the parts of the library used. |
| 19 | * This can be in the form of a textual message at program startup or |
| 20 | * in documentation (online or textual) provided with the package. |
| 21 | * |
| 22 | * Redistribution and use in source and binary forms, with or without |
| 23 | * modification, are permitted provided that the following conditions |
| 24 | * are met: |
| 25 | * 1. Redistributions of source code must retain the copyright |
| 26 | * notice, this list of conditions and the following disclaimer. |
| 27 | * 2. Redistributions in binary form must reproduce the above copyright |
| 28 | * notice, this list of conditions and the following disclaimer in the |
| 29 | * documentation and/or other materials provided with the distribution. |
| 30 | * 3. All advertising materials mentioning features or use of this software |
| 31 | * must display the following acknowledgement: |
| 32 | * "This product includes cryptographic software written by |
| 33 | * Eric Young (eay@cryptsoft.com)" |
| 34 | * The word 'cryptographic' can be left out if the rouines from the library |
| 35 | * being used are not cryptographic related :-). |
| 36 | * 4. If you include any Windows specific code (or a derivative thereof) from |
| 37 | * the apps directory (application code) you must include an acknowledgement: |
| 38 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| 39 | * |
| 40 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| 41 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 43 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| 44 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 45 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 46 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 48 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 49 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 50 | * SUCH DAMAGE. |
| 51 | * |
| 52 | * The licence and distribution terms for any publically available version or |
| 53 | * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 54 | * copied and put under another distribution licence |
| 55 | * [including the GNU Public Licence.] |
| 56 | */ |
| 57 | /* ==================================================================== |
| 58 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
| 59 | * |
| 60 | * Redistribution and use in source and binary forms, with or without |
| 61 | * modification, are permitted provided that the following conditions |
| 62 | * are met: |
| 63 | * |
| 64 | * 1. Redistributions of source code must retain the above copyright |
| 65 | * notice, this list of conditions and the following disclaimer. |
| 66 | * |
| 67 | * 2. Redistributions in binary form must reproduce the above copyright |
| 68 | * notice, this list of conditions and the following disclaimer in |
| 69 | * the documentation and/or other materials provided with the |
| 70 | * distribution. |
| 71 | * |
| 72 | * 3. All advertising materials mentioning features or use of this |
| 73 | * software must display the following acknowledgment: |
| 74 | * "This product includes software developed by the OpenSSL Project |
| 75 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
| 76 | * |
| 77 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 78 | * endorse or promote products derived from this software without |
| 79 | * prior written permission. For written permission, please contact |
| 80 | * openssl-core@openssl.org. |
| 81 | * |
| 82 | * 5. Products derived from this software may not be called "OpenSSL" |
| 83 | * nor may "OpenSSL" appear in their names without prior written |
| 84 | * permission of the OpenSSL Project. |
| 85 | * |
| 86 | * 6. Redistributions of any form whatsoever must retain the following |
| 87 | * acknowledgment: |
| 88 | * "This product includes software developed by the OpenSSL Project |
| 89 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
| 90 | * |
| 91 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 92 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 93 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 94 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 95 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 96 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 97 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 98 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 99 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 100 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 101 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 102 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 103 | * ==================================================================== |
| 104 | * |
| 105 | * This product includes cryptographic software written by Eric Young |
| 106 | * (eay@cryptsoft.com). This product includes software written by Tim |
| 107 | * Hudson (tjh@cryptsoft.com). |
| 108 | * |
| 109 | */ |
| 110 | /* ==================================================================== |
| 111 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
| 112 | * ECC cipher suite support in OpenSSL originally developed by |
| 113 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. |
| 114 | */ |
| 115 | /* ==================================================================== |
| 116 | * Copyright 2005 Nokia. All rights reserved. |
| 117 | * |
| 118 | * The portions of the attached software ("Contribution") is developed by |
| 119 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 120 | * license. |
| 121 | * |
| 122 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 123 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 124 | * support (see RFC 4279) to OpenSSL. |
| 125 | * |
| 126 | * No patent licenses or other rights except those expressly stated in |
| 127 | * the OpenSSL open source license shall be deemed granted or received |
| 128 | * expressly, by implication, estoppel, or otherwise. |
| 129 | * |
| 130 | * No assurances are provided by Nokia that the Contribution does not |
| 131 | * infringe the patent or other intellectual property rights of any third |
| 132 | * party or that the license provides you with all the necessary rights |
| 133 | * to make use of the Contribution. |
| 134 | * |
| 135 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 136 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 137 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 138 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 139 | * OTHERWISE. |
| 140 | */ |
| 141 | |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 142 | #ifndef OPENSSL_HEADER_SSL_H |
| 143 | #define OPENSSL_HEADER_SSL_H |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 144 | |
| 145 | #include <openssl/base.h> |
| 146 | |
| 147 | #include <openssl/bio.h> |
| 148 | #include <openssl/buf.h> |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 149 | #include <openssl/pem.h> |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 150 | #include <openssl/span.h> |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 151 | #include <openssl/ssl3.h> |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 152 | #include <openssl/thread.h> |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 153 | #include <openssl/tls1.h> |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 154 | #include <openssl/x509.h> |
| 155 | |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 156 | #if !defined(OPENSSL_WINDOWS) |
| 157 | #include <sys/time.h> |
| 158 | #endif |
| 159 | |
Robert Sloan | 921ef2c | 2017-10-17 09:02:20 -0700 | [diff] [blame] | 160 | // NGINX needs this #include. Consider revisiting this after NGINX 1.14.0 has |
| 161 | // been out for a year or so (assuming that they fix it in that release.) See |
| 162 | // https://boringssl-review.googlesource.com/c/boringssl/+/21664. |
| 163 | #include <openssl/hmac.h> |
| 164 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 165 | // Forward-declare struct timeval. On Windows, it is defined in winsock2.h and |
| 166 | // Windows headers define too many macros to be included in public headers. |
| 167 | // However, only a forward declaration is needed. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 168 | struct timeval; |
| 169 | |
| 170 | #if defined(__cplusplus) |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 171 | extern "C" { |
| 172 | #endif |
| 173 | |
| 174 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 175 | // SSL implementation. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 176 | |
| 177 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 178 | // SSL contexts. |
| 179 | // |
| 180 | // |SSL_CTX| objects manage shared state and configuration between multiple TLS |
| 181 | // or DTLS connections. Whether the connections are TLS or DTLS is selected by |
| 182 | // an |SSL_METHOD| on creation. |
| 183 | // |
| 184 | // |SSL_CTX| are reference-counted and may be shared by connections across |
| 185 | // multiple threads. Once shared, functions which change the |SSL_CTX|'s |
| 186 | // configuration may not be used. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 187 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 188 | // TLS_method is the |SSL_METHOD| used for TLS connections. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 189 | OPENSSL_EXPORT const SSL_METHOD *TLS_method(void); |
| 190 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 191 | // DTLS_method is the |SSL_METHOD| used for DTLS connections. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 192 | OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void); |
| 193 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 194 | // TLS_with_buffers_method is like |TLS_method|, but avoids all use of |
Robert Sloan | 309a31e | 2018-01-29 10:22:47 -0800 | [diff] [blame] | 195 | // crypto/x509. All client connections created with |TLS_with_buffers_method| |
| 196 | // will fail unless a certificate verifier is installed with |
| 197 | // |SSL_set_custom_verify| or |SSL_CTX_set_custom_verify|. |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 198 | OPENSSL_EXPORT const SSL_METHOD *TLS_with_buffers_method(void); |
| 199 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 200 | // DTLS_with_buffers_method is like |DTLS_method|, but avoids all use of |
| 201 | // crypto/x509. |
Robert Sloan | 8437709 | 2017-08-14 09:33:19 -0700 | [diff] [blame] | 202 | OPENSSL_EXPORT const SSL_METHOD *DTLS_with_buffers_method(void); |
| 203 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 204 | // SSL_CTX_new returns a newly-allocated |SSL_CTX| with default settings or NULL |
| 205 | // on error. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 206 | OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); |
| 207 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 208 | // SSL_CTX_up_ref increments the reference count of |ctx|. It returns one. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 209 | OPENSSL_EXPORT int SSL_CTX_up_ref(SSL_CTX *ctx); |
| 210 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 211 | // SSL_CTX_free releases memory associated with |ctx|. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 212 | OPENSSL_EXPORT void SSL_CTX_free(SSL_CTX *ctx); |
| 213 | |
| 214 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 215 | // SSL connections. |
| 216 | // |
| 217 | // An |SSL| object represents a single TLS or DTLS connection. Although the |
| 218 | // shared |SSL_CTX| is thread-safe, an |SSL| is not thread-safe and may only be |
| 219 | // used on one thread at a time. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 220 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 221 | // SSL_new returns a newly-allocated |SSL| using |ctx| or NULL on error. The new |
| 222 | // connection inherits settings from |ctx| at the time of creation. Settings may |
| 223 | // also be individually configured on the connection. |
| 224 | // |
| 225 | // On creation, an |SSL| is not configured to be either a client or server. Call |
| 226 | // |SSL_set_connect_state| or |SSL_set_accept_state| to set this. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 227 | OPENSSL_EXPORT SSL *SSL_new(SSL_CTX *ctx); |
| 228 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 229 | // SSL_free releases memory associated with |ssl|. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 230 | OPENSSL_EXPORT void SSL_free(SSL *ssl); |
| 231 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 232 | // SSL_get_SSL_CTX returns the |SSL_CTX| associated with |ssl|. If |
| 233 | // |SSL_set_SSL_CTX| is called, it returns the new |SSL_CTX|, not the initial |
| 234 | // one. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 235 | OPENSSL_EXPORT SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); |
| 236 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 237 | // SSL_set_connect_state configures |ssl| to be a client. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 238 | OPENSSL_EXPORT void SSL_set_connect_state(SSL *ssl); |
| 239 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 240 | // SSL_set_accept_state configures |ssl| to be a server. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 241 | OPENSSL_EXPORT void SSL_set_accept_state(SSL *ssl); |
| 242 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 243 | // SSL_is_server returns one if |ssl| is configured as a server and zero |
| 244 | // otherwise. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 245 | OPENSSL_EXPORT int SSL_is_server(const SSL *ssl); |
| 246 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 247 | // SSL_is_dtls returns one if |ssl| is a DTLS connection and zero otherwise. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 248 | OPENSSL_EXPORT int SSL_is_dtls(const SSL *ssl); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 249 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 250 | // SSL_set_bio configures |ssl| to read from |rbio| and write to |wbio|. |ssl| |
| 251 | // takes ownership of the two |BIO|s. If |rbio| and |wbio| are the same, |ssl| |
| 252 | // only takes ownership of one reference. |
| 253 | // |
| 254 | // In DTLS, |rbio| must be non-blocking to properly handle timeouts and |
| 255 | // retransmits. |
| 256 | // |
| 257 | // If |rbio| is the same as the currently configured |BIO| for reading, that |
| 258 | // side is left untouched and is not freed. |
| 259 | // |
| 260 | // If |wbio| is the same as the currently configured |BIO| for writing AND |ssl| |
| 261 | // is not currently configured to read from and write to the same |BIO|, that |
| 262 | // side is left untouched and is not freed. This asymmetry is present for |
| 263 | // historical reasons. |
| 264 | // |
| 265 | // Due to the very complex historical behavior of this function, calling this |
| 266 | // function if |ssl| already has |BIO|s configured is deprecated. Prefer |
| 267 | // |SSL_set0_rbio| and |SSL_set0_wbio| instead. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 268 | OPENSSL_EXPORT void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); |
| 269 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 270 | // SSL_set0_rbio configures |ssl| to write to |rbio|. It takes ownership of |
| 271 | // |rbio|. |
| 272 | // |
| 273 | // Note that, although this function and |SSL_set0_wbio| may be called on the |
| 274 | // same |BIO|, each call takes a reference. Use |BIO_up_ref| to balance this. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 275 | OPENSSL_EXPORT void SSL_set0_rbio(SSL *ssl, BIO *rbio); |
| 276 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 277 | // SSL_set0_wbio configures |ssl| to write to |wbio|. It takes ownership of |
| 278 | // |wbio|. |
| 279 | // |
| 280 | // Note that, although this function and |SSL_set0_rbio| may be called on the |
| 281 | // same |BIO|, each call takes a reference. Use |BIO_up_ref| to balance this. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 282 | OPENSSL_EXPORT void SSL_set0_wbio(SSL *ssl, BIO *wbio); |
| 283 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 284 | // SSL_get_rbio returns the |BIO| that |ssl| reads from. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 285 | OPENSSL_EXPORT BIO *SSL_get_rbio(const SSL *ssl); |
| 286 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 287 | // SSL_get_wbio returns the |BIO| that |ssl| writes to. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 288 | OPENSSL_EXPORT BIO *SSL_get_wbio(const SSL *ssl); |
| 289 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 290 | // SSL_get_fd calls |SSL_get_rfd|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 291 | OPENSSL_EXPORT int SSL_get_fd(const SSL *ssl); |
| 292 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 293 | // SSL_get_rfd returns the file descriptor that |ssl| is configured to read |
| 294 | // from. If |ssl|'s read |BIO| is not configured or doesn't wrap a file |
| 295 | // descriptor then it returns -1. |
| 296 | // |
| 297 | // Note: On Windows, this may return either a file descriptor or a socket (cast |
| 298 | // to int), depending on whether |ssl| was configured with a file descriptor or |
| 299 | // socket |BIO|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 300 | OPENSSL_EXPORT int SSL_get_rfd(const SSL *ssl); |
| 301 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 302 | // SSL_get_wfd returns the file descriptor that |ssl| is configured to write |
| 303 | // to. If |ssl|'s write |BIO| is not configured or doesn't wrap a file |
| 304 | // descriptor then it returns -1. |
| 305 | // |
| 306 | // Note: On Windows, this may return either a file descriptor or a socket (cast |
| 307 | // to int), depending on whether |ssl| was configured with a file descriptor or |
| 308 | // socket |BIO|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 309 | OPENSSL_EXPORT int SSL_get_wfd(const SSL *ssl); |
| 310 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 311 | // SSL_set_fd configures |ssl| to read from and write to |fd|. It returns one |
| 312 | // on success and zero on allocation error. The caller retains ownership of |
| 313 | // |fd|. |
| 314 | // |
| 315 | // On Windows, |fd| is cast to a |SOCKET| and used with Winsock APIs. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 316 | OPENSSL_EXPORT int SSL_set_fd(SSL *ssl, int fd); |
| 317 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 318 | // SSL_set_rfd configures |ssl| to read from |fd|. It returns one on success and |
| 319 | // zero on allocation error. The caller retains ownership of |fd|. |
| 320 | // |
| 321 | // On Windows, |fd| is cast to a |SOCKET| and used with Winsock APIs. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 322 | OPENSSL_EXPORT int SSL_set_rfd(SSL *ssl, int fd); |
| 323 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 324 | // SSL_set_wfd configures |ssl| to write to |fd|. It returns one on success and |
| 325 | // zero on allocation error. The caller retains ownership of |fd|. |
| 326 | // |
| 327 | // On Windows, |fd| is cast to a |SOCKET| and used with Winsock APIs. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 328 | OPENSSL_EXPORT int SSL_set_wfd(SSL *ssl, int fd); |
| 329 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 330 | // SSL_do_handshake continues the current handshake. If there is none or the |
| 331 | // handshake has completed or False Started, it returns one. Otherwise, it |
| 332 | // returns <= 0. The caller should pass the value into |SSL_get_error| to |
| 333 | // determine how to proceed. |
| 334 | // |
| 335 | // In DTLS, the caller must drive retransmissions. Whenever |SSL_get_error| |
| 336 | // signals |SSL_ERROR_WANT_READ|, use |DTLSv1_get_timeout| to determine the |
| 337 | // current timeout. If it expires before the next retry, call |
| 338 | // |DTLSv1_handle_timeout|. Note that DTLS handshake retransmissions use fresh |
| 339 | // sequence numbers, so it is not sufficient to replay packets at the transport. |
| 340 | // |
| 341 | // TODO(davidben): Ensure 0 is only returned on transport EOF. |
| 342 | // https://crbug.com/466303. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 343 | OPENSSL_EXPORT int SSL_do_handshake(SSL *ssl); |
| 344 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 345 | // SSL_connect configures |ssl| as a client, if unconfigured, and calls |
| 346 | // |SSL_do_handshake|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 347 | OPENSSL_EXPORT int SSL_connect(SSL *ssl); |
| 348 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 349 | // SSL_accept configures |ssl| as a server, if unconfigured, and calls |
| 350 | // |SSL_do_handshake|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 351 | OPENSSL_EXPORT int SSL_accept(SSL *ssl); |
| 352 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 353 | // SSL_read reads up to |num| bytes from |ssl| into |buf|. It implicitly runs |
| 354 | // any pending handshakes, including renegotiations when enabled. On success, it |
| 355 | // returns the number of bytes read. Otherwise, it returns <= 0. The caller |
| 356 | // should pass the value into |SSL_get_error| to determine how to proceed. |
| 357 | // |
| 358 | // TODO(davidben): Ensure 0 is only returned on transport EOF. |
| 359 | // https://crbug.com/466303. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 360 | OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num); |
| 361 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 362 | // SSL_peek behaves like |SSL_read| but does not consume any bytes returned. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 363 | OPENSSL_EXPORT int SSL_peek(SSL *ssl, void *buf, int num); |
| 364 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 365 | // SSL_pending returns the number of bytes available in |ssl|. It does not read |
| 366 | // from the transport. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 367 | OPENSSL_EXPORT int SSL_pending(const SSL *ssl); |
| 368 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 369 | // SSL_write writes up to |num| bytes from |buf| into |ssl|. It implicitly runs |
| 370 | // any pending handshakes, including renegotiations when enabled. On success, it |
| 371 | // returns the number of bytes written. Otherwise, it returns <= 0. The caller |
| 372 | // should pass the value into |SSL_get_error| to determine how to proceed. |
| 373 | // |
| 374 | // In TLS, a non-blocking |SSL_write| differs from non-blocking |write| in that |
| 375 | // a failed |SSL_write| still commits to the data passed in. When retrying, the |
| 376 | // caller must supply the original write buffer (or a larger one containing the |
| 377 | // original as a prefix). By default, retries will fail if they also do not |
| 378 | // reuse the same |buf| pointer. This may be relaxed with |
| 379 | // |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER|, but the buffer contents still must be |
| 380 | // unchanged. |
| 381 | // |
| 382 | // By default, in TLS, |SSL_write| will not return success until all |num| bytes |
| 383 | // are written. This may be relaxed with |SSL_MODE_ENABLE_PARTIAL_WRITE|. It |
| 384 | // allows |SSL_write| to complete with a partial result when only part of the |
| 385 | // input was written in a single record. |
| 386 | // |
| 387 | // In DTLS, neither |SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER| and |
| 388 | // |SSL_MODE_ENABLE_PARTIAL_WRITE| do anything. The caller may retry with a |
| 389 | // different buffer freely. A single call to |SSL_write| only ever writes a |
| 390 | // single record in a single packet, so |num| must be at most |
| 391 | // |SSL3_RT_MAX_PLAIN_LENGTH|. |
| 392 | // |
| 393 | // TODO(davidben): Ensure 0 is only returned on transport EOF. |
| 394 | // https://crbug.com/466303. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 395 | OPENSSL_EXPORT int SSL_write(SSL *ssl, const void *buf, int num); |
| 396 | |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 397 | // SSL_KEY_UPDATE_REQUESTED indicates that the peer should reply to a KeyUpdate |
| 398 | // message with its own, thus updating traffic secrets for both directions on |
| 399 | // the connection. |
| 400 | #define SSL_KEY_UPDATE_REQUESTED 1 |
| 401 | |
| 402 | // SSL_KEY_UPDATE_NOT_REQUESTED indicates that the peer should not reply with |
| 403 | // it's own KeyUpdate message. |
| 404 | #define SSL_KEY_UPDATE_NOT_REQUESTED 0 |
| 405 | |
| 406 | // SSL_key_update queues a TLS 1.3 KeyUpdate message to be sent on |ssl| |
| 407 | // if one is not already queued. The |request_type| argument must one of the |
| 408 | // |SSL_KEY_UPDATE_*| values. This function requires that |ssl| have completed a |
| 409 | // TLS >= 1.3 handshake. It returns one on success or zero on error. |
| 410 | // |
| 411 | // Note that this function does not _send_ the message itself. The next call to |
| 412 | // |SSL_write| will cause the message to be sent. |SSL_write| may be called with |
| 413 | // a zero length to flush a KeyUpdate message when no application data is |
| 414 | // pending. |
| 415 | OPENSSL_EXPORT int SSL_key_update(SSL *ssl, int request_type); |
| 416 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 417 | // SSL_shutdown shuts down |ssl|. It runs in two stages. First, it sends |
| 418 | // close_notify and returns zero or one on success or -1 on failure. Zero |
| 419 | // indicates that close_notify was sent, but not received, and one additionally |
| 420 | // indicates that the peer's close_notify had already been received. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 421 | // |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 422 | // To then wait for the peer's close_notify, run |SSL_shutdown| to completion a |
| 423 | // second time. This returns 1 on success and -1 on failure. Application data |
| 424 | // is considered a fatal error at this point. To process or discard it, read |
| 425 | // until close_notify with |SSL_read| instead. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 426 | // |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 427 | // In both cases, on failure, pass the return value into |SSL_get_error| to |
| 428 | // determine how to proceed. |
| 429 | // |
| 430 | // Most callers should stop at the first stage. Reading for close_notify is |
| 431 | // primarily used for uncommon protocols where the underlying transport is |
| 432 | // reused after TLS completes. Additionally, DTLS uses an unordered transport |
| 433 | // and is unordered, so the second stage is a no-op in DTLS. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 434 | OPENSSL_EXPORT int SSL_shutdown(SSL *ssl); |
| 435 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 436 | // SSL_CTX_set_quiet_shutdown sets quiet shutdown on |ctx| to |mode|. If |
| 437 | // enabled, |SSL_shutdown| will not send a close_notify alert or wait for one |
| 438 | // from the peer. It will instead synchronously return one. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 439 | OPENSSL_EXPORT void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); |
| 440 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 441 | // SSL_CTX_get_quiet_shutdown returns whether quiet shutdown is enabled for |
| 442 | // |ctx|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 443 | OPENSSL_EXPORT int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); |
| 444 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 445 | // SSL_set_quiet_shutdown sets quiet shutdown on |ssl| to |mode|. If enabled, |
| 446 | // |SSL_shutdown| will not send a close_notify alert or wait for one from the |
| 447 | // peer. It will instead synchronously return one. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 448 | OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL *ssl, int mode); |
| 449 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 450 | // SSL_get_quiet_shutdown returns whether quiet shutdown is enabled for |
| 451 | // |ssl|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 452 | OPENSSL_EXPORT int SSL_get_quiet_shutdown(const SSL *ssl); |
| 453 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 454 | // SSL_get_error returns a |SSL_ERROR_*| value for the most recent operation on |
| 455 | // |ssl|. It should be called after an operation failed to determine whether the |
| 456 | // error was fatal and, if not, when to retry. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 457 | OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code); |
| 458 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 459 | // SSL_ERROR_NONE indicates the operation succeeded. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 460 | #define SSL_ERROR_NONE 0 |
| 461 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 462 | // SSL_ERROR_SSL indicates the operation failed within the library. The caller |
| 463 | // may inspect the error queue for more information. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 464 | #define SSL_ERROR_SSL 1 |
| 465 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 466 | // SSL_ERROR_WANT_READ indicates the operation failed attempting to read from |
| 467 | // the transport. The caller may retry the operation when the transport is ready |
| 468 | // for reading. |
| 469 | // |
| 470 | // If signaled by a DTLS handshake, the caller must also call |
| 471 | // |DTLSv1_get_timeout| and |DTLSv1_handle_timeout| as appropriate. See |
| 472 | // |SSL_do_handshake|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 473 | #define SSL_ERROR_WANT_READ 2 |
| 474 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 475 | // SSL_ERROR_WANT_WRITE indicates the operation failed attempting to write to |
| 476 | // the transport. The caller may retry the operation when the transport is ready |
| 477 | // for writing. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 478 | #define SSL_ERROR_WANT_WRITE 3 |
| 479 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 480 | // SSL_ERROR_WANT_X509_LOOKUP indicates the operation failed in calling the |
| 481 | // |cert_cb| or |client_cert_cb|. The caller may retry the operation when the |
| 482 | // callback is ready to return a certificate or one has been configured |
| 483 | // externally. |
| 484 | // |
| 485 | // See also |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 486 | #define SSL_ERROR_WANT_X509_LOOKUP 4 |
| 487 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 488 | // SSL_ERROR_SYSCALL indicates the operation failed externally to the library. |
| 489 | // The caller should consult the system-specific error mechanism. This is |
| 490 | // typically |errno| but may be something custom if using a custom |BIO|. It |
| 491 | // may also be signaled if the transport returned EOF, in which case the |
| 492 | // operation's return value will be zero. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 493 | #define SSL_ERROR_SYSCALL 5 |
| 494 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 495 | // SSL_ERROR_ZERO_RETURN indicates the operation failed because the connection |
| 496 | // was cleanly shut down with a close_notify alert. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 497 | #define SSL_ERROR_ZERO_RETURN 6 |
| 498 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 499 | // SSL_ERROR_WANT_CONNECT indicates the operation failed attempting to connect |
| 500 | // the transport (the |BIO| signaled |BIO_RR_CONNECT|). The caller may retry the |
| 501 | // operation when the transport is ready. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 502 | #define SSL_ERROR_WANT_CONNECT 7 |
| 503 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 504 | // SSL_ERROR_WANT_ACCEPT indicates the operation failed attempting to accept a |
| 505 | // connection from the transport (the |BIO| signaled |BIO_RR_ACCEPT|). The |
| 506 | // caller may retry the operation when the transport is ready. |
| 507 | // |
| 508 | // TODO(davidben): Remove this. It's used by accept BIOs which are bizarre. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 509 | #define SSL_ERROR_WANT_ACCEPT 8 |
| 510 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 511 | // SSL_ERROR_WANT_CHANNEL_ID_LOOKUP indicates the operation failed looking up |
| 512 | // the Channel ID key. The caller may retry the operation when |channel_id_cb| |
| 513 | // is ready to return a key or one has been configured with |
| 514 | // |SSL_set1_tls_channel_id|. |
| 515 | // |
| 516 | // See also |SSL_CTX_set_channel_id_cb|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 517 | #define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 |
| 518 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 519 | // SSL_ERROR_PENDING_SESSION indicates the operation failed because the session |
| 520 | // lookup callback indicated the session was unavailable. The caller may retry |
| 521 | // the operation when lookup has completed. |
| 522 | // |
| 523 | // See also |SSL_CTX_sess_set_get_cb| and |SSL_magic_pending_session_ptr|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 524 | #define SSL_ERROR_PENDING_SESSION 11 |
| 525 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 526 | // SSL_ERROR_PENDING_CERTIFICATE indicates the operation failed because the |
| 527 | // early callback indicated certificate lookup was incomplete. The caller may |
| 528 | // retry the operation when lookup has completed. |
| 529 | // |
| 530 | // See also |SSL_CTX_set_select_certificate_cb|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 531 | #define SSL_ERROR_PENDING_CERTIFICATE 12 |
| 532 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 533 | // SSL_ERROR_WANT_PRIVATE_KEY_OPERATION indicates the operation failed because |
| 534 | // a private key operation was unfinished. The caller may retry the operation |
| 535 | // when the private key operation is complete. |
| 536 | // |
| 537 | // See also |SSL_set_private_key_method| and |
| 538 | // |SSL_CTX_set_private_key_method|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 539 | #define SSL_ERROR_WANT_PRIVATE_KEY_OPERATION 13 |
| 540 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 541 | // SSL_ERROR_PENDING_TICKET indicates that a ticket decryption is pending. The |
| 542 | // caller may retry the operation when the decryption is ready. |
| 543 | // |
| 544 | // See also |SSL_CTX_set_ticket_aead_method|. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 545 | #define SSL_ERROR_PENDING_TICKET 14 |
| 546 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 547 | // SSL_ERROR_EARLY_DATA_REJECTED indicates that early data was rejected. The |
| 548 | // caller should treat this as a connection failure and retry any operations |
| 549 | // associated with the rejected early data. |SSL_reset_early_data_reject| may be |
| 550 | // used to reuse the underlying connection for the retry. |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 551 | #define SSL_ERROR_EARLY_DATA_REJECTED 15 |
| 552 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 553 | // SSL_ERROR_WANT_CERTIFICATE_VERIFY indicates the operation failed because |
| 554 | // certificate verification was incomplete. The caller may retry the operation |
| 555 | // when certificate verification is complete. |
| 556 | // |
| 557 | // See also |SSL_CTX_set_custom_verify|. |
Robert Sloan | b6d070c | 2017-07-24 08:40:01 -0700 | [diff] [blame] | 558 | #define SSL_ERROR_WANT_CERTIFICATE_VERIFY 16 |
| 559 | |
Robert Sloan | 8542c08 | 2018-02-05 09:07:34 -0800 | [diff] [blame] | 560 | #define SSL_ERROR_HANDOFF 17 |
Robert Sloan | dc2f609 | 2018-04-10 10:22:33 -0700 | [diff] [blame] | 561 | #define SSL_ERROR_HANDBACK 18 |
Robert Sloan | 8542c08 | 2018-02-05 09:07:34 -0800 | [diff] [blame] | 562 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 563 | // SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success |
| 564 | // and zero on failure. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 565 | OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu); |
| 566 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 567 | // DTLSv1_set_initial_timeout_duration sets the initial duration for a DTLS |
| 568 | // handshake timeout. |
| 569 | // |
| 570 | // This duration overrides the default of 1 second, which is the strong |
| 571 | // recommendation of RFC 6347 (see section 4.2.4.1). However, there may exist |
| 572 | // situations where a shorter timeout would be beneficial, such as for |
| 573 | // time-sensitive applications. |
David Benjamin | d316cba | 2016-06-02 16:17:39 -0400 | [diff] [blame] | 574 | OPENSSL_EXPORT void DTLSv1_set_initial_timeout_duration(SSL *ssl, |
| 575 | unsigned duration_ms); |
| 576 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 577 | // DTLSv1_get_timeout queries the next DTLS handshake timeout. If there is a |
| 578 | // timeout in progress, it sets |*out| to the time remaining and returns one. |
| 579 | // Otherwise, it returns zero. |
| 580 | // |
| 581 | // When the timeout expires, call |DTLSv1_handle_timeout| to handle the |
| 582 | // retransmit behavior. |
| 583 | // |
| 584 | // NOTE: This function must be queried again whenever the handshake state |
| 585 | // machine changes, including when |DTLSv1_handle_timeout| is called. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 586 | OPENSSL_EXPORT int DTLSv1_get_timeout(const SSL *ssl, struct timeval *out); |
| 587 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 588 | // DTLSv1_handle_timeout is called when a DTLS handshake timeout expires. If no |
| 589 | // timeout had expired, it returns 0. Otherwise, it retransmits the previous |
| 590 | // flight of handshake messages and returns 1. If too many timeouts had expired |
| 591 | // without progress or an error occurs, it returns -1. |
| 592 | // |
| 593 | // The caller's external timer should be compatible with the one |ssl| queries |
| 594 | // within some fudge factor. Otherwise, the call will be a no-op, but |
| 595 | // |DTLSv1_get_timeout| will return an updated timeout. |
| 596 | // |
| 597 | // If the function returns -1, checking if |SSL_get_error| returns |
| 598 | // |SSL_ERROR_WANT_WRITE| may be used to determine if the retransmit failed due |
| 599 | // to a non-fatal error at the write |BIO|. However, the operation may not be |
| 600 | // retried until the next timeout fires. |
| 601 | // |
| 602 | // WARNING: This function breaks the usual return value convention. |
| 603 | // |
| 604 | // TODO(davidben): This |SSL_ERROR_WANT_WRITE| behavior is kind of bizarre. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 605 | OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl); |
| 606 | |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 607 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 608 | // Protocol versions. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 609 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 610 | #define DTLS1_VERSION_MAJOR 0xfe |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 611 | #define SSL3_VERSION_MAJOR 0x03 |
| 612 | |
| 613 | #define SSL3_VERSION 0x0300 |
| 614 | #define TLS1_VERSION 0x0301 |
| 615 | #define TLS1_1_VERSION 0x0302 |
| 616 | #define TLS1_2_VERSION 0x0303 |
David Benjamin | d316cba | 2016-06-02 16:17:39 -0400 | [diff] [blame] | 617 | #define TLS1_3_VERSION 0x0304 |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 618 | |
| 619 | #define DTLS1_VERSION 0xfeff |
| 620 | #define DTLS1_2_VERSION 0xfefd |
| 621 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 622 | // SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to |
| 623 | // |version|. If |version| is zero, the default minimum version is used. It |
| 624 | // returns one on success and zero if |version| is invalid. |
David Benjamin | 7c0d06c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 625 | OPENSSL_EXPORT int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, |
| 626 | uint16_t version); |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 627 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 628 | // SSL_CTX_set_max_proto_version sets the maximum protocol version for |ctx| to |
| 629 | // |version|. If |version| is zero, the default maximum version is used. It |
| 630 | // returns one on success and zero if |version| is invalid. |
David Benjamin | 7c0d06c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 631 | OPENSSL_EXPORT int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, |
| 632 | uint16_t version); |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 633 | |
Robert Sloan | 4726ed3 | 2019-04-08 12:43:32 -0700 | [diff] [blame] | 634 | // SSL_CTX_get_min_proto_version returns the minimum protocol version for |ctx| |
| 635 | OPENSSL_EXPORT uint16_t SSL_CTX_get_min_proto_version(SSL_CTX *ctx); |
| 636 | |
| 637 | // SSL_CTX_get_max_proto_version returns the maximum protocol version for |ctx| |
| 638 | OPENSSL_EXPORT uint16_t SSL_CTX_get_max_proto_version(SSL_CTX *ctx); |
| 639 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 640 | // SSL_set_min_proto_version sets the minimum protocol version for |ssl| to |
| 641 | // |version|. If |version| is zero, the default minimum version is used. It |
| 642 | // returns one on success and zero if |version| is invalid. |
David Benjamin | 7c0d06c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 643 | OPENSSL_EXPORT int SSL_set_min_proto_version(SSL *ssl, uint16_t version); |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 644 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 645 | // SSL_set_max_proto_version sets the maximum protocol version for |ssl| to |
| 646 | // |version|. If |version| is zero, the default maximum version is used. It |
| 647 | // returns one on success and zero if |version| is invalid. |
David Benjamin | 7c0d06c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 648 | OPENSSL_EXPORT int SSL_set_max_proto_version(SSL *ssl, uint16_t version); |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 649 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 650 | // SSL_version returns the TLS or DTLS protocol version used by |ssl|, which is |
| 651 | // one of the |*_VERSION| values. (E.g. |TLS1_2_VERSION|.) Before the version |
| 652 | // is negotiated, the result is undefined. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 653 | OPENSSL_EXPORT int SSL_version(const SSL *ssl); |
| 654 | |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 655 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 656 | // Options. |
| 657 | // |
| 658 | // Options configure protocol behavior. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 659 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 660 | // SSL_OP_NO_QUERY_MTU, in DTLS, disables querying the MTU from the underlying |
| 661 | // |BIO|. Instead, the MTU is configured with |SSL_set_mtu|. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 662 | #define SSL_OP_NO_QUERY_MTU 0x00001000L |
| 663 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 664 | // SSL_OP_NO_TICKET disables session ticket support (RFC 5077). |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 665 | #define SSL_OP_NO_TICKET 0x00004000L |
| 666 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 667 | // SSL_OP_CIPHER_SERVER_PREFERENCE configures servers to select ciphers and |
| 668 | // ECDHE curves according to the server's preferences instead of the |
| 669 | // client's. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 670 | #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L |
| 671 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 672 | // The following flags toggle individual protocol versions. This is deprecated. |
| 673 | // Use |SSL_CTX_set_min_proto_version| and |SSL_CTX_set_max_proto_version| |
| 674 | // instead. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 675 | #define SSL_OP_NO_TLSv1 0x04000000L |
| 676 | #define SSL_OP_NO_TLSv1_2 0x08000000L |
| 677 | #define SSL_OP_NO_TLSv1_1 0x10000000L |
| 678 | #define SSL_OP_NO_TLSv1_3 0x20000000L |
| 679 | #define SSL_OP_NO_DTLSv1 SSL_OP_NO_TLSv1 |
| 680 | #define SSL_OP_NO_DTLSv1_2 SSL_OP_NO_TLSv1_2 |
| 681 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 682 | // SSL_CTX_set_options enables all options set in |options| (which should be one |
| 683 | // or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a |
| 684 | // bitmask representing the resulting enabled options. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 685 | OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options); |
| 686 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 687 | // SSL_CTX_clear_options disables all options set in |options| (which should be |
| 688 | // one or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a |
| 689 | // bitmask representing the resulting enabled options. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 690 | OPENSSL_EXPORT uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options); |
| 691 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 692 | // SSL_CTX_get_options returns a bitmask of |SSL_OP_*| values that represent all |
| 693 | // the options enabled for |ctx|. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 694 | OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx); |
| 695 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 696 | // SSL_set_options enables all options set in |options| (which should be one or |
| 697 | // more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask |
| 698 | // representing the resulting enabled options. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 699 | OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options); |
| 700 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 701 | // SSL_clear_options disables all options set in |options| (which should be one |
| 702 | // or more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a |
| 703 | // bitmask representing the resulting enabled options. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 704 | OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options); |
| 705 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 706 | // SSL_get_options returns a bitmask of |SSL_OP_*| values that represent all the |
| 707 | // options enabled for |ssl|. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 708 | OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl); |
| 709 | |
| 710 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 711 | // Modes. |
| 712 | // |
| 713 | // Modes configure API behavior. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 714 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 715 | // SSL_MODE_ENABLE_PARTIAL_WRITE, in TLS, allows |SSL_write| to complete with a |
| 716 | // partial result when the only part of the input was written in a single |
| 717 | // record. In DTLS, it does nothing. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 718 | #define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L |
| 719 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 720 | // SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, in TLS, allows retrying an incomplete |
| 721 | // |SSL_write| with a different buffer. However, |SSL_write| still assumes the |
| 722 | // buffer contents are unchanged. This is not the default to avoid the |
| 723 | // misconception that non-blocking |SSL_write| behaves like non-blocking |
| 724 | // |write|. In DTLS, it does nothing. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 725 | #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L |
| 726 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 727 | // SSL_MODE_NO_AUTO_CHAIN disables automatically building a certificate chain |
| 728 | // before sending certificates to the peer. This flag is set (and the feature |
| 729 | // disabled) by default. |
| 730 | // TODO(davidben): Remove this behavior. https://crbug.com/boringssl/42. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 731 | #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L |
| 732 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 733 | // SSL_MODE_ENABLE_FALSE_START allows clients to send application data before |
| 734 | // receipt of ChangeCipherSpec and Finished. This mode enables full handshakes |
| 735 | // to 'complete' in one RTT. See RFC 7918. |
| 736 | // |
| 737 | // When False Start is enabled, |SSL_do_handshake| may succeed before the |
| 738 | // handshake has completely finished. |SSL_write| will function at this point, |
| 739 | // and |SSL_read| will transparently wait for the final handshake leg before |
| 740 | // returning application data. To determine if False Start occurred or when the |
| 741 | // handshake is completely finished, see |SSL_in_false_start|, |SSL_in_init|, |
| 742 | // and |SSL_CB_HANDSHAKE_DONE| from |SSL_CTX_set_info_callback|. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 743 | #define SSL_MODE_ENABLE_FALSE_START 0x00000080L |
| 744 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 745 | // SSL_MODE_CBC_RECORD_SPLITTING causes multi-byte CBC records in TLS 1.0 to be |
| 746 | // split in two: the first record will contain a single byte and the second will |
| 747 | // contain the remainder. This effectively randomises the IV and prevents BEAST |
| 748 | // attacks. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 749 | #define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L |
| 750 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 751 | // SSL_MODE_NO_SESSION_CREATION will cause any attempts to create a session to |
| 752 | // fail with SSL_R_SESSION_MAY_NOT_BE_CREATED. This can be used to enforce that |
| 753 | // session resumption is used for a given SSL*. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 754 | #define SSL_MODE_NO_SESSION_CREATION 0x00000200L |
| 755 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 756 | // SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello. |
| 757 | // To be set only by applications that reconnect with a downgraded protocol |
| 758 | // version; see RFC 7507 for details. |
| 759 | // |
| 760 | // DO NOT ENABLE THIS if your application attempts a normal handshake. Only use |
| 761 | // this in explicit fallback retries, following the guidance in RFC 7507. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 762 | #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L |
| 763 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 764 | // SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more |
| 765 | // of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask |
| 766 | // representing the resulting enabled modes. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 767 | OPENSSL_EXPORT uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode); |
| 768 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 769 | // SSL_CTX_clear_mode disables all modes set in |mode| (which should be one or |
| 770 | // more of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a |
| 771 | // bitmask representing the resulting enabled modes. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 772 | OPENSSL_EXPORT uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode); |
| 773 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 774 | // SSL_CTX_get_mode returns a bitmask of |SSL_MODE_*| values that represent all |
| 775 | // the modes enabled for |ssl|. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 776 | OPENSSL_EXPORT uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx); |
| 777 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 778 | // SSL_set_mode enables all modes set in |mode| (which should be one or more of |
| 779 | // the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask |
| 780 | // representing the resulting enabled modes. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 781 | OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode); |
| 782 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 783 | // SSL_clear_mode disables all modes set in |mode| (which should be one or more |
| 784 | // of the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask |
| 785 | // representing the resulting enabled modes. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 786 | OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode); |
| 787 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 788 | // SSL_get_mode returns a bitmask of |SSL_MODE_*| values that represent all the |
| 789 | // modes enabled for |ssl|. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 790 | OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl); |
| 791 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 792 | // SSL_CTX_set0_buffer_pool sets a |CRYPTO_BUFFER_POOL| that will be used to |
| 793 | // store certificates. This can allow multiple connections to share |
| 794 | // certificates and thus save memory. |
| 795 | // |
| 796 | // The SSL_CTX does not take ownership of |pool| and the caller must ensure |
| 797 | // that |pool| outlives |ctx| and all objects linked to it, including |SSL|, |
| 798 | // |X509| and |SSL_SESSION| objects. Basically, don't ever free |pool|. |
Steven Valdez | e7531f0 | 2016-12-14 13:29:57 -0500 | [diff] [blame] | 799 | OPENSSL_EXPORT void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx, |
| 800 | CRYPTO_BUFFER_POOL *pool); |
| 801 | |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 802 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 803 | // Configuring certificates and private keys. |
| 804 | // |
| 805 | // These functions configure the connection's leaf certificate, private key, and |
| 806 | // certificate chain. The certificate chain is ordered leaf to root (as sent on |
| 807 | // the wire) but does not include the leaf. Both client and server certificates |
| 808 | // use these functions. |
| 809 | // |
| 810 | // Certificates and keys may be configured before the handshake or dynamically |
| 811 | // in the early callback and certificate callback. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 812 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 813 | // SSL_CTX_use_certificate sets |ctx|'s leaf certificate to |x509|. It returns |
| 814 | // one on success and zero on failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 815 | OPENSSL_EXPORT int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x509); |
| 816 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 817 | // SSL_use_certificate sets |ssl|'s leaf certificate to |x509|. It returns one |
| 818 | // on success and zero on failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 819 | OPENSSL_EXPORT int SSL_use_certificate(SSL *ssl, X509 *x509); |
| 820 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 821 | // SSL_CTX_use_PrivateKey sets |ctx|'s private key to |pkey|. It returns one on |
| 822 | // success and zero on failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 823 | OPENSSL_EXPORT int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); |
| 824 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 825 | // SSL_use_PrivateKey sets |ssl|'s private key to |pkey|. It returns one on |
| 826 | // success and zero on failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 827 | OPENSSL_EXPORT int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); |
| 828 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 829 | // SSL_CTX_set0_chain sets |ctx|'s certificate chain, excluding the leaf, to |
| 830 | // |chain|. On success, it returns one and takes ownership of |chain|. |
| 831 | // Otherwise, it returns zero. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 832 | OPENSSL_EXPORT int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain); |
| 833 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 834 | // SSL_CTX_set1_chain sets |ctx|'s certificate chain, excluding the leaf, to |
| 835 | // |chain|. It returns one on success and zero on failure. The caller retains |
| 836 | // ownership of |chain| and may release it freely. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 837 | OPENSSL_EXPORT int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain); |
| 838 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 839 | // SSL_set0_chain sets |ssl|'s certificate chain, excluding the leaf, to |
| 840 | // |chain|. On success, it returns one and takes ownership of |chain|. |
| 841 | // Otherwise, it returns zero. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 842 | OPENSSL_EXPORT int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain); |
| 843 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 844 | // SSL_set1_chain sets |ssl|'s certificate chain, excluding the leaf, to |
| 845 | // |chain|. It returns one on success and zero on failure. The caller retains |
| 846 | // ownership of |chain| and may release it freely. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 847 | OPENSSL_EXPORT int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain); |
| 848 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 849 | // SSL_CTX_add0_chain_cert appends |x509| to |ctx|'s certificate chain. On |
| 850 | // success, it returns one and takes ownership of |x509|. Otherwise, it returns |
| 851 | // zero. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 852 | OPENSSL_EXPORT int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); |
| 853 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 854 | // SSL_CTX_add1_chain_cert appends |x509| to |ctx|'s certificate chain. It |
| 855 | // returns one on success and zero on failure. The caller retains ownership of |
| 856 | // |x509| and may release it freely. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 857 | OPENSSL_EXPORT int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); |
| 858 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 859 | // SSL_add0_chain_cert appends |x509| to |ctx|'s certificate chain. On success, |
| 860 | // it returns one and takes ownership of |x509|. Otherwise, it returns zero. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 861 | OPENSSL_EXPORT int SSL_add0_chain_cert(SSL *ssl, X509 *x509); |
| 862 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 863 | // SSL_CTX_add_extra_chain_cert calls |SSL_CTX_add0_chain_cert|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 864 | OPENSSL_EXPORT int SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); |
| 865 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 866 | // SSL_add1_chain_cert appends |x509| to |ctx|'s certificate chain. It returns |
| 867 | // one on success and zero on failure. The caller retains ownership of |x509| |
| 868 | // and may release it freely. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 869 | OPENSSL_EXPORT int SSL_add1_chain_cert(SSL *ssl, X509 *x509); |
| 870 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 871 | // SSL_CTX_clear_chain_certs clears |ctx|'s certificate chain and returns |
| 872 | // one. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 873 | OPENSSL_EXPORT int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); |
| 874 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 875 | // SSL_CTX_clear_extra_chain_certs calls |SSL_CTX_clear_chain_certs|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 876 | OPENSSL_EXPORT int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); |
| 877 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 878 | // SSL_clear_chain_certs clears |ssl|'s certificate chain and returns one. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 879 | OPENSSL_EXPORT int SSL_clear_chain_certs(SSL *ssl); |
| 880 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 881 | // SSL_CTX_set_cert_cb sets a callback that is called to select a certificate. |
| 882 | // The callback returns one on success, zero on internal error, and a negative |
| 883 | // number on failure or to pause the handshake. If the handshake is paused, |
| 884 | // |SSL_get_error| will return |SSL_ERROR_WANT_X509_LOOKUP|. |
| 885 | // |
| 886 | // On the client, the callback may call |SSL_get0_certificate_types| and |
| 887 | // |SSL_get_client_CA_list| for information on the server's certificate |
| 888 | // request. |
| 889 | // |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 890 | // On the server, the callback will be called after extensions have been |
| 891 | // processed, but before the resumption decision has been made. This differs |
| 892 | // from OpenSSL which handles resumption before selecting the certificate. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 893 | OPENSSL_EXPORT void SSL_CTX_set_cert_cb(SSL_CTX *ctx, |
| 894 | int (*cb)(SSL *ssl, void *arg), |
| 895 | void *arg); |
| 896 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 897 | // SSL_set_cert_cb sets a callback that is called to select a certificate. The |
| 898 | // callback returns one on success, zero on internal error, and a negative |
| 899 | // number on failure or to pause the handshake. If the handshake is paused, |
| 900 | // |SSL_get_error| will return |SSL_ERROR_WANT_X509_LOOKUP|. |
| 901 | // |
| 902 | // On the client, the callback may call |SSL_get0_certificate_types| and |
| 903 | // |SSL_get_client_CA_list| for information on the server's certificate |
| 904 | // request. |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 905 | // |
| 906 | // On the server, the callback will be called after extensions have been |
| 907 | // processed, but before the resumption decision has been made. This differs |
| 908 | // from OpenSSL which handles resumption before selecting the certificate. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 909 | OPENSSL_EXPORT void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), |
| 910 | void *arg); |
| 911 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 912 | // SSL_get0_certificate_types, for a client, sets |*out_types| to an array |
| 913 | // containing the client certificate types requested by a server. It returns the |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 914 | // length of the array. Note this list is always empty in TLS 1.3. The server |
| 915 | // will instead send signature algorithms. See |
| 916 | // |SSL_get0_peer_verify_algorithms|. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 917 | // |
| 918 | // The behavior of this function is undefined except during the callbacks set by |
| 919 | // by |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb| or when the |
| 920 | // handshake is paused because of them. |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 921 | OPENSSL_EXPORT size_t SSL_get0_certificate_types(const SSL *ssl, |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 922 | const uint8_t **out_types); |
| 923 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 924 | // SSL_get0_peer_verify_algorithms sets |*out_sigalgs| to an array containing |
| 925 | // the signature algorithms the peer is able to verify. It returns the length of |
| 926 | // the array. Note these values are only sent starting TLS 1.2 and only |
| 927 | // mandatory starting TLS 1.3. If not sent, the empty array is returned. For the |
| 928 | // historical client certificate types list, see |SSL_get0_certificate_types|. |
| 929 | // |
| 930 | // The behavior of this function is undefined except during the callbacks set by |
| 931 | // by |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb| or when the |
| 932 | // handshake is paused because of them. |
| 933 | OPENSSL_EXPORT size_t |
| 934 | SSL_get0_peer_verify_algorithms(const SSL *ssl, const uint16_t **out_sigalgs); |
| 935 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 936 | // SSL_certs_clear resets the private key, leaf certificate, and certificate |
| 937 | // chain of |ssl|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 938 | OPENSSL_EXPORT void SSL_certs_clear(SSL *ssl); |
| 939 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 940 | // SSL_CTX_check_private_key returns one if the certificate and private key |
| 941 | // configured in |ctx| are consistent and zero otherwise. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 942 | OPENSSL_EXPORT int SSL_CTX_check_private_key(const SSL_CTX *ctx); |
| 943 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 944 | // SSL_check_private_key returns one if the certificate and private key |
| 945 | // configured in |ssl| are consistent and zero otherwise. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 946 | OPENSSL_EXPORT int SSL_check_private_key(const SSL *ssl); |
| 947 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 948 | // SSL_CTX_get0_certificate returns |ctx|'s leaf certificate. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 949 | OPENSSL_EXPORT X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); |
| 950 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 951 | // SSL_get_certificate returns |ssl|'s leaf certificate. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 952 | OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl); |
| 953 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 954 | // SSL_CTX_get0_privatekey returns |ctx|'s private key. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 955 | OPENSSL_EXPORT EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); |
| 956 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 957 | // SSL_get_privatekey returns |ssl|'s private key. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 958 | OPENSSL_EXPORT EVP_PKEY *SSL_get_privatekey(const SSL *ssl); |
| 959 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 960 | // SSL_CTX_get0_chain_certs sets |*out_chain| to |ctx|'s certificate chain and |
| 961 | // returns one. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 962 | OPENSSL_EXPORT int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, |
| 963 | STACK_OF(X509) **out_chain); |
| 964 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 965 | // SSL_CTX_get_extra_chain_certs calls |SSL_CTX_get0_chain_certs|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 966 | OPENSSL_EXPORT int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx, |
| 967 | STACK_OF(X509) **out_chain); |
| 968 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 969 | // SSL_get0_chain_certs sets |*out_chain| to |ssl|'s certificate chain and |
| 970 | // returns one. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 971 | OPENSSL_EXPORT int SSL_get0_chain_certs(const SSL *ssl, |
| 972 | STACK_OF(X509) **out_chain); |
| 973 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 974 | // SSL_CTX_set_signed_cert_timestamp_list sets the list of signed certificate |
| 975 | // timestamps that is sent to clients that request it. The |list| argument must |
| 976 | // contain one or more SCT structures serialised as a SignedCertificateTimestamp |
| 977 | // List (see https://tools.ietf.org/html/rfc6962#section-3.3) – i.e. each SCT |
| 978 | // is prefixed by a big-endian, uint16 length and the concatenation of one or |
| 979 | // more such prefixed SCTs are themselves also prefixed by a uint16 length. It |
| 980 | // returns one on success and zero on error. The caller retains ownership of |
| 981 | // |list|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 982 | OPENSSL_EXPORT int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx, |
| 983 | const uint8_t *list, |
| 984 | size_t list_len); |
| 985 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 986 | // SSL_set_signed_cert_timestamp_list sets the list of signed certificate |
| 987 | // timestamps that is sent to clients that request is. The same format as the |
| 988 | // one used for |SSL_CTX_set_signed_cert_timestamp_list| applies. The caller |
| 989 | // retains ownership of |list|. |
Robert Sloan | 5d62578 | 2017-02-13 09:55:39 -0800 | [diff] [blame] | 990 | OPENSSL_EXPORT int SSL_set_signed_cert_timestamp_list(SSL *ctx, |
| 991 | const uint8_t *list, |
| 992 | size_t list_len); |
| 993 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 994 | // SSL_CTX_set_ocsp_response sets the OCSP response that is sent to clients |
| 995 | // which request it. It returns one on success and zero on error. The caller |
| 996 | // retains ownership of |response|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 997 | OPENSSL_EXPORT int SSL_CTX_set_ocsp_response(SSL_CTX *ctx, |
| 998 | const uint8_t *response, |
| 999 | size_t response_len); |
| 1000 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1001 | // SSL_set_ocsp_response sets the OCSP response that is sent to clients which |
| 1002 | // request it. It returns one on success and zero on error. The caller retains |
| 1003 | // ownership of |response|. |
Steven Valdez | e7531f0 | 2016-12-14 13:29:57 -0500 | [diff] [blame] | 1004 | OPENSSL_EXPORT int SSL_set_ocsp_response(SSL *ssl, |
| 1005 | const uint8_t *response, |
| 1006 | size_t response_len); |
| 1007 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1008 | // SSL_SIGN_* are signature algorithm values as defined in TLS 1.3. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1009 | #define SSL_SIGN_RSA_PKCS1_SHA1 0x0201 |
| 1010 | #define SSL_SIGN_RSA_PKCS1_SHA256 0x0401 |
| 1011 | #define SSL_SIGN_RSA_PKCS1_SHA384 0x0501 |
| 1012 | #define SSL_SIGN_RSA_PKCS1_SHA512 0x0601 |
| 1013 | #define SSL_SIGN_ECDSA_SHA1 0x0203 |
| 1014 | #define SSL_SIGN_ECDSA_SECP256R1_SHA256 0x0403 |
| 1015 | #define SSL_SIGN_ECDSA_SECP384R1_SHA384 0x0503 |
| 1016 | #define SSL_SIGN_ECDSA_SECP521R1_SHA512 0x0603 |
Robert Sloan | 5cbb5c8 | 2018-04-24 11:35:46 -0700 | [diff] [blame] | 1017 | #define SSL_SIGN_RSA_PSS_RSAE_SHA256 0x0804 |
| 1018 | #define SSL_SIGN_RSA_PSS_RSAE_SHA384 0x0805 |
| 1019 | #define SSL_SIGN_RSA_PSS_RSAE_SHA512 0x0806 |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 1020 | #define SSL_SIGN_ED25519 0x0807 |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1021 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1022 | // SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal signature algorithm used to |
| 1023 | // specify raw RSASSA-PKCS1-v1_5 with an MD5/SHA-1 concatenation, as used in TLS |
| 1024 | // before TLS 1.2. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1025 | #define SSL_SIGN_RSA_PKCS1_MD5_SHA1 0xff01 |
| 1026 | |
Robert Sloan | b1b54b8 | 2017-11-06 13:50:02 -0800 | [diff] [blame] | 1027 | // SSL_get_signature_algorithm_name returns a human-readable name for |sigalg|, |
| 1028 | // or NULL if unknown. If |include_curve| is one, the curve for ECDSA algorithms |
| 1029 | // is included as in TLS 1.3. Otherwise, it is excluded as in TLS 1.2. |
| 1030 | OPENSSL_EXPORT const char *SSL_get_signature_algorithm_name(uint16_t sigalg, |
| 1031 | int include_curve); |
| 1032 | |
| 1033 | // SSL_get_signature_algorithm_key_type returns the key type associated with |
| 1034 | // |sigalg| as an |EVP_PKEY_*| constant or |EVP_PKEY_NONE| if unknown. |
| 1035 | OPENSSL_EXPORT int SSL_get_signature_algorithm_key_type(uint16_t sigalg); |
| 1036 | |
| 1037 | // SSL_get_signature_algorithm_digest returns the digest function associated |
| 1038 | // with |sigalg| or |NULL| if |sigalg| has no prehash (Ed25519) or is unknown. |
| 1039 | OPENSSL_EXPORT const EVP_MD *SSL_get_signature_algorithm_digest( |
| 1040 | uint16_t sigalg); |
| 1041 | |
| 1042 | // SSL_is_signature_algorithm_rsa_pss returns one if |sigalg| is an RSA-PSS |
| 1043 | // signature algorithm and zero otherwise. |
| 1044 | OPENSSL_EXPORT int SSL_is_signature_algorithm_rsa_pss(uint16_t sigalg); |
| 1045 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1046 | // SSL_CTX_set_signing_algorithm_prefs configures |ctx| to use |prefs| as the |
| 1047 | // preference list when signing with |ctx|'s private key. It returns one on |
| 1048 | // success and zero on error. |prefs| should not include the internal-only value |
| 1049 | // |SSL_SIGN_RSA_PKCS1_MD5_SHA1|. |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1050 | OPENSSL_EXPORT int SSL_CTX_set_signing_algorithm_prefs(SSL_CTX *ctx, |
| 1051 | const uint16_t *prefs, |
| 1052 | size_t num_prefs); |
| 1053 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1054 | // SSL_set_signing_algorithm_prefs configures |ssl| to use |prefs| as the |
| 1055 | // preference list when signing with |ssl|'s private key. It returns one on |
| 1056 | // success and zero on error. |prefs| should not include the internal-only value |
| 1057 | // |SSL_SIGN_RSA_PKCS1_MD5_SHA1|. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1058 | OPENSSL_EXPORT int SSL_set_signing_algorithm_prefs(SSL *ssl, |
| 1059 | const uint16_t *prefs, |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1060 | size_t num_prefs); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1061 | |
| 1062 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1063 | // Certificate and private key convenience functions. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1064 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1065 | // SSL_CTX_set_chain_and_key sets the certificate chain and private key for a |
| 1066 | // TLS client or server. References to the given |CRYPTO_BUFFER| and |EVP_PKEY| |
| 1067 | // objects are added as needed. Exactly one of |privkey| or |privkey_method| |
| 1068 | // may be non-NULL. Returns one on success and zero on error. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 1069 | OPENSSL_EXPORT int SSL_CTX_set_chain_and_key( |
| 1070 | SSL_CTX *ctx, CRYPTO_BUFFER *const *certs, size_t num_certs, |
| 1071 | EVP_PKEY *privkey, const SSL_PRIVATE_KEY_METHOD *privkey_method); |
| 1072 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1073 | // SSL_set_chain_and_key sets the certificate chain and private key for a TLS |
| 1074 | // client or server. References to the given |CRYPTO_BUFFER| and |EVP_PKEY| |
| 1075 | // objects are added as needed. Exactly one of |privkey| or |privkey_method| |
| 1076 | // may be non-NULL. Returns one on success and zero on error. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 1077 | OPENSSL_EXPORT int SSL_set_chain_and_key( |
| 1078 | SSL *ssl, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey, |
| 1079 | const SSL_PRIVATE_KEY_METHOD *privkey_method); |
| 1080 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1081 | // SSL_CTX_use_RSAPrivateKey sets |ctx|'s private key to |rsa|. It returns one |
| 1082 | // on success and zero on failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1083 | OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); |
| 1084 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1085 | // SSL_use_RSAPrivateKey sets |ctx|'s private key to |rsa|. It returns one on |
| 1086 | // success and zero on failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1087 | OPENSSL_EXPORT int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); |
| 1088 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1089 | // The following functions configure certificates or private keys but take as |
| 1090 | // input DER-encoded structures. They return one on success and zero on |
| 1091 | // failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1092 | |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 1093 | OPENSSL_EXPORT int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, size_t der_len, |
| 1094 | const uint8_t *der); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1095 | OPENSSL_EXPORT int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 1096 | size_t der_len); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1097 | |
| 1098 | OPENSSL_EXPORT int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 1099 | const uint8_t *der, |
| 1100 | size_t der_len); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1101 | OPENSSL_EXPORT int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 1102 | const uint8_t *der, size_t der_len); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1103 | |
| 1104 | OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, |
| 1105 | const uint8_t *der, |
| 1106 | size_t der_len); |
| 1107 | OPENSSL_EXPORT int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const uint8_t *der, |
| 1108 | size_t der_len); |
| 1109 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1110 | // The following functions configure certificates or private keys but take as |
| 1111 | // input files to read from. They return one on success and zero on failure. The |
| 1112 | // |type| parameter is one of the |SSL_FILETYPE_*| values and determines whether |
| 1113 | // the file's contents are read as PEM or DER. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1114 | |
Robert Sloan | 921ef2c | 2017-10-17 09:02:20 -0700 | [diff] [blame] | 1115 | #define SSL_FILETYPE_PEM 1 |
| 1116 | #define SSL_FILETYPE_ASN1 2 |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1117 | |
| 1118 | OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, |
| 1119 | const char *file, |
| 1120 | int type); |
| 1121 | OPENSSL_EXPORT int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, |
| 1122 | int type); |
| 1123 | |
| 1124 | OPENSSL_EXPORT int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, |
| 1125 | int type); |
| 1126 | OPENSSL_EXPORT int SSL_use_certificate_file(SSL *ssl, const char *file, |
| 1127 | int type); |
| 1128 | |
| 1129 | OPENSSL_EXPORT int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, |
| 1130 | int type); |
| 1131 | OPENSSL_EXPORT int SSL_use_PrivateKey_file(SSL *ssl, const char *file, |
| 1132 | int type); |
| 1133 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1134 | // SSL_CTX_use_certificate_chain_file configures certificates for |ctx|. It |
| 1135 | // reads the contents of |file| as a PEM-encoded leaf certificate followed |
| 1136 | // optionally by the certificate chain to send to the peer. It returns one on |
| 1137 | // success and zero on failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1138 | OPENSSL_EXPORT int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, |
| 1139 | const char *file); |
| 1140 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1141 | // SSL_CTX_set_default_passwd_cb sets the password callback for PEM-based |
| 1142 | // convenience functions called on |ctx|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1143 | OPENSSL_EXPORT void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, |
| 1144 | pem_password_cb *cb); |
| 1145 | |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 1146 | // SSL_CTX_get_default_passwd_cb returns the callback set by |
| 1147 | // |SSL_CTX_set_default_passwd_cb|. |
| 1148 | OPENSSL_EXPORT pem_password_cb *SSL_CTX_get_default_passwd_cb( |
| 1149 | const SSL_CTX *ctx); |
| 1150 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1151 | // SSL_CTX_set_default_passwd_cb_userdata sets the userdata parameter for |
| 1152 | // |ctx|'s password callback. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1153 | OPENSSL_EXPORT void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, |
| 1154 | void *data); |
| 1155 | |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 1156 | // SSL_CTX_get_default_passwd_cb_userdata returns the userdata parameter set by |
| 1157 | // |SSL_CTX_set_default_passwd_cb_userdata|. |
| 1158 | OPENSSL_EXPORT void *SSL_CTX_get_default_passwd_cb_userdata(const SSL_CTX *ctx); |
| 1159 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1160 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1161 | // Custom private keys. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1162 | |
| 1163 | enum ssl_private_key_result_t { |
| 1164 | ssl_private_key_success, |
| 1165 | ssl_private_key_retry, |
| 1166 | ssl_private_key_failure, |
| 1167 | }; |
| 1168 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1169 | // ssl_private_key_method_st (aka |SSL_PRIVATE_KEY_METHOD|) describes private |
| 1170 | // key hooks. This is used to off-load signing operations to a custom, |
| 1171 | // potentially asynchronous, backend. Metadata about the key such as the type |
| 1172 | // and size are parsed out of the certificate. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 1173 | struct ssl_private_key_method_st { |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1174 | // sign signs the message |in| in using the specified signature algorithm. On |
| 1175 | // success, it returns |ssl_private_key_success| and writes at most |max_out| |
| 1176 | // bytes of signature data to |out| and sets |*out_len| to the number of bytes |
| 1177 | // written. On failure, it returns |ssl_private_key_failure|. If the operation |
| 1178 | // has not completed, it returns |ssl_private_key_retry|. |sign| should |
| 1179 | // arrange for the high-level operation on |ssl| to be retried when the |
| 1180 | // operation is completed. This will result in a call to |complete|. |
| 1181 | // |
| 1182 | // |signature_algorithm| is one of the |SSL_SIGN_*| values, as defined in TLS |
| 1183 | // 1.3. Note that, in TLS 1.2, ECDSA algorithms do not require that curve |
| 1184 | // sizes match hash sizes, so the curve portion of |SSL_SIGN_ECDSA_*| values |
| 1185 | // must be ignored. BoringSSL will internally handle the curve matching logic |
| 1186 | // where appropriate. |
| 1187 | // |
| 1188 | // It is an error to call |sign| while another private key operation is in |
| 1189 | // progress on |ssl|. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1190 | enum ssl_private_key_result_t (*sign)(SSL *ssl, uint8_t *out, size_t *out_len, |
| 1191 | size_t max_out, |
| 1192 | uint16_t signature_algorithm, |
| 1193 | const uint8_t *in, size_t in_len); |
| 1194 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1195 | // decrypt decrypts |in_len| bytes of encrypted data from |in|. On success it |
| 1196 | // returns |ssl_private_key_success|, writes at most |max_out| bytes of |
| 1197 | // decrypted data to |out| and sets |*out_len| to the actual number of bytes |
| 1198 | // written. On failure it returns |ssl_private_key_failure|. If the operation |
| 1199 | // has not completed, it returns |ssl_private_key_retry|. The caller should |
| 1200 | // arrange for the high-level operation on |ssl| to be retried when the |
| 1201 | // operation is completed, which will result in a call to |complete|. This |
| 1202 | // function only works with RSA keys and should perform a raw RSA decryption |
| 1203 | // operation with no padding. |
| 1204 | // |
| 1205 | // It is an error to call |decrypt| while another private key operation is in |
| 1206 | // progress on |ssl|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1207 | enum ssl_private_key_result_t (*decrypt)(SSL *ssl, uint8_t *out, |
| 1208 | size_t *out_len, size_t max_out, |
| 1209 | const uint8_t *in, size_t in_len); |
| 1210 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1211 | // complete completes a pending operation. If the operation has completed, it |
| 1212 | // returns |ssl_private_key_success| and writes the result to |out| as in |
| 1213 | // |sign|. Otherwise, it returns |ssl_private_key_failure| on failure and |
| 1214 | // |ssl_private_key_retry| if the operation is still in progress. |
| 1215 | // |
| 1216 | // |complete| may be called arbitrarily many times before completion, but it |
| 1217 | // is an error to call |complete| if there is no pending operation in progress |
| 1218 | // on |ssl|. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1219 | enum ssl_private_key_result_t (*complete)(SSL *ssl, uint8_t *out, |
| 1220 | size_t *out_len, size_t max_out); |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 1221 | }; |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1222 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1223 | // SSL_set_private_key_method configures a custom private key on |ssl|. |
| 1224 | // |key_method| must remain valid for the lifetime of |ssl|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1225 | OPENSSL_EXPORT void SSL_set_private_key_method( |
| 1226 | SSL *ssl, const SSL_PRIVATE_KEY_METHOD *key_method); |
| 1227 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1228 | // SSL_CTX_set_private_key_method configures a custom private key on |ctx|. |
| 1229 | // |key_method| must remain valid for the lifetime of |ctx|. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 1230 | OPENSSL_EXPORT void SSL_CTX_set_private_key_method( |
| 1231 | SSL_CTX *ctx, const SSL_PRIVATE_KEY_METHOD *key_method); |
| 1232 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1233 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1234 | // Cipher suites. |
| 1235 | // |
| 1236 | // |SSL_CIPHER| objects represent cipher suites. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1237 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame] | 1238 | DEFINE_CONST_STACK_OF(SSL_CIPHER) |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1239 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1240 | // SSL_get_cipher_by_value returns the structure representing a TLS cipher |
| 1241 | // suite based on its assigned number, or NULL if unknown. See |
| 1242 | // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1243 | OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value); |
| 1244 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1245 | // SSL_CIPHER_get_id returns |cipher|'s id. It may be cast to a |uint16_t| to |
| 1246 | // get the cipher suite value. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1247 | OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher); |
| 1248 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1249 | // SSL_CIPHER_is_aead returns one if |cipher| uses an AEAD cipher. |
Robert Sloan | 8437709 | 2017-08-14 09:33:19 -0700 | [diff] [blame] | 1250 | OPENSSL_EXPORT int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher); |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1251 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1252 | // SSL_CIPHER_is_block_cipher returns one if |cipher| is a block cipher. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1253 | OPENSSL_EXPORT int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher); |
| 1254 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1255 | // SSL_CIPHER_get_cipher_nid returns the NID for |cipher|'s bulk |
| 1256 | // cipher. Possible values are |NID_aes_128_gcm|, |NID_aes_256_gcm|, |
| 1257 | // |NID_chacha20_poly1305|, |NID_aes_128_cbc|, |NID_aes_256_cbc|, and |
| 1258 | // |NID_des_ede3_cbc|. |
Robert Sloan | 8437709 | 2017-08-14 09:33:19 -0700 | [diff] [blame] | 1259 | OPENSSL_EXPORT int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *cipher); |
Adam Langley | fad6327 | 2015-11-12 12:15:39 -0800 | [diff] [blame] | 1260 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1261 | // SSL_CIPHER_get_digest_nid returns the NID for |cipher|'s HMAC if it is a |
| 1262 | // legacy cipher suite. For modern AEAD-based ciphers (see |
| 1263 | // |SSL_CIPHER_is_aead|), it returns |NID_undef|. |
| 1264 | // |
| 1265 | // Note this function only returns the legacy HMAC digest, not the PRF hash. |
Robert Sloan | 8437709 | 2017-08-14 09:33:19 -0700 | [diff] [blame] | 1266 | OPENSSL_EXPORT int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher); |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 1267 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1268 | // SSL_CIPHER_get_kx_nid returns the NID for |cipher|'s key exchange. This may |
| 1269 | // be |NID_kx_rsa|, |NID_kx_ecdhe|, or |NID_kx_psk| for TLS 1.2. In TLS 1.3, |
| 1270 | // cipher suites do not specify the key exchange, so this function returns |
| 1271 | // |NID_kx_any|. |
Robert Sloan | 8437709 | 2017-08-14 09:33:19 -0700 | [diff] [blame] | 1272 | OPENSSL_EXPORT int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *cipher); |
| 1273 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1274 | // SSL_CIPHER_get_auth_nid returns the NID for |cipher|'s authentication |
| 1275 | // type. This may be |NID_auth_rsa|, |NID_auth_ecdsa|, or |NID_auth_psk| for TLS |
| 1276 | // 1.2. In TLS 1.3, cipher suites do not specify authentication, so this |
| 1277 | // function returns |NID_auth_any|. |
Robert Sloan | 8437709 | 2017-08-14 09:33:19 -0700 | [diff] [blame] | 1278 | OPENSSL_EXPORT int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher); |
Steven Valdez | b0b45c6 | 2017-01-17 16:23:54 -0500 | [diff] [blame] | 1279 | |
Robert Sloan | 2e9e66a | 2017-09-25 09:08:29 -0700 | [diff] [blame] | 1280 | // SSL_CIPHER_get_prf_nid retuns the NID for |cipher|'s PRF hash. If |cipher| is |
| 1281 | // a pre-TLS-1.2 cipher, it returns |NID_md5_sha1| but note these ciphers use |
| 1282 | // SHA-256 in TLS 1.2. Other return values may be treated uniformly in all |
| 1283 | // applicable versions. |
| 1284 | OPENSSL_EXPORT int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher); |
| 1285 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1286 | // SSL_CIPHER_get_min_version returns the minimum protocol version required |
| 1287 | // for |cipher|. |
Adam Langley | fad6327 | 2015-11-12 12:15:39 -0800 | [diff] [blame] | 1288 | OPENSSL_EXPORT uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher); |
| 1289 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1290 | // SSL_CIPHER_get_max_version returns the maximum protocol version that |
| 1291 | // supports |cipher|. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1292 | OPENSSL_EXPORT uint16_t SSL_CIPHER_get_max_version(const SSL_CIPHER *cipher); |
| 1293 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1294 | // SSL_CIPHER_standard_name returns the standard IETF name for |cipher|. For |
| 1295 | // example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 1296 | OPENSSL_EXPORT const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); |
| 1297 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1298 | // SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. For example, |
| 1299 | // "ECDHE-RSA-AES128-GCM-SHA256". |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1300 | OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); |
| 1301 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1302 | // SSL_CIPHER_get_kx_name returns a string that describes the key-exchange |
| 1303 | // method used by |cipher|. For example, "ECDHE_ECDSA". TLS 1.3 AEAD-only |
| 1304 | // ciphers return the string "GENERIC". |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1305 | OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher); |
| 1306 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1307 | // SSL_CIPHER_get_bits returns the strength, in bits, of |cipher|. If |
| 1308 | // |out_alg_bits| is not NULL, it writes the number of bits consumed by the |
| 1309 | // symmetric algorithm to |*out_alg_bits|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1310 | OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, |
| 1311 | int *out_alg_bits); |
| 1312 | |
| 1313 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1314 | // Cipher suite configuration. |
| 1315 | // |
| 1316 | // OpenSSL uses a mini-language to configure cipher suites. The language |
| 1317 | // maintains an ordered list of enabled ciphers, along with an ordered list of |
| 1318 | // disabled but available ciphers. Initially, all ciphers are disabled with a |
| 1319 | // default ordering. The cipher string is then interpreted as a sequence of |
| 1320 | // directives, separated by colons, each of which modifies this state. |
| 1321 | // |
| 1322 | // Most directives consist of a one character or empty opcode followed by a |
| 1323 | // selector which matches a subset of available ciphers. |
| 1324 | // |
| 1325 | // Available opcodes are: |
| 1326 | // |
| 1327 | // The empty opcode enables and appends all matching disabled ciphers to the |
| 1328 | // end of the enabled list. The newly appended ciphers are ordered relative to |
| 1329 | // each other matching their order in the disabled list. |
| 1330 | // |
| 1331 | // |-| disables all matching enabled ciphers and prepends them to the disabled |
| 1332 | // list, with relative order from the enabled list preserved. This means the |
| 1333 | // most recently disabled ciphers get highest preference relative to other |
| 1334 | // disabled ciphers if re-enabled. |
| 1335 | // |
| 1336 | // |+| moves all matching enabled ciphers to the end of the enabled list, with |
| 1337 | // relative order preserved. |
| 1338 | // |
| 1339 | // |!| deletes all matching ciphers, enabled or not, from either list. Deleted |
| 1340 | // ciphers will not matched by future operations. |
| 1341 | // |
| 1342 | // A selector may be a specific cipher (using either the standard or OpenSSL |
| 1343 | // name for the cipher) or one or more rules separated by |+|. The final |
| 1344 | // selector matches the intersection of each rule. For instance, |AESGCM+aECDSA| |
| 1345 | // matches ECDSA-authenticated AES-GCM ciphers. |
| 1346 | // |
| 1347 | // Available cipher rules are: |
| 1348 | // |
| 1349 | // |ALL| matches all ciphers. |
| 1350 | // |
| 1351 | // |kRSA|, |kDHE|, |kECDHE|, and |kPSK| match ciphers using plain RSA, DHE, |
| 1352 | // ECDHE, and plain PSK key exchanges, respectively. Note that ECDHE_PSK is |
| 1353 | // matched by |kECDHE| and not |kPSK|. |
| 1354 | // |
| 1355 | // |aRSA|, |aECDSA|, and |aPSK| match ciphers authenticated by RSA, ECDSA, and |
| 1356 | // a pre-shared key, respectively. |
| 1357 | // |
| 1358 | // |RSA|, |DHE|, |ECDHE|, |PSK|, |ECDSA|, and |PSK| are aliases for the |
| 1359 | // corresponding |k*| or |a*| cipher rule. |RSA| is an alias for |kRSA|, not |
| 1360 | // |aRSA|. |
| 1361 | // |
| 1362 | // |3DES|, |AES128|, |AES256|, |AES|, |AESGCM|, |CHACHA20| match ciphers |
| 1363 | // whose bulk cipher use the corresponding encryption scheme. Note that |
| 1364 | // |AES|, |AES128|, and |AES256| match both CBC and GCM ciphers. |
| 1365 | // |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1366 | // |SHA1|, and its alias |SHA|, match legacy cipher suites using HMAC-SHA1. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1367 | // |
| 1368 | // Although implemented, authentication-only ciphers match no rules and must be |
| 1369 | // explicitly selected by name. |
| 1370 | // |
| 1371 | // Deprecated cipher rules: |
| 1372 | // |
| 1373 | // |kEDH|, |EDH|, |kEECDH|, and |EECDH| are legacy aliases for |kDHE|, |DHE|, |
| 1374 | // |kECDHE|, and |ECDHE|, respectively. |
| 1375 | // |
| 1376 | // |HIGH| is an alias for |ALL|. |
| 1377 | // |
| 1378 | // |FIPS| is an alias for |HIGH|. |
| 1379 | // |
| 1380 | // |SSLv3| and |TLSv1| match ciphers available in TLS 1.1 or earlier. |
| 1381 | // |TLSv1_2| matches ciphers new in TLS 1.2. This is confusing and should not |
| 1382 | // be used. |
| 1383 | // |
| 1384 | // Unknown rules are silently ignored by legacy APIs, and rejected by APIs with |
| 1385 | // "strict" in the name, which should be preferred. Cipher lists can be long |
| 1386 | // and it's easy to commit typos. Strict functions will also reject the use of |
| 1387 | // spaces, semi-colons and commas as alternative separators. |
| 1388 | // |
| 1389 | // The special |@STRENGTH| directive will sort all enabled ciphers by strength. |
| 1390 | // |
| 1391 | // The |DEFAULT| directive, when appearing at the front of the string, expands |
| 1392 | // to the default ordering of available ciphers. |
| 1393 | // |
| 1394 | // If configuring a server, one may also configure equal-preference groups to |
| 1395 | // partially respect the client's preferences when |
| 1396 | // |SSL_OP_CIPHER_SERVER_PREFERENCE| is enabled. Ciphers in an equal-preference |
| 1397 | // group have equal priority and use the client order. This may be used to |
| 1398 | // enforce that AEADs are preferred but select AES-GCM vs. ChaCha20-Poly1305 |
| 1399 | // based on client preferences. An equal-preference is specified with square |
| 1400 | // brackets, combining multiple selectors separated by |. For example: |
| 1401 | // |
| 1402 | // [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256] |
| 1403 | // |
| 1404 | // Once an equal-preference group is used, future directives must be |
| 1405 | // opcode-less. Inside an equal-preference group, spaces are not allowed. |
| 1406 | // |
| 1407 | // TLS 1.3 ciphers do not participate in this mechanism and instead have a |
| 1408 | // built-in preference order. Functions to set cipher lists do not affect TLS |
| 1409 | // 1.3, and functions to query the cipher list do not include TLS 1.3 |
| 1410 | // ciphers. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1411 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1412 | // SSL_DEFAULT_CIPHER_LIST is the default cipher suite configuration. It is |
| 1413 | // substituted when a cipher string starts with 'DEFAULT'. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1414 | #define SSL_DEFAULT_CIPHER_LIST "ALL" |
| 1415 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1416 | // SSL_CTX_set_strict_cipher_list configures the cipher list for |ctx|, |
| 1417 | // evaluating |str| as a cipher string and returning error if |str| contains |
| 1418 | // anything meaningless. It returns one on success and zero on failure. |
Robert Sloan | 7c50ec5 | 2017-02-27 08:17:21 -0800 | [diff] [blame] | 1419 | OPENSSL_EXPORT int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx, |
| 1420 | const char *str); |
| 1421 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1422 | // SSL_CTX_set_cipher_list configures the cipher list for |ctx|, evaluating |
| 1423 | // |str| as a cipher string. It returns one on success and zero on failure. |
| 1424 | // |
| 1425 | // Prefer to use |SSL_CTX_set_strict_cipher_list|. This function tolerates |
| 1426 | // garbage inputs, unless an empty cipher list results. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1427 | OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); |
| 1428 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1429 | // SSL_set_strict_cipher_list configures the cipher list for |ssl|, evaluating |
| 1430 | // |str| as a cipher string and returning error if |str| contains anything |
| 1431 | // meaningless. It returns one on success and zero on failure. |
Robert Sloan | 7c50ec5 | 2017-02-27 08:17:21 -0800 | [diff] [blame] | 1432 | OPENSSL_EXPORT int SSL_set_strict_cipher_list(SSL *ssl, const char *str); |
| 1433 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1434 | // SSL_set_cipher_list configures the cipher list for |ssl|, evaluating |str| as |
| 1435 | // a cipher string. It returns one on success and zero on failure. |
| 1436 | // |
| 1437 | // Prefer to use |SSL_set_strict_cipher_list|. This function tolerates garbage |
| 1438 | // inputs, unless an empty cipher list results. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1439 | OPENSSL_EXPORT int SSL_set_cipher_list(SSL *ssl, const char *str); |
| 1440 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1441 | // SSL_CTX_get_ciphers returns the cipher list for |ctx|, in order of |
| 1442 | // preference. |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1443 | OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); |
| 1444 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1445 | // SSL_CTX_cipher_in_group returns one if the |i|th cipher (see |
| 1446 | // |SSL_CTX_get_ciphers|) is in the same equipreference group as the one |
| 1447 | // following it and zero otherwise. |
Robert Sloan | 8437709 | 2017-08-14 09:33:19 -0700 | [diff] [blame] | 1448 | OPENSSL_EXPORT int SSL_CTX_cipher_in_group(const SSL_CTX *ctx, size_t i); |
| 1449 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1450 | // SSL_get_ciphers returns the cipher list for |ssl|, in order of preference. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1451 | OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); |
| 1452 | |
| 1453 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1454 | // Connection information. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 1455 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1456 | // SSL_is_init_finished returns one if |ssl| has completed its initial handshake |
| 1457 | // and has no pending handshake. It returns zero otherwise. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1458 | OPENSSL_EXPORT int SSL_is_init_finished(const SSL *ssl); |
| 1459 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1460 | // SSL_in_init returns one if |ssl| has a pending handshake and zero |
| 1461 | // otherwise. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1462 | OPENSSL_EXPORT int SSL_in_init(const SSL *ssl); |
| 1463 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1464 | // SSL_in_false_start returns one if |ssl| has a pending handshake that is in |
| 1465 | // False Start. |SSL_write| may be called at this point without waiting for the |
| 1466 | // peer, but |SSL_read| will complete the handshake before accepting application |
| 1467 | // data. |
| 1468 | // |
| 1469 | // See also |SSL_MODE_ENABLE_FALSE_START|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1470 | OPENSSL_EXPORT int SSL_in_false_start(const SSL *ssl); |
| 1471 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1472 | // SSL_get_peer_certificate returns the peer's leaf certificate or NULL if the |
| 1473 | // peer did not use certificates. The caller must call |X509_free| on the |
| 1474 | // result to release it. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1475 | OPENSSL_EXPORT X509 *SSL_get_peer_certificate(const SSL *ssl); |
| 1476 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1477 | // SSL_get_peer_cert_chain returns the peer's certificate chain or NULL if |
| 1478 | // unavailable or the peer did not use certificates. This is the unverified list |
| 1479 | // of certificates as sent by the peer, not the final chain built during |
| 1480 | // verification. The caller does not take ownership of the result. |
| 1481 | // |
| 1482 | // WARNING: This function behaves differently between client and server. If |
| 1483 | // |ssl| is a server, the returned chain does not include the leaf certificate. |
| 1484 | // If a client, it does. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1485 | OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); |
| 1486 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1487 | // SSL_get_peer_full_cert_chain returns the peer's certificate chain, or NULL if |
| 1488 | // unavailable or the peer did not use certificates. This is the unverified list |
| 1489 | // of certificates as sent by the peer, not the final chain built during |
| 1490 | // verification. The caller does not take ownership of the result. |
| 1491 | // |
| 1492 | // This is the same as |SSL_get_peer_cert_chain| except that this function |
| 1493 | // always returns the full chain, i.e. the first element of the return value |
| 1494 | // (if any) will be the leaf certificate. In constrast, |
| 1495 | // |SSL_get_peer_cert_chain| returns only the intermediate certificates if the |
| 1496 | // |ssl| is a server. |
Steven Valdez | e7531f0 | 2016-12-14 13:29:57 -0500 | [diff] [blame] | 1497 | OPENSSL_EXPORT STACK_OF(X509) *SSL_get_peer_full_cert_chain(const SSL *ssl); |
| 1498 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1499 | // SSL_get0_peer_certificates returns the peer's certificate chain, or NULL if |
| 1500 | // unavailable or the peer did not use certificates. This is the unverified list |
| 1501 | // of certificates as sent by the peer, not the final chain built during |
| 1502 | // verification. The caller does not take ownership of the result. |
| 1503 | // |
| 1504 | // This is the |CRYPTO_BUFFER| variant of |SSL_get_peer_full_cert_chain|. |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1505 | OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) * |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1506 | SSL_get0_peer_certificates(const SSL *ssl); |
| 1507 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1508 | // SSL_get0_signed_cert_timestamp_list sets |*out| and |*out_len| to point to |
| 1509 | // |*out_len| bytes of SCT information from the server. This is only valid if |
| 1510 | // |ssl| is a client. The SCT information is a SignedCertificateTimestampList |
| 1511 | // (including the two leading length bytes). |
| 1512 | // See https://tools.ietf.org/html/rfc6962#section-3.3 |
| 1513 | // If no SCT was received then |*out_len| will be zero on return. |
| 1514 | // |
| 1515 | // WARNING: the returned data is not guaranteed to be well formed. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1516 | OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, |
| 1517 | const uint8_t **out, |
| 1518 | size_t *out_len); |
| 1519 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1520 | // SSL_get0_ocsp_response sets |*out| and |*out_len| to point to |*out_len| |
| 1521 | // bytes of an OCSP response from the server. This is the DER encoding of an |
| 1522 | // OCSPResponse type as defined in RFC 2560. |
| 1523 | // |
| 1524 | // WARNING: the returned data is not guaranteed to be well formed. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1525 | OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out, |
| 1526 | size_t *out_len); |
| 1527 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1528 | // SSL_get_tls_unique writes at most |max_out| bytes of the tls-unique value |
| 1529 | // for |ssl| to |out| and sets |*out_len| to the number of bytes written. It |
| 1530 | // returns one on success or zero on error. In general |max_out| should be at |
| 1531 | // least 12. |
| 1532 | // |
| 1533 | // This function will always fail if the initial handshake has not completed. |
| 1534 | // The tls-unique value will change after a renegotiation but, since |
| 1535 | // renegotiations can be initiated by the server at any point, the higher-level |
| 1536 | // protocol must either leave them disabled or define states in which the |
| 1537 | // tls-unique value can be read. |
| 1538 | // |
| 1539 | // The tls-unique value is defined by |
| 1540 | // https://tools.ietf.org/html/rfc5929#section-3.1. Due to a weakness in the |
| 1541 | // TLS protocol, tls-unique is broken for resumed connections unless the |
| 1542 | // Extended Master Secret extension is negotiated. Thus this function will |
| 1543 | // return zero if |ssl| performed session resumption unless EMS was used when |
| 1544 | // negotiating the original session. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 1545 | OPENSSL_EXPORT int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, |
| 1546 | size_t *out_len, size_t max_out); |
| 1547 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1548 | // SSL_get_extms_support returns one if the Extended Master Secret extension or |
| 1549 | // TLS 1.3 was negotiated. Otherwise, it returns zero. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1550 | OPENSSL_EXPORT int SSL_get_extms_support(const SSL *ssl); |
| 1551 | |
Robert Sloan | a51059f | 2018-11-12 13:38:50 -0800 | [diff] [blame] | 1552 | // SSL_get_current_cipher returns cipher suite used by |ssl|, or NULL if it has |
| 1553 | // not been negotiated yet. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1554 | OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); |
| 1555 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1556 | // SSL_session_reused returns one if |ssl| performed an abbreviated handshake |
| 1557 | // and zero otherwise. |
| 1558 | // |
| 1559 | // TODO(davidben): Hammer down the semantics of this API while a handshake, |
| 1560 | // initial or renego, is in progress. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1561 | OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl); |
| 1562 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1563 | // SSL_get_secure_renegotiation_support returns one if the peer supports secure |
| 1564 | // renegotiation (RFC 5746) or TLS 1.3. Otherwise, it returns zero. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1565 | OPENSSL_EXPORT int SSL_get_secure_renegotiation_support(const SSL *ssl); |
| 1566 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1567 | // SSL_export_keying_material exports a value derived from the master secret, as |
| 1568 | // specified in RFC 5705. It writes |out_len| bytes to |out| given a label and |
| 1569 | // optional context. (Since a zero length context is allowed, the |use_context| |
| 1570 | // flag controls whether a context is included.) |
| 1571 | // |
| 1572 | // It returns one on success and zero otherwise. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1573 | OPENSSL_EXPORT int SSL_export_keying_material( |
| 1574 | SSL *ssl, uint8_t *out, size_t out_len, const char *label, size_t label_len, |
| 1575 | const uint8_t *context, size_t context_len, int use_context); |
| 1576 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1577 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1578 | // Sessions. |
| 1579 | // |
| 1580 | // An |SSL_SESSION| represents an SSL session that may be resumed in an |
| 1581 | // abbreviated handshake. It is reference-counted and immutable. Once |
| 1582 | // established, an |SSL_SESSION| may be shared by multiple |SSL| objects on |
| 1583 | // different threads and must not be modified. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1584 | |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 1585 | DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1586 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1587 | // SSL_SESSION_new returns a newly-allocated blank |SSL_SESSION| or NULL on |
| 1588 | // error. This may be useful when writing tests but should otherwise not be |
| 1589 | // used. |
Robert Sloan | 5d62578 | 2017-02-13 09:55:39 -0800 | [diff] [blame] | 1590 | OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_new(const SSL_CTX *ctx); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1591 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1592 | // SSL_SESSION_up_ref increments the reference count of |session| and returns |
| 1593 | // one. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 1594 | OPENSSL_EXPORT int SSL_SESSION_up_ref(SSL_SESSION *session); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1595 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1596 | // SSL_SESSION_free decrements the reference count of |session|. If it reaches |
| 1597 | // zero, all data referenced by |session| and |session| itself are released. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1598 | OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session); |
| 1599 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1600 | // SSL_SESSION_to_bytes serializes |in| into a newly allocated buffer and sets |
| 1601 | // |*out_data| to that buffer and |*out_len| to its length. The caller takes |
| 1602 | // ownership of the buffer and must call |OPENSSL_free| when done. It returns |
| 1603 | // one on success and zero on error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1604 | OPENSSL_EXPORT int SSL_SESSION_to_bytes(const SSL_SESSION *in, |
| 1605 | uint8_t **out_data, size_t *out_len); |
| 1606 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1607 | // SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the session |
| 1608 | // identification information, namely the session ID and ticket. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1609 | OPENSSL_EXPORT int SSL_SESSION_to_bytes_for_ticket(const SSL_SESSION *in, |
| 1610 | uint8_t **out_data, |
| 1611 | size_t *out_len); |
| 1612 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1613 | // SSL_SESSION_from_bytes parses |in_len| bytes from |in| as an SSL_SESSION. It |
| 1614 | // returns a newly-allocated |SSL_SESSION| on success or NULL on error. |
Robert Sloan | 5d62578 | 2017-02-13 09:55:39 -0800 | [diff] [blame] | 1615 | OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes( |
| 1616 | const uint8_t *in, size_t in_len, const SSL_CTX *ctx); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1617 | |
Robert Sloan | ae1abf9 | 2017-10-05 12:50:08 -0700 | [diff] [blame] | 1618 | // SSL_SESSION_get_version returns a string describing the TLS or DTLS version |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1619 | // |session| was established at. For example, "TLSv1.2" or "DTLSv1". |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1620 | OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *session); |
| 1621 | |
Robert Sloan | ae1abf9 | 2017-10-05 12:50:08 -0700 | [diff] [blame] | 1622 | // SSL_SESSION_get_protocol_version returns the TLS or DTLS version |session| |
| 1623 | // was established at. |
| 1624 | OPENSSL_EXPORT uint16_t |
| 1625 | SSL_SESSION_get_protocol_version(const SSL_SESSION *session); |
| 1626 | |
| 1627 | // SSL_SESSION_set_protocol_version sets |session|'s TLS or DTLS version to |
| 1628 | // |version|. This may be useful when writing tests but should otherwise not be |
| 1629 | // used. It returns one on success and zero on error. |
| 1630 | OPENSSL_EXPORT int SSL_SESSION_set_protocol_version(SSL_SESSION *session, |
| 1631 | uint16_t version); |
| 1632 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1633 | // SSL_MAX_SSL_SESSION_ID_LENGTH is the maximum length of an SSL session ID. |
| 1634 | #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 |
| 1635 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1636 | // SSL_SESSION_get_id returns a pointer to a buffer containing |session|'s |
| 1637 | // session ID and sets |*out_len| to its length. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1638 | OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session, |
| 1639 | unsigned *out_len); |
| 1640 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1641 | // SSL_SESSION_set1_id sets |session|'s session ID to |sid|, It returns one on |
| 1642 | // success and zero on error. This function may be useful in writing tests but |
| 1643 | // otherwise should not be used. |
| 1644 | OPENSSL_EXPORT int SSL_SESSION_set1_id(SSL_SESSION *session, const uint8_t *sid, |
| 1645 | size_t sid_len); |
| 1646 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1647 | // SSL_SESSION_get_time returns the time at which |session| was established in |
| 1648 | // seconds since the UNIX epoch. |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1649 | OPENSSL_EXPORT uint64_t SSL_SESSION_get_time(const SSL_SESSION *session); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1650 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1651 | // SSL_SESSION_get_timeout returns the lifetime of |session| in seconds. |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1652 | OPENSSL_EXPORT uint32_t SSL_SESSION_get_timeout(const SSL_SESSION *session); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1653 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1654 | // SSL_SESSION_get0_peer returns the peer leaf certificate stored in |
| 1655 | // |session|. |
| 1656 | // |
| 1657 | // TODO(davidben): This should return a const X509 *. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1658 | OPENSSL_EXPORT X509 *SSL_SESSION_get0_peer(const SSL_SESSION *session); |
| 1659 | |
Robert Sloan | c6ebb28 | 2018-04-30 10:10:26 -0700 | [diff] [blame] | 1660 | // SSL_SESSION_get0_peer_certificates returns the peer certificate chain stored |
| 1661 | // in |session|, or NULL if the peer did not use certificates. This is the |
| 1662 | // unverified list of certificates as sent by the peer, not the final chain |
| 1663 | // built during verification. The caller does not take ownership of the result. |
| 1664 | OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) * |
| 1665 | SSL_SESSION_get0_peer_certificates(const SSL_SESSION *session); |
| 1666 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1667 | // SSL_SESSION_get0_signed_cert_timestamp_list sets |*out| and |*out_len| to |
| 1668 | // point to |*out_len| bytes of SCT information stored in |session|. This is |
| 1669 | // only valid for client sessions. The SCT information is a |
| 1670 | // SignedCertificateTimestampList (including the two leading length bytes). See |
| 1671 | // https://tools.ietf.org/html/rfc6962#section-3.3 If no SCT was received then |
| 1672 | // |*out_len| will be zero on return. |
| 1673 | // |
| 1674 | // WARNING: the returned data is not guaranteed to be well formed. |
| 1675 | OPENSSL_EXPORT void SSL_SESSION_get0_signed_cert_timestamp_list( |
| 1676 | const SSL_SESSION *session, const uint8_t **out, size_t *out_len); |
| 1677 | |
| 1678 | // SSL_SESSION_get0_ocsp_response sets |*out| and |*out_len| to point to |
| 1679 | // |*out_len| bytes of an OCSP response from the server. This is the DER |
| 1680 | // encoding of an OCSPResponse type as defined in RFC 2560. |
| 1681 | // |
| 1682 | // WARNING: the returned data is not guaranteed to be well formed. |
| 1683 | OPENSSL_EXPORT void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session, |
| 1684 | const uint8_t **out, |
| 1685 | size_t *out_len); |
| 1686 | |
| 1687 | // SSL_MAX_MASTER_KEY_LENGTH is the maximum length of a master secret. |
| 1688 | #define SSL_MAX_MASTER_KEY_LENGTH 48 |
| 1689 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1690 | // SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s master |
| 1691 | // secret to |out| and returns the number of bytes written. If |max_out| is |
| 1692 | // zero, it returns the size of the master secret. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 1693 | OPENSSL_EXPORT size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, |
| 1694 | uint8_t *out, size_t max_out); |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 1695 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1696 | // SSL_SESSION_set_time sets |session|'s creation time to |time| and returns |
| 1697 | // |time|. This function may be useful in writing tests but otherwise should not |
| 1698 | // be used. |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1699 | OPENSSL_EXPORT uint64_t SSL_SESSION_set_time(SSL_SESSION *session, |
| 1700 | uint64_t time); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1701 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1702 | // SSL_SESSION_set_timeout sets |session|'s timeout to |timeout| and returns |
| 1703 | // one. This function may be useful in writing tests but otherwise should not |
| 1704 | // be used. |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1705 | OPENSSL_EXPORT uint32_t SSL_SESSION_set_timeout(SSL_SESSION *session, |
| 1706 | uint32_t timeout); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1707 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1708 | // SSL_SESSION_get0_id_context returns a pointer to a buffer containing |
| 1709 | // |session|'s session ID context (see |SSL_CTX_set_session_id_context|) and |
| 1710 | // sets |*out_len| to its length. |
| 1711 | OPENSSL_EXPORT const uint8_t *SSL_SESSION_get0_id_context( |
| 1712 | const SSL_SESSION *session, unsigned *out_len); |
| 1713 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1714 | // SSL_SESSION_set1_id_context sets |session|'s session ID context (see |
| 1715 | // |SSL_CTX_set_session_id_context|) to |sid_ctx|. It returns one on success and |
| 1716 | // zero on error. This function may be useful in writing tests but otherwise |
| 1717 | // should not be used. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1718 | OPENSSL_EXPORT int SSL_SESSION_set1_id_context(SSL_SESSION *session, |
| 1719 | const uint8_t *sid_ctx, |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 1720 | size_t sid_ctx_len); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1721 | |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 1722 | // SSL_SESSION_should_be_single_use returns one if |session| should be |
| 1723 | // single-use (TLS 1.3 and later) and zero otherwise. |
| 1724 | // |
| 1725 | // If this function returns one, clients retain multiple sessions and use each |
| 1726 | // only once. This prevents passive observers from correlating connections with |
Robert Sloan | d9e572d | 2018-08-27 12:27:00 -0700 | [diff] [blame] | 1727 | // tickets. See RFC 8446, appendix C.4. If it returns zero, |session| cannot be |
| 1728 | // used without leaking a correlator. |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 1729 | OPENSSL_EXPORT int SSL_SESSION_should_be_single_use(const SSL_SESSION *session); |
| 1730 | |
| 1731 | // SSL_SESSION_is_resumable returns one if |session| is resumable and zero |
| 1732 | // otherwise. |
| 1733 | OPENSSL_EXPORT int SSL_SESSION_is_resumable(const SSL_SESSION *session); |
| 1734 | |
| 1735 | // SSL_SESSION_has_ticket returns one if |session| has a ticket and zero |
| 1736 | // otherwise. |
| 1737 | OPENSSL_EXPORT int SSL_SESSION_has_ticket(const SSL_SESSION *session); |
| 1738 | |
| 1739 | // SSL_SESSION_get0_ticket sets |*out_ticket| and |*out_len| to |session|'s |
| 1740 | // ticket, or NULL and zero if it does not have one. |out_ticket| may be NULL |
| 1741 | // if only the ticket length is needed. |
| 1742 | OPENSSL_EXPORT void SSL_SESSION_get0_ticket(const SSL_SESSION *session, |
| 1743 | const uint8_t **out_ticket, |
| 1744 | size_t *out_len); |
| 1745 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1746 | // SSL_SESSION_set_ticket sets |session|'s ticket to |ticket|. It returns one on |
| 1747 | // success and zero on error. This function may be useful in writing tests but |
| 1748 | // otherwise should not be used. |
| 1749 | OPENSSL_EXPORT int SSL_SESSION_set_ticket(SSL_SESSION *session, |
| 1750 | const uint8_t *ticket, |
| 1751 | size_t ticket_len); |
| 1752 | |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 1753 | // SSL_SESSION_get_ticket_lifetime_hint returns ticket lifetime hint of |
| 1754 | // |session| in seconds or zero if none was set. |
| 1755 | OPENSSL_EXPORT uint32_t |
| 1756 | SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); |
| 1757 | |
Robert Sloan | 15c0b35 | 2018-04-16 08:36:46 -0700 | [diff] [blame] | 1758 | // SSL_SESSION_get0_cipher returns the cipher negotiated by the connection which |
| 1759 | // established |session|. |
| 1760 | // |
| 1761 | // Note that, in TLS 1.3, there is no guarantee that resumptions with |session| |
| 1762 | // will use that cipher. Prefer calling |SSL_get_current_cipher| on the |SSL| |
| 1763 | // instead. |
| 1764 | OPENSSL_EXPORT const SSL_CIPHER *SSL_SESSION_get0_cipher( |
| 1765 | const SSL_SESSION *session); |
| 1766 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1767 | // SSL_SESSION_has_peer_sha256 returns one if |session| has a SHA-256 hash of |
| 1768 | // the peer's certificate retained and zero if the peer did not present a |
| 1769 | // certificate or if this was not enabled when |session| was created. See also |
| 1770 | // |SSL_CTX_set_retain_only_sha256_of_client_certs|. |
| 1771 | OPENSSL_EXPORT int SSL_SESSION_has_peer_sha256(const SSL_SESSION *session); |
| 1772 | |
| 1773 | // SSL_SESSION_get0_peer_sha256 sets |*out_ptr| and |*out_len| to the SHA-256 |
| 1774 | // hash of the peer certificate retained in |session|, or NULL and zero if it |
| 1775 | // does not have one. See also |SSL_CTX_set_retain_only_sha256_of_client_certs|. |
| 1776 | OPENSSL_EXPORT void SSL_SESSION_get0_peer_sha256(const SSL_SESSION *session, |
| 1777 | const uint8_t **out_ptr, |
| 1778 | size_t *out_len); |
| 1779 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1780 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1781 | // Session caching. |
| 1782 | // |
| 1783 | // Session caching allows connections to be established more efficiently based |
| 1784 | // on saved parameters from a previous connection, called a session (see |
| 1785 | // |SSL_SESSION|). The client offers a saved session, using an opaque identifier |
| 1786 | // from a previous connection. The server may accept the session, if it has the |
| 1787 | // parameters available. Otherwise, it will decline and continue with a full |
| 1788 | // handshake. |
| 1789 | // |
| 1790 | // This requires both the client and the server to retain session state. A |
| 1791 | // client does so with a stateful session cache. A server may do the same or, if |
| 1792 | // supported by both sides, statelessly using session tickets. For more |
| 1793 | // information on the latter, see the next section. |
| 1794 | // |
| 1795 | // For a server, the library implements a built-in internal session cache as an |
| 1796 | // in-memory hash table. Servers may also use |SSL_CTX_sess_set_get_cb| and |
| 1797 | // |SSL_CTX_sess_set_new_cb| to implement a custom external session cache. In |
| 1798 | // particular, this may be used to share a session cache between multiple |
| 1799 | // servers in a large deployment. An external cache may be used in addition to |
| 1800 | // or instead of the internal one. Use |SSL_CTX_set_session_cache_mode| to |
| 1801 | // toggle the internal cache. |
| 1802 | // |
| 1803 | // For a client, the only option is an external session cache. Clients may use |
| 1804 | // |SSL_CTX_sess_set_new_cb| to register a callback for when new sessions are |
| 1805 | // available. These may be cached and, in subsequent compatible connections, |
| 1806 | // configured with |SSL_set_session|. |
| 1807 | // |
| 1808 | // Note that offering or accepting a session short-circuits certificate |
| 1809 | // verification and most parameter negotiation. Resuming sessions across |
| 1810 | // different contexts may result in security failures and surprising |
| 1811 | // behavior. For a typical client, this means sessions for different hosts must |
| 1812 | // be cached under different keys. A client that connects to the same host with, |
| 1813 | // e.g., different cipher suite settings or client certificates should also use |
| 1814 | // separate session caches between those contexts. Servers should also partition |
| 1815 | // session caches between SNI hosts with |SSL_CTX_set_session_id_context|. |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 1816 | // |
| 1817 | // Note also, in TLS 1.2 and earlier, offering sessions allows passive observers |
| 1818 | // to correlate different client connections. TLS 1.3 and later fix this, |
| 1819 | // provided clients use sessions at most once. Session caches are managed by the |
| 1820 | // caller in BoringSSL, so this must be implemented externally. See |
| 1821 | // |SSL_SESSION_should_be_single_use| for details. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1822 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1823 | // SSL_SESS_CACHE_OFF disables all session caching. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1824 | #define SSL_SESS_CACHE_OFF 0x0000 |
| 1825 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1826 | // SSL_SESS_CACHE_CLIENT enables session caching for a client. The internal |
| 1827 | // cache is never used on a client, so this only enables the callbacks. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1828 | #define SSL_SESS_CACHE_CLIENT 0x0001 |
| 1829 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1830 | // SSL_SESS_CACHE_SERVER enables session caching for a server. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1831 | #define SSL_SESS_CACHE_SERVER 0x0002 |
| 1832 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1833 | // SSL_SESS_CACHE_BOTH enables session caching for both client and server. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1834 | #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER) |
| 1835 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1836 | // SSL_SESS_CACHE_NO_AUTO_CLEAR disables automatically calling |
| 1837 | // |SSL_CTX_flush_sessions| every 255 connections. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1838 | #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 |
| 1839 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1840 | // SSL_SESS_CACHE_NO_INTERNAL_LOOKUP, on a server, disables looking up a session |
| 1841 | // from the internal session cache. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1842 | #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 |
| 1843 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1844 | // SSL_SESS_CACHE_NO_INTERNAL_STORE, on a server, disables storing sessions in |
| 1845 | // the internal session cache. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1846 | #define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 |
| 1847 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1848 | // SSL_SESS_CACHE_NO_INTERNAL, on a server, disables the internal session |
| 1849 | // cache. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1850 | #define SSL_SESS_CACHE_NO_INTERNAL \ |
| 1851 | (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE) |
| 1852 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1853 | // SSL_CTX_set_session_cache_mode sets the session cache mode bits for |ctx| to |
| 1854 | // |mode|. It returns the previous value. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1855 | OPENSSL_EXPORT int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode); |
| 1856 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1857 | // SSL_CTX_get_session_cache_mode returns the session cache mode bits for |
| 1858 | // |ctx| |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1859 | OPENSSL_EXPORT int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx); |
| 1860 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1861 | // SSL_set_session, for a client, configures |ssl| to offer to resume |session| |
| 1862 | // in the initial handshake and returns one. The caller retains ownership of |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1863 | // |session|. Note that configuring a session assumes the authentication in the |
| 1864 | // session is valid. For callers that wish to revalidate the session before |
| 1865 | // offering, see |SSL_SESSION_get0_peer_certificates|, |
| 1866 | // |SSL_SESSION_get0_signed_cert_timestamp_list|, and |
| 1867 | // |SSL_SESSION_get0_ocsp_response|. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1868 | // |
| 1869 | // It is an error to call this function after the handshake has begun. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1870 | OPENSSL_EXPORT int SSL_set_session(SSL *ssl, SSL_SESSION *session); |
| 1871 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1872 | // SSL_DEFAULT_SESSION_TIMEOUT is the default lifetime, in seconds, of a |
| 1873 | // session in TLS 1.2 or earlier. This is how long we are willing to use the |
| 1874 | // secret to encrypt traffic without fresh key material. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1875 | #define SSL_DEFAULT_SESSION_TIMEOUT (2 * 60 * 60) |
| 1876 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1877 | // SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT is the default lifetime, in seconds, of a |
| 1878 | // session for TLS 1.3 psk_dhe_ke. This is how long we are willing to use the |
| 1879 | // secret as an authenticator. |
Robert Sloan | 4d1ac50 | 2017-02-06 08:36:14 -0800 | [diff] [blame] | 1880 | #define SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT (2 * 24 * 60 * 60) |
| 1881 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1882 | // SSL_DEFAULT_SESSION_AUTH_TIMEOUT is the default non-renewable lifetime, in |
| 1883 | // seconds, of a TLS 1.3 session. This is how long we are willing to trust the |
| 1884 | // signature in the initial handshake. |
Robert Sloan | 4d1ac50 | 2017-02-06 08:36:14 -0800 | [diff] [blame] | 1885 | #define SSL_DEFAULT_SESSION_AUTH_TIMEOUT (7 * 24 * 60 * 60) |
| 1886 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1887 | // SSL_CTX_set_timeout sets the lifetime, in seconds, of TLS 1.2 (or earlier) |
| 1888 | // sessions created in |ctx| to |timeout|. |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1889 | OPENSSL_EXPORT uint32_t SSL_CTX_set_timeout(SSL_CTX *ctx, uint32_t timeout); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1890 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1891 | // SSL_CTX_set_session_psk_dhe_timeout sets the lifetime, in seconds, of TLS 1.3 |
| 1892 | // sessions created in |ctx| to |timeout|. |
Robert Sloan | 4d1ac50 | 2017-02-06 08:36:14 -0800 | [diff] [blame] | 1893 | OPENSSL_EXPORT void SSL_CTX_set_session_psk_dhe_timeout(SSL_CTX *ctx, |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1894 | uint32_t timeout); |
Robert Sloan | 4d1ac50 | 2017-02-06 08:36:14 -0800 | [diff] [blame] | 1895 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1896 | // SSL_CTX_get_timeout returns the lifetime, in seconds, of TLS 1.2 (or earlier) |
| 1897 | // sessions created in |ctx|. |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1898 | OPENSSL_EXPORT uint32_t SSL_CTX_get_timeout(const SSL_CTX *ctx); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1899 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1900 | // SSL_MAX_SID_CTX_LENGTH is the maximum length of a session ID context. |
| 1901 | #define SSL_MAX_SID_CTX_LENGTH 32 |
| 1902 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1903 | // SSL_CTX_set_session_id_context sets |ctx|'s session ID context to |sid_ctx|. |
| 1904 | // It returns one on success and zero on error. The session ID context is an |
| 1905 | // application-defined opaque byte string. A session will not be used in a |
| 1906 | // connection without a matching session ID context. |
| 1907 | // |
| 1908 | // For a server, if |SSL_VERIFY_PEER| is enabled, it is an error to not set a |
| 1909 | // session ID context. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1910 | OPENSSL_EXPORT int SSL_CTX_set_session_id_context(SSL_CTX *ctx, |
| 1911 | const uint8_t *sid_ctx, |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 1912 | size_t sid_ctx_len); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1913 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1914 | // SSL_set_session_id_context sets |ssl|'s session ID context to |sid_ctx|. It |
| 1915 | // returns one on success and zero on error. See also |
| 1916 | // |SSL_CTX_set_session_id_context|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1917 | OPENSSL_EXPORT int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 1918 | size_t sid_ctx_len); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1919 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1920 | // SSL_get0_session_id_context returns a pointer to |ssl|'s session ID context |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 1921 | // and sets |*out_len| to its length. It returns NULL on error. |
David Benjamin | f31229b | 2017-01-25 14:08:15 -0500 | [diff] [blame] | 1922 | OPENSSL_EXPORT const uint8_t *SSL_get0_session_id_context(const SSL *ssl, |
| 1923 | size_t *out_len); |
| 1924 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1925 | // SSL_SESSION_CACHE_MAX_SIZE_DEFAULT is the default maximum size of a session |
| 1926 | // cache. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1927 | #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024 * 20) |
| 1928 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1929 | // SSL_CTX_sess_set_cache_size sets the maximum size of |ctx|'s internal session |
| 1930 | // cache to |size|. It returns the previous value. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1931 | OPENSSL_EXPORT unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, |
| 1932 | unsigned long size); |
| 1933 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1934 | // SSL_CTX_sess_get_cache_size returns the maximum size of |ctx|'s internal |
| 1935 | // session cache. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1936 | OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx); |
| 1937 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1938 | // SSL_CTX_sess_number returns the number of sessions in |ctx|'s internal |
| 1939 | // session cache. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1940 | OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx); |
| 1941 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1942 | // SSL_CTX_add_session inserts |session| into |ctx|'s internal session cache. It |
| 1943 | // returns one on success and zero on error or if |session| is already in the |
| 1944 | // cache. The caller retains its reference to |session|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1945 | OPENSSL_EXPORT int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); |
| 1946 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1947 | // SSL_CTX_remove_session removes |session| from |ctx|'s internal session cache. |
| 1948 | // It returns one on success and zero if |session| was not in the cache. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1949 | OPENSSL_EXPORT int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); |
| 1950 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1951 | // SSL_CTX_flush_sessions removes all sessions from |ctx| which have expired as |
| 1952 | // of time |time|. If |time| is zero, all sessions are removed. |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 1953 | OPENSSL_EXPORT void SSL_CTX_flush_sessions(SSL_CTX *ctx, uint64_t time); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1954 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1955 | // SSL_CTX_sess_set_new_cb sets the callback to be called when a new session is |
| 1956 | // established and ready to be cached. If the session cache is disabled (the |
| 1957 | // appropriate one of |SSL_SESS_CACHE_CLIENT| or |SSL_SESS_CACHE_SERVER| is |
| 1958 | // unset), the callback is not called. |
| 1959 | // |
| 1960 | // The callback is passed a reference to |session|. It returns one if it takes |
| 1961 | // ownership (and then calls |SSL_SESSION_free| when done) and zero otherwise. A |
| 1962 | // consumer which places |session| into an in-memory cache will likely return |
| 1963 | // one, with the cache calling |SSL_SESSION_free|. A consumer which serializes |
| 1964 | // |session| with |SSL_SESSION_to_bytes| may not need to retain |session| and |
| 1965 | // will likely return zero. Returning one is equivalent to calling |
| 1966 | // |SSL_SESSION_up_ref| and then returning zero. |
| 1967 | // |
| 1968 | // Note: For a client, the callback may be called on abbreviated handshakes if a |
| 1969 | // ticket is renewed. Further, it may not be called until some time after |
| 1970 | // |SSL_do_handshake| or |SSL_connect| completes if False Start is enabled. Thus |
| 1971 | // it's recommended to use this callback over calling |SSL_get_session| on |
| 1972 | // handshake completion. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1973 | OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb( |
| 1974 | SSL_CTX *ctx, int (*new_session_cb)(SSL *ssl, SSL_SESSION *session)); |
| 1975 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1976 | // SSL_CTX_sess_get_new_cb returns the callback set by |
| 1977 | // |SSL_CTX_sess_set_new_cb|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1978 | OPENSSL_EXPORT int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))( |
| 1979 | SSL *ssl, SSL_SESSION *session); |
| 1980 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1981 | // SSL_CTX_sess_set_remove_cb sets a callback which is called when a session is |
| 1982 | // removed from the internal session cache. |
| 1983 | // |
| 1984 | // TODO(davidben): What is the point of this callback? It seems useless since it |
| 1985 | // only fires on sessions in the internal cache. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1986 | OPENSSL_EXPORT void SSL_CTX_sess_set_remove_cb( |
| 1987 | SSL_CTX *ctx, |
| 1988 | void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *session)); |
| 1989 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1990 | // SSL_CTX_sess_get_remove_cb returns the callback set by |
| 1991 | // |SSL_CTX_sess_set_remove_cb|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1992 | OPENSSL_EXPORT void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))( |
| 1993 | SSL_CTX *ctx, SSL_SESSION *session); |
| 1994 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 1995 | // SSL_CTX_sess_set_get_cb sets a callback to look up a session by ID for a |
| 1996 | // server. The callback is passed the session ID and should return a matching |
| 1997 | // |SSL_SESSION| or NULL if not found. It should set |*out_copy| to zero and |
| 1998 | // return a new reference to the session. This callback is not used for a |
| 1999 | // client. |
| 2000 | // |
| 2001 | // For historical reasons, if |*out_copy| is set to one (default), the SSL |
| 2002 | // library will take a new reference to the returned |SSL_SESSION|, expecting |
| 2003 | // the callback to return a non-owning pointer. This is not recommended. If |
| 2004 | // |ctx| and thus the callback is used on multiple threads, the session may be |
| 2005 | // removed and invalidated before the SSL library calls |SSL_SESSION_up_ref|, |
| 2006 | // whereas the callback may synchronize internally. |
| 2007 | // |
| 2008 | // To look up a session asynchronously, the callback may return |
| 2009 | // |SSL_magic_pending_session_ptr|. See the documentation for that function and |
| 2010 | // |SSL_ERROR_PENDING_SESSION|. |
| 2011 | // |
| 2012 | // If the internal session cache is enabled, the callback is only consulted if |
| 2013 | // the internal cache does not return a match. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2014 | OPENSSL_EXPORT void SSL_CTX_sess_set_get_cb( |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 2015 | SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(SSL *ssl, const uint8_t *id, |
| 2016 | int id_len, int *out_copy)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2017 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2018 | // SSL_CTX_sess_get_get_cb returns the callback set by |
| 2019 | // |SSL_CTX_sess_set_get_cb|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2020 | OPENSSL_EXPORT SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))( |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 2021 | SSL *ssl, const uint8_t *id, int id_len, int *out_copy); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2022 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2023 | // SSL_magic_pending_session_ptr returns a magic |SSL_SESSION|* which indicates |
| 2024 | // that the session isn't currently unavailable. |SSL_get_error| will then |
| 2025 | // return |SSL_ERROR_PENDING_SESSION| and the handshake can be retried later |
| 2026 | // when the lookup has completed. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2027 | OPENSSL_EXPORT SSL_SESSION *SSL_magic_pending_session_ptr(void); |
| 2028 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2029 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2030 | // Session tickets. |
| 2031 | // |
| 2032 | // Session tickets, from RFC 5077, allow session resumption without server-side |
| 2033 | // state. The server maintains a secret ticket key and sends the client opaque |
| 2034 | // encrypted session parameters, called a ticket. When offering the session, the |
| 2035 | // client sends the ticket which the server decrypts to recover session state. |
| 2036 | // Session tickets are enabled by default but may be disabled with |
| 2037 | // |SSL_OP_NO_TICKET|. |
| 2038 | // |
| 2039 | // On the client, ticket-based sessions use the same APIs as ID-based tickets. |
| 2040 | // Callers do not need to handle them differently. |
| 2041 | // |
| 2042 | // On the server, tickets are encrypted and authenticated with a secret key. By |
| 2043 | // default, an |SSL_CTX| generates a key on creation and uses it for the |
| 2044 | // lifetime of the |SSL_CTX|. Tickets are minted and processed |
| 2045 | // transparently. The following functions may be used to configure a persistent |
| 2046 | // key or implement more custom behavior, including key rotation and sharing |
| 2047 | // keys between multiple servers in a large deployment. There are three levels |
| 2048 | // of customisation possible: |
| 2049 | // |
| 2050 | // 1) One can simply set the keys with |SSL_CTX_set_tlsext_ticket_keys|. |
| 2051 | // 2) One can configure an |EVP_CIPHER_CTX| and |HMAC_CTX| directly for |
| 2052 | // encryption and authentication. |
Robert Sloan | 921ef2c | 2017-10-17 09:02:20 -0700 | [diff] [blame] | 2053 | // 3) One can configure an |SSL_TICKET_AEAD_METHOD| to have more control |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2054 | // and the option of asynchronous decryption. |
| 2055 | // |
| 2056 | // An attacker that compromises a server's session ticket key can impersonate |
| 2057 | // the server and, prior to TLS 1.3, retroactively decrypt all application |
| 2058 | // traffic from sessions using that ticket key. Thus ticket keys must be |
| 2059 | // regularly rotated for forward secrecy. Note the default key is rotated |
| 2060 | // automatically once every 48 hours but manually configured keys are not. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2061 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2062 | // SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL is the interval with which the |
| 2063 | // default session ticket encryption key is rotated, if in use. If any |
| 2064 | // non-default ticket encryption mechanism is configured, automatic rotation is |
| 2065 | // disabled. |
| 2066 | #define SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL (2 * 24 * 60 * 60) |
| 2067 | |
| 2068 | // SSL_CTX_get_tlsext_ticket_keys writes |ctx|'s session ticket key material to |
| 2069 | // |len| bytes of |out|. It returns one on success and zero if |len| is not |
| 2070 | // 48. If |out| is NULL, it returns 48 instead. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2071 | OPENSSL_EXPORT int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, void *out, |
| 2072 | size_t len); |
| 2073 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2074 | // SSL_CTX_set_tlsext_ticket_keys sets |ctx|'s session ticket key material to |
| 2075 | // |len| bytes of |in|. It returns one on success and zero if |len| is not |
| 2076 | // 48. If |in| is NULL, it returns 48 instead. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2077 | OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, |
| 2078 | size_t len); |
| 2079 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2080 | // SSL_TICKET_KEY_NAME_LEN is the length of the key name prefix of a session |
| 2081 | // ticket. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2082 | #define SSL_TICKET_KEY_NAME_LEN 16 |
| 2083 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2084 | // SSL_CTX_set_tlsext_ticket_key_cb sets the ticket callback to |callback| and |
| 2085 | // returns one. |callback| will be called when encrypting a new ticket and when |
| 2086 | // decrypting a ticket from the client. |
| 2087 | // |
| 2088 | // In both modes, |ctx| and |hmac_ctx| will already have been initialized with |
| 2089 | // |EVP_CIPHER_CTX_init| and |HMAC_CTX_init|, respectively. |callback| |
| 2090 | // configures |hmac_ctx| with an HMAC digest and key, and configures |ctx| |
| 2091 | // for encryption or decryption, based on the mode. |
| 2092 | // |
| 2093 | // When encrypting a new ticket, |encrypt| will be one. It writes a public |
| 2094 | // 16-byte key name to |key_name| and a fresh IV to |iv|. The output IV length |
| 2095 | // must match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, |
| 2096 | // |callback| returns 1 on success and -1 on error. |
| 2097 | // |
| 2098 | // When decrypting a ticket, |encrypt| will be zero. |key_name| will point to a |
| 2099 | // 16-byte key name and |iv| points to an IV. The length of the IV consumed must |
| 2100 | // match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, |
| 2101 | // |callback| returns -1 to abort the handshake, 0 if decrypting the ticket |
| 2102 | // failed, and 1 or 2 on success. If it returns 2, the ticket will be renewed. |
| 2103 | // This may be used to re-key the ticket. |
| 2104 | // |
| 2105 | // WARNING: |callback| wildly breaks the usual return value convention and is |
| 2106 | // called in two different modes. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2107 | OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( |
| 2108 | SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, |
| 2109 | EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, |
| 2110 | int encrypt)); |
| 2111 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2112 | // ssl_ticket_aead_result_t enumerates the possible results from decrypting a |
| 2113 | // ticket with an |SSL_TICKET_AEAD_METHOD|. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2114 | enum ssl_ticket_aead_result_t { |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2115 | // ssl_ticket_aead_success indicates that the ticket was successfully |
| 2116 | // decrypted. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2117 | ssl_ticket_aead_success, |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2118 | // ssl_ticket_aead_retry indicates that the operation could not be |
| 2119 | // immediately completed and must be reattempted, via |open|, at a later |
| 2120 | // point. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2121 | ssl_ticket_aead_retry, |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2122 | // ssl_ticket_aead_ignore_ticket indicates that the ticket should be ignored |
| 2123 | // (i.e. is corrupt or otherwise undecryptable). |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2124 | ssl_ticket_aead_ignore_ticket, |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2125 | // ssl_ticket_aead_error indicates that a fatal error occured and the |
| 2126 | // handshake should be terminated. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2127 | ssl_ticket_aead_error, |
| 2128 | }; |
| 2129 | |
Robert Sloan | 921ef2c | 2017-10-17 09:02:20 -0700 | [diff] [blame] | 2130 | // ssl_ticket_aead_method_st (aka |SSL_TICKET_AEAD_METHOD|) contains methods |
| 2131 | // for encrypting and decrypting session tickets. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2132 | struct ssl_ticket_aead_method_st { |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2133 | // max_overhead returns the maximum number of bytes of overhead that |seal| |
| 2134 | // may add. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2135 | size_t (*max_overhead)(SSL *ssl); |
| 2136 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2137 | // seal encrypts and authenticates |in_len| bytes from |in|, writes, at most, |
| 2138 | // |max_out_len| bytes to |out|, and puts the number of bytes written in |
| 2139 | // |*out_len|. The |in| and |out| buffers may be equal but will not otherwise |
| 2140 | // alias. It returns one on success or zero on error. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2141 | int (*seal)(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out_len, |
| 2142 | const uint8_t *in, size_t in_len); |
| 2143 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2144 | // open authenticates and decrypts |in_len| bytes from |in|, writes, at most, |
| 2145 | // |max_out_len| bytes of plaintext to |out|, and puts the number of bytes |
| 2146 | // written in |*out_len|. The |in| and |out| buffers may be equal but will |
| 2147 | // not otherwise alias. See |ssl_ticket_aead_result_t| for details of the |
| 2148 | // return values. In the case that a retry is indicated, the caller should |
| 2149 | // arrange for the high-level operation on |ssl| to be retried when the |
| 2150 | // operation is completed, which will result in another call to |open|. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2151 | enum ssl_ticket_aead_result_t (*open)(SSL *ssl, uint8_t *out, size_t *out_len, |
| 2152 | size_t max_out_len, const uint8_t *in, |
| 2153 | size_t in_len); |
| 2154 | }; |
| 2155 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2156 | // SSL_CTX_set_ticket_aead_method configures a custom ticket AEAD method table |
| 2157 | // on |ctx|. |aead_method| must remain valid for the lifetime of |ctx|. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2158 | OPENSSL_EXPORT void SSL_CTX_set_ticket_aead_method( |
| 2159 | SSL_CTX *ctx, const SSL_TICKET_AEAD_METHOD *aead_method); |
| 2160 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2161 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2162 | // Elliptic curve Diffie-Hellman. |
| 2163 | // |
| 2164 | // Cipher suites using an ECDHE key exchange perform Diffie-Hellman over an |
| 2165 | // elliptic curve negotiated by both endpoints. See RFC 4492. Only named curves |
| 2166 | // are supported. ECDHE is always enabled, but the curve preferences may be |
| 2167 | // configured with these functions. |
| 2168 | // |
| 2169 | // Note that TLS 1.3 renames these from curves to groups. For consistency, we |
| 2170 | // currently use the TLS 1.2 name in the API. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2171 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2172 | // SSL_CTX_set1_curves sets the preferred curves for |ctx| to be |curves|. Each |
| 2173 | // element of |curves| should be a curve nid. It returns one on success and |
| 2174 | // zero on failure. |
| 2175 | // |
| 2176 | // Note that this API uses nid values from nid.h and not the |SSL_CURVE_*| |
| 2177 | // values defined below. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2178 | OPENSSL_EXPORT int SSL_CTX_set1_curves(SSL_CTX *ctx, const int *curves, |
| 2179 | size_t curves_len); |
| 2180 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2181 | // SSL_set1_curves sets the preferred curves for |ssl| to be |curves|. Each |
| 2182 | // element of |curves| should be a curve nid. It returns one on success and |
| 2183 | // zero on failure. |
| 2184 | // |
| 2185 | // Note that this API uses nid values from nid.h and not the |SSL_CURVE_*| |
| 2186 | // values defined below. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2187 | OPENSSL_EXPORT int SSL_set1_curves(SSL *ssl, const int *curves, |
| 2188 | size_t curves_len); |
| 2189 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2190 | // SSL_CTX_set1_curves_list sets the preferred curves for |ctx| to be the |
| 2191 | // colon-separated list |curves|. Each element of |curves| should be a curve |
| 2192 | // name (e.g. P-256, X25519, ...). It returns one on success and zero on |
| 2193 | // failure. |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 2194 | OPENSSL_EXPORT int SSL_CTX_set1_curves_list(SSL_CTX *ctx, const char *curves); |
| 2195 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2196 | // SSL_set1_curves_list sets the preferred curves for |ssl| to be the |
| 2197 | // colon-separated list |curves|. Each element of |curves| should be a curve |
| 2198 | // name (e.g. P-256, X25519, ...). It returns one on success and zero on |
| 2199 | // failure. |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 2200 | OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves); |
| 2201 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2202 | // SSL_CURVE_* define TLS curve IDs. |
Robert Sloan | 6f79a50 | 2017-04-03 09:16:40 -0700 | [diff] [blame] | 2203 | #define SSL_CURVE_SECP224R1 21 |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 2204 | #define SSL_CURVE_SECP256R1 23 |
| 2205 | #define SSL_CURVE_SECP384R1 24 |
| 2206 | #define SSL_CURVE_SECP521R1 25 |
| 2207 | #define SSL_CURVE_X25519 29 |
Robert Sloan | 11c28bd | 2018-12-17 12:09:20 -0800 | [diff] [blame] | 2208 | #define SSL_CURVE_CECPQ2 16696 |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 2209 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2210 | // SSL_get_curve_id returns the ID of the curve used by |ssl|'s most recently |
| 2211 | // completed handshake or 0 if not applicable. |
| 2212 | // |
| 2213 | // TODO(davidben): This API currently does not work correctly if there is a |
| 2214 | // renegotiation in progress. Fix this. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 2215 | OPENSSL_EXPORT uint16_t SSL_get_curve_id(const SSL *ssl); |
| 2216 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2217 | // SSL_get_curve_name returns a human-readable name for the curve specified by |
| 2218 | // the given TLS curve id, or NULL if the curve is unknown. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 2219 | OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2220 | |
| 2221 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2222 | // Certificate verification. |
| 2223 | // |
| 2224 | // SSL may authenticate either endpoint with an X.509 certificate. Typically |
| 2225 | // this is used to authenticate the server to the client. These functions |
| 2226 | // configure certificate verification. |
| 2227 | // |
| 2228 | // WARNING: By default, certificate verification errors on a client are not |
| 2229 | // fatal. See |SSL_VERIFY_NONE| This may be configured with |
| 2230 | // |SSL_CTX_set_verify|. |
| 2231 | // |
| 2232 | // By default clients are anonymous but a server may request a certificate from |
| 2233 | // the client by setting |SSL_VERIFY_PEER|. |
| 2234 | // |
| 2235 | // Many of these functions use OpenSSL's legacy X.509 stack which is |
| 2236 | // underdocumented and deprecated, but the replacement isn't ready yet. For |
| 2237 | // now, consumers may use the existing stack or bypass it by performing |
| 2238 | // certificate verification externally. This may be done with |
| 2239 | // |SSL_CTX_set_cert_verify_callback| or by extracting the chain with |
| 2240 | // |SSL_get_peer_cert_chain| after the handshake. In the future, functions will |
| 2241 | // be added to use the SSL stack without dependency on any part of the legacy |
| 2242 | // X.509 and ASN.1 stack. |
| 2243 | // |
| 2244 | // To augment certificate verification, a client may also enable OCSP stapling |
| 2245 | // (RFC 6066) and Certificate Transparency (RFC 6962) extensions. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2246 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2247 | // SSL_VERIFY_NONE, on a client, verifies the server certificate but does not |
| 2248 | // make errors fatal. The result may be checked with |SSL_get_verify_result|. On |
| 2249 | // a server it does not request a client certificate. This is the default. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2250 | #define SSL_VERIFY_NONE 0x00 |
| 2251 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2252 | // SSL_VERIFY_PEER, on a client, makes server certificate errors fatal. On a |
| 2253 | // server it requests a client certificate and makes errors fatal. However, |
| 2254 | // anonymous clients are still allowed. See |
| 2255 | // |SSL_VERIFY_FAIL_IF_NO_PEER_CERT|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2256 | #define SSL_VERIFY_PEER 0x01 |
| 2257 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2258 | // SSL_VERIFY_FAIL_IF_NO_PEER_CERT configures a server to reject connections if |
| 2259 | // the client declines to send a certificate. This flag must be used together |
| 2260 | // with |SSL_VERIFY_PEER|, otherwise it won't work. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2261 | #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 |
| 2262 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2263 | // SSL_VERIFY_PEER_IF_NO_OBC configures a server to request a client certificate |
| 2264 | // if and only if Channel ID is not negotiated. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2265 | #define SSL_VERIFY_PEER_IF_NO_OBC 0x04 |
| 2266 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2267 | // SSL_CTX_set_verify configures certificate verification behavior. |mode| is |
| 2268 | // one of the |SSL_VERIFY_*| values defined above. |callback|, if not NULL, is |
| 2269 | // used to customize certificate verification. See the behavior of |
| 2270 | // |X509_STORE_CTX_set_verify_cb|. |
| 2271 | // |
| 2272 | // The callback may use |SSL_get_ex_data_X509_STORE_CTX_idx| with |
| 2273 | // |X509_STORE_CTX_get_ex_data| to look up the |SSL| from |store_ctx|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2274 | OPENSSL_EXPORT void SSL_CTX_set_verify( |
| 2275 | SSL_CTX *ctx, int mode, int (*callback)(int ok, X509_STORE_CTX *store_ctx)); |
| 2276 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2277 | // SSL_set_verify configures certificate verification behavior. |mode| is one of |
| 2278 | // the |SSL_VERIFY_*| values defined above. |callback|, if not NULL, is used to |
| 2279 | // customize certificate verification. See the behavior of |
| 2280 | // |X509_STORE_CTX_set_verify_cb|. |
| 2281 | // |
| 2282 | // The callback may use |SSL_get_ex_data_X509_STORE_CTX_idx| with |
| 2283 | // |X509_STORE_CTX_get_ex_data| to look up the |SSL| from |store_ctx|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2284 | OPENSSL_EXPORT void SSL_set_verify(SSL *ssl, int mode, |
| 2285 | int (*callback)(int ok, |
| 2286 | X509_STORE_CTX *store_ctx)); |
| 2287 | |
Robert Sloan | b6d070c | 2017-07-24 08:40:01 -0700 | [diff] [blame] | 2288 | enum ssl_verify_result_t { |
| 2289 | ssl_verify_ok, |
| 2290 | ssl_verify_invalid, |
| 2291 | ssl_verify_retry, |
| 2292 | }; |
| 2293 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2294 | // SSL_CTX_set_custom_verify configures certificate verification. |mode| is one |
| 2295 | // of the |SSL_VERIFY_*| values defined above. |callback| performs the |
| 2296 | // certificate verification. |
| 2297 | // |
| 2298 | // The callback may call |SSL_get0_peer_certificates| for the certificate chain |
| 2299 | // to validate. The callback should return |ssl_verify_ok| if the certificate is |
| 2300 | // valid. If the certificate is invalid, the callback should return |
| 2301 | // |ssl_verify_invalid| and optionally set |*out_alert| to an alert to send to |
| 2302 | // the peer. Some useful alerts include |SSL_AD_CERTIFICATE_EXPIRED|, |
| 2303 | // |SSL_AD_CERTIFICATE_REVOKED|, |SSL_AD_UNKNOWN_CA|, |SSL_AD_BAD_CERTIFICATE|, |
| 2304 | // |SSL_AD_CERTIFICATE_UNKNOWN|, and |SSL_AD_INTERNAL_ERROR|. See RFC 5246 |
| 2305 | // section 7.2.2 for their precise meanings. If unspecified, |
| 2306 | // |SSL_AD_CERTIFICATE_UNKNOWN| will be sent by default. |
| 2307 | // |
| 2308 | // To verify a certificate asynchronously, the callback may return |
| 2309 | // |ssl_verify_retry|. The handshake will then pause with |SSL_get_error| |
| 2310 | // returning |SSL_ERROR_WANT_CERTIFICATE_VERIFY|. |
Robert Sloan | b6d070c | 2017-07-24 08:40:01 -0700 | [diff] [blame] | 2311 | OPENSSL_EXPORT void SSL_CTX_set_custom_verify( |
| 2312 | SSL_CTX *ctx, int mode, |
| 2313 | enum ssl_verify_result_t (*callback)(SSL *ssl, uint8_t *out_alert)); |
| 2314 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2315 | // SSL_set_custom_verify behaves like |SSL_CTX_set_custom_verify| but configures |
| 2316 | // an individual |SSL|. |
Robert Sloan | b6d070c | 2017-07-24 08:40:01 -0700 | [diff] [blame] | 2317 | OPENSSL_EXPORT void SSL_set_custom_verify( |
| 2318 | SSL *ssl, int mode, |
| 2319 | enum ssl_verify_result_t (*callback)(SSL *ssl, uint8_t *out_alert)); |
| 2320 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2321 | // SSL_CTX_get_verify_mode returns |ctx|'s verify mode, set by |
| 2322 | // |SSL_CTX_set_verify|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2323 | OPENSSL_EXPORT int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); |
| 2324 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2325 | // SSL_get_verify_mode returns |ssl|'s verify mode, set by |SSL_CTX_set_verify| |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 2326 | // or |SSL_set_verify|. It returns -1 on error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2327 | OPENSSL_EXPORT int SSL_get_verify_mode(const SSL *ssl); |
| 2328 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2329 | // SSL_CTX_get_verify_callback returns the callback set by |
| 2330 | // |SSL_CTX_set_verify|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2331 | OPENSSL_EXPORT int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))( |
| 2332 | int ok, X509_STORE_CTX *store_ctx); |
| 2333 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2334 | // SSL_get_verify_callback returns the callback set by |SSL_CTX_set_verify| or |
| 2335 | // |SSL_set_verify|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2336 | OPENSSL_EXPORT int (*SSL_get_verify_callback(const SSL *ssl))( |
| 2337 | int ok, X509_STORE_CTX *store_ctx); |
| 2338 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2339 | // SSL_CTX_set_verify_depth sets the maximum depth of a certificate chain |
| 2340 | // accepted in verification. This number does not include the leaf, so a depth |
| 2341 | // of 1 allows the leaf and one CA certificate. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2342 | OPENSSL_EXPORT void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); |
| 2343 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2344 | // SSL_set_verify_depth sets the maximum depth of a certificate chain accepted |
| 2345 | // in verification. This number does not include the leaf, so a depth of 1 |
| 2346 | // allows the leaf and one CA certificate. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2347 | OPENSSL_EXPORT void SSL_set_verify_depth(SSL *ssl, int depth); |
| 2348 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2349 | // SSL_CTX_get_verify_depth returns the maximum depth of a certificate accepted |
| 2350 | // in verification. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2351 | OPENSSL_EXPORT int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); |
| 2352 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2353 | // SSL_get_verify_depth returns the maximum depth of a certificate accepted in |
| 2354 | // verification. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2355 | OPENSSL_EXPORT int SSL_get_verify_depth(const SSL *ssl); |
| 2356 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2357 | // SSL_CTX_set1_param sets verification parameters from |param|. It returns one |
| 2358 | // on success and zero on failure. The caller retains ownership of |param|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2359 | OPENSSL_EXPORT int SSL_CTX_set1_param(SSL_CTX *ctx, |
| 2360 | const X509_VERIFY_PARAM *param); |
| 2361 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2362 | // SSL_set1_param sets verification parameters from |param|. It returns one on |
| 2363 | // success and zero on failure. The caller retains ownership of |param|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2364 | OPENSSL_EXPORT int SSL_set1_param(SSL *ssl, |
| 2365 | const X509_VERIFY_PARAM *param); |
| 2366 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2367 | // SSL_CTX_get0_param returns |ctx|'s |X509_VERIFY_PARAM| for certificate |
| 2368 | // verification. The caller must not release the returned pointer but may call |
| 2369 | // functions on it to configure it. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2370 | OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); |
| 2371 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2372 | // SSL_get0_param returns |ssl|'s |X509_VERIFY_PARAM| for certificate |
| 2373 | // verification. The caller must not release the returned pointer but may call |
| 2374 | // functions on it to configure it. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2375 | OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); |
| 2376 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2377 | // SSL_CTX_set_purpose sets |ctx|'s |X509_VERIFY_PARAM|'s 'purpose' parameter to |
| 2378 | // |purpose|. It returns one on success and zero on error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2379 | OPENSSL_EXPORT int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); |
| 2380 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2381 | // SSL_set_purpose sets |ssl|'s |X509_VERIFY_PARAM|'s 'purpose' parameter to |
| 2382 | // |purpose|. It returns one on success and zero on error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2383 | OPENSSL_EXPORT int SSL_set_purpose(SSL *ssl, int purpose); |
| 2384 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2385 | // SSL_CTX_set_trust sets |ctx|'s |X509_VERIFY_PARAM|'s 'trust' parameter to |
| 2386 | // |trust|. It returns one on success and zero on error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2387 | OPENSSL_EXPORT int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); |
| 2388 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2389 | // SSL_set_trust sets |ssl|'s |X509_VERIFY_PARAM|'s 'trust' parameter to |
| 2390 | // |trust|. It returns one on success and zero on error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2391 | OPENSSL_EXPORT int SSL_set_trust(SSL *ssl, int trust); |
| 2392 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2393 | // SSL_CTX_set_cert_store sets |ctx|'s certificate store to |store|. It takes |
| 2394 | // ownership of |store|. The store is used for certificate verification. |
| 2395 | // |
| 2396 | // The store is also used for the auto-chaining feature, but this is deprecated. |
| 2397 | // See also |SSL_MODE_NO_AUTO_CHAIN|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2398 | OPENSSL_EXPORT void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); |
| 2399 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2400 | // SSL_CTX_get_cert_store returns |ctx|'s certificate store. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2401 | OPENSSL_EXPORT X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); |
| 2402 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2403 | // SSL_CTX_set_default_verify_paths loads the OpenSSL system-default trust |
| 2404 | // anchors into |ctx|'s store. It returns one on success and zero on failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2405 | OPENSSL_EXPORT int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); |
| 2406 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2407 | // SSL_CTX_load_verify_locations loads trust anchors into |ctx|'s store from |
| 2408 | // |ca_file| and |ca_dir|, either of which may be NULL. If |ca_file| is passed, |
| 2409 | // it is opened and PEM-encoded CA certificates are read. If |ca_dir| is passed, |
| 2410 | // it is treated as a directory in OpenSSL's hashed directory format. It returns |
| 2411 | // one on success and zero on failure. |
| 2412 | // |
| 2413 | // See |
| 2414 | // https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_load_verify_locations.html |
| 2415 | // for documentation on the directory format. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2416 | OPENSSL_EXPORT int SSL_CTX_load_verify_locations(SSL_CTX *ctx, |
| 2417 | const char *ca_file, |
| 2418 | const char *ca_dir); |
| 2419 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2420 | // SSL_get_verify_result returns the result of certificate verification. It is |
| 2421 | // either |X509_V_OK| or a |X509_V_ERR_*| value. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2422 | OPENSSL_EXPORT long SSL_get_verify_result(const SSL *ssl); |
| 2423 | |
Robert Sloan | 0da4395 | 2018-01-03 15:13:14 -0800 | [diff] [blame] | 2424 | // SSL_alert_from_verify_result returns the SSL alert code, such as |
| 2425 | // |SSL_AD_CERTIFICATE_EXPIRED|, that corresponds to an |X509_V_ERR_*| value. |
| 2426 | // The return value is always an alert, even when |result| is |X509_V_OK|. |
| 2427 | OPENSSL_EXPORT int SSL_alert_from_verify_result(long result); |
| 2428 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2429 | // SSL_get_ex_data_X509_STORE_CTX_idx returns the ex_data index used to look up |
| 2430 | // the |SSL| associated with an |X509_STORE_CTX| in the verify callback. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2431 | OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void); |
| 2432 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2433 | // SSL_CTX_set_cert_verify_callback sets a custom callback to be called on |
| 2434 | // certificate verification rather than |X509_verify_cert|. |store_ctx| contains |
| 2435 | // the verification parameters. The callback should return one on success and |
| 2436 | // zero on fatal error. It may use |X509_STORE_CTX_set_error| to set a |
| 2437 | // verification result. |
| 2438 | // |
| 2439 | // The callback may use |SSL_get_ex_data_X509_STORE_CTX_idx| to recover the |
| 2440 | // |SSL| object from |store_ctx|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2441 | OPENSSL_EXPORT void SSL_CTX_set_cert_verify_callback( |
| 2442 | SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *store_ctx, void *arg), |
| 2443 | void *arg); |
| 2444 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2445 | // SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end |
| 2446 | // of a connection) to request SCTs from the server. See |
| 2447 | // https://tools.ietf.org/html/rfc6962. |
| 2448 | // |
| 2449 | // Call |SSL_get0_signed_cert_timestamp_list| to recover the SCT after the |
| 2450 | // handshake. |
Robert Sloan | a94fe05 | 2017-02-21 08:49:28 -0800 | [diff] [blame] | 2451 | OPENSSL_EXPORT void SSL_enable_signed_cert_timestamps(SSL *ssl); |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2452 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2453 | // SSL_CTX_enable_signed_cert_timestamps enables SCT requests on all client SSL |
| 2454 | // objects created from |ctx|. |
| 2455 | // |
| 2456 | // Call |SSL_get0_signed_cert_timestamp_list| to recover the SCT after the |
| 2457 | // handshake. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2458 | OPENSSL_EXPORT void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx); |
| 2459 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2460 | // SSL_enable_ocsp_stapling causes |ssl| (which must be the client end of a |
| 2461 | // connection) to request a stapled OCSP response from the server. |
| 2462 | // |
| 2463 | // Call |SSL_get0_ocsp_response| to recover the OCSP response after the |
| 2464 | // handshake. |
Robert Sloan | a94fe05 | 2017-02-21 08:49:28 -0800 | [diff] [blame] | 2465 | OPENSSL_EXPORT void SSL_enable_ocsp_stapling(SSL *ssl); |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2466 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2467 | // SSL_CTX_enable_ocsp_stapling enables OCSP stapling on all client SSL objects |
| 2468 | // created from |ctx|. |
| 2469 | // |
| 2470 | // Call |SSL_get0_ocsp_response| to recover the OCSP response after the |
| 2471 | // handshake. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2472 | OPENSSL_EXPORT void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx); |
| 2473 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2474 | // SSL_CTX_set0_verify_cert_store sets an |X509_STORE| that will be used |
| 2475 | // exclusively for certificate verification and returns one. Ownership of |
| 2476 | // |store| is transferred to the |SSL_CTX|. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 2477 | OPENSSL_EXPORT int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, |
| 2478 | X509_STORE *store); |
| 2479 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2480 | // SSL_CTX_set1_verify_cert_store sets an |X509_STORE| that will be used |
| 2481 | // exclusively for certificate verification and returns one. An additional |
| 2482 | // reference to |store| will be taken. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 2483 | OPENSSL_EXPORT int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, |
| 2484 | X509_STORE *store); |
| 2485 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2486 | // SSL_set0_verify_cert_store sets an |X509_STORE| that will be used |
| 2487 | // exclusively for certificate verification and returns one. Ownership of |
| 2488 | // |store| is transferred to the |SSL|. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 2489 | OPENSSL_EXPORT int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store); |
| 2490 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2491 | // SSL_set1_verify_cert_store sets an |X509_STORE| that will be used |
| 2492 | // exclusively for certificate verification and returns one. An additional |
| 2493 | // reference to |store| will be taken. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 2494 | OPENSSL_EXPORT int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store); |
| 2495 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2496 | // SSL_CTX_set_ed25519_enabled configures whether |ctx| advertises support for |
Robert Sloan | 5cbb5c8 | 2018-04-24 11:35:46 -0700 | [diff] [blame] | 2497 | // the Ed25519 signature algorithm when using the default preference list. It is |
| 2498 | // disabled by default and may be enabled if the certificate verifier supports |
| 2499 | // Ed25519. |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 2500 | OPENSSL_EXPORT void SSL_CTX_set_ed25519_enabled(SSL_CTX *ctx, int enabled); |
| 2501 | |
Robert Sloan | 5cbb5c8 | 2018-04-24 11:35:46 -0700 | [diff] [blame] | 2502 | // SSL_CTX_set_rsa_pss_rsae_certs_enabled configures whether |ctx| advertises |
| 2503 | // support for rsa_pss_rsae_* signatures within the certificate chain. It is |
| 2504 | // enabled by default but should be disabled if using a custom certificate |
| 2505 | // verifier which does not support RSA-PSS signatures. |
| 2506 | OPENSSL_EXPORT void SSL_CTX_set_rsa_pss_rsae_certs_enabled(SSL_CTX *ctx, |
| 2507 | int enabled); |
| 2508 | |
| 2509 | // SSL_CTX_set_verify_algorithm_prefs configures |ctx| to use |prefs| as the |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2510 | // preference list when verifying signature's from the peer's long-term key. It |
| 2511 | // returns one on zero on error. |prefs| should not include the internal-only |
| 2512 | // value |SSL_SIGN_RSA_PKCS1_MD5_SHA1|. |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 2513 | OPENSSL_EXPORT int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx, |
| 2514 | const uint16_t *prefs, |
| 2515 | size_t num_prefs); |
| 2516 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2517 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2518 | // Client certificate CA list. |
| 2519 | // |
| 2520 | // When requesting a client certificate, a server may advertise a list of |
| 2521 | // certificate authorities which are accepted. These functions may be used to |
| 2522 | // configure this list. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2523 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2524 | // SSL_set_client_CA_list sets |ssl|'s client certificate CA list to |
| 2525 | // |name_list|. It takes ownership of |name_list|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2526 | OPENSSL_EXPORT void SSL_set_client_CA_list(SSL *ssl, |
| 2527 | STACK_OF(X509_NAME) *name_list); |
| 2528 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2529 | // SSL_CTX_set_client_CA_list sets |ctx|'s client certificate CA list to |
| 2530 | // |name_list|. It takes ownership of |name_list|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2531 | OPENSSL_EXPORT void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, |
| 2532 | STACK_OF(X509_NAME) *name_list); |
| 2533 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2534 | // SSL_set0_client_CAs sets |ssl|'s client certificate CA list to |name_list|, |
| 2535 | // which should contain DER-encoded distinguished names (RFC 5280). It takes |
| 2536 | // ownership of |name_list|. |
Robert Sloan | b6d070c | 2017-07-24 08:40:01 -0700 | [diff] [blame] | 2537 | OPENSSL_EXPORT void SSL_set0_client_CAs(SSL *ssl, |
| 2538 | STACK_OF(CRYPTO_BUFFER) *name_list); |
| 2539 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2540 | // SSL_CTX_set0_client_CAs sets |ctx|'s client certificate CA list to |
| 2541 | // |name_list|, which should contain DER-encoded distinguished names (RFC 5280). |
| 2542 | // It takes ownership of |name_list|. |
Robert Sloan | b6d070c | 2017-07-24 08:40:01 -0700 | [diff] [blame] | 2543 | OPENSSL_EXPORT void SSL_CTX_set0_client_CAs(SSL_CTX *ctx, |
| 2544 | STACK_OF(CRYPTO_BUFFER) *name_list); |
| 2545 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2546 | // SSL_get_client_CA_list returns |ssl|'s client certificate CA list. If |ssl| |
| 2547 | // has not been configured as a client, this is the list configured by |
| 2548 | // |SSL_CTX_set_client_CA_list|. |
| 2549 | // |
| 2550 | // If configured as a client, it returns the client certificate CA list sent by |
| 2551 | // the server. In this mode, the behavior is undefined except during the |
| 2552 | // callbacks set by |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb| or |
| 2553 | // when the handshake is paused because of them. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2554 | OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); |
| 2555 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2556 | // SSL_get0_server_requested_CAs returns the CAs sent by a server to guide a |
| 2557 | // client in certificate selection. They are a series of DER-encoded X.509 |
| 2558 | // names. This function may only be called during a callback set by |
| 2559 | // |SSL_CTX_set_cert_cb| or when the handshake is paused because of it. |
| 2560 | // |
| 2561 | // The returned stack is owned by |ssl|, as are its contents. It should not be |
| 2562 | // used past the point where the handshake is restarted after the callback. |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 2563 | OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) * |
| 2564 | SSL_get0_server_requested_CAs(const SSL *ssl); |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 2565 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2566 | // SSL_CTX_get_client_CA_list returns |ctx|'s client certificate CA list. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2567 | OPENSSL_EXPORT STACK_OF(X509_NAME) * |
| 2568 | SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); |
| 2569 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2570 | // SSL_add_client_CA appends |x509|'s subject to the client certificate CA list. |
| 2571 | // It returns one on success or zero on error. The caller retains ownership of |
| 2572 | // |x509|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2573 | OPENSSL_EXPORT int SSL_add_client_CA(SSL *ssl, X509 *x509); |
| 2574 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2575 | // SSL_CTX_add_client_CA appends |x509|'s subject to the client certificate CA |
| 2576 | // list. It returns one on success or zero on error. The caller retains |
| 2577 | // ownership of |x509|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2578 | OPENSSL_EXPORT int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509); |
| 2579 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2580 | // SSL_load_client_CA_file opens |file| and reads PEM-encoded certificates from |
| 2581 | // it. It returns a newly-allocated stack of the certificate subjects or NULL |
| 2582 | // on error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2583 | OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); |
| 2584 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2585 | // SSL_dup_CA_list makes a deep copy of |list|. It returns the new list on |
| 2586 | // success or NULL on allocation error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2587 | OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list); |
| 2588 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2589 | // SSL_add_file_cert_subjects_to_stack behaves like |SSL_load_client_CA_file| |
| 2590 | // but appends the result to |out|. It returns one on success or zero on |
| 2591 | // error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2592 | OPENSSL_EXPORT int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, |
| 2593 | const char *file); |
| 2594 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2595 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2596 | // Server name indication. |
| 2597 | // |
| 2598 | // The server_name extension (RFC 3546) allows the client to advertise the name |
| 2599 | // of the server it is connecting to. This is used in virtual hosting |
| 2600 | // deployments to select one of a several certificates on a single IP. Only the |
| 2601 | // host_name name type is supported. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2602 | |
| 2603 | #define TLSEXT_NAMETYPE_host_name 0 |
| 2604 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2605 | // SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name| |
| 2606 | // in the server_name extension. It returns one on success and zero on error. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2607 | OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name); |
| 2608 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2609 | // SSL_get_servername, for a server, returns the hostname supplied by the |
| 2610 | // client or NULL if there was none. The |type| argument must be |
Robert Sloan | d1d118f | 2017-09-11 09:00:48 -0700 | [diff] [blame] | 2611 | // |TLSEXT_NAMETYPE_host_name|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2612 | OPENSSL_EXPORT const char *SSL_get_servername(const SSL *ssl, const int type); |
| 2613 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2614 | // SSL_get_servername_type, for a server, returns |TLSEXT_NAMETYPE_host_name| |
| 2615 | // if the client sent a hostname and -1 otherwise. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2616 | OPENSSL_EXPORT int SSL_get_servername_type(const SSL *ssl); |
| 2617 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2618 | // SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on |
| 2619 | // the server after ClientHello extensions have been parsed and returns one. |
| 2620 | // The callback may use |SSL_get_servername| to examine the server_name |
| 2621 | // extension and returns a |SSL_TLSEXT_ERR_*| value. The value of |arg| may be |
| 2622 | // set by calling |SSL_CTX_set_tlsext_servername_arg|. |
| 2623 | // |
| 2624 | // If the callback returns |SSL_TLSEXT_ERR_NOACK|, the server_name extension is |
| 2625 | // not acknowledged in the ServerHello. If the return value is |
| 2626 | // |SSL_TLSEXT_ERR_ALERT_FATAL|, then |*out_alert| is the alert to send, |
| 2627 | // defaulting to |SSL_AD_UNRECOGNIZED_NAME|. |SSL_TLSEXT_ERR_ALERT_WARNING| is |
| 2628 | // ignored and treated as |SSL_TLSEXT_ERR_OK|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2629 | OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( |
| 2630 | SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)); |
| 2631 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2632 | // SSL_CTX_set_tlsext_servername_arg sets the argument to the servername |
| 2633 | // callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2634 | OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); |
| 2635 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2636 | // SSL_TLSEXT_ERR_* are values returned by some extension-related callbacks. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2637 | #define SSL_TLSEXT_ERR_OK 0 |
| 2638 | #define SSL_TLSEXT_ERR_ALERT_WARNING 1 |
| 2639 | #define SSL_TLSEXT_ERR_ALERT_FATAL 2 |
| 2640 | #define SSL_TLSEXT_ERR_NOACK 3 |
| 2641 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2642 | // SSL_set_SSL_CTX changes |ssl|'s |SSL_CTX|. |ssl| will use the |
| 2643 | // certificate-related settings from |ctx|, and |SSL_get_SSL_CTX| will report |
| 2644 | // |ctx|. This function may be used during the callbacks registered by |
| 2645 | // |SSL_CTX_set_select_certificate_cb|, |
| 2646 | // |SSL_CTX_set_tlsext_servername_callback|, and |SSL_CTX_set_cert_cb| or when |
| 2647 | // the handshake is paused from them. It is typically used to switch |
| 2648 | // certificates based on SNI. |
| 2649 | // |
| 2650 | // Note the session cache and related settings will continue to use the initial |
| 2651 | // |SSL_CTX|. Callers should use |SSL_CTX_set_session_id_context| to partition |
| 2652 | // the session cache between different domains. |
| 2653 | // |
| 2654 | // TODO(davidben): Should other settings change after this call? |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 2655 | OPENSSL_EXPORT SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); |
| 2656 | |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 2657 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2658 | // Application-layer protocol negotiation. |
| 2659 | // |
| 2660 | // The ALPN extension (RFC 7301) allows negotiating different application-layer |
| 2661 | // protocols over a single port. This is used, for example, to negotiate |
| 2662 | // HTTP/2. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2663 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2664 | // SSL_CTX_set_alpn_protos sets the client ALPN protocol list on |ctx| to |
| 2665 | // |protos|. |protos| must be in wire-format (i.e. a series of non-empty, 8-bit |
| 2666 | // length-prefixed strings). It returns zero on success and one on failure. |
| 2667 | // Configuring this list enables ALPN on a client. |
| 2668 | // |
| 2669 | // WARNING: this function is dangerous because it breaks the usual return value |
| 2670 | // convention. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2671 | OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos, |
| 2672 | unsigned protos_len); |
| 2673 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2674 | // SSL_set_alpn_protos sets the client ALPN protocol list on |ssl| to |protos|. |
| 2675 | // |protos| must be in wire-format (i.e. a series of non-empty, 8-bit |
| 2676 | // length-prefixed strings). It returns zero on success and one on failure. |
| 2677 | // Configuring this list enables ALPN on a client. |
| 2678 | // |
| 2679 | // WARNING: this function is dangerous because it breaks the usual return value |
| 2680 | // convention. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2681 | OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, |
| 2682 | unsigned protos_len); |
| 2683 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2684 | // SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called |
| 2685 | // during ClientHello processing in order to select an ALPN protocol from the |
| 2686 | // client's list of offered protocols. Configuring this callback enables ALPN on |
| 2687 | // a server. |
| 2688 | // |
| 2689 | // The callback is passed a wire-format (i.e. a series of non-empty, 8-bit |
| 2690 | // length-prefixed strings) ALPN protocol list in |in|. It should set |*out| and |
| 2691 | // |*out_len| to the selected protocol and return |SSL_TLSEXT_ERR_OK| on |
| 2692 | // success. It does not pass ownership of the buffer. Otherwise, it should |
| 2693 | // return |SSL_TLSEXT_ERR_NOACK|. Other |SSL_TLSEXT_ERR_*| values are |
| 2694 | // unimplemented and will be treated as |SSL_TLSEXT_ERR_NOACK|. |
| 2695 | // |
| 2696 | // The cipher suite is selected before negotiating ALPN. The callback may use |
| 2697 | // |SSL_get_pending_cipher| to query the cipher suite. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2698 | OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb( |
| 2699 | SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len, |
| 2700 | const uint8_t *in, unsigned in_len, void *arg), |
| 2701 | void *arg); |
| 2702 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2703 | // SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|. |
| 2704 | // On return it sets |*out_data| to point to |*out_len| bytes of protocol name |
| 2705 | // (not including the leading length-prefix byte). If the server didn't respond |
| 2706 | // with a negotiated protocol then |*out_len| will be zero. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2707 | OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl, |
| 2708 | const uint8_t **out_data, |
| 2709 | unsigned *out_len); |
| 2710 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2711 | // SSL_CTX_set_allow_unknown_alpn_protos configures client connections on |ctx| |
| 2712 | // to allow unknown ALPN protocols from the server. Otherwise, by default, the |
| 2713 | // client will require that the protocol be advertised in |
| 2714 | // |SSL_CTX_set_alpn_protos|. |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 2715 | OPENSSL_EXPORT void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, |
| 2716 | int enabled); |
| 2717 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2718 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 2719 | // Certificate compression. |
| 2720 | // |
| 2721 | // Certificates in TLS 1.3 can be compressed[1]. BoringSSL supports this as both |
| 2722 | // a client and a server, but does not link against any specific compression |
| 2723 | // libraries in order to keep dependencies to a minimum. Instead, hooks for |
| 2724 | // compression and decompression can be installed in an |SSL_CTX| to enable |
| 2725 | // support. |
| 2726 | // |
| 2727 | // [1] https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03. |
| 2728 | |
| 2729 | // ssl_cert_compression_func_t is a pointer to a function that performs |
| 2730 | // compression. It must write the compressed representation of |in| to |out|, |
| 2731 | // returning one on success and zero on error. The results of compressing |
| 2732 | // certificates are not cached internally. Implementations may wish to implement |
| 2733 | // their own cache if they expect it to be useful given the certificates that |
| 2734 | // they serve. |
| 2735 | typedef int (*ssl_cert_compression_func_t)(SSL *ssl, CBB *out, |
| 2736 | const uint8_t *in, size_t in_len); |
| 2737 | |
| 2738 | // ssl_cert_decompression_func_t is a pointer to a function that performs |
| 2739 | // decompression. The compressed data from the peer is passed as |in| and the |
| 2740 | // decompressed result must be exactly |uncompressed_len| bytes long. It returns |
| 2741 | // one on success, in which case |*out| must be set to the result of |
| 2742 | // decompressing |in|, or zero on error. Setting |*out| transfers ownership, |
| 2743 | // i.e. |CRYPTO_BUFFER_free| will be called on |*out| at some point in the |
| 2744 | // future. The results of decompressions are not cached internally. |
| 2745 | // Implementations may wish to implement their own cache if they expect it to be |
| 2746 | // useful. |
| 2747 | typedef int (*ssl_cert_decompression_func_t)(SSL *ssl, CRYPTO_BUFFER **out, |
| 2748 | size_t uncompressed_len, |
| 2749 | const uint8_t *in, size_t in_len); |
| 2750 | |
| 2751 | // SSL_CTX_add_cert_compression_alg registers a certificate compression |
| 2752 | // algorithm on |ctx| with ID |alg_id|. (The value of |alg_id| should be an IANA |
| 2753 | // assigned value and each can only be registered once.) |
| 2754 | // |
| 2755 | // One of the function pointers may be NULL to avoid having to implement both |
| 2756 | // sides of a compression algorithm if you're only going to use it in one |
| 2757 | // direction. In this case, the unimplemented direction acts like it was never |
| 2758 | // configured. |
| 2759 | // |
| 2760 | // For a server, algorithms are registered in preference order with the most |
| 2761 | // preferable first. It returns one on success or zero on error. |
| 2762 | OPENSSL_EXPORT int SSL_CTX_add_cert_compression_alg( |
| 2763 | SSL_CTX *ctx, uint16_t alg_id, ssl_cert_compression_func_t compress, |
| 2764 | ssl_cert_decompression_func_t decompress); |
| 2765 | |
| 2766 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2767 | // Next protocol negotiation. |
| 2768 | // |
| 2769 | // The NPN extension (draft-agl-tls-nextprotoneg-03) is the predecessor to ALPN |
| 2770 | // and deprecated in favor of it. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2771 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2772 | // SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a |
| 2773 | // TLS server needs a list of supported protocols for Next Protocol |
| 2774 | // Negotiation. The returned list must be in wire format. The list is returned |
| 2775 | // by setting |*out| to point to it and |*out_len| to its length. This memory |
| 2776 | // will not be modified, but one should assume that |ssl| keeps a reference to |
| 2777 | // it. |
| 2778 | // |
| 2779 | // The callback should return |SSL_TLSEXT_ERR_OK| if it wishes to advertise. |
| 2780 | // Otherwise, no such extension will be included in the ServerHello. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2781 | OPENSSL_EXPORT void SSL_CTX_set_next_protos_advertised_cb( |
| 2782 | SSL_CTX *ctx, |
| 2783 | int (*cb)(SSL *ssl, const uint8_t **out, unsigned *out_len, void *arg), |
| 2784 | void *arg); |
| 2785 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2786 | // SSL_CTX_set_next_proto_select_cb sets a callback that is called when a client |
| 2787 | // needs to select a protocol from the server's provided list. |*out| must be |
| 2788 | // set to point to the selected protocol (which may be within |in|). The length |
| 2789 | // of the protocol name must be written into |*out_len|. The server's advertised |
| 2790 | // protocols are provided in |in| and |in_len|. The callback can assume that |
| 2791 | // |in| is syntactically valid. |
| 2792 | // |
| 2793 | // The client must select a protocol. It is fatal to the connection if this |
| 2794 | // callback returns a value other than |SSL_TLSEXT_ERR_OK|. |
| 2795 | // |
| 2796 | // Configuring this callback enables NPN on a client. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2797 | OPENSSL_EXPORT void SSL_CTX_set_next_proto_select_cb( |
| 2798 | SSL_CTX *ctx, int (*cb)(SSL *ssl, uint8_t **out, uint8_t *out_len, |
| 2799 | const uint8_t *in, unsigned in_len, void *arg), |
| 2800 | void *arg); |
| 2801 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2802 | // SSL_get0_next_proto_negotiated sets |*out_data| and |*out_len| to point to |
| 2803 | // the client's requested protocol for this connection. If the client didn't |
| 2804 | // request any protocol, then |*out_data| is set to NULL. |
| 2805 | // |
| 2806 | // Note that the client can request any protocol it chooses. The value returned |
| 2807 | // from this function need not be a member of the list of supported protocols |
| 2808 | // provided by the server. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2809 | OPENSSL_EXPORT void SSL_get0_next_proto_negotiated(const SSL *ssl, |
| 2810 | const uint8_t **out_data, |
| 2811 | unsigned *out_len); |
| 2812 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2813 | // SSL_select_next_proto implements the standard protocol selection. It is |
| 2814 | // expected that this function is called from the callback set by |
| 2815 | // |SSL_CTX_set_next_proto_select_cb|. |
| 2816 | // |
| 2817 | // |peer| and |supported| must be vectors of 8-bit, length-prefixed byte strings |
| 2818 | // containing the peer and locally-configured protocols, respectively. The |
| 2819 | // length byte itself is not included in the length. A byte string of length 0 |
| 2820 | // is invalid. No byte string may be truncated. |supported| is assumed to be |
| 2821 | // non-empty. |
| 2822 | // |
| 2823 | // This function finds the first protocol in |peer| which is also in |
| 2824 | // |supported|. If one was found, it sets |*out| and |*out_len| to point to it |
| 2825 | // and returns |OPENSSL_NPN_NEGOTIATED|. Otherwise, it returns |
| 2826 | // |OPENSSL_NPN_NO_OVERLAP| and sets |*out| and |*out_len| to the first |
| 2827 | // supported protocol. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2828 | OPENSSL_EXPORT int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 2829 | const uint8_t *peer, unsigned peer_len, |
| 2830 | const uint8_t *supported, |
| 2831 | unsigned supported_len); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2832 | |
| 2833 | #define OPENSSL_NPN_UNSUPPORTED 0 |
| 2834 | #define OPENSSL_NPN_NEGOTIATED 1 |
| 2835 | #define OPENSSL_NPN_NO_OVERLAP 2 |
| 2836 | |
| 2837 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2838 | // Channel ID. |
| 2839 | // |
| 2840 | // See draft-balfanz-tls-channelid-01. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2841 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2842 | // SSL_CTX_set_tls_channel_id_enabled configures whether connections associated |
| 2843 | // with |ctx| should enable Channel ID. |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 2844 | OPENSSL_EXPORT void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx, |
| 2845 | int enabled); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2846 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2847 | // SSL_set_tls_channel_id_enabled configures whether |ssl| should enable Channel |
| 2848 | // ID. |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 2849 | OPENSSL_EXPORT void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2850 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2851 | // SSL_CTX_set1_tls_channel_id configures a TLS client to send a TLS Channel ID |
| 2852 | // to compatible servers. |private_key| must be a P-256 EC key. It returns one |
| 2853 | // on success and zero on error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2854 | OPENSSL_EXPORT int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, |
| 2855 | EVP_PKEY *private_key); |
| 2856 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2857 | // SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to |
| 2858 | // compatible servers. |private_key| must be a P-256 EC key. It returns one on |
| 2859 | // success and zero on error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2860 | OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key); |
| 2861 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2862 | // SSL_get_tls_channel_id gets the client's TLS Channel ID from a server |SSL*| |
| 2863 | // and copies up to the first |max_out| bytes into |out|. The Channel ID |
| 2864 | // consists of the client's P-256 public key as an (x,y) pair where each is a |
| 2865 | // 32-byte, big-endian field element. It returns 0 if the client didn't offer a |
| 2866 | // Channel ID and the length of the complete Channel ID otherwise. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2867 | OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, |
| 2868 | size_t max_out); |
| 2869 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2870 | // SSL_CTX_set_channel_id_cb sets a callback to be called when a TLS Channel ID |
| 2871 | // is requested. The callback may set |*out_pkey| to a key, passing a reference |
| 2872 | // to the caller. If none is returned, the handshake will pause and |
| 2873 | // |SSL_get_error| will return |SSL_ERROR_WANT_CHANNEL_ID_LOOKUP|. |
| 2874 | // |
| 2875 | // See also |SSL_ERROR_WANT_CHANNEL_ID_LOOKUP|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2876 | OPENSSL_EXPORT void SSL_CTX_set_channel_id_cb( |
| 2877 | SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey)); |
| 2878 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2879 | // SSL_CTX_get_channel_id_cb returns the callback set by |
| 2880 | // |SSL_CTX_set_channel_id_cb|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2881 | OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))( |
| 2882 | SSL *ssl, EVP_PKEY **out_pkey); |
| 2883 | |
| 2884 | |
Robert Sloan | 978112c | 2018-01-22 12:53:01 -0800 | [diff] [blame] | 2885 | // Token Binding. |
| 2886 | // |
| 2887 | // See draft-ietf-tokbind-protocol-16. |
| 2888 | |
| 2889 | // SSL_set_token_binding_params sets |params| as the Token Binding Key |
| 2890 | // parameters (section 3 of draft-ietf-tokbind-protocol-16) to negotiate on the |
| 2891 | // connection. If this function is not called, or if |len| is 0, then this |
| 2892 | // endpoint will not attempt to negotiate Token Binding. |params| are provided |
| 2893 | // in preference order, with the more preferred parameters at the beginning of |
| 2894 | // the list. This function returns 1 on success and 0 on failure. |
| 2895 | OPENSSL_EXPORT int SSL_set_token_binding_params(SSL *ssl, const uint8_t *params, |
| 2896 | size_t len); |
| 2897 | |
| 2898 | // SSL_is_token_binding_negotiated returns 1 if Token Binding was negotiated |
| 2899 | // on this connection and 0 otherwise. On a server, it is possible for this |
| 2900 | // function to return 1 when the client's view of the connection is that Token |
| 2901 | // Binding was not negotiated. This occurs when the server indicates a version |
| 2902 | // of Token Binding less than the client's minimum version. |
| 2903 | OPENSSL_EXPORT int SSL_is_token_binding_negotiated(const SSL *ssl); |
| 2904 | |
| 2905 | // SSL_get_negotiated_token_binding_param returns the TokenBindingKeyParameters |
| 2906 | // enum value that was negotiated. It is only valid to call this function if |
| 2907 | // SSL_is_token_binding_negotiated returned 1, otherwise this function returns |
| 2908 | // an undefined value. |
| 2909 | OPENSSL_EXPORT uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl); |
| 2910 | |
| 2911 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2912 | // DTLS-SRTP. |
| 2913 | // |
| 2914 | // See RFC 5764. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2915 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2916 | // srtp_protection_profile_st (aka |SRTP_PROTECTION_PROFILE|) is an SRTP |
| 2917 | // profile for use with the use_srtp extension. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2918 | struct srtp_protection_profile_st { |
| 2919 | const char *name; |
| 2920 | unsigned long id; |
| 2921 | } /* SRTP_PROTECTION_PROFILE */; |
| 2922 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame] | 2923 | DEFINE_CONST_STACK_OF(SRTP_PROTECTION_PROFILE) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2924 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2925 | // SRTP_* define constants for SRTP profiles. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2926 | #define SRTP_AES128_CM_SHA1_80 0x0001 |
| 2927 | #define SRTP_AES128_CM_SHA1_32 0x0002 |
| 2928 | #define SRTP_AES128_F8_SHA1_80 0x0003 |
| 2929 | #define SRTP_AES128_F8_SHA1_32 0x0004 |
| 2930 | #define SRTP_NULL_SHA1_80 0x0005 |
| 2931 | #define SRTP_NULL_SHA1_32 0x0006 |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 2932 | #define SRTP_AEAD_AES_128_GCM 0x0007 |
| 2933 | #define SRTP_AEAD_AES_256_GCM 0x0008 |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2934 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2935 | // SSL_CTX_set_srtp_profiles enables SRTP for all SSL objects created from |
| 2936 | // |ctx|. |profile| contains a colon-separated list of profile names. It returns |
| 2937 | // one on success and zero on failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2938 | OPENSSL_EXPORT int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx, |
| 2939 | const char *profiles); |
| 2940 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2941 | // SSL_set_srtp_profiles enables SRTP for |ssl|. |profile| contains a |
| 2942 | // colon-separated list of profile names. It returns one on success and zero on |
| 2943 | // failure. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2944 | OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL *ssl, const char *profiles); |
| 2945 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2946 | // SSL_get_srtp_profiles returns the SRTP profiles supported by |ssl|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2947 | OPENSSL_EXPORT STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles( |
| 2948 | SSL *ssl); |
| 2949 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2950 | // SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if |
| 2951 | // SRTP was not negotiated. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2952 | OPENSSL_EXPORT const SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile( |
| 2953 | SSL *ssl); |
| 2954 | |
| 2955 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2956 | // Pre-shared keys. |
| 2957 | // |
| 2958 | // Connections may be configured with PSK (Pre-Shared Key) cipher suites. These |
| 2959 | // authenticate using out-of-band pre-shared keys rather than certificates. See |
| 2960 | // RFC 4279. |
| 2961 | // |
| 2962 | // This implementation uses NUL-terminated C strings for identities and identity |
| 2963 | // hints, so values with a NUL character are not supported. (RFC 4279 does not |
| 2964 | // specify the format of an identity.) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2965 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2966 | // PSK_MAX_IDENTITY_LEN is the maximum supported length of a PSK identity, |
| 2967 | // excluding the NUL terminator. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2968 | #define PSK_MAX_IDENTITY_LEN 128 |
| 2969 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2970 | // PSK_MAX_PSK_LEN is the maximum supported length of a pre-shared key. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2971 | #define PSK_MAX_PSK_LEN 256 |
| 2972 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2973 | // SSL_CTX_set_psk_client_callback sets the callback to be called when PSK is |
| 2974 | // negotiated on the client. This callback must be set to enable PSK cipher |
| 2975 | // suites on the client. |
| 2976 | // |
| 2977 | // The callback is passed the identity hint in |hint| or NULL if none was |
| 2978 | // provided. It should select a PSK identity and write the identity and the |
| 2979 | // corresponding PSK to |identity| and |psk|, respectively. The identity is |
| 2980 | // written as a NUL-terminated C string of length (excluding the NUL terminator) |
| 2981 | // at most |max_identity_len|. The PSK's length must be at most |max_psk_len|. |
| 2982 | // The callback returns the length of the PSK or 0 if no suitable identity was |
| 2983 | // found. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2984 | OPENSSL_EXPORT void SSL_CTX_set_psk_client_callback( |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 2985 | SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *hint, char *identity, |
| 2986 | unsigned max_identity_len, uint8_t *psk, |
| 2987 | unsigned max_psk_len)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2988 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2989 | // SSL_set_psk_client_callback sets the callback to be called when PSK is |
| 2990 | // negotiated on the client. This callback must be set to enable PSK cipher |
| 2991 | // suites on the client. See also |SSL_CTX_set_psk_client_callback|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2992 | OPENSSL_EXPORT void SSL_set_psk_client_callback( |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 2993 | SSL *ssl, unsigned (*cb)(SSL *ssl, const char *hint, char *identity, |
| 2994 | unsigned max_identity_len, uint8_t *psk, |
| 2995 | unsigned max_psk_len)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 2996 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 2997 | // SSL_CTX_set_psk_server_callback sets the callback to be called when PSK is |
| 2998 | // negotiated on the server. This callback must be set to enable PSK cipher |
| 2999 | // suites on the server. |
| 3000 | // |
| 3001 | // The callback is passed the identity in |identity|. It should write a PSK of |
| 3002 | // length at most |max_psk_len| to |psk| and return the number of bytes written |
| 3003 | // or zero if the PSK identity is unknown. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3004 | OPENSSL_EXPORT void SSL_CTX_set_psk_server_callback( |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 3005 | SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk, |
| 3006 | unsigned max_psk_len)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3007 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3008 | // SSL_set_psk_server_callback sets the callback to be called when PSK is |
| 3009 | // negotiated on the server. This callback must be set to enable PSK cipher |
| 3010 | // suites on the server. See also |SSL_CTX_set_psk_server_callback|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3011 | OPENSSL_EXPORT void SSL_set_psk_server_callback( |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 3012 | SSL *ssl, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk, |
| 3013 | unsigned max_psk_len)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3014 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3015 | // SSL_CTX_use_psk_identity_hint configures server connections to advertise an |
| 3016 | // identity hint of |identity_hint|. It returns one on success and zero on |
| 3017 | // error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3018 | OPENSSL_EXPORT int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, |
| 3019 | const char *identity_hint); |
| 3020 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3021 | // SSL_use_psk_identity_hint configures server connections to advertise an |
| 3022 | // identity hint of |identity_hint|. It returns one on success and zero on |
| 3023 | // error. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3024 | OPENSSL_EXPORT int SSL_use_psk_identity_hint(SSL *ssl, |
| 3025 | const char *identity_hint); |
| 3026 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3027 | // SSL_get_psk_identity_hint returns the PSK identity hint advertised for |ssl| |
| 3028 | // or NULL if there is none. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3029 | OPENSSL_EXPORT const char *SSL_get_psk_identity_hint(const SSL *ssl); |
| 3030 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3031 | // SSL_get_psk_identity, after the handshake completes, returns the PSK identity |
| 3032 | // that was negotiated by |ssl| or NULL if PSK was not used. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3033 | OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *ssl); |
| 3034 | |
| 3035 | |
Robert Sloan | f068def | 2018-10-10 18:45:40 -0700 | [diff] [blame] | 3036 | // QUIC transport parameters. |
Robert Sloan | 8542c08 | 2018-02-05 09:07:34 -0800 | [diff] [blame] | 3037 | // |
| 3038 | // draft-ietf-quic-tls defines a new TLS extension quic_transport_parameters |
| 3039 | // used by QUIC for each endpoint to unilaterally declare its supported |
| 3040 | // transport parameters. draft-ietf-quic-transport (section 7.4) defines the |
| 3041 | // contents of that extension (a TransportParameters struct) and describes how |
| 3042 | // to handle it and its semantic meaning. |
| 3043 | // |
| 3044 | // BoringSSL handles this extension as an opaque byte string. The caller is |
| 3045 | // responsible for serializing and parsing it. |
| 3046 | |
| 3047 | // SSL_set_quic_transport_params configures |ssl| to send |params| (of length |
| 3048 | // |params_len|) in the quic_transport_parameters extension in either the |
| 3049 | // ClientHello or EncryptedExtensions handshake message. This extension will |
| 3050 | // only be sent if the TLS version is at least 1.3, and for a server, only if |
| 3051 | // the client sent the extension. The buffer pointed to by |params| only need be |
| 3052 | // valid for the duration of the call to this function. This function returns 1 |
| 3053 | // on success and 0 on failure. |
| 3054 | OPENSSL_EXPORT int SSL_set_quic_transport_params(SSL *ssl, |
| 3055 | const uint8_t *params, |
| 3056 | size_t params_len); |
| 3057 | |
| 3058 | // SSL_get_peer_quic_transport_params provides the caller with the value of the |
| 3059 | // quic_transport_parameters extension sent by the peer. A pointer to the buffer |
| 3060 | // containing the TransportParameters will be put in |*out_params|, and its |
| 3061 | // length in |*params_len|. This buffer will be valid for the lifetime of the |
| 3062 | // |SSL|. If no params were received from the peer, |*out_params_len| will be 0. |
| 3063 | OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(const SSL *ssl, |
| 3064 | const uint8_t **out_params, |
| 3065 | size_t *out_params_len); |
| 3066 | |
| 3067 | |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 3068 | // Delegated credentials. |
| 3069 | // |
| 3070 | // *** EXPERIMENTAL — PRONE TO CHANGE *** |
| 3071 | // |
| 3072 | // draft-ietf-tls-subcerts is a proposed extension for TLS 1.3 and above that |
| 3073 | // allows an end point to use its certificate to delegate credentials for |
| 3074 | // authentication. If the peer indicates support for this extension, then this |
| 3075 | // host may use a delegated credential to sign the handshake. Once issued, |
| 3076 | // credentials can't be revoked. In order to mitigate the damage in case the |
| 3077 | // credential secret key is compromised, the credential is only valid for a |
Robert Sloan | 8967815 | 2019-03-12 14:24:00 -0700 | [diff] [blame] | 3078 | // short time (days, hours, or even minutes). This library implements draft-03 |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 3079 | // of the protocol spec. |
| 3080 | // |
| 3081 | // The extension ID has not been assigned; we're using 0xff02 for the time |
| 3082 | // being. Currently only the server side is implemented. |
| 3083 | // |
| 3084 | // Servers configure a DC for use in the handshake via |
| 3085 | // |SSL_set1_delegated_credential|. It must be signed by the host's end-entity |
| 3086 | // certificate as defined in draft-ietf-tls-subcerts-03. |
| 3087 | |
| 3088 | // SSL_set1_delegated_credential configures the delegated credential (DC) that |
| 3089 | // will be sent to the peer for the current connection. |dc| is the DC in wire |
| 3090 | // format, and |pkey| or |key_method| is the corresponding private key. |
Robert Sloan | 8967815 | 2019-03-12 14:24:00 -0700 | [diff] [blame] | 3091 | // Currently (as of draft-03), only servers may configure a DC to use in the |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 3092 | // handshake. |
| 3093 | // |
| 3094 | // The DC will only be used if the protocol version is correct and the signature |
| 3095 | // scheme is supported by the peer. If not, the DC will not be negotiated and |
| 3096 | // the handshake will use the private key (or private key method) associated |
| 3097 | // with the certificate. |
| 3098 | OPENSSL_EXPORT int SSL_set1_delegated_credential( |
| 3099 | SSL *ssl, CRYPTO_BUFFER *dc, EVP_PKEY *pkey, |
| 3100 | const SSL_PRIVATE_KEY_METHOD *key_method); |
| 3101 | |
| 3102 | |
Robert Sloan | cbf5ea6 | 2018-11-05 11:56:34 -0800 | [diff] [blame] | 3103 | // QUIC integration. |
| 3104 | // |
| 3105 | // QUIC acts as an underlying transport for the TLS 1.3 handshake. The following |
| 3106 | // functions allow a QUIC implementation to serve as the underlying transport as |
| 3107 | // described in draft-ietf-quic-tls. |
| 3108 | // |
| 3109 | // When configured for QUIC, |SSL_do_handshake| will drive the handshake as |
| 3110 | // before, but it will not use the configured |BIO|. It will call functions on |
| 3111 | // |SSL_QUIC_METHOD| to configure secrets and send data. If data is needed from |
| 3112 | // the peer, it will return |SSL_ERROR_WANT_READ|. When received, the caller |
| 3113 | // should call |SSL_provide_quic_data| and then |SSL_do_handshake| to continue |
Robert Sloan | c9abfe4 | 2018-11-26 12:19:07 -0800 | [diff] [blame] | 3114 | // the handshake. After the handshake is complete, the caller should call |
| 3115 | // |SSL_provide_quic_data| for any post-handshake data, followed by |
| 3116 | // |SSL_process_quic_post_handshake| to process it. It is an error to call |
| 3117 | // |SSL_read| and |SSL_write| in QUIC. |
Robert Sloan | cbf5ea6 | 2018-11-05 11:56:34 -0800 | [diff] [blame] | 3118 | // |
| 3119 | // Note that secrets for an encryption level may be available to QUIC before the |
| 3120 | // level is active in TLS. Callers should use |SSL_quic_read_level| to determine |
| 3121 | // the active read level for |SSL_provide_quic_data|. |SSL_do_handshake| will |
| 3122 | // pass the active write level to |SSL_QUIC_METHOD| when writing data. Callers |
| 3123 | // can use |SSL_quic_write_level| to query the active write level when |
| 3124 | // generating their own errors. |
| 3125 | // |
| 3126 | // See https://tools.ietf.org/html/draft-ietf-quic-tls-15#section-4.1 for more |
| 3127 | // details. |
| 3128 | // |
| 3129 | // To avoid DoS attacks, the QUIC implementation must limit the amount of data |
| 3130 | // being queued up. The implementation can call |
| 3131 | // |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each |
| 3132 | // encryption level. |
| 3133 | // |
Robert Sloan | c9abfe4 | 2018-11-26 12:19:07 -0800 | [diff] [blame] | 3134 | // Note: 0-RTT is not currently supported via this API. |
Robert Sloan | cbf5ea6 | 2018-11-05 11:56:34 -0800 | [diff] [blame] | 3135 | |
| 3136 | // ssl_encryption_level_t represents a specific QUIC encryption level used to |
| 3137 | // transmit handshake messages. |
| 3138 | enum ssl_encryption_level_t { |
| 3139 | ssl_encryption_initial = 0, |
| 3140 | ssl_encryption_early_data, |
| 3141 | ssl_encryption_handshake, |
| 3142 | ssl_encryption_application, |
| 3143 | }; |
| 3144 | |
| 3145 | // ssl_quic_method_st (aka |SSL_QUIC_METHOD|) describes custom QUIC hooks. |
| 3146 | struct ssl_quic_method_st { |
| 3147 | // set_encryption_secrets configures the read and write secrets for the given |
| 3148 | // encryption level. This function will always be called before an encryption |
| 3149 | // level other than |ssl_encryption_initial| is used. Note, however, that |
| 3150 | // secrets for a level may be configured before TLS is ready to send or accept |
| 3151 | // data at that level. |
| 3152 | // |
| 3153 | // When reading packets at a given level, the QUIC implementation must send |
| 3154 | // ACKs at the same level, so this function provides read and write secrets |
| 3155 | // together. The exception is |ssl_encryption_early_data|, where secrets are |
| 3156 | // only available in the client to server direction. The other secret will be |
| 3157 | // NULL. The server acknowledges such data at |ssl_encryption_application|, |
| 3158 | // which will be configured in the same |SSL_do_handshake| call. |
| 3159 | // |
| 3160 | // This function should use |SSL_get_current_cipher| to determine the TLS |
| 3161 | // cipher suite. |
| 3162 | // |
| 3163 | // It returns one on success and zero on error. |
| 3164 | int (*set_encryption_secrets)(SSL *ssl, enum ssl_encryption_level_t level, |
| 3165 | const uint8_t *read_secret, |
| 3166 | const uint8_t *write_secret, size_t secret_len); |
| 3167 | // add_handshake_data adds handshake data to the current flight at the given |
| 3168 | // encryption level. It returns one on success and zero on error. |
| 3169 | // |
| 3170 | // BoringSSL will pack data from a single encryption level together, but a |
| 3171 | // single handshake flight may include multiple encryption levels. Callers |
| 3172 | // should defer writing data to the network until |flush_flight| to better |
| 3173 | // pack QUIC packets into transport datagrams. |
| 3174 | int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level, |
| 3175 | const uint8_t *data, size_t len); |
| 3176 | // flush_flight is called when the current flight is complete and should be |
| 3177 | // written to the transport. Note a flight may contain data at several |
| 3178 | // encryption levels. It returns one on success and zero on error. |
| 3179 | int (*flush_flight)(SSL *ssl); |
| 3180 | // send_alert sends a fatal alert at the specified encryption level. It |
| 3181 | // returns one on success and zero on error. |
| 3182 | int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert); |
| 3183 | }; |
| 3184 | |
| 3185 | // SSL_quic_max_handshake_flight_len returns returns the maximum number of bytes |
| 3186 | // that may be received at the given encryption level. This function should be |
| 3187 | // used to limit buffering in the QUIC implementation. |
| 3188 | // |
| 3189 | // See https://tools.ietf.org/html/draft-ietf-quic-transport-16#section-4.4. |
| 3190 | OPENSSL_EXPORT size_t SSL_quic_max_handshake_flight_len( |
| 3191 | const SSL *ssl, enum ssl_encryption_level_t level); |
| 3192 | |
| 3193 | // SSL_quic_read_level returns the current read encryption level. |
| 3194 | OPENSSL_EXPORT enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl); |
| 3195 | |
| 3196 | // SSL_quic_write_level returns the current write encryption level. |
| 3197 | OPENSSL_EXPORT enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl); |
| 3198 | |
| 3199 | // SSL_provide_quic_data provides data from QUIC at a particular encryption |
| 3200 | // level |level|. It is an error to call this function outside of the handshake |
| 3201 | // or with an encryption level other than the current read level. It returns one |
| 3202 | // on success and zero on error. |
| 3203 | OPENSSL_EXPORT int SSL_provide_quic_data(SSL *ssl, |
| 3204 | enum ssl_encryption_level_t level, |
| 3205 | const uint8_t *data, size_t len); |
| 3206 | |
| 3207 | |
Robert Sloan | c9abfe4 | 2018-11-26 12:19:07 -0800 | [diff] [blame] | 3208 | // SSL_process_quic_post_handshake processes any data that QUIC has provided |
| 3209 | // after the handshake has completed. This includes NewSessionTicket messages |
| 3210 | // sent by the server. It returns one on success and zero on error. |
| 3211 | OPENSSL_EXPORT int SSL_process_quic_post_handshake(SSL *ssl); |
| 3212 | |
Robert Sloan | cbf5ea6 | 2018-11-05 11:56:34 -0800 | [diff] [blame] | 3213 | // SSL_CTX_set_quic_method configures the QUIC hooks. This should only be |
| 3214 | // configured with a minimum version of TLS 1.3. |quic_method| must remain valid |
| 3215 | // for the lifetime of |ctx|. It returns one on success and zero on error. |
| 3216 | OPENSSL_EXPORT int SSL_CTX_set_quic_method(SSL_CTX *ctx, |
| 3217 | const SSL_QUIC_METHOD *quic_method); |
| 3218 | |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 3219 | // SSL_set_quic_method configures the QUIC hooks. This should only be |
| 3220 | // configured with a minimum version of TLS 1.3. |quic_method| must remain valid |
| 3221 | // for the lifetime of |ssl|. It returns one on success and zero on error. |
| 3222 | OPENSSL_EXPORT int SSL_set_quic_method(SSL *ssl, |
| 3223 | const SSL_QUIC_METHOD *quic_method); |
| 3224 | |
Robert Sloan | cbf5ea6 | 2018-11-05 11:56:34 -0800 | [diff] [blame] | 3225 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3226 | // Early data. |
| 3227 | // |
| 3228 | // WARNING: 0-RTT support in BoringSSL is currently experimental and not fully |
| 3229 | // implemented. It may cause interoperability or security failures when used. |
| 3230 | // |
| 3231 | // Early data, or 0-RTT, is a feature in TLS 1.3 which allows clients to send |
| 3232 | // data on the first flight during a resumption handshake. This can save a |
| 3233 | // round-trip in some application protocols. |
| 3234 | // |
| 3235 | // WARNING: A 0-RTT handshake has different security properties from normal |
| 3236 | // handshake, so it is off by default unless opted in. In particular, early data |
| 3237 | // is replayable by a network attacker. Callers must account for this when |
Robert Sloan | d9e572d | 2018-08-27 12:27:00 -0700 | [diff] [blame] | 3238 | // sending or processing data before the handshake is confirmed. See RFC 8446 |
| 3239 | // for more information. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3240 | // |
| 3241 | // As a server, if early data is accepted, |SSL_do_handshake| will complete as |
| 3242 | // soon as the ClientHello is processed and server flight sent. |SSL_write| may |
| 3243 | // be used to send half-RTT data. |SSL_read| will consume early data and |
| 3244 | // transition to 1-RTT data as appropriate. Prior to the transition, |
| 3245 | // |SSL_in_init| will report the handshake is still in progress. Callers may use |
| 3246 | // it or |SSL_in_early_data| to defer or reject requests as needed. |
| 3247 | // |
| 3248 | // Early data as a client is more complex. If the offered session (see |
| 3249 | // |SSL_set_session|) is 0-RTT-capable, the handshake will return after sending |
| 3250 | // the ClientHello. The predicted peer certificates and ALPN protocol will be |
| 3251 | // available via the usual APIs. |SSL_write| will write early data, up to the |
| 3252 | // session's limit. Writes past this limit and |SSL_read| will complete the |
| 3253 | // handshake before continuing. Callers may also call |SSL_do_handshake| again |
| 3254 | // to complete the handshake sooner. |
| 3255 | // |
| 3256 | // If the server accepts early data, the handshake will succeed. |SSL_read| and |
| 3257 | // |SSL_write| will then act as in a 1-RTT handshake. The peer certificates and |
| 3258 | // ALPN protocol will be as predicted and need not be re-queried. |
| 3259 | // |
| 3260 | // If the server rejects early data, |SSL_do_handshake| (and thus |SSL_read| and |
| 3261 | // |SSL_write|) will then fail with |SSL_get_error| returning |
| 3262 | // |SSL_ERROR_EARLY_DATA_REJECTED|. The caller should treat this as a connection |
| 3263 | // error and most likely perform a high-level retry. Note the server may still |
| 3264 | // have processed the early data due to attacker replays. |
| 3265 | // |
| 3266 | // To then continue the handshake on the original connection, use |
| 3267 | // |SSL_reset_early_data_reject|. The connection will then behave as one which |
| 3268 | // had not yet completed the handshake. This allows a faster retry than making a |
| 3269 | // fresh connection. |SSL_do_handshake| will complete the full handshake, |
| 3270 | // possibly resulting in different peer certificates, ALPN protocol, and other |
| 3271 | // properties. The caller must disregard any values from before the reset and |
| 3272 | // query again. |
| 3273 | // |
Robert Sloan | d9e572d | 2018-08-27 12:27:00 -0700 | [diff] [blame] | 3274 | // Finally, to implement the fallback described in RFC 8446 appendix D.3, retry |
| 3275 | // on a fresh connection without 0-RTT if the handshake fails with |
| 3276 | // |SSL_R_WRONG_VERSION_ON_EARLY_DATA|. |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 3277 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3278 | // SSL_CTX_set_early_data_enabled sets whether early data is allowed to be used |
| 3279 | // with resumptions using |ctx|. |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 3280 | OPENSSL_EXPORT void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled); |
| 3281 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3282 | // SSL_set_early_data_enabled sets whether early data is allowed to be used |
| 3283 | // with resumptions using |ssl|. See |SSL_CTX_set_early_data_enabled| for more |
| 3284 | // information. |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 3285 | OPENSSL_EXPORT void SSL_set_early_data_enabled(SSL *ssl, int enabled); |
| 3286 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3287 | // SSL_in_early_data returns one if |ssl| has a pending handshake that has |
| 3288 | // progressed enough to send or receive early data. Clients may call |SSL_write| |
| 3289 | // to send early data, but |SSL_read| will complete the handshake before |
| 3290 | // accepting application data. Servers may call |SSL_read| to read early data |
| 3291 | // and |SSL_write| to send half-RTT data. |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 3292 | OPENSSL_EXPORT int SSL_in_early_data(const SSL *ssl); |
| 3293 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3294 | // SSL_early_data_accepted returns whether early data was accepted on the |
| 3295 | // handshake performed by |ssl|. |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 3296 | OPENSSL_EXPORT int SSL_early_data_accepted(const SSL *ssl); |
| 3297 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3298 | // SSL_reset_early_data_reject resets |ssl| after an early data reject. All |
| 3299 | // 0-RTT state is discarded, including any pending |SSL_write| calls. The caller |
| 3300 | // should treat |ssl| as a logically fresh connection, usually by driving the |
| 3301 | // handshake to completion using |SSL_do_handshake|. |
| 3302 | // |
| 3303 | // It is an error to call this function on an |SSL| object that is not signaling |
| 3304 | // |SSL_ERROR_EARLY_DATA_REJECTED|. |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 3305 | OPENSSL_EXPORT void SSL_reset_early_data_reject(SSL *ssl); |
| 3306 | |
Robert Sloan | 5581810 | 2017-12-18 11:26:17 -0800 | [diff] [blame] | 3307 | // SSL_export_early_keying_material behaves like |SSL_export_keying_material|, |
| 3308 | // but it uses the early exporter. The operation will fail if |ssl| did not |
| 3309 | // negotiate TLS 1.3 or 0-RTT. |
| 3310 | OPENSSL_EXPORT int SSL_export_early_keying_material( |
| 3311 | SSL *ssl, uint8_t *out, size_t out_len, const char *label, size_t label_len, |
| 3312 | const uint8_t *context, size_t context_len); |
| 3313 | |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 3314 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3315 | // Alerts. |
| 3316 | // |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3317 | // TLS uses alerts to signal error conditions. Alerts have a type (warning or |
| 3318 | // fatal) and description. OpenSSL internally handles fatal alerts with |
| 3319 | // dedicated error codes (see |SSL_AD_REASON_OFFSET|). Except for close_notify, |
| 3320 | // warning alerts are silently ignored and may only be surfaced with |
| 3321 | // |SSL_CTX_set_info_callback|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3322 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3323 | // SSL_AD_REASON_OFFSET is the offset between error reasons and |SSL_AD_*| |
| 3324 | // values. Any error code under |ERR_LIB_SSL| with an error reason above this |
| 3325 | // value corresponds to an alert description. Consumers may add or subtract |
| 3326 | // |SSL_AD_REASON_OFFSET| to convert between them. |
| 3327 | // |
| 3328 | // make_errors.go reserves error codes above 1000 for manually-assigned errors. |
| 3329 | // This value must be kept in sync with reservedReasonCode in make_errors.h |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3330 | #define SSL_AD_REASON_OFFSET 1000 |
| 3331 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3332 | // SSL_AD_* are alert descriptions. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3333 | #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY |
| 3334 | #define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE |
| 3335 | #define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC |
| 3336 | #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED |
| 3337 | #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW |
| 3338 | #define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE |
| 3339 | #define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3340 | #define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE // Legacy SSL 3.0 value |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3341 | #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE |
| 3342 | #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE |
| 3343 | #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED |
| 3344 | #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED |
| 3345 | #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN |
| 3346 | #define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER |
| 3347 | #define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA |
| 3348 | #define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED |
| 3349 | #define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR |
| 3350 | #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR |
| 3351 | #define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION |
| 3352 | #define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION |
| 3353 | #define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY |
| 3354 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR |
David Benjamin | 95add82 | 2016-10-19 01:09:12 -0400 | [diff] [blame] | 3355 | #define SSL_AD_INAPPROPRIATE_FALLBACK SSL3_AD_INAPPROPRIATE_FALLBACK |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3356 | #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED |
| 3357 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 3358 | #define SSL_AD_MISSING_EXTENSION TLS1_AD_MISSING_EXTENSION |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3359 | #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION |
| 3360 | #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE |
| 3361 | #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME |
| 3362 | #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE \ |
| 3363 | TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE |
| 3364 | #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE |
| 3365 | #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY |
David Benjamin | 95add82 | 2016-10-19 01:09:12 -0400 | [diff] [blame] | 3366 | #define SSL_AD_CERTIFICATE_REQUIRED TLS1_AD_CERTIFICATE_REQUIRED |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3367 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3368 | // SSL_alert_type_string_long returns a string description of |value| as an |
| 3369 | // alert type (warning or fatal). |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3370 | OPENSSL_EXPORT const char *SSL_alert_type_string_long(int value); |
| 3371 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3372 | // SSL_alert_desc_string_long returns a string description of |value| as an |
| 3373 | // alert description or "unknown" if unknown. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3374 | OPENSSL_EXPORT const char *SSL_alert_desc_string_long(int value); |
| 3375 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3376 | // SSL_send_fatal_alert sends a fatal alert over |ssl| of the specified type, |
| 3377 | // which should be one of the |SSL_AD_*| constants. It returns one on success |
| 3378 | // and <= 0 on error. The caller should pass the return value into |
| 3379 | // |SSL_get_error| to determine how to proceed. Once this function has been |
| 3380 | // called, future calls to |SSL_write| will fail. |
| 3381 | // |
| 3382 | // If retrying a failed operation due to |SSL_ERROR_WANT_WRITE|, subsequent |
| 3383 | // calls must use the same |alert| parameter. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 3384 | OPENSSL_EXPORT int SSL_send_fatal_alert(SSL *ssl, uint8_t alert); |
| 3385 | |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3386 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3387 | // ex_data functions. |
| 3388 | // |
| 3389 | // See |ex_data.h| for details. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3390 | |
| 3391 | OPENSSL_EXPORT int SSL_set_ex_data(SSL *ssl, int idx, void *data); |
| 3392 | OPENSSL_EXPORT void *SSL_get_ex_data(const SSL *ssl, int idx); |
| 3393 | OPENSSL_EXPORT int SSL_get_ex_new_index(long argl, void *argp, |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 3394 | CRYPTO_EX_unused *unused, |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame] | 3395 | CRYPTO_EX_dup *dup_unused, |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3396 | CRYPTO_EX_free *free_func); |
| 3397 | |
| 3398 | OPENSSL_EXPORT int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, |
| 3399 | void *data); |
| 3400 | OPENSSL_EXPORT void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, |
| 3401 | int idx); |
| 3402 | OPENSSL_EXPORT int SSL_SESSION_get_ex_new_index(long argl, void *argp, |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 3403 | CRYPTO_EX_unused *unused, |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame] | 3404 | CRYPTO_EX_dup *dup_unused, |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3405 | CRYPTO_EX_free *free_func); |
| 3406 | |
| 3407 | OPENSSL_EXPORT int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data); |
| 3408 | OPENSSL_EXPORT void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); |
| 3409 | OPENSSL_EXPORT int SSL_CTX_get_ex_new_index(long argl, void *argp, |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 3410 | CRYPTO_EX_unused *unused, |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame] | 3411 | CRYPTO_EX_dup *dup_unused, |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3412 | CRYPTO_EX_free *free_func); |
| 3413 | |
| 3414 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3415 | // Low-level record-layer state. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3416 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3417 | // SSL_get_ivs sets |*out_iv_len| to the length of the IVs for the ciphers |
| 3418 | // underlying |ssl| and sets |*out_read_iv| and |*out_write_iv| to point to the |
| 3419 | // current IVs for the read and write directions. This is only meaningful for |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3420 | // connections with implicit IVs (i.e. CBC mode with TLS 1.0). |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3421 | // |
| 3422 | // It returns one on success or zero on error. |
Adam Langley | fad6327 | 2015-11-12 12:15:39 -0800 | [diff] [blame] | 3423 | OPENSSL_EXPORT int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv, |
| 3424 | const uint8_t **out_write_iv, |
| 3425 | size_t *out_iv_len); |
| 3426 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3427 | // SSL_get_key_block_len returns the length of |ssl|'s key block. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3428 | OPENSSL_EXPORT size_t SSL_get_key_block_len(const SSL *ssl); |
| 3429 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3430 | // SSL_generate_key_block generates |out_len| bytes of key material for |ssl|'s |
| 3431 | // current connection state. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3432 | OPENSSL_EXPORT int SSL_generate_key_block(const SSL *ssl, uint8_t *out, |
| 3433 | size_t out_len); |
| 3434 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3435 | // SSL_get_read_sequence returns, in TLS, the expected sequence number of the |
| 3436 | // next incoming record in the current epoch. In DTLS, it returns the maximum |
| 3437 | // sequence number received in the current epoch and includes the epoch number |
| 3438 | // in the two most significant bytes. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3439 | OPENSSL_EXPORT uint64_t SSL_get_read_sequence(const SSL *ssl); |
| 3440 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3441 | // SSL_get_write_sequence returns the sequence number of the next outgoing |
| 3442 | // record in the current epoch. In DTLS, it includes the epoch number in the |
| 3443 | // two most significant bytes. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3444 | OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl); |
| 3445 | |
| 3446 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3447 | // Obscure functions. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3448 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3449 | // SSL_CTX_set_msg_callback installs |cb| as the message callback for |ctx|. |
| 3450 | // This callback will be called when sending or receiving low-level record |
| 3451 | // headers, complete handshake messages, ChangeCipherSpec, and alerts. |
| 3452 | // |write_p| is one for outgoing messages and zero for incoming messages. |
| 3453 | // |
| 3454 | // For each record header, |cb| is called with |version| = 0 and |content_type| |
| 3455 | // = |SSL3_RT_HEADER|. The |len| bytes from |buf| contain the header. Note that |
| 3456 | // this does not include the record body. If the record is sealed, the length |
| 3457 | // in the header is the length of the ciphertext. |
| 3458 | // |
| 3459 | // For each handshake message, ChangeCipherSpec, and alert, |version| is the |
| 3460 | // protocol version and |content_type| is the corresponding record type. The |
| 3461 | // |len| bytes from |buf| contain the handshake message, one-byte |
| 3462 | // ChangeCipherSpec body, and two-byte alert, respectively. |
| 3463 | // |
| 3464 | // For a V2ClientHello, |version| is |SSL2_VERSION|, |content_type| is zero, and |
| 3465 | // the |len| bytes from |buf| contain the V2ClientHello structure. |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 3466 | OPENSSL_EXPORT void SSL_CTX_set_msg_callback( |
| 3467 | SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, |
| 3468 | const void *buf, size_t len, SSL *ssl, void *arg)); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3469 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3470 | // SSL_CTX_set_msg_callback_arg sets the |arg| parameter of the message |
| 3471 | // callback. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3472 | OPENSSL_EXPORT void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); |
| 3473 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3474 | // SSL_set_msg_callback installs |cb| as the message callback of |ssl|. See |
| 3475 | // |SSL_CTX_set_msg_callback| for when this callback is called. |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 3476 | OPENSSL_EXPORT void SSL_set_msg_callback( |
| 3477 | SSL *ssl, void (*cb)(int write_p, int version, int content_type, |
| 3478 | const void *buf, size_t len, SSL *ssl, void *arg)); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3479 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3480 | // SSL_set_msg_callback_arg sets the |arg| parameter of the message callback. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3481 | OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg); |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 3482 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3483 | // SSL_CTX_set_keylog_callback configures a callback to log key material. This |
| 3484 | // is intended for debugging use with tools like Wireshark. The |cb| function |
| 3485 | // should log |line| followed by a newline, synchronizing with any concurrent |
| 3486 | // access to the log. |
| 3487 | // |
| 3488 | // The format is described in |
| 3489 | // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 3490 | OPENSSL_EXPORT void SSL_CTX_set_keylog_callback( |
| 3491 | SSL_CTX *ctx, void (*cb)(const SSL *ssl, const char *line)); |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 3492 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3493 | // SSL_CTX_get_keylog_callback returns the callback configured by |
| 3494 | // |SSL_CTX_set_keylog_callback|. |
David Benjamin | 7c0d06c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 3495 | OPENSSL_EXPORT void (*SSL_CTX_get_keylog_callback(const SSL_CTX *ctx))( |
| 3496 | const SSL *ssl, const char *line); |
| 3497 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3498 | // SSL_CTX_set_current_time_cb configures a callback to retrieve the current |
| 3499 | // time, which should be set in |*out_clock|. This can be used for testing |
| 3500 | // purposes; for example, a callback can be configured that returns a time |
| 3501 | // set explicitly by the test. The |ssl| pointer passed to |cb| is always null. |
David Benjamin | 6e899c7 | 2016-06-09 18:02:18 -0400 | [diff] [blame] | 3502 | OPENSSL_EXPORT void SSL_CTX_set_current_time_cb( |
| 3503 | SSL_CTX *ctx, void (*cb)(const SSL *ssl, struct timeval *out_clock)); |
| 3504 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3505 | // SSL_set_shed_handshake_config allows some of the configuration of |ssl| to be |
| 3506 | // freed after its handshake completes. Once configuration has been shed, APIs |
| 3507 | // that query it may fail. "Configuration" in this context means anything that |
| 3508 | // was set by the caller, as distinct from information derived from the |
| 3509 | // handshake. For example, |SSL_get_ciphers| queries how the |SSL| was |
| 3510 | // configured by the caller, and fails after configuration has been shed, |
| 3511 | // whereas |SSL_get_cipher| queries the result of the handshake, and is |
| 3512 | // unaffected by configuration shedding. |
| 3513 | // |
| 3514 | // If configuration shedding is enabled, it is an error to call |SSL_clear|. |
| 3515 | // |
| 3516 | // Note that configuration shedding as a client additionally depends on |
| 3517 | // renegotiation being disabled (see |SSL_set_renegotiate_mode|). If |
| 3518 | // renegotiation is possible, the configuration will be retained. If |
| 3519 | // configuration shedding is enabled and renegotiation later disabled after the |
| 3520 | // handshake, |SSL_set_renegotiate_mode| will shed configuration then. This may |
| 3521 | // be useful for clients which support renegotiation with some ALPN protocols, |
| 3522 | // such as HTTP/1.1, and not others, such as HTTP/2. |
| 3523 | OPENSSL_EXPORT void SSL_set_shed_handshake_config(SSL *ssl, int enable); |
| 3524 | |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3525 | enum ssl_renegotiate_mode_t { |
| 3526 | ssl_renegotiate_never = 0, |
| 3527 | ssl_renegotiate_once, |
| 3528 | ssl_renegotiate_freely, |
Adam Langley | fad6327 | 2015-11-12 12:15:39 -0800 | [diff] [blame] | 3529 | ssl_renegotiate_ignore, |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 3530 | }; |
| 3531 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3532 | // SSL_set_renegotiate_mode configures how |ssl|, a client, reacts to |
| 3533 | // renegotiation attempts by a server. If |ssl| is a server, peer-initiated |
| 3534 | // renegotiations are *always* rejected and this function does nothing. |
| 3535 | // |
| 3536 | // The renegotiation mode defaults to |ssl_renegotiate_never|, but may be set |
| 3537 | // at any point in a connection's lifetime. Set it to |ssl_renegotiate_once| to |
| 3538 | // allow one renegotiation, |ssl_renegotiate_freely| to allow all |
| 3539 | // renegotiations or |ssl_renegotiate_ignore| to ignore HelloRequest messages. |
| 3540 | // Note that ignoring HelloRequest messages may cause the connection to stall |
| 3541 | // if the server waits for the renegotiation to complete. |
| 3542 | // |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3543 | // If configuration shedding is enabled (see |SSL_set_shed_handshake_config|), |
| 3544 | // configuration is released if, at any point after the handshake, renegotiation |
| 3545 | // is disabled. It is not possible to switch from disabling renegotiation to |
| 3546 | // enabling it on a given connection. Callers that condition renegotiation on, |
| 3547 | // e.g., ALPN must enable renegotiation before the handshake and conditionally |
| 3548 | // disable it afterwards. |
| 3549 | // |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3550 | // There is no support in BoringSSL for initiating renegotiations as a client |
| 3551 | // or server. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3552 | OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl, |
| 3553 | enum ssl_renegotiate_mode_t mode); |
Kenny Root | 03bcf61 | 2015-11-05 20:20:27 +0000 | [diff] [blame] | 3554 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3555 | // SSL_renegotiate_pending returns one if |ssl| is in the middle of a |
| 3556 | // renegotiation. |
Kenny Root | 03bcf61 | 2015-11-05 20:20:27 +0000 | [diff] [blame] | 3557 | OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl); |
| 3558 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3559 | // SSL_total_renegotiations returns the total number of renegotiation handshakes |
| 3560 | // performed by |ssl|. This includes the pending renegotiation, if any. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3561 | OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl); |
Kenny Root | 03bcf61 | 2015-11-05 20:20:27 +0000 | [diff] [blame] | 3562 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3563 | // SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer |
| 3564 | // certificate chain. |
David Benjamin | 95add82 | 2016-10-19 01:09:12 -0400 | [diff] [blame] | 3565 | #define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100) |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 3566 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3567 | // SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer |
| 3568 | // certificate chain accepted by |ctx|. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3569 | OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx); |
| 3570 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3571 | // SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer |
| 3572 | // certificate chain to |max_cert_list|. This affects how much memory may be |
| 3573 | // consumed during the handshake. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3574 | OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, |
| 3575 | size_t max_cert_list); |
| 3576 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3577 | // SSL_get_max_cert_list returns the maximum length, in bytes, of a peer |
| 3578 | // certificate chain accepted by |ssl|. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3579 | OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl); |
| 3580 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3581 | // SSL_set_max_cert_list sets the maximum length, in bytes, of a peer |
| 3582 | // certificate chain to |max_cert_list|. This affects how much memory may be |
| 3583 | // consumed during the handshake. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3584 | OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list); |
| 3585 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3586 | // SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records |
| 3587 | // sent by |ctx|. Beyond this length, handshake messages and application data |
| 3588 | // will be split into multiple records. It returns one on success or zero on |
| 3589 | // error. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3590 | OPENSSL_EXPORT int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, |
| 3591 | size_t max_send_fragment); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3592 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3593 | // SSL_set_max_send_fragment sets the maximum length, in bytes, of records sent |
| 3594 | // by |ssl|. Beyond this length, handshake messages and application data will |
| 3595 | // be split into multiple records. It returns one on success or zero on |
| 3596 | // error. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3597 | OPENSSL_EXPORT int SSL_set_max_send_fragment(SSL *ssl, |
| 3598 | size_t max_send_fragment); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3599 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3600 | // ssl_early_callback_ctx (aka |SSL_CLIENT_HELLO|) is passed to certain |
| 3601 | // callbacks that are called very early on during the server handshake. At this |
| 3602 | // point, much of the SSL* hasn't been filled out and only the ClientHello can |
| 3603 | // be depended on. |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 3604 | typedef struct ssl_early_callback_ctx { |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3605 | SSL *ssl; |
| 3606 | const uint8_t *client_hello; |
| 3607 | size_t client_hello_len; |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 3608 | uint16_t version; |
| 3609 | const uint8_t *random; |
| 3610 | size_t random_len; |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3611 | const uint8_t *session_id; |
| 3612 | size_t session_id_len; |
| 3613 | const uint8_t *cipher_suites; |
| 3614 | size_t cipher_suites_len; |
| 3615 | const uint8_t *compression_methods; |
| 3616 | size_t compression_methods_len; |
| 3617 | const uint8_t *extensions; |
| 3618 | size_t extensions_len; |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 3619 | } SSL_CLIENT_HELLO; |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3620 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3621 | // ssl_select_cert_result_t enumerates the possible results from selecting a |
| 3622 | // certificate with |select_certificate_cb|. |
Robert Sloan | 6d0d00e | 2017-03-27 07:13:07 -0700 | [diff] [blame] | 3623 | enum ssl_select_cert_result_t { |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3624 | // ssl_select_cert_success indicates that the certificate selection was |
| 3625 | // successful. |
Robert Sloan | 6d0d00e | 2017-03-27 07:13:07 -0700 | [diff] [blame] | 3626 | ssl_select_cert_success = 1, |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3627 | // ssl_select_cert_retry indicates that the operation could not be |
| 3628 | // immediately completed and must be reattempted at a later point. |
Robert Sloan | 6d0d00e | 2017-03-27 07:13:07 -0700 | [diff] [blame] | 3629 | ssl_select_cert_retry = 0, |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3630 | // ssl_select_cert_error indicates that a fatal error occured and the |
| 3631 | // handshake should be terminated. |
Robert Sloan | 6d0d00e | 2017-03-27 07:13:07 -0700 | [diff] [blame] | 3632 | ssl_select_cert_error = -1, |
| 3633 | }; |
| 3634 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3635 | // SSL_early_callback_ctx_extension_get searches the extensions in |
| 3636 | // |client_hello| for an extension of the given type. If not found, it returns |
| 3637 | // zero. Otherwise it sets |out_data| to point to the extension contents (not |
| 3638 | // including the type and length bytes), sets |out_len| to the length of the |
| 3639 | // extension contents and returns one. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3640 | OPENSSL_EXPORT int SSL_early_callback_ctx_extension_get( |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 3641 | const SSL_CLIENT_HELLO *client_hello, uint16_t extension_type, |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3642 | const uint8_t **out_data, size_t *out_len); |
| 3643 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3644 | // SSL_CTX_set_select_certificate_cb sets a callback that is called before most |
| 3645 | // ClientHello processing and before the decision whether to resume a session |
| 3646 | // is made. The callback may inspect the ClientHello and configure the |
| 3647 | // connection. See |ssl_select_cert_result_t| for details of the return values. |
| 3648 | // |
| 3649 | // In the case that a retry is indicated, |SSL_get_error| will return |
| 3650 | // |SSL_ERROR_PENDING_CERTIFICATE| and the caller should arrange for the |
| 3651 | // high-level operation on |ssl| to be retried at a later time, which will |
| 3652 | // result in another call to |cb|. |
| 3653 | // |
| 3654 | // Note: The |SSL_CLIENT_HELLO| is only valid for the duration of the callback |
| 3655 | // and is not valid while the handshake is paused. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3656 | OPENSSL_EXPORT void SSL_CTX_set_select_certificate_cb( |
Robert Sloan | 6d0d00e | 2017-03-27 07:13:07 -0700 | [diff] [blame] | 3657 | SSL_CTX *ctx, |
| 3658 | enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)); |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3659 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3660 | // SSL_CTX_set_dos_protection_cb sets a callback that is called once the |
| 3661 | // resumption decision for a ClientHello has been made. It can return one to |
| 3662 | // allow the handshake to continue or zero to cause the handshake to abort. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3663 | OPENSSL_EXPORT void SSL_CTX_set_dos_protection_cb( |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 3664 | SSL_CTX *ctx, int (*cb)(const SSL_CLIENT_HELLO *)); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3665 | |
Robert Sloan | d9e572d | 2018-08-27 12:27:00 -0700 | [diff] [blame] | 3666 | // SSL_CTX_set_reverify_on_resume configures whether the certificate |
| 3667 | // verification callback will be used to reverify stored certificates |
| 3668 | // when resuming a session. This only works with |SSL_CTX_set_custom_verify|. |
| 3669 | // For now, this is incompatible with |SSL_VERIFY_NONE| mode, and is only |
| 3670 | // respected on clients. |
| 3671 | OPENSSL_EXPORT void SSL_CTX_set_reverify_on_resume(SSL_CTX *ctx, int enabled); |
| 3672 | |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 3673 | // SSL_set_enforce_rsa_key_usage configures whether the keyUsage extension of |
| 3674 | // RSA leaf certificates will be checked for consistency with the TLS |
| 3675 | // usage. This parameter may be set late; it will not be read until after the |
| 3676 | // certificate verification callback. |
| 3677 | OPENSSL_EXPORT void SSL_set_enforce_rsa_key_usage(SSL *ssl, int enabled); |
| 3678 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3679 | // SSL_ST_* are possible values for |SSL_state|, the bitmasks that make them up, |
| 3680 | // and some historical values for compatibility. Only |SSL_ST_INIT| and |
| 3681 | // |SSL_ST_OK| are ever returned. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3682 | #define SSL_ST_CONNECT 0x1000 |
| 3683 | #define SSL_ST_ACCEPT 0x2000 |
| 3684 | #define SSL_ST_MASK 0x0FFF |
| 3685 | #define SSL_ST_INIT (SSL_ST_CONNECT | SSL_ST_ACCEPT) |
| 3686 | #define SSL_ST_OK 0x03 |
| 3687 | #define SSL_ST_RENEGOTIATE (0x04 | SSL_ST_INIT) |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3688 | #define SSL_ST_BEFORE (0x05 | SSL_ST_INIT) |
| 3689 | |
| 3690 | // TLS_ST_* are aliases for |SSL_ST_*| for OpenSSL 1.1.0 compatibility. |
| 3691 | #define TLS_ST_OK SSL_ST_OK |
| 3692 | #define TLS_ST_BEFORE SSL_ST_BEFORE |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3693 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3694 | // SSL_CB_* are possible values for the |type| parameter in the info |
| 3695 | // callback and the bitmasks that make them up. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3696 | #define SSL_CB_LOOP 0x01 |
| 3697 | #define SSL_CB_EXIT 0x02 |
| 3698 | #define SSL_CB_READ 0x04 |
| 3699 | #define SSL_CB_WRITE 0x08 |
| 3700 | #define SSL_CB_ALERT 0x4000 |
| 3701 | #define SSL_CB_READ_ALERT (SSL_CB_ALERT | SSL_CB_READ) |
| 3702 | #define SSL_CB_WRITE_ALERT (SSL_CB_ALERT | SSL_CB_WRITE) |
| 3703 | #define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT | SSL_CB_LOOP) |
| 3704 | #define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT | SSL_CB_EXIT) |
| 3705 | #define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT | SSL_CB_LOOP) |
| 3706 | #define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT | SSL_CB_EXIT) |
| 3707 | #define SSL_CB_HANDSHAKE_START 0x10 |
| 3708 | #define SSL_CB_HANDSHAKE_DONE 0x20 |
| 3709 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3710 | // SSL_CTX_set_info_callback configures a callback to be run when various |
| 3711 | // events occur during a connection's lifetime. The |type| argument determines |
| 3712 | // the type of event and the meaning of the |value| argument. Callbacks must |
| 3713 | // ignore unexpected |type| values. |
| 3714 | // |
| 3715 | // |SSL_CB_READ_ALERT| is signaled for each alert received, warning or fatal. |
| 3716 | // The |value| argument is a 16-bit value where the alert level (either |
| 3717 | // |SSL3_AL_WARNING| or |SSL3_AL_FATAL|) is in the most-significant eight bits |
| 3718 | // and the alert type (one of |SSL_AD_*|) is in the least-significant eight. |
| 3719 | // |
| 3720 | // |SSL_CB_WRITE_ALERT| is signaled for each alert sent. The |value| argument |
| 3721 | // is constructed as with |SSL_CB_READ_ALERT|. |
| 3722 | // |
| 3723 | // |SSL_CB_HANDSHAKE_START| is signaled when a handshake begins. The |value| |
| 3724 | // argument is always one. |
| 3725 | // |
| 3726 | // |SSL_CB_HANDSHAKE_DONE| is signaled when a handshake completes successfully. |
| 3727 | // The |value| argument is always one. If a handshake False Starts, this event |
| 3728 | // may be used to determine when the Finished message is received. |
| 3729 | // |
| 3730 | // The following event types expose implementation details of the handshake |
| 3731 | // state machine. Consuming them is deprecated. |
| 3732 | // |
| 3733 | // |SSL_CB_ACCEPT_LOOP| (respectively, |SSL_CB_CONNECT_LOOP|) is signaled when |
| 3734 | // a server (respectively, client) handshake progresses. The |value| argument |
| 3735 | // is always one. |
| 3736 | // |
| 3737 | // |SSL_CB_ACCEPT_EXIT| (respectively, |SSL_CB_CONNECT_EXIT|) is signaled when |
| 3738 | // a server (respectively, client) handshake completes, fails, or is paused. |
| 3739 | // The |value| argument is one if the handshake succeeded and <= 0 |
| 3740 | // otherwise. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3741 | OPENSSL_EXPORT void SSL_CTX_set_info_callback( |
| 3742 | SSL_CTX *ctx, void (*cb)(const SSL *ssl, int type, int value)); |
| 3743 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3744 | // SSL_CTX_get_info_callback returns the callback set by |
| 3745 | // |SSL_CTX_set_info_callback|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3746 | OPENSSL_EXPORT void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, |
| 3747 | int type, |
| 3748 | int value); |
| 3749 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3750 | // SSL_set_info_callback configures a callback to be run at various events |
| 3751 | // during a connection's lifetime. See |SSL_CTX_set_info_callback|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3752 | OPENSSL_EXPORT void SSL_set_info_callback( |
| 3753 | SSL *ssl, void (*cb)(const SSL *ssl, int type, int value)); |
| 3754 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3755 | // SSL_get_info_callback returns the callback set by |SSL_set_info_callback|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3756 | OPENSSL_EXPORT void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, |
| 3757 | int type, |
| 3758 | int value); |
| 3759 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3760 | // SSL_state_string_long returns the current state of the handshake state |
| 3761 | // machine as a string. This may be useful for debugging and logging. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3762 | OPENSSL_EXPORT const char *SSL_state_string_long(const SSL *ssl); |
| 3763 | |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3764 | #define SSL_SENT_SHUTDOWN 1 |
| 3765 | #define SSL_RECEIVED_SHUTDOWN 2 |
| 3766 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3767 | // SSL_get_shutdown returns a bitmask with a subset of |SSL_SENT_SHUTDOWN| and |
| 3768 | // |SSL_RECEIVED_SHUTDOWN| to query whether close_notify was sent or received, |
| 3769 | // respectively. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3770 | OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl); |
| 3771 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3772 | // SSL_get_peer_signature_algorithm returns the signature algorithm used by the |
| 3773 | // peer. If not applicable, it returns zero. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 3774 | OPENSSL_EXPORT uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl); |
Adam Langley | fad6327 | 2015-11-12 12:15:39 -0800 | [diff] [blame] | 3775 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3776 | // SSL_get_client_random writes up to |max_out| bytes of the most recent |
| 3777 | // handshake's client_random to |out| and returns the number of bytes written. |
| 3778 | // If |max_out| is zero, it returns the size of the client_random. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3779 | OPENSSL_EXPORT size_t SSL_get_client_random(const SSL *ssl, uint8_t *out, |
| 3780 | size_t max_out); |
| 3781 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3782 | // SSL_get_server_random writes up to |max_out| bytes of the most recent |
| 3783 | // handshake's server_random to |out| and returns the number of bytes written. |
| 3784 | // If |max_out| is zero, it returns the size of the server_random. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3785 | OPENSSL_EXPORT size_t SSL_get_server_random(const SSL *ssl, uint8_t *out, |
| 3786 | size_t max_out); |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3787 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3788 | // SSL_get_pending_cipher returns the cipher suite for the current handshake or |
| 3789 | // NULL if one has not been negotiated yet or there is no pending handshake. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3790 | OPENSSL_EXPORT const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); |
| 3791 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3792 | // SSL_set_retain_only_sha256_of_client_certs, on a server, sets whether only |
| 3793 | // the SHA-256 hash of peer's certificate should be saved in memory and in the |
| 3794 | // session. This can save memory, ticket size and session cache space. If |
| 3795 | // enabled, |SSL_get_peer_certificate| will return NULL after the handshake |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3796 | // completes. See |SSL_SESSION_has_peer_sha256| and |
| 3797 | // |SSL_SESSION_get0_peer_sha256| to query the hash. |
Steven Valdez | 909b19f | 2016-11-21 15:35:44 -0500 | [diff] [blame] | 3798 | OPENSSL_EXPORT void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl, |
| 3799 | int enable); |
| 3800 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3801 | // SSL_CTX_set_retain_only_sha256_of_client_certs, on a server, sets whether |
| 3802 | // only the SHA-256 hash of peer's certificate should be saved in memory and in |
| 3803 | // the session. This can save memory, ticket size and session cache space. If |
| 3804 | // enabled, |SSL_get_peer_certificate| will return NULL after the handshake |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 3805 | // completes. See |SSL_SESSION_has_peer_sha256| and |
| 3806 | // |SSL_SESSION_get0_peer_sha256| to query the hash. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 3807 | OPENSSL_EXPORT void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx, |
| 3808 | int enable); |
| 3809 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3810 | // SSL_CTX_set_grease_enabled configures whether sockets on |ctx| should enable |
| 3811 | // GREASE. See draft-davidben-tls-grease-01. |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 3812 | OPENSSL_EXPORT void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled); |
| 3813 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3814 | // SSL_max_seal_overhead returns the maximum overhead, in bytes, of sealing a |
| 3815 | // record with |ssl|. |
Steven Valdez | 909b19f | 2016-11-21 15:35:44 -0500 | [diff] [blame] | 3816 | OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl); |
| 3817 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3818 | // SSL_get_ticket_age_skew returns the difference, in seconds, between the |
| 3819 | // client-sent ticket age and the server-computed value in TLS 1.3 server |
| 3820 | // connections which resumed a session. |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 3821 | OPENSSL_EXPORT int32_t SSL_get_ticket_age_skew(const SSL *ssl); |
| 3822 | |
Robert Sloan | cd79cde | 2017-12-11 09:06:12 -0800 | [diff] [blame] | 3823 | // SSL_CTX_set_false_start_allowed_without_alpn configures whether connections |
| 3824 | // on |ctx| may use False Start (if |SSL_MODE_ENABLE_FALSE_START| is enabled) |
| 3825 | // without negotiating ALPN. |
| 3826 | OPENSSL_EXPORT void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, |
| 3827 | int allowed); |
| 3828 | |
Robert Sloan | d9e572d | 2018-08-27 12:27:00 -0700 | [diff] [blame] | 3829 | // SSL_CTX_set_ignore_tls13_downgrade configures whether connections on |ctx| |
| 3830 | // ignore the downgrade signal in the server's random value. |
| 3831 | OPENSSL_EXPORT void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, |
| 3832 | int ignore); |
Robert Sloan | 0da4395 | 2018-01-03 15:13:14 -0800 | [diff] [blame] | 3833 | |
Robert Sloan | f068def | 2018-10-10 18:45:40 -0700 | [diff] [blame] | 3834 | // SSL_set_ignore_tls13_downgrade configures whether |ssl| ignores the downgrade |
| 3835 | // signal in the server's random value. |
| 3836 | OPENSSL_EXPORT void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore); |
| 3837 | |
Robert Sloan | d9e572d | 2018-08-27 12:27:00 -0700 | [diff] [blame] | 3838 | // SSL_is_tls13_downgrade returns one if the TLS 1.3 anti-downgrade |
| 3839 | // mechanism would have aborted |ssl|'s handshake and zero otherwise. |
| 3840 | OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3841 | |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 3842 | // SSL_set_jdk11_workaround configures whether to workaround various bugs in |
| 3843 | // JDK 11's TLS 1.3 implementation by disabling TLS 1.3 for such clients. |
Robert Sloan | c9abfe4 | 2018-11-26 12:19:07 -0800 | [diff] [blame] | 3844 | // |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 3845 | // https://bugs.openjdk.java.net/browse/JDK-8211806 |
| 3846 | // https://bugs.openjdk.java.net/browse/JDK-8212885 |
| 3847 | // https://bugs.openjdk.java.net/browse/JDK-8213202 |
Robert Sloan | c9abfe4 | 2018-11-26 12:19:07 -0800 | [diff] [blame] | 3848 | OPENSSL_EXPORT void SSL_set_jdk11_workaround(SSL *ssl, int enable); |
| 3849 | |
Robert Sloan | 5bdaadb | 2018-10-30 16:00:26 -0700 | [diff] [blame] | 3850 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3851 | // Deprecated functions. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3852 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3853 | // SSL_library_init calls |CRYPTO_library_init| and returns one. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 3854 | OPENSSL_EXPORT int SSL_library_init(void); |
| 3855 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3856 | // SSL_CIPHER_description writes a description of |cipher| into |buf| and |
| 3857 | // returns |buf|. If |buf| is NULL, it returns a newly allocated string, to be |
| 3858 | // freed with |OPENSSL_free|, or NULL on error. |
| 3859 | // |
| 3860 | // The description includes a trailing newline and has the form: |
| 3861 | // AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 |
| 3862 | // |
| 3863 | // Consider |SSL_CIPHER_standard_name| or |SSL_CIPHER_get_name| instead. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3864 | OPENSSL_EXPORT const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, |
| 3865 | char *buf, int len); |
| 3866 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3867 | // SSL_CIPHER_get_version returns the string "TLSv1/SSLv3". |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3868 | OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); |
| 3869 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3870 | // SSL_CIPHER_get_rfc_name returns a newly-allocated string containing the |
| 3871 | // result of |SSL_CIPHER_standard_name| or NULL on error. The caller is |
| 3872 | // responsible for calling |OPENSSL_free| on the result. |
| 3873 | // |
| 3874 | // Use |SSL_CIPHER_standard_name| instead. |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 3875 | OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher); |
| 3876 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3877 | typedef void COMP_METHOD; |
Robert Sloan | ab8b888 | 2018-03-26 11:39:51 -0700 | [diff] [blame] | 3878 | typedef struct ssl_comp_st SSL_COMP; |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3879 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3880 | // SSL_COMP_get_compression_methods returns NULL. |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame] | 3881 | OPENSSL_EXPORT STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3882 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3883 | // SSL_COMP_add_compression_method returns one. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3884 | OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3885 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3886 | // SSL_COMP_get_name returns NULL. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 3887 | OPENSSL_EXPORT const char *SSL_COMP_get_name(const COMP_METHOD *comp); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3888 | |
Robert Sloan | ab8b888 | 2018-03-26 11:39:51 -0700 | [diff] [blame] | 3889 | // SSL_COMP_get0_name returns the |name| member of |comp|. |
| 3890 | OPENSSL_EXPORT const char *SSL_COMP_get0_name(const SSL_COMP *comp); |
| 3891 | |
| 3892 | // SSL_COMP_get_id returns the |id| member of |comp|. |
| 3893 | OPENSSL_EXPORT int SSL_COMP_get_id(const SSL_COMP *comp); |
| 3894 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3895 | // SSL_COMP_free_compression_methods does nothing. |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 3896 | OPENSSL_EXPORT void SSL_COMP_free_compression_methods(void); |
| 3897 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3898 | // SSLv23_method calls |TLS_method|. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3899 | OPENSSL_EXPORT const SSL_METHOD *SSLv23_method(void); |
| 3900 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3901 | // These version-specific methods behave exactly like |TLS_method| and |
| 3902 | // |DTLS_method| except they also call |SSL_CTX_set_min_proto_version| and |
| 3903 | // |SSL_CTX_set_max_proto_version| to lock connections to that protocol |
| 3904 | // version. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3905 | OPENSSL_EXPORT const SSL_METHOD *TLSv1_method(void); |
| 3906 | OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_method(void); |
| 3907 | OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_method(void); |
| 3908 | OPENSSL_EXPORT const SSL_METHOD *DTLSv1_method(void); |
| 3909 | OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_method(void); |
| 3910 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3911 | // These client- and server-specific methods call their corresponding generic |
| 3912 | // methods. |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 3913 | OPENSSL_EXPORT const SSL_METHOD *TLS_server_method(void); |
| 3914 | OPENSSL_EXPORT const SSL_METHOD *TLS_client_method(void); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3915 | OPENSSL_EXPORT const SSL_METHOD *SSLv23_server_method(void); |
| 3916 | OPENSSL_EXPORT const SSL_METHOD *SSLv23_client_method(void); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3917 | OPENSSL_EXPORT const SSL_METHOD *TLSv1_server_method(void); |
| 3918 | OPENSSL_EXPORT const SSL_METHOD *TLSv1_client_method(void); |
| 3919 | OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_server_method(void); |
| 3920 | OPENSSL_EXPORT const SSL_METHOD *TLSv1_1_client_method(void); |
| 3921 | OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_server_method(void); |
| 3922 | OPENSSL_EXPORT const SSL_METHOD *TLSv1_2_client_method(void); |
| 3923 | OPENSSL_EXPORT const SSL_METHOD *DTLS_server_method(void); |
| 3924 | OPENSSL_EXPORT const SSL_METHOD *DTLS_client_method(void); |
| 3925 | OPENSSL_EXPORT const SSL_METHOD *DTLSv1_server_method(void); |
| 3926 | OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void); |
| 3927 | OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void); |
| 3928 | OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void); |
| 3929 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3930 | // SSL_clear resets |ssl| to allow another connection and returns one on success |
| 3931 | // or zero on failure. It returns most configuration state but releases memory |
| 3932 | // associated with the current connection. |
| 3933 | // |
| 3934 | // Free |ssl| and create a new one instead. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 3935 | OPENSSL_EXPORT int SSL_clear(SSL *ssl); |
| 3936 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3937 | // SSL_CTX_set_tmp_rsa_callback does nothing. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3938 | OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback( |
| 3939 | SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); |
| 3940 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3941 | // SSL_set_tmp_rsa_callback does nothing. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3942 | OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl, |
| 3943 | RSA *(*cb)(SSL *ssl, int is_export, |
| 3944 | int keylength)); |
| 3945 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3946 | // SSL_CTX_sess_connect returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3947 | OPENSSL_EXPORT int SSL_CTX_sess_connect(const SSL_CTX *ctx); |
| 3948 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3949 | // SSL_CTX_sess_connect_good returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3950 | OPENSSL_EXPORT int SSL_CTX_sess_connect_good(const SSL_CTX *ctx); |
| 3951 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3952 | // SSL_CTX_sess_connect_renegotiate returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3953 | OPENSSL_EXPORT int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx); |
| 3954 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3955 | // SSL_CTX_sess_accept returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3956 | OPENSSL_EXPORT int SSL_CTX_sess_accept(const SSL_CTX *ctx); |
| 3957 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3958 | // SSL_CTX_sess_accept_renegotiate returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3959 | OPENSSL_EXPORT int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx); |
| 3960 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3961 | // SSL_CTX_sess_accept_good returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3962 | OPENSSL_EXPORT int SSL_CTX_sess_accept_good(const SSL_CTX *ctx); |
| 3963 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3964 | // SSL_CTX_sess_hits returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3965 | OPENSSL_EXPORT int SSL_CTX_sess_hits(const SSL_CTX *ctx); |
| 3966 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3967 | // SSL_CTX_sess_cb_hits returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3968 | OPENSSL_EXPORT int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx); |
| 3969 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3970 | // SSL_CTX_sess_misses returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3971 | OPENSSL_EXPORT int SSL_CTX_sess_misses(const SSL_CTX *ctx); |
| 3972 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3973 | // SSL_CTX_sess_timeouts returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3974 | OPENSSL_EXPORT int SSL_CTX_sess_timeouts(const SSL_CTX *ctx); |
| 3975 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3976 | // SSL_CTX_sess_cache_full returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3977 | OPENSSL_EXPORT int SSL_CTX_sess_cache_full(const SSL_CTX *ctx); |
| 3978 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3979 | // SSL_cutthrough_complete calls |SSL_in_false_start|. |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 3980 | OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *ssl); |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3981 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3982 | // SSL_num_renegotiations calls |SSL_total_renegotiations|. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3983 | OPENSSL_EXPORT int SSL_num_renegotiations(const SSL *ssl); |
| 3984 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3985 | // SSL_CTX_need_tmp_RSA returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3986 | OPENSSL_EXPORT int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx); |
| 3987 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3988 | // SSL_need_tmp_RSA returns zero. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3989 | OPENSSL_EXPORT int SSL_need_tmp_RSA(const SSL *ssl); |
| 3990 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3991 | // SSL_CTX_set_tmp_rsa returns one. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3992 | OPENSSL_EXPORT int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa); |
| 3993 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3994 | // SSL_set_tmp_rsa returns one. |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 3995 | OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa); |
| 3996 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 3997 | // SSL_CTX_get_read_ahead returns zero. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 3998 | OPENSSL_EXPORT int SSL_CTX_get_read_ahead(const SSL_CTX *ctx); |
| 3999 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4000 | // SSL_CTX_set_read_ahead returns one. |
| 4001 | OPENSSL_EXPORT int SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 4002 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4003 | // SSL_get_read_ahead returns zero. |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4004 | OPENSSL_EXPORT int SSL_get_read_ahead(const SSL *ssl); |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 4005 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4006 | // SSL_set_read_ahead returns one. |
| 4007 | OPENSSL_EXPORT int SSL_set_read_ahead(SSL *ssl, int yes); |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 4008 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4009 | // SSL_renegotiate put an error on the error queue and returns zero. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 4010 | OPENSSL_EXPORT int SSL_renegotiate(SSL *ssl); |
| 4011 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4012 | // SSL_set_state does nothing. |
Adam Langley | f4e4272 | 2015-06-04 17:45:09 -0700 | [diff] [blame] | 4013 | OPENSSL_EXPORT void SSL_set_state(SSL *ssl, int state); |
| 4014 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4015 | // SSL_get_shared_ciphers writes an empty string to |buf| and returns a |
| 4016 | // pointer to |buf|, or NULL if |len| is less than or equal to zero. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 4017 | OPENSSL_EXPORT char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len); |
| 4018 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4019 | // SSL_MODE_HANDSHAKE_CUTTHROUGH is the same as SSL_MODE_ENABLE_FALSE_START. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4020 | #define SSL_MODE_HANDSHAKE_CUTTHROUGH SSL_MODE_ENABLE_FALSE_START |
| 4021 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4022 | // i2d_SSL_SESSION serializes |in| to the bytes pointed to by |*pp|. On success, |
| 4023 | // it returns the number of bytes written and advances |*pp| by that many bytes. |
| 4024 | // On failure, it returns -1. If |pp| is NULL, no bytes are written and only the |
| 4025 | // length is returned. |
| 4026 | // |
| 4027 | // Use |SSL_SESSION_to_bytes| instead. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4028 | OPENSSL_EXPORT int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp); |
| 4029 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4030 | // d2i_SSL_SESSION parses a serialized session from the |length| bytes pointed |
| 4031 | // to by |*pp|. It returns the new |SSL_SESSION| and advances |*pp| by the |
| 4032 | // number of bytes consumed on success and NULL on failure. The caller takes |
| 4033 | // ownership of the new session and must call |SSL_SESSION_free| when done. |
| 4034 | // |
| 4035 | // If |a| is non-NULL, |*a| is released and set the new |SSL_SESSION|. |
| 4036 | // |
| 4037 | // Use |SSL_SESSION_from_bytes| instead. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4038 | OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, |
| 4039 | long length); |
| 4040 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4041 | // i2d_SSL_SESSION_bio serializes |session| and writes the result to |bio|. It |
| 4042 | // returns the number of bytes written on success and <= 0 on error. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4043 | OPENSSL_EXPORT int i2d_SSL_SESSION_bio(BIO *bio, const SSL_SESSION *session); |
| 4044 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4045 | // d2i_SSL_SESSION_bio reads a serialized |SSL_SESSION| from |bio| and returns a |
| 4046 | // newly-allocated |SSL_SESSION| or NULL on error. If |out| is not NULL, it also |
| 4047 | // frees |*out| and sets |*out| to the new |SSL_SESSION|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4048 | OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION_bio(BIO *bio, SSL_SESSION **out); |
| 4049 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4050 | // ERR_load_SSL_strings does nothing. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4051 | OPENSSL_EXPORT void ERR_load_SSL_strings(void); |
| 4052 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4053 | // SSL_load_error_strings does nothing. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4054 | OPENSSL_EXPORT void SSL_load_error_strings(void); |
| 4055 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4056 | // SSL_CTX_set_tlsext_use_srtp calls |SSL_CTX_set_srtp_profiles|. It returns |
| 4057 | // zero on success and one on failure. |
| 4058 | // |
| 4059 | // WARNING: this function is dangerous because it breaks the usual return value |
| 4060 | // convention. Use |SSL_CTX_set_srtp_profiles| instead. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4061 | OPENSSL_EXPORT int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, |
| 4062 | const char *profiles); |
| 4063 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4064 | // SSL_set_tlsext_use_srtp calls |SSL_set_srtp_profiles|. It returns zero on |
| 4065 | // success and one on failure. |
| 4066 | // |
| 4067 | // WARNING: this function is dangerous because it breaks the usual return value |
| 4068 | // convention. Use |SSL_set_srtp_profiles| instead. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4069 | OPENSSL_EXPORT int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); |
| 4070 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4071 | // SSL_get_current_compression returns NULL. |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4072 | OPENSSL_EXPORT const COMP_METHOD *SSL_get_current_compression(SSL *ssl); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4073 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4074 | // SSL_get_current_expansion returns NULL. |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4075 | OPENSSL_EXPORT const COMP_METHOD *SSL_get_current_expansion(SSL *ssl); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4076 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4077 | // SSL_get_server_tmp_key returns zero. |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4078 | OPENSSL_EXPORT int SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **out_key); |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 4079 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4080 | // SSL_CTX_set_tmp_dh returns 1. |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 4081 | OPENSSL_EXPORT int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh); |
| 4082 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4083 | // SSL_set_tmp_dh returns 1. |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 4084 | OPENSSL_EXPORT int SSL_set_tmp_dh(SSL *ssl, const DH *dh); |
| 4085 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4086 | // SSL_CTX_set_tmp_dh_callback does nothing. |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 4087 | OPENSSL_EXPORT void SSL_CTX_set_tmp_dh_callback( |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4088 | SSL_CTX *ctx, DH *(*cb)(SSL *ssl, int is_export, int keylength)); |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 4089 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4090 | // SSL_set_tmp_dh_callback does nothing. |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 4091 | OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl, |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4092 | DH *(*cb)(SSL *ssl, int is_export, |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 4093 | int keylength)); |
| 4094 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4095 | // SSL_CTX_set1_sigalgs takes |num_values| ints and interprets them as pairs |
| 4096 | // where the first is the nid of a hash function and the second is an |
| 4097 | // |EVP_PKEY_*| value. It configures the signature algorithm preferences for |
| 4098 | // |ctx| based on them and returns one on success or zero on error. |
| 4099 | // |
| 4100 | // This API is compatible with OpenSSL. However, BoringSSL-specific code should |
| 4101 | // prefer |SSL_CTX_set_signing_algorithm_prefs| because it's clearer and it's |
| 4102 | // more convenient to codesearch for specific algorithm values. |
| 4103 | OPENSSL_EXPORT int SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *values, |
| 4104 | size_t num_values); |
| 4105 | |
| 4106 | // SSL_set1_sigalgs takes |num_values| ints and interprets them as pairs where |
| 4107 | // the first is the nid of a hash function and the second is an |EVP_PKEY_*| |
| 4108 | // value. It configures the signature algorithm preferences for |ssl| based on |
| 4109 | // them and returns one on success or zero on error. |
| 4110 | // |
| 4111 | // This API is compatible with OpenSSL. However, BoringSSL-specific code should |
| 4112 | // prefer |SSL_CTX_set_signing_algorithm_prefs| because it's clearer and it's |
| 4113 | // more convenient to codesearch for specific algorithm values. |
| 4114 | OPENSSL_EXPORT int SSL_set1_sigalgs(SSL *ssl, const int *values, |
| 4115 | size_t num_values); |
| 4116 | |
| 4117 | // SSL_CTX_set1_sigalgs_list takes a textual specification of a set of signature |
| 4118 | // algorithms and configures them on |ctx|. It returns one on success and zero |
| 4119 | // on error. See |
| 4120 | // https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set1_sigalgs_list.html for |
| 4121 | // a description of the text format. Also note that TLS 1.3 names (e.g. |
| 4122 | // "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL |
| 4123 | // doesn't document that). |
| 4124 | // |
| 4125 | // This API is compatible with OpenSSL. However, BoringSSL-specific code should |
| 4126 | // prefer |SSL_CTX_set_signing_algorithm_prefs| because it's clearer and it's |
| 4127 | // more convenient to codesearch for specific algorithm values. |
| 4128 | OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); |
| 4129 | |
| 4130 | // SSL_set1_sigalgs_list takes a textual specification of a set of signature |
| 4131 | // algorithms and configures them on |ssl|. It returns one on success and zero |
| 4132 | // on error. See |
| 4133 | // https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set1_sigalgs_list.html for |
| 4134 | // a description of the text format. Also note that TLS 1.3 names (e.g. |
| 4135 | // "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL |
| 4136 | // doesn't document that). |
| 4137 | // |
| 4138 | // This API is compatible with OpenSSL. However, BoringSSL-specific code should |
| 4139 | // prefer |SSL_CTX_set_signing_algorithm_prefs| because it's clearer and it's |
| 4140 | // more convenient to codesearch for specific algorithm values. |
| 4141 | OPENSSL_EXPORT int SSL_set1_sigalgs_list(SSL *ssl, const char *str); |
| 4142 | |
David Benjamin | 95add82 | 2016-10-19 01:09:12 -0400 | [diff] [blame] | 4143 | #define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)(arg))) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4144 | #define SSL_get_app_data(s) (SSL_get_ex_data(s, 0)) |
| 4145 | #define SSL_SESSION_set_app_data(s, a) \ |
David Benjamin | 95add82 | 2016-10-19 01:09:12 -0400 | [diff] [blame] | 4146 | (SSL_SESSION_set_ex_data(s, 0, (char *)(a))) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4147 | #define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s, 0)) |
| 4148 | #define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx, 0)) |
| 4149 | #define SSL_CTX_set_app_data(ctx, arg) \ |
David Benjamin | 95add82 | 2016-10-19 01:09:12 -0400 | [diff] [blame] | 4150 | (SSL_CTX_set_ex_data(ctx, 0, (char *)(arg))) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4151 | |
| 4152 | #define OpenSSL_add_ssl_algorithms() SSL_library_init() |
| 4153 | #define SSLeay_add_ssl_algorithms() SSL_library_init() |
| 4154 | |
| 4155 | #define SSL_get_cipher(ssl) SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)) |
| 4156 | #define SSL_get_cipher_bits(ssl, out_alg_bits) \ |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4157 | SSL_CIPHER_get_bits(SSL_get_current_cipher(ssl), out_alg_bits) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4158 | #define SSL_get_cipher_version(ssl) \ |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4159 | SSL_CIPHER_get_version(SSL_get_current_cipher(ssl)) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4160 | #define SSL_get_cipher_name(ssl) \ |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4161 | SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4162 | #define SSL_get_time(session) SSL_SESSION_get_time(session) |
| 4163 | #define SSL_set_time(session, time) SSL_SESSION_set_time((session), (time)) |
| 4164 | #define SSL_get_timeout(session) SSL_SESSION_get_timeout(session) |
| 4165 | #define SSL_set_timeout(session, timeout) \ |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4166 | SSL_SESSION_set_timeout((session), (timeout)) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4167 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4168 | struct ssl_comp_st { |
| 4169 | int id; |
| 4170 | const char *name; |
| 4171 | char *method; |
| 4172 | }; |
| 4173 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame] | 4174 | DEFINE_STACK_OF(SSL_COMP) |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4175 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4176 | // The following flags do nothing and are included only to make it easier to |
| 4177 | // compile code with BoringSSL. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4178 | #define SSL_MODE_AUTO_RETRY 0 |
| 4179 | #define SSL_MODE_RELEASE_BUFFERS 0 |
| 4180 | #define SSL_MODE_SEND_CLIENTHELLO_TIME 0 |
| 4181 | #define SSL_MODE_SEND_SERVERHELLO_TIME 0 |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 4182 | #define SSL_OP_ALL 0 |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4183 | #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0 |
| 4184 | #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0 |
| 4185 | #define SSL_OP_EPHEMERAL_RSA 0 |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 4186 | #define SSL_OP_LEGACY_SERVER_CONNECT 0 |
| 4187 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0 |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4188 | #define SSL_OP_MICROSOFT_SESS_ID_BUG 0 |
| 4189 | #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0 |
| 4190 | #define SSL_OP_NETSCAPE_CA_DN_BUG 0 |
| 4191 | #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0 |
| 4192 | #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0 |
| 4193 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0 |
| 4194 | #define SSL_OP_NO_COMPRESSION 0 |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 4195 | #define SSL_OP_NO_RENEGOTIATION 0 // ssl_renegotiate_never is the default |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4196 | #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0 |
| 4197 | #define SSL_OP_NO_SSLv2 0 |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4198 | #define SSL_OP_NO_SSLv3 0 |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4199 | #define SSL_OP_PKCS1_CHECK_1 0 |
| 4200 | #define SSL_OP_PKCS1_CHECK_2 0 |
| 4201 | #define SSL_OP_SINGLE_DH_USE 0 |
| 4202 | #define SSL_OP_SINGLE_ECDH_USE 0 |
| 4203 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0 |
| 4204 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0 |
| 4205 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0 |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 4206 | #define SSL_OP_TLS_D5_BUG 0 |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4207 | #define SSL_OP_TLS_ROLLBACK_BUG 0 |
| 4208 | #define SSL_VERIFY_CLIENT_ONCE 0 |
| 4209 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4210 | // SSL_cache_hit calls |SSL_session_reused|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4211 | OPENSSL_EXPORT int SSL_cache_hit(SSL *ssl); |
| 4212 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4213 | // SSL_get_default_timeout returns |SSL_DEFAULT_SESSION_TIMEOUT|. |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4214 | OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *ssl); |
| 4215 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4216 | // SSL_get_version returns a string describing the TLS version used by |ssl|. |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4217 | // For example, "TLSv1.2" or "DTLSv1". |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4218 | OPENSSL_EXPORT const char *SSL_get_version(const SSL *ssl); |
| 4219 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4220 | // SSL_get_cipher_list returns the name of the |n|th cipher in the output of |
| 4221 | // |SSL_get_ciphers| or NULL if out of range. Use |SSL_get_ciphers| instead. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4222 | OPENSSL_EXPORT const char *SSL_get_cipher_list(const SSL *ssl, int n); |
| 4223 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4224 | // SSL_CTX_set_client_cert_cb sets a callback which is called on the client if |
| 4225 | // the server requests a client certificate and none is configured. On success, |
| 4226 | // the callback should return one and set |*out_x509| to |*out_pkey| to a leaf |
| 4227 | // certificate and private key, respectively, passing ownership. It should |
| 4228 | // return zero to send no certificate and -1 to fail or pause the handshake. If |
| 4229 | // the handshake is paused, |SSL_get_error| will return |
| 4230 | // |SSL_ERROR_WANT_X509_LOOKUP|. |
| 4231 | // |
| 4232 | // The callback may call |SSL_get0_certificate_types| and |
| 4233 | // |SSL_get_client_CA_list| for information on the server's certificate request. |
| 4234 | // |
| 4235 | // Use |SSL_CTX_set_cert_cb| instead. Configuring intermediate certificates with |
| 4236 | // this function is confusing. This callback may not be registered concurrently |
| 4237 | // with |SSL_CTX_set_cert_cb| or |SSL_set_cert_cb|. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4238 | OPENSSL_EXPORT void SSL_CTX_set_client_cert_cb( |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4239 | SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey)); |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4240 | |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4241 | #define SSL_NOTHING 1 |
| 4242 | #define SSL_WRITING 2 |
| 4243 | #define SSL_READING 3 |
| 4244 | #define SSL_X509_LOOKUP 4 |
| 4245 | #define SSL_CHANNEL_ID_LOOKUP 5 |
| 4246 | #define SSL_PENDING_SESSION 7 |
| 4247 | #define SSL_CERTIFICATE_SELECTION_PENDING 8 |
| 4248 | #define SSL_PRIVATE_KEY_OPERATION 9 |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 4249 | #define SSL_PENDING_TICKET 10 |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 4250 | #define SSL_EARLY_DATA_REJECTED 11 |
Robert Sloan | b6d070c | 2017-07-24 08:40:01 -0700 | [diff] [blame] | 4251 | #define SSL_CERTIFICATE_VERIFY 12 |
Robert Sloan | 8542c08 | 2018-02-05 09:07:34 -0800 | [diff] [blame] | 4252 | #define SSL_HANDOFF 13 |
Robert Sloan | dc2f609 | 2018-04-10 10:22:33 -0700 | [diff] [blame] | 4253 | #define SSL_HANDBACK 14 |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4254 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4255 | // SSL_want returns one of the above values to determine what the most recent |
| 4256 | // operation on |ssl| was blocked on. Use |SSL_get_error| instead. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4257 | OPENSSL_EXPORT int SSL_want(const SSL *ssl); |
| 4258 | |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4259 | #define SSL_want_read(ssl) (SSL_want(ssl) == SSL_READING) |
| 4260 | #define SSL_want_write(ssl) (SSL_want(ssl) == SSL_WRITING) |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4261 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4262 | // SSL_get_finished writes up to |count| bytes of the Finished message sent by |
| 4263 | // |ssl| to |buf|. It returns the total untruncated length or zero if none has |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4264 | // been sent yet. At TLS 1.3 and later, it returns zero. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4265 | // |
| 4266 | // Use |SSL_get_tls_unique| instead. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4267 | OPENSSL_EXPORT size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count); |
| 4268 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4269 | // SSL_get_peer_finished writes up to |count| bytes of the Finished message |
| 4270 | // received from |ssl|'s peer to |buf|. It returns the total untruncated length |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4271 | // or zero if none has been received yet. At TLS 1.3 and later, it returns |
| 4272 | // zero. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4273 | // |
| 4274 | // Use |SSL_get_tls_unique| instead. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4275 | OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *ssl, void *buf, |
| 4276 | size_t count); |
| 4277 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4278 | // SSL_alert_type_string returns "!". Use |SSL_alert_type_string_long| |
| 4279 | // instead. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4280 | OPENSSL_EXPORT const char *SSL_alert_type_string(int value); |
| 4281 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4282 | // SSL_alert_desc_string returns "!!". Use |SSL_alert_desc_string_long| |
| 4283 | // instead. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4284 | OPENSSL_EXPORT const char *SSL_alert_desc_string(int value); |
| 4285 | |
Robert Sloan | a27a6a4 | 2017-09-05 08:39:28 -0700 | [diff] [blame] | 4286 | // SSL_state_string returns "!!!!!!". Use |SSL_state_string_long| for a more |
| 4287 | // intelligible string. |
| 4288 | OPENSSL_EXPORT const char *SSL_state_string(const SSL *ssl); |
| 4289 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4290 | // SSL_TXT_* expand to strings. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4291 | #define SSL_TXT_MEDIUM "MEDIUM" |
| 4292 | #define SSL_TXT_HIGH "HIGH" |
| 4293 | #define SSL_TXT_FIPS "FIPS" |
| 4294 | #define SSL_TXT_kRSA "kRSA" |
| 4295 | #define SSL_TXT_kDHE "kDHE" |
| 4296 | #define SSL_TXT_kEDH "kEDH" |
| 4297 | #define SSL_TXT_kECDHE "kECDHE" |
| 4298 | #define SSL_TXT_kEECDH "kEECDH" |
| 4299 | #define SSL_TXT_kPSK "kPSK" |
| 4300 | #define SSL_TXT_aRSA "aRSA" |
| 4301 | #define SSL_TXT_aECDSA "aECDSA" |
| 4302 | #define SSL_TXT_aPSK "aPSK" |
| 4303 | #define SSL_TXT_DH "DH" |
| 4304 | #define SSL_TXT_DHE "DHE" |
| 4305 | #define SSL_TXT_EDH "EDH" |
| 4306 | #define SSL_TXT_RSA "RSA" |
| 4307 | #define SSL_TXT_ECDH "ECDH" |
| 4308 | #define SSL_TXT_ECDHE "ECDHE" |
| 4309 | #define SSL_TXT_EECDH "EECDH" |
| 4310 | #define SSL_TXT_ECDSA "ECDSA" |
| 4311 | #define SSL_TXT_PSK "PSK" |
| 4312 | #define SSL_TXT_3DES "3DES" |
| 4313 | #define SSL_TXT_RC4 "RC4" |
| 4314 | #define SSL_TXT_AES128 "AES128" |
| 4315 | #define SSL_TXT_AES256 "AES256" |
| 4316 | #define SSL_TXT_AES "AES" |
| 4317 | #define SSL_TXT_AES_GCM "AESGCM" |
| 4318 | #define SSL_TXT_CHACHA20 "CHACHA20" |
| 4319 | #define SSL_TXT_MD5 "MD5" |
| 4320 | #define SSL_TXT_SHA1 "SHA1" |
| 4321 | #define SSL_TXT_SHA "SHA" |
| 4322 | #define SSL_TXT_SHA256 "SHA256" |
| 4323 | #define SSL_TXT_SHA384 "SHA384" |
| 4324 | #define SSL_TXT_SSLV3 "SSLv3" |
| 4325 | #define SSL_TXT_TLSV1 "TLSv1" |
| 4326 | #define SSL_TXT_TLSV1_1 "TLSv1.1" |
| 4327 | #define SSL_TXT_TLSV1_2 "TLSv1.2" |
David Benjamin | d316cba | 2016-06-02 16:17:39 -0400 | [diff] [blame] | 4328 | #define SSL_TXT_TLSV1_3 "TLSv1.3" |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4329 | #define SSL_TXT_ALL "ALL" |
| 4330 | #define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" |
| 4331 | |
| 4332 | typedef struct ssl_conf_ctx_st SSL_CONF_CTX; |
| 4333 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4334 | // SSL_state returns |SSL_ST_INIT| if a handshake is in progress and |SSL_ST_OK| |
| 4335 | // otherwise. |
| 4336 | // |
| 4337 | // Use |SSL_is_init| instead. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4338 | OPENSSL_EXPORT int SSL_state(const SSL *ssl); |
| 4339 | |
| 4340 | #define SSL_get_state(ssl) SSL_state(ssl) |
| 4341 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4342 | // SSL_set_shutdown causes |ssl| to behave as if the shutdown bitmask (see |
| 4343 | // |SSL_get_shutdown|) were |mode|. This may be used to skip sending or |
| 4344 | // receiving close_notify in |SSL_shutdown| by causing the implementation to |
| 4345 | // believe the events already happened. |
| 4346 | // |
| 4347 | // It is an error to use |SSL_set_shutdown| to unset a bit that has already been |
| 4348 | // set. Doing so will trigger an |assert| in debug builds and otherwise be |
| 4349 | // ignored. |
| 4350 | // |
| 4351 | // Use |SSL_CTX_set_quiet_shutdown| instead. |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4352 | OPENSSL_EXPORT void SSL_set_shutdown(SSL *ssl, int mode); |
| 4353 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4354 | // SSL_CTX_set_tmp_ecdh calls |SSL_CTX_set1_curves| with a one-element list |
| 4355 | // containing |ec_key|'s curve. |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 4356 | OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ec_key); |
| 4357 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4358 | // SSL_set_tmp_ecdh calls |SSL_set1_curves| with a one-element list containing |
| 4359 | // |ec_key|'s curve. |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 4360 | OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key); |
| 4361 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4362 | // SSL_add_dir_cert_subjects_to_stack lists files in directory |dir|. It calls |
| 4363 | // |SSL_add_file_cert_subjects_to_stack| on each file and returns one on success |
| 4364 | // or zero on error. This function is only available from the libdecrepit |
| 4365 | // library. |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 4366 | OPENSSL_EXPORT int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, |
| 4367 | const char *dir); |
| 4368 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4369 | // SSL_set_verify_result calls |abort| unless |result| is |X509_V_OK|. |
| 4370 | // |
| 4371 | // TODO(davidben): Remove this function once it has been removed from |
| 4372 | // netty-tcnative. |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4373 | OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long result); |
| 4374 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4375 | // SSL_CTX_enable_tls_channel_id calls |SSL_CTX_set_tls_channel_id_enabled|. |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 4376 | OPENSSL_EXPORT int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx); |
| 4377 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4378 | // SSL_enable_tls_channel_id calls |SSL_set_tls_channel_id_enabled|. |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 4379 | OPENSSL_EXPORT int SSL_enable_tls_channel_id(SSL *ssl); |
| 4380 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4381 | // BIO_f_ssl returns a |BIO_METHOD| that can wrap an |SSL*| in a |BIO*|. Note |
| 4382 | // that this has quite different behaviour from the version in OpenSSL (notably |
| 4383 | // that it doesn't try to auto renegotiate). |
| 4384 | // |
| 4385 | // IMPORTANT: if you are not curl, don't use this. |
Steven Valdez | e7531f0 | 2016-12-14 13:29:57 -0500 | [diff] [blame] | 4386 | OPENSSL_EXPORT const BIO_METHOD *BIO_f_ssl(void); |
| 4387 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4388 | // BIO_set_ssl sets |ssl| as the underlying connection for |bio|, which must |
| 4389 | // have been created using |BIO_f_ssl|. If |take_owership| is true, |bio| will |
| 4390 | // call |SSL_free| on |ssl| when closed. It returns one on success or something |
| 4391 | // other than one on error. |
Steven Valdez | e7531f0 | 2016-12-14 13:29:57 -0500 | [diff] [blame] | 4392 | OPENSSL_EXPORT long BIO_set_ssl(BIO *bio, SSL *ssl, int take_owership); |
| 4393 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4394 | // SSL_CTX_set_ecdh_auto returns one. |
Robert Sloan | 8ecb7cd | 2017-03-21 09:39:01 -0700 | [diff] [blame] | 4395 | #define SSL_CTX_set_ecdh_auto(ctx, onoff) 1 |
| 4396 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4397 | // SSL_set_ecdh_auto returns one. |
Robert Sloan | 8ecb7cd | 2017-03-21 09:39:01 -0700 | [diff] [blame] | 4398 | #define SSL_set_ecdh_auto(ssl, onoff) 1 |
| 4399 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4400 | // SSL_get_session returns a non-owning pointer to |ssl|'s session. For |
| 4401 | // historical reasons, which session it returns depends on |ssl|'s state. |
| 4402 | // |
| 4403 | // Prior to the start of the initial handshake, it returns the session the |
| 4404 | // caller set with |SSL_set_session|. After the initial handshake has finished |
| 4405 | // and if no additional handshakes are in progress, it returns the currently |
| 4406 | // active session. Its behavior is undefined while a handshake is in progress. |
| 4407 | // |
| 4408 | // If trying to add new sessions to an external session cache, use |
| 4409 | // |SSL_CTX_sess_set_new_cb| instead. In particular, using the callback is |
| 4410 | // required as of TLS 1.3. For compatibility, this function will return an |
| 4411 | // unresumable session which may be cached, but will never be resumed. |
| 4412 | // |
| 4413 | // If querying properties of the connection, use APIs on the |SSL| object. |
Robert Sloan | f6200e7 | 2017-07-10 08:09:18 -0700 | [diff] [blame] | 4414 | OPENSSL_EXPORT SSL_SESSION *SSL_get_session(const SSL *ssl); |
| 4415 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4416 | // SSL_get0_session is an alias for |SSL_get_session|. |
Robert Sloan | f6200e7 | 2017-07-10 08:09:18 -0700 | [diff] [blame] | 4417 | #define SSL_get0_session SSL_get_session |
| 4418 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4419 | // SSL_get1_session acts like |SSL_get_session| but returns a new reference to |
| 4420 | // the session. |
Robert Sloan | f6200e7 | 2017-07-10 08:09:18 -0700 | [diff] [blame] | 4421 | OPENSSL_EXPORT SSL_SESSION *SSL_get1_session(SSL *ssl); |
| 4422 | |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 4423 | #define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0 |
| 4424 | #define OPENSSL_INIT_LOAD_SSL_STRINGS 0 |
| 4425 | #define OPENSSL_INIT_SSL_DEFAULT 0 |
| 4426 | |
| 4427 | // OPENSSL_init_ssl calls |CRYPTO_library_init| and returns one. |
| 4428 | OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts, |
| 4429 | const OPENSSL_INIT_SETTINGS *settings); |
| 4430 | |
Robert Sloan | 5cbb5c8 | 2018-04-24 11:35:46 -0700 | [diff] [blame] | 4431 | // The following constants are legacy aliases for RSA-PSS with rsaEncryption |
| 4432 | // keys. Use the new names instead. |
| 4433 | #define SSL_SIGN_RSA_PSS_SHA256 SSL_SIGN_RSA_PSS_RSAE_SHA256 |
| 4434 | #define SSL_SIGN_RSA_PSS_SHA384 SSL_SIGN_RSA_PSS_RSAE_SHA384 |
| 4435 | #define SSL_SIGN_RSA_PSS_SHA512 SSL_SIGN_RSA_PSS_RSAE_SHA512 |
Robert Sloan | 4562e9d | 2017-10-02 10:26:51 -0700 | [diff] [blame] | 4436 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4437 | // SSL_set_tlsext_status_type configures a client to request OCSP stapling if |
| 4438 | // |type| is |TLSEXT_STATUSTYPE_ocsp| and disables it otherwise. It returns one |
| 4439 | // on success and zero if handshake configuration has already been shed. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4440 | // |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4441 | // Use |SSL_enable_ocsp_stapling| instead. |
| 4442 | OPENSSL_EXPORT int SSL_set_tlsext_status_type(SSL *ssl, int type); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4443 | |
Robert Sloan | 5bdaadb | 2018-10-30 16:00:26 -0700 | [diff] [blame] | 4444 | // SSL_get_tlsext_status_type returns |TLSEXT_STATUSTYPE_ocsp| if the client |
| 4445 | // requested OCSP stapling and |TLSEXT_STATUSTYPE_nothing| otherwise. On the |
| 4446 | // client, this reflects whether OCSP stapling was enabled via, e.g., |
| 4447 | // |SSL_set_tlsext_status_type|. On the server, this is determined during the |
| 4448 | // handshake. It may be queried in callbacks set by |SSL_CTX_set_cert_cb|. The |
| 4449 | // result is undefined after the handshake completes. |
| 4450 | OPENSSL_EXPORT int SSL_get_tlsext_status_type(const SSL *ssl); |
| 4451 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4452 | // SSL_set_tlsext_status_ocsp_resp sets the OCSP response. It returns one on |
| 4453 | // success and zero on error. On success, |ssl| takes ownership of |resp|, which |
| 4454 | // must have been allocated by |OPENSSL_malloc|. |
| 4455 | // |
| 4456 | // Use |SSL_set_ocsp_response| instead. |
| 4457 | OPENSSL_EXPORT int SSL_set_tlsext_status_ocsp_resp(SSL *ssl, uint8_t *resp, |
| 4458 | size_t resp_len); |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4459 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4460 | // SSL_get_tlsext_status_ocsp_resp sets |*out| to point to the OCSP response |
| 4461 | // from the server. It returns the length of the response. If there was no |
| 4462 | // response, it sets |*out| to NULL and returns zero. |
| 4463 | // |
| 4464 | // Use |SSL_get0_ocsp_response| instead. |
| 4465 | // |
| 4466 | // WARNING: the returned data is not guaranteed to be well formed. |
| 4467 | OPENSSL_EXPORT size_t SSL_get_tlsext_status_ocsp_resp(const SSL *ssl, |
| 4468 | const uint8_t **out); |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4469 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4470 | // SSL_CTX_set_tlsext_status_cb configures the legacy OpenSSL OCSP callback and |
| 4471 | // returns one. Though the type signature is the same, this callback has |
| 4472 | // different behavior for client and server connections: |
| 4473 | // |
| 4474 | // For clients, the callback is called after certificate verification. It should |
| 4475 | // return one for success, zero for a bad OCSP response, and a negative number |
| 4476 | // for internal error. Instead, handle this as part of certificate verification. |
| 4477 | // (Historically, OpenSSL verified certificates just before parsing stapled OCSP |
| 4478 | // responses, but BoringSSL fixes this ordering. All server credentials are |
| 4479 | // available during verification.) |
| 4480 | // |
| 4481 | // Do not use this callback as a server. It is provided for compatibility |
| 4482 | // purposes only. For servers, it is called to configure server credentials. It |
| 4483 | // should return |SSL_TLSEXT_ERR_OK| on success, |SSL_TLSEXT_ERR_NOACK| to |
| 4484 | // ignore OCSP requests, or |SSL_TLSEXT_ERR_ALERT_FATAL| on error. It is usually |
| 4485 | // used to fetch OCSP responses on demand, which is not ideal. Instead, treat |
| 4486 | // OCSP responses like other server credentials, such as certificates or SCT |
| 4487 | // lists. Configure, store, and refresh them eagerly. This avoids downtime if |
| 4488 | // the CA's OCSP responder is briefly offline. |
| 4489 | OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, |
| 4490 | int (*callback)(SSL *ssl, |
| 4491 | void *arg)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4492 | |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4493 | // SSL_CTX_set_tlsext_status_arg sets additional data for |
| 4494 | // |SSL_CTX_set_tlsext_status_cb|'s callback and returns one. |
| 4495 | OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4496 | |
Kenny Root | e99801b | 2015-11-06 15:31:15 -0800 | [diff] [blame] | 4497 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4498 | // Nodejs compatibility section (hidden). |
| 4499 | // |
| 4500 | // These defines exist for node.js, with the hope that we can eliminate the |
| 4501 | // need for them over time. |
Robert Sloan | 726e9d1 | 2018-09-11 11:45:04 -0700 | [diff] [blame] | 4502 | |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 4503 | #define SSLerr(function, reason) \ |
| 4504 | ERR_put_error(ERR_LIB_SSL, 0, reason, __FILE__, __LINE__) |
| 4505 | |
| 4506 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4507 | // Preprocessor compatibility section (hidden). |
| 4508 | // |
| 4509 | // Historically, a number of APIs were implemented in OpenSSL as macros and |
| 4510 | // constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this |
| 4511 | // section defines a number of legacy macros. |
| 4512 | // |
| 4513 | // Although using either the CTRL values or their wrapper macros in #ifdefs is |
| 4514 | // still supported, the CTRL values may not be passed to |SSL_ctrl| and |
| 4515 | // |SSL_CTX_ctrl|. Call the functions (previously wrapper macros) instead. |
| 4516 | // |
| 4517 | // See PORTING.md in the BoringSSL source tree for a table of corresponding |
| 4518 | // functions. |
| 4519 | // https://boringssl.googlesource.com/boringssl/+/master/PORTING.md#Replacements-for-values |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 4520 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4521 | #define DTLS_CTRL_GET_TIMEOUT doesnt_exist |
| 4522 | #define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist |
| 4523 | #define SSL_CTRL_CHAIN doesnt_exist |
| 4524 | #define SSL_CTRL_CHAIN_CERT doesnt_exist |
| 4525 | #define SSL_CTRL_CHANNEL_ID doesnt_exist |
| 4526 | #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS doesnt_exist |
| 4527 | #define SSL_CTRL_CLEAR_MODE doesnt_exist |
| 4528 | #define SSL_CTRL_CLEAR_OPTIONS doesnt_exist |
| 4529 | #define SSL_CTRL_EXTRA_CHAIN_CERT doesnt_exist |
| 4530 | #define SSL_CTRL_GET_CHAIN_CERTS doesnt_exist |
| 4531 | #define SSL_CTRL_GET_CHANNEL_ID doesnt_exist |
| 4532 | #define SSL_CTRL_GET_CLIENT_CERT_TYPES doesnt_exist |
| 4533 | #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS doesnt_exist |
| 4534 | #define SSL_CTRL_GET_MAX_CERT_LIST doesnt_exist |
Kenny Root | a04d78d | 2015-09-25 00:26:37 +0000 | [diff] [blame] | 4535 | #define SSL_CTRL_GET_NUM_RENEGOTIATIONS doesnt_exist |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4536 | #define SSL_CTRL_GET_READ_AHEAD doesnt_exist |
| 4537 | #define SSL_CTRL_GET_RI_SUPPORT doesnt_exist |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4538 | #define SSL_CTRL_GET_SERVER_TMP_KEY doesnt_exist |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4539 | #define SSL_CTRL_GET_SESSION_REUSED doesnt_exist |
| 4540 | #define SSL_CTRL_GET_SESS_CACHE_MODE doesnt_exist |
| 4541 | #define SSL_CTRL_GET_SESS_CACHE_SIZE doesnt_exist |
| 4542 | #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS doesnt_exist |
Kenny Root | a04d78d | 2015-09-25 00:26:37 +0000 | [diff] [blame] | 4543 | #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS doesnt_exist |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4544 | #define SSL_CTRL_MODE doesnt_exist |
| 4545 | #define SSL_CTRL_NEED_TMP_RSA doesnt_exist |
| 4546 | #define SSL_CTRL_OPTIONS doesnt_exist |
| 4547 | #define SSL_CTRL_SESS_NUMBER doesnt_exist |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4548 | #define SSL_CTRL_SET_CURVES doesnt_exist |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 4549 | #define SSL_CTRL_SET_CURVES_LIST doesnt_exist |
Robert Sloan | 8ecb7cd | 2017-03-21 09:39:01 -0700 | [diff] [blame] | 4550 | #define SSL_CTRL_SET_ECDH_AUTO doesnt_exist |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4551 | #define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist |
| 4552 | #define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 4553 | #define SSL_CTRL_SET_MSG_CALLBACK doesnt_exist |
| 4554 | #define SSL_CTRL_SET_MSG_CALLBACK_ARG doesnt_exist |
| 4555 | #define SSL_CTRL_SET_MTU doesnt_exist |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 4556 | #define SSL_CTRL_SET_READ_AHEAD doesnt_exist |
Kenny Root | a04d78d | 2015-09-25 00:26:37 +0000 | [diff] [blame] | 4557 | #define SSL_CTRL_SET_SESS_CACHE_MODE doesnt_exist |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4558 | #define SSL_CTRL_SET_SESS_CACHE_SIZE doesnt_exist |
Kenny Root | a04d78d | 2015-09-25 00:26:37 +0000 | [diff] [blame] | 4559 | #define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4560 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG doesnt_exist |
| 4561 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist |
| 4562 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS doesnt_exist |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 4563 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4564 | #define SSL_CTRL_SET_TMP_DH doesnt_exist |
| 4565 | #define SSL_CTRL_SET_TMP_DH_CB doesnt_exist |
| 4566 | #define SSL_CTRL_SET_TMP_ECDH doesnt_exist |
| 4567 | #define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist |
| 4568 | #define SSL_CTRL_SET_TMP_RSA doesnt_exist |
| 4569 | #define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 4570 | |
Robert Sloan | 726e9d1 | 2018-09-11 11:45:04 -0700 | [diff] [blame] | 4571 | // |BORINGSSL_PREFIX| already makes each of these symbols into macros, so there |
| 4572 | // is no need to define conflicting macros. |
| 4573 | #if !defined(BORINGSSL_PREFIX) |
| 4574 | |
Kenny Root | a04d78d | 2015-09-25 00:26:37 +0000 | [diff] [blame] | 4575 | #define DTLSv1_get_timeout DTLSv1_get_timeout |
| 4576 | #define DTLSv1_handle_timeout DTLSv1_handle_timeout |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4577 | #define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert |
| 4578 | #define SSL_CTX_add1_chain_cert SSL_CTX_add1_chain_cert |
| 4579 | #define SSL_CTX_add_extra_chain_cert SSL_CTX_add_extra_chain_cert |
| 4580 | #define SSL_CTX_clear_extra_chain_certs SSL_CTX_clear_extra_chain_certs |
| 4581 | #define SSL_CTX_clear_chain_certs SSL_CTX_clear_chain_certs |
| 4582 | #define SSL_CTX_clear_mode SSL_CTX_clear_mode |
| 4583 | #define SSL_CTX_clear_options SSL_CTX_clear_options |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4584 | #define SSL_CTX_get0_chain_certs SSL_CTX_get0_chain_certs |
| 4585 | #define SSL_CTX_get_extra_chain_certs SSL_CTX_get_extra_chain_certs |
| 4586 | #define SSL_CTX_get_max_cert_list SSL_CTX_get_max_cert_list |
| 4587 | #define SSL_CTX_get_mode SSL_CTX_get_mode |
| 4588 | #define SSL_CTX_get_options SSL_CTX_get_options |
| 4589 | #define SSL_CTX_get_read_ahead SSL_CTX_get_read_ahead |
| 4590 | #define SSL_CTX_get_session_cache_mode SSL_CTX_get_session_cache_mode |
| 4591 | #define SSL_CTX_get_tlsext_ticket_keys SSL_CTX_get_tlsext_ticket_keys |
| 4592 | #define SSL_CTX_need_tmp_RSA SSL_CTX_need_tmp_RSA |
| 4593 | #define SSL_CTX_sess_get_cache_size SSL_CTX_sess_get_cache_size |
| 4594 | #define SSL_CTX_sess_number SSL_CTX_sess_number |
| 4595 | #define SSL_CTX_sess_set_cache_size SSL_CTX_sess_set_cache_size |
| 4596 | #define SSL_CTX_set0_chain SSL_CTX_set0_chain |
| 4597 | #define SSL_CTX_set1_chain SSL_CTX_set1_chain |
| 4598 | #define SSL_CTX_set1_curves SSL_CTX_set1_curves |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4599 | #define SSL_CTX_set_max_cert_list SSL_CTX_set_max_cert_list |
| 4600 | #define SSL_CTX_set_max_send_fragment SSL_CTX_set_max_send_fragment |
| 4601 | #define SSL_CTX_set_mode SSL_CTX_set_mode |
| 4602 | #define SSL_CTX_set_msg_callback_arg SSL_CTX_set_msg_callback_arg |
| 4603 | #define SSL_CTX_set_options SSL_CTX_set_options |
| 4604 | #define SSL_CTX_set_read_ahead SSL_CTX_set_read_ahead |
| 4605 | #define SSL_CTX_set_session_cache_mode SSL_CTX_set_session_cache_mode |
| 4606 | #define SSL_CTX_set_tlsext_servername_arg SSL_CTX_set_tlsext_servername_arg |
| 4607 | #define SSL_CTX_set_tlsext_servername_callback \ |
| 4608 | SSL_CTX_set_tlsext_servername_callback |
| 4609 | #define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb |
| 4610 | #define SSL_CTX_set_tlsext_ticket_keys SSL_CTX_set_tlsext_ticket_keys |
| 4611 | #define SSL_CTX_set_tmp_dh SSL_CTX_set_tmp_dh |
| 4612 | #define SSL_CTX_set_tmp_ecdh SSL_CTX_set_tmp_ecdh |
| 4613 | #define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa |
| 4614 | #define SSL_add0_chain_cert SSL_add0_chain_cert |
| 4615 | #define SSL_add1_chain_cert SSL_add1_chain_cert |
| 4616 | #define SSL_clear_chain_certs SSL_clear_chain_certs |
| 4617 | #define SSL_clear_mode SSL_clear_mode |
| 4618 | #define SSL_clear_options SSL_clear_options |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4619 | #define SSL_get0_certificate_types SSL_get0_certificate_types |
| 4620 | #define SSL_get0_chain_certs SSL_get0_chain_certs |
| 4621 | #define SSL_get_max_cert_list SSL_get_max_cert_list |
| 4622 | #define SSL_get_mode SSL_get_mode |
| 4623 | #define SSL_get_options SSL_get_options |
Kenny Root | a04d78d | 2015-09-25 00:26:37 +0000 | [diff] [blame] | 4624 | #define SSL_get_secure_renegotiation_support \ |
| 4625 | SSL_get_secure_renegotiation_support |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4626 | #define SSL_need_tmp_RSA SSL_need_tmp_RSA |
| 4627 | #define SSL_num_renegotiations SSL_num_renegotiations |
| 4628 | #define SSL_session_reused SSL_session_reused |
| 4629 | #define SSL_set0_chain SSL_set0_chain |
| 4630 | #define SSL_set1_chain SSL_set1_chain |
| 4631 | #define SSL_set1_curves SSL_set1_curves |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 4632 | #define SSL_set_max_cert_list SSL_set_max_cert_list |
| 4633 | #define SSL_set_max_send_fragment SSL_set_max_send_fragment |
| 4634 | #define SSL_set_mode SSL_set_mode |
| 4635 | #define SSL_set_msg_callback_arg SSL_set_msg_callback_arg |
| 4636 | #define SSL_set_mtu SSL_set_mtu |
| 4637 | #define SSL_set_options SSL_set_options |
| 4638 | #define SSL_set_tlsext_host_name SSL_set_tlsext_host_name |
| 4639 | #define SSL_set_tmp_dh SSL_set_tmp_dh |
| 4640 | #define SSL_set_tmp_ecdh SSL_set_tmp_ecdh |
| 4641 | #define SSL_set_tmp_rsa SSL_set_tmp_rsa |
| 4642 | #define SSL_total_renegotiations SSL_total_renegotiations |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 4643 | |
Robert Sloan | 726e9d1 | 2018-09-11 11:45:04 -0700 | [diff] [blame] | 4644 | #endif // !defined(BORINGSSL_PREFIX) |
| 4645 | |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 4646 | |
| 4647 | #if defined(__cplusplus) |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4648 | } // extern C |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4649 | |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4650 | #if !defined(BORINGSSL_NO_CXX) |
| 4651 | |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4652 | extern "C++" { |
| 4653 | |
Robert Sloan | 726e9d1 | 2018-09-11 11:45:04 -0700 | [diff] [blame] | 4654 | BSSL_NAMESPACE_BEGIN |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4655 | |
| 4656 | BORINGSSL_MAKE_DELETER(SSL, SSL_free) |
| 4657 | BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4658 | BORINGSSL_MAKE_UP_REF(SSL_CTX, SSL_CTX_up_ref) |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4659 | BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4660 | BORINGSSL_MAKE_UP_REF(SSL_SESSION, SSL_SESSION_up_ref) |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4661 | |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4662 | enum class OpenRecordResult { |
| 4663 | kOK, |
| 4664 | kDiscard, |
| 4665 | kIncompleteRecord, |
| 4666 | kAlertCloseNotify, |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4667 | kError, |
| 4668 | }; |
| 4669 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4670 | // *** EXPERIMENTAL -- DO NOT USE *** |
| 4671 | // |
| 4672 | // OpenRecord decrypts the first complete SSL record from |in| in-place, sets |
| 4673 | // |out| to the decrypted application data, and |out_record_len| to the length |
| 4674 | // of the encrypted record. Returns: |
| 4675 | // - kOK if an application-data record was successfully decrypted and verified. |
| 4676 | // - kDiscard if a record was sucessfully processed, but should be discarded. |
| 4677 | // - kIncompleteRecord if |in| did not contain a complete record. |
| 4678 | // - kAlertCloseNotify if a record was successfully processed but is a |
| 4679 | // close_notify alert. |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4680 | // - kError if an error occurred or the record is invalid. |*out_alert| will be |
Robert Sloan | 921ef2c | 2017-10-17 09:02:20 -0700 | [diff] [blame] | 4681 | // set to an alert to emit, or zero if no alert should be emitted. |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4682 | OPENSSL_EXPORT OpenRecordResult OpenRecord(SSL *ssl, Span<uint8_t> *out, |
| 4683 | size_t *out_record_len, |
| 4684 | uint8_t *out_alert, |
| 4685 | Span<uint8_t> in); |
| 4686 | |
| 4687 | OPENSSL_EXPORT size_t SealRecordPrefixLen(const SSL *ssl, size_t plaintext_len); |
| 4688 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4689 | // SealRecordSuffixLen returns the length of the suffix written by |SealRecord|. |
| 4690 | // |
| 4691 | // |plaintext_len| must be equal to the size of the plaintext passed to |
| 4692 | // |SealRecord|. |
| 4693 | // |
| 4694 | // |plaintext_len| must not exceed |SSL3_RT_MAX_PLAINTEXT_LENGTH|. The returned |
| 4695 | // suffix length will not exceed |SSL3_RT_MAX_ENCRYPTED_OVERHEAD|. |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4696 | OPENSSL_EXPORT size_t SealRecordSuffixLen(const SSL *ssl, size_t plaintext_len); |
| 4697 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4698 | // *** EXPERIMENTAL -- DO NOT USE *** |
| 4699 | // |
| 4700 | // SealRecord encrypts the cleartext of |in| and scatters the resulting TLS |
| 4701 | // application data record between |out_prefix|, |out|, and |out_suffix|. It |
| 4702 | // returns true on success or false if an error occurred. |
| 4703 | // |
| 4704 | // The length of |out_prefix| must equal |SealRecordPrefixLen|. The length of |
| 4705 | // |out| must equal the length of |in|, which must not exceed |
| 4706 | // |SSL3_RT_MAX_PLAINTEXT_LENGTH|. The length of |out_suffix| must equal |
| 4707 | // |SealRecordSuffixLen|. |
| 4708 | // |
| 4709 | // If enabled, |SealRecord| may perform TLS 1.0 CBC 1/n-1 record splitting. |
| 4710 | // |SealRecordPrefixLen| accounts for the required overhead if that is the case. |
| 4711 | // |
| 4712 | // |out| may equal |in| to encrypt in-place but may not otherwise alias. |
| 4713 | // |out_prefix| and |out_suffix| may not alias anything. |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4714 | OPENSSL_EXPORT bool SealRecord(SSL *ssl, Span<uint8_t> out_prefix, |
| 4715 | Span<uint8_t> out, Span<uint8_t> out_suffix, |
| 4716 | Span<const uint8_t> in); |
| 4717 | |
Robert Sloan | 8542c08 | 2018-02-05 09:07:34 -0800 | [diff] [blame] | 4718 | |
| 4719 | // *** EXPERIMENTAL — DO NOT USE WITHOUT CHECKING *** |
| 4720 | // |
| 4721 | // Split handshakes. |
| 4722 | // |
| 4723 | // Split handshakes allows the handshake part of a TLS connection to be |
| 4724 | // performed in a different process (or on a different machine) than the data |
| 4725 | // exchange. This only applies to servers. |
| 4726 | // |
| 4727 | // In the first part of a split handshake, an |SSL| (where the |SSL_CTX| has |
| 4728 | // been configured with |SSL_CTX_set_handoff_mode|) is used normally. Once the |
| 4729 | // ClientHello message has been received, the handshake will stop and |
| 4730 | // |SSL_get_error| will indicate |SSL_ERROR_HANDOFF|. At this point (and only |
| 4731 | // at this point), |SSL_serialize_handoff| can be called to write the “handoff” |
| 4732 | // state of the connection. |
| 4733 | // |
| 4734 | // Elsewhere, a fresh |SSL| can be used with |SSL_apply_handoff| to continue |
Robert Sloan | dc2f609 | 2018-04-10 10:22:33 -0700 | [diff] [blame] | 4735 | // the connection. The connection from the client is fed into this |SSL|, and |
| 4736 | // the handshake resumed. When the handshake stops again and |SSL_get_error| |
| 4737 | // indicates |SSL_ERROR_HANDBACK|, |SSL_serialize_handback| should be called to |
| 4738 | // serialize the state of the handshake again. |
Robert Sloan | 8542c08 | 2018-02-05 09:07:34 -0800 | [diff] [blame] | 4739 | // |
| 4740 | // Back at the first location, a fresh |SSL| can be used with |
| 4741 | // |SSL_apply_handback|. Then the client's connection can be processed mostly |
| 4742 | // as normal. |
| 4743 | // |
| 4744 | // Lastly, when a connection is in the handoff state, whether or not |
| 4745 | // |SSL_serialize_handoff| is called, |SSL_decline_handoff| will move it back |
Robert Sloan | dc2f609 | 2018-04-10 10:22:33 -0700 | [diff] [blame] | 4746 | // into a normal state where the connection can proceed without impact. |
Robert Sloan | 8542c08 | 2018-02-05 09:07:34 -0800 | [diff] [blame] | 4747 | // |
| 4748 | // WARNING: Currently only works with TLS 1.0–1.2. |
| 4749 | // WARNING: The serialisation formats are not yet stable: version skew may be |
| 4750 | // fatal. |
| 4751 | // WARNING: The handback data contains sensitive key material and must be |
| 4752 | // protected. |
| 4753 | // WARNING: Some calls on the final |SSL| will not work. Just as an example, |
| 4754 | // calls like |SSL_get0_session_id_context| and |SSL_get_privatekey| won't |
| 4755 | // work because the certificate used for handshaking isn't available. |
| 4756 | // WARNING: |SSL_apply_handoff| may trigger “msg” callback calls. |
| 4757 | |
| 4758 | OPENSSL_EXPORT void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on); |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4759 | OPENSSL_EXPORT void SSL_set_handoff_mode(SSL *SSL, bool on); |
Robert Sloan | f63bd1f | 2019-04-16 09:26:20 -0700 | [diff] [blame] | 4760 | OPENSSL_EXPORT bool SSL_serialize_handoff(const SSL *ssl, CBB *out, |
| 4761 | SSL_CLIENT_HELLO *out_hello); |
Robert Sloan | 8542c08 | 2018-02-05 09:07:34 -0800 | [diff] [blame] | 4762 | OPENSSL_EXPORT bool SSL_decline_handoff(SSL *ssl); |
| 4763 | OPENSSL_EXPORT bool SSL_apply_handoff(SSL *ssl, Span<const uint8_t> handoff); |
| 4764 | OPENSSL_EXPORT bool SSL_serialize_handback(const SSL *ssl, CBB *out); |
| 4765 | OPENSSL_EXPORT bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback); |
| 4766 | |
Robert Sloan | 11c28bd | 2018-12-17 12:09:20 -0800 | [diff] [blame] | 4767 | // SSL_get_traffic_secrets sets |*out_read_traffic_secret| and |
| 4768 | // |*out_write_traffic_secret| to reference the TLS 1.3 traffic secrets for |
| 4769 | // |ssl|. This function is only valid on TLS 1.3 connections that have |
| 4770 | // completed the handshake. It returns true on success and false on error. |
| 4771 | OPENSSL_EXPORT bool SSL_get_traffic_secrets( |
| 4772 | const SSL *ssl, Span<const uint8_t> *out_read_traffic_secret, |
| 4773 | Span<const uint8_t> *out_write_traffic_secret); |
| 4774 | |
Robert Sloan | 726e9d1 | 2018-09-11 11:45:04 -0700 | [diff] [blame] | 4775 | BSSL_NAMESPACE_END |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4776 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4777 | } // extern C++ |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4778 | |
Robert Sloan | fe7cd21 | 2017-08-07 09:03:39 -0700 | [diff] [blame] | 4779 | #endif // !defined(BORINGSSL_NO_CXX) |
| 4780 | |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 4781 | #endif |
| 4782 | |
Adam Langley | e9ada86 | 2015-05-11 17:20:37 -0700 | [diff] [blame] | 4783 | #define SSL_R_APP_DATA_IN_HANDSHAKE 100 |
| 4784 | #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101 |
| 4785 | #define SSL_R_BAD_ALERT 102 |
| 4786 | #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 |
| 4787 | #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 104 |
| 4788 | #define SSL_R_BAD_DH_P_LENGTH 105 |
| 4789 | #define SSL_R_BAD_DIGEST_LENGTH 106 |
| 4790 | #define SSL_R_BAD_ECC_CERT 107 |
| 4791 | #define SSL_R_BAD_ECPOINT 108 |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 4792 | #define SSL_R_BAD_HANDSHAKE_RECORD 109 |
| 4793 | #define SSL_R_BAD_HELLO_REQUEST 110 |
| 4794 | #define SSL_R_BAD_LENGTH 111 |
| 4795 | #define SSL_R_BAD_PACKET_LENGTH 112 |
| 4796 | #define SSL_R_BAD_RSA_ENCRYPT 113 |
| 4797 | #define SSL_R_BAD_SIGNATURE 114 |
| 4798 | #define SSL_R_BAD_SRTP_MKI_VALUE 115 |
| 4799 | #define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 116 |
| 4800 | #define SSL_R_BAD_SSL_FILETYPE 117 |
| 4801 | #define SSL_R_BAD_WRITE_RETRY 118 |
| 4802 | #define SSL_R_BIO_NOT_SET 119 |
| 4803 | #define SSL_R_BN_LIB 120 |
| 4804 | #define SSL_R_BUFFER_TOO_SMALL 121 |
| 4805 | #define SSL_R_CA_DN_LENGTH_MISMATCH 122 |
| 4806 | #define SSL_R_CA_DN_TOO_LONG 123 |
| 4807 | #define SSL_R_CCS_RECEIVED_EARLY 124 |
| 4808 | #define SSL_R_CERTIFICATE_VERIFY_FAILED 125 |
| 4809 | #define SSL_R_CERT_CB_ERROR 126 |
| 4810 | #define SSL_R_CERT_LENGTH_MISMATCH 127 |
| 4811 | #define SSL_R_CHANNEL_ID_NOT_P256 128 |
| 4812 | #define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 129 |
| 4813 | #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 130 |
| 4814 | #define SSL_R_CLIENTHELLO_PARSE_FAILED 131 |
| 4815 | #define SSL_R_CLIENTHELLO_TLSEXT 132 |
| 4816 | #define SSL_R_CONNECTION_REJECTED 133 |
| 4817 | #define SSL_R_CONNECTION_TYPE_NOT_SET 134 |
| 4818 | #define SSL_R_CUSTOM_EXTENSION_ERROR 135 |
| 4819 | #define SSL_R_DATA_LENGTH_TOO_LONG 136 |
| 4820 | #define SSL_R_DECODE_ERROR 137 |
| 4821 | #define SSL_R_DECRYPTION_FAILED 138 |
| 4822 | #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 139 |
| 4823 | #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 140 |
| 4824 | #define SSL_R_DH_P_TOO_LONG 141 |
| 4825 | #define SSL_R_DIGEST_CHECK_FAILED 142 |
| 4826 | #define SSL_R_DTLS_MESSAGE_TOO_BIG 143 |
| 4827 | #define SSL_R_ECC_CERT_NOT_FOR_SIGNING 144 |
| 4828 | #define SSL_R_EMS_STATE_INCONSISTENT 145 |
| 4829 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 146 |
| 4830 | #define SSL_R_ERROR_ADDING_EXTENSION 147 |
| 4831 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 148 |
| 4832 | #define SSL_R_ERROR_PARSING_EXTENSION 149 |
| 4833 | #define SSL_R_EXCESSIVE_MESSAGE_SIZE 150 |
| 4834 | #define SSL_R_EXTRA_DATA_IN_MESSAGE 151 |
| 4835 | #define SSL_R_FRAGMENT_MISMATCH 152 |
| 4836 | #define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 153 |
| 4837 | #define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 154 |
| 4838 | #define SSL_R_HTTPS_PROXY_REQUEST 155 |
| 4839 | #define SSL_R_HTTP_REQUEST 156 |
| 4840 | #define SSL_R_INAPPROPRIATE_FALLBACK 157 |
| 4841 | #define SSL_R_INVALID_COMMAND 158 |
| 4842 | #define SSL_R_INVALID_MESSAGE 159 |
| 4843 | #define SSL_R_INVALID_SSL_SESSION 160 |
| 4844 | #define SSL_R_INVALID_TICKET_KEYS_LENGTH 161 |
| 4845 | #define SSL_R_LENGTH_MISMATCH 162 |
Adam Langley | 4139edb | 2016-01-13 15:00:54 -0800 | [diff] [blame] | 4846 | #define SSL_R_MISSING_EXTENSION 164 |
| 4847 | #define SSL_R_MISSING_RSA_CERTIFICATE 165 |
| 4848 | #define SSL_R_MISSING_TMP_DH_KEY 166 |
| 4849 | #define SSL_R_MISSING_TMP_ECDH_KEY 167 |
| 4850 | #define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 168 |
| 4851 | #define SSL_R_MTU_TOO_SMALL 169 |
| 4852 | #define SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN 170 |
| 4853 | #define SSL_R_NESTED_GROUP 171 |
| 4854 | #define SSL_R_NO_CERTIFICATES_RETURNED 172 |
| 4855 | #define SSL_R_NO_CERTIFICATE_ASSIGNED 173 |
| 4856 | #define SSL_R_NO_CERTIFICATE_SET 174 |
| 4857 | #define SSL_R_NO_CIPHERS_AVAILABLE 175 |
| 4858 | #define SSL_R_NO_CIPHERS_PASSED 176 |
| 4859 | #define SSL_R_NO_CIPHER_MATCH 177 |
| 4860 | #define SSL_R_NO_COMPRESSION_SPECIFIED 178 |
| 4861 | #define SSL_R_NO_METHOD_SPECIFIED 179 |
| 4862 | #define SSL_R_NO_P256_SUPPORT 180 |
| 4863 | #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 181 |
| 4864 | #define SSL_R_NO_RENEGOTIATION 182 |
| 4865 | #define SSL_R_NO_REQUIRED_DIGEST 183 |
| 4866 | #define SSL_R_NO_SHARED_CIPHER 184 |
| 4867 | #define SSL_R_NULL_SSL_CTX 185 |
| 4868 | #define SSL_R_NULL_SSL_METHOD_PASSED 186 |
| 4869 | #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 187 |
| 4870 | #define SSL_R_OLD_SESSION_VERSION_NOT_RETURNED 188 |
| 4871 | #define SSL_R_OUTPUT_ALIASES_INPUT 189 |
| 4872 | #define SSL_R_PARSE_TLSEXT 190 |
| 4873 | #define SSL_R_PATH_TOO_LONG 191 |
| 4874 | #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 192 |
| 4875 | #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 193 |
| 4876 | #define SSL_R_PROTOCOL_IS_SHUTDOWN 194 |
| 4877 | #define SSL_R_PSK_IDENTITY_NOT_FOUND 195 |
| 4878 | #define SSL_R_PSK_NO_CLIENT_CB 196 |
| 4879 | #define SSL_R_PSK_NO_SERVER_CB 197 |
| 4880 | #define SSL_R_READ_TIMEOUT_EXPIRED 198 |
| 4881 | #define SSL_R_RECORD_LENGTH_MISMATCH 199 |
| 4882 | #define SSL_R_RECORD_TOO_LARGE 200 |
| 4883 | #define SSL_R_RENEGOTIATION_ENCODING_ERR 201 |
| 4884 | #define SSL_R_RENEGOTIATION_MISMATCH 202 |
| 4885 | #define SSL_R_REQUIRED_CIPHER_MISSING 203 |
| 4886 | #define SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION 204 |
| 4887 | #define SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION 205 |
| 4888 | #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 206 |
| 4889 | #define SSL_R_SERVERHELLO_TLSEXT 207 |
| 4890 | #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 208 |
| 4891 | #define SSL_R_SESSION_MAY_NOT_BE_CREATED 209 |
| 4892 | #define SSL_R_SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER 210 |
| 4893 | #define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 211 |
| 4894 | #define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 212 |
| 4895 | #define SSL_R_SSL3_EXT_INVALID_SERVERNAME 213 |
| 4896 | #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 214 |
| 4897 | #define SSL_R_SSL_HANDSHAKE_FAILURE 215 |
| 4898 | #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 216 |
| 4899 | #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 217 |
| 4900 | #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 218 |
| 4901 | #define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 219 |
| 4902 | #define SSL_R_TOO_MANY_WARNING_ALERTS 220 |
| 4903 | #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 221 |
| 4904 | #define SSL_R_UNEXPECTED_EXTENSION 222 |
| 4905 | #define SSL_R_UNEXPECTED_MESSAGE 223 |
| 4906 | #define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 224 |
| 4907 | #define SSL_R_UNEXPECTED_RECORD 225 |
| 4908 | #define SSL_R_UNINITIALIZED 226 |
| 4909 | #define SSL_R_UNKNOWN_ALERT_TYPE 227 |
| 4910 | #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 228 |
| 4911 | #define SSL_R_UNKNOWN_CIPHER_RETURNED 229 |
| 4912 | #define SSL_R_UNKNOWN_CIPHER_TYPE 230 |
| 4913 | #define SSL_R_UNKNOWN_DIGEST 231 |
| 4914 | #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 232 |
| 4915 | #define SSL_R_UNKNOWN_PROTOCOL 233 |
| 4916 | #define SSL_R_UNKNOWN_SSL_VERSION 234 |
| 4917 | #define SSL_R_UNKNOWN_STATE 235 |
| 4918 | #define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 236 |
| 4919 | #define SSL_R_UNSUPPORTED_CIPHER 237 |
| 4920 | #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 238 |
| 4921 | #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 239 |
| 4922 | #define SSL_R_UNSUPPORTED_PROTOCOL 240 |
| 4923 | #define SSL_R_WRONG_CERTIFICATE_TYPE 241 |
| 4924 | #define SSL_R_WRONG_CIPHER_RETURNED 242 |
| 4925 | #define SSL_R_WRONG_CURVE 243 |
| 4926 | #define SSL_R_WRONG_MESSAGE_TYPE 244 |
| 4927 | #define SSL_R_WRONG_SIGNATURE_TYPE 245 |
| 4928 | #define SSL_R_WRONG_SSL_VERSION 246 |
| 4929 | #define SSL_R_WRONG_VERSION_NUMBER 247 |
| 4930 | #define SSL_R_X509_LIB 248 |
| 4931 | #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 249 |
David Benjamin | 4969cc9 | 2016-04-22 15:02:23 -0400 | [diff] [blame] | 4932 | #define SSL_R_SHUTDOWN_WHILE_IN_INIT 250 |
David Benjamin | c895d6b | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4933 | #define SSL_R_INVALID_OUTER_RECORD_TYPE 251 |
| 4934 | #define SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY 252 |
| 4935 | #define SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS 253 |
| 4936 | #define SSL_R_DOWNGRADE_DETECTED 254 |
| 4937 | #define SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE 255 |
| 4938 | #define SSL_R_INVALID_COMPRESSION_LIST 256 |
| 4939 | #define SSL_R_DUPLICATE_EXTENSION 257 |
| 4940 | #define SSL_R_MISSING_KEY_SHARE 258 |
| 4941 | #define SSL_R_INVALID_ALPN_PROTOCOL 259 |
David Benjamin | f0c4a6c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4942 | #define SSL_R_TOO_MANY_KEY_UPDATES 260 |
| 4943 | #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 261 |
| 4944 | #define SSL_R_NO_CIPHERS_SPECIFIED 262 |
| 4945 | #define SSL_R_RENEGOTIATION_EMS_MISMATCH 263 |
David Benjamin | 7c0d06c | 2016-08-11 13:26:41 -0400 | [diff] [blame] | 4946 | #define SSL_R_DUPLICATE_KEY_SHARE 264 |
| 4947 | #define SSL_R_NO_GROUPS_SPECIFIED 265 |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 4948 | #define SSL_R_NO_SHARED_GROUP 266 |
Steven Valdez | 909b19f | 2016-11-21 15:35:44 -0500 | [diff] [blame] | 4949 | #define SSL_R_PRE_SHARED_KEY_MUST_BE_LAST 267 |
| 4950 | #define SSL_R_OLD_SESSION_PRF_HASH_MISMATCH 268 |
| 4951 | #define SSL_R_INVALID_SCT_LIST 269 |
David Benjamin | 1b24967 | 2016-12-06 18:25:50 -0500 | [diff] [blame] | 4952 | #define SSL_R_TOO_MUCH_SKIPPED_EARLY_DATA 270 |
| 4953 | #define SSL_R_PSK_IDENTITY_BINDER_COUNT_MISMATCH 271 |
Steven Valdez | e7531f0 | 2016-12-14 13:29:57 -0500 | [diff] [blame] | 4954 | #define SSL_R_CANNOT_PARSE_LEAF_CERT 272 |
Robert Sloan | 7d422bc | 2017-03-06 10:04:29 -0800 | [diff] [blame] | 4955 | #define SSL_R_SERVER_CERT_CHANGED 273 |
Robert Sloan | 1c9db53 | 2017-03-13 08:03:59 -0700 | [diff] [blame] | 4956 | #define SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH 274 |
| 4957 | #define SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD 275 |
| 4958 | #define SSL_R_TICKET_ENCRYPTION_FAILED 276 |
Robert Sloan | 6d0d00e | 2017-03-27 07:13:07 -0700 | [diff] [blame] | 4959 | #define SSL_R_ALPN_MISMATCH_ON_EARLY_DATA 277 |
| 4960 | #define SSL_R_WRONG_VERSION_ON_EARLY_DATA 278 |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 4961 | #define SSL_R_UNEXPECTED_EXTENSION_ON_EARLY_DATA 279 |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 4962 | #define SSL_R_NO_SUPPORTED_VERSIONS_ENABLED 280 |
Robert Sloan | e56da3e | 2017-06-26 08:26:42 -0700 | [diff] [blame] | 4963 | #define SSL_R_APPLICATION_DATA_INSTEAD_OF_HANDSHAKE 281 |
Robert Sloan | 99319a1 | 2017-11-27 10:32:46 -0800 | [diff] [blame] | 4964 | #define SSL_R_EMPTY_HELLO_RETRY_REQUEST 282 |
Robert Sloan | 5581810 | 2017-12-18 11:26:17 -0800 | [diff] [blame] | 4965 | #define SSL_R_EARLY_DATA_NOT_IN_USE 283 |
| 4966 | #define SSL_R_HANDSHAKE_NOT_COMPLETE 284 |
Robert Sloan | 978112c | 2018-01-22 12:53:01 -0800 | [diff] [blame] | 4967 | #define SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI 285 |
Robert Sloan | 309a31e | 2018-01-29 10:22:47 -0800 | [diff] [blame] | 4968 | #define SSL_R_SERVER_ECHOED_INVALID_SESSION_ID 286 |
Robert Sloan | 8542c08 | 2018-02-05 09:07:34 -0800 | [diff] [blame] | 4969 | #define SSL_R_PRIVATE_KEY_OPERATION_FAILED 287 |
Adam Vartanian | bfcf3a7 | 2018-08-10 14:55:24 +0100 | [diff] [blame] | 4970 | #define SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH 288 |
| 4971 | #define SSL_R_OCSP_CB_ERROR 289 |
| 4972 | #define SSL_R_SSL_SESSION_ID_TOO_LONG 290 |
| 4973 | #define SSL_R_APPLICATION_DATA_ON_SHUTDOWN 291 |
| 4974 | #define SSL_R_CERT_DECOMPRESSION_FAILED 292 |
| 4975 | #define SSL_R_UNCOMPRESSED_CERT_TOO_LARGE 293 |
| 4976 | #define SSL_R_UNKNOWN_CERT_COMPRESSION_ALG 294 |
| 4977 | #define SSL_R_INVALID_SIGNATURE_ALGORITHM 295 |
| 4978 | #define SSL_R_DUPLICATE_SIGNATURE_ALGORITHM 296 |
Robert Sloan | d9e572d | 2018-08-27 12:27:00 -0700 | [diff] [blame] | 4979 | #define SSL_R_TLS13_DOWNGRADE 297 |
Robert Sloan | cbf5ea6 | 2018-11-05 11:56:34 -0800 | [diff] [blame] | 4980 | #define SSL_R_QUIC_INTERNAL_ERROR 298 |
| 4981 | #define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 299 |
Robert Sloan | 4c22c5f | 2019-03-01 15:53:37 -0800 | [diff] [blame] | 4982 | #define SSL_R_TOO_MUCH_READ_EARLY_DATA 300 |
| 4983 | #define SSL_R_INVALID_DELEGATED_CREDENTIAL 301 |
| 4984 | #define SSL_R_KEY_USAGE_BIT_INCORRECT 302 |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 4985 | #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 |
| 4986 | #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 |
| 4987 | #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 |
| 4988 | #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 |
| 4989 | #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 |
| 4990 | #define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 |
| 4991 | #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 |
| 4992 | #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 |
| 4993 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 |
| 4994 | #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 |
| 4995 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 |
| 4996 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 |
| 4997 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 |
| 4998 | #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 |
| 4999 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 |
| 5000 | #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 |
| 5001 | #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 |
| 5002 | #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 |
| 5003 | #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 |
| 5004 | #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 |
| 5005 | #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 |
| 5006 | #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 |
| 5007 | #define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 |
| 5008 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 |
| 5009 | #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 |
| 5010 | #define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 |
| 5011 | #define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 |
| 5012 | #define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 |
| 5013 | #define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 |
| 5014 | #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 |
David Benjamin | 95add82 | 2016-10-19 01:09:12 -0400 | [diff] [blame] | 5015 | #define SSL_R_TLSV1_UNKNOWN_PSK_IDENTITY 1115 |
| 5016 | #define SSL_R_TLSV1_CERTIFICATE_REQUIRED 1116 |
Adam Langley | d9e397b | 2015-01-22 14:27:53 -0800 | [diff] [blame] | 5017 | |
Robert Sloan | 8f860b1 | 2017-08-28 07:37:06 -0700 | [diff] [blame] | 5018 | #endif // OPENSSL_HEADER_SSL_H |