Send a missing_extension alert if key_share/supported groups not present

[openssl.git] / include / openssl / ssl.h
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h

index 6e3b9c52e5291c19fd36008ac50cdefecb4c1757..4558b17c3c321f20626068a66ddf40cb39346efa 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -877,12 +877,14 @@ DEFINE_STACK_OF_CONST(SSL_CIPHER)
  DEFINE_STACK_OF(SSL_COMP)
  
  /* compatibility */
  DEFINE_STACK_OF(SSL_COMP)
  
  /* compatibility */
-# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
+# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)(arg)))
  # define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
  # define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
-# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
+# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0, \
+                                                                  (char *)(a)))
  # define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
  # define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
  # define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
  # define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
-# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
+# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0, \
+                                                              (char *)(arg)))
  DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
  
  /* TLSv1.3 KeyUpdate message types */
  DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
  
  /* TLSv1.3 KeyUpdate message types */
@@ -1222,7 +1224,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
  # define SSL_CERT_SET_NEXT                       2
  # define SSL_CERT_SET_SERVER                     3
  # define DTLSv1_get_timeout(ssl, arg) \
  # define SSL_CERT_SET_NEXT                       2
  # define SSL_CERT_SET_SERVER                     3
  # define DTLSv1_get_timeout(ssl, arg) \
-        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
+        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg))
  # define DTLSv1_handle_timeout(ssl) \
          SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
  # define SSL_num_renegotiations(ssl) \
  # define DTLSv1_handle_timeout(ssl) \
          SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
  # define SSL_num_renegotiations(ssl) \
@@ -1232,19 +1234,19 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
  # define SSL_total_renegotiations(ssl) \
          SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
  # define SSL_CTX_set_tmp_dh(ctx,dh) \
  # define SSL_total_renegotiations(ssl) \
          SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
  # define SSL_CTX_set_tmp_dh(ctx,dh) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
  # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
  # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
  # define SSL_CTX_set_dh_auto(ctx, onoff) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
  # define SSL_set_dh_auto(s, onoff) \
          SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
  # define SSL_set_tmp_dh(ssl,dh) \
  # define SSL_CTX_set_dh_auto(ctx, onoff) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
  # define SSL_set_dh_auto(s, onoff) \
          SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
  # define SSL_set_tmp_dh(ssl,dh) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
  # define SSL_set_tmp_ecdh(ssl,ecdh) \
  # define SSL_set_tmp_ecdh(ssl,ecdh) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
  # define SSL_CTX_add_extra_chain_cert(ctx,x509) \
  # define SSL_CTX_add_extra_chain_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509))
  # define SSL_CTX_get_extra_chain_certs(ctx,px509) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
  # define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
  # define SSL_CTX_get_extra_chain_certs(ctx,px509) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
  # define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
@@ -1252,13 +1254,13 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
  # define SSL_CTX_clear_extra_chain_certs(ctx) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
  # define SSL_CTX_set0_chain(ctx,sk) \
  # define SSL_CTX_clear_extra_chain_certs(ctx) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
  # define SSL_CTX_set0_chain(ctx,sk) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
  # define SSL_CTX_set1_chain(ctx,sk) \
  # define SSL_CTX_set1_chain(ctx,sk) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
  # define SSL_CTX_add0_chain_cert(ctx,x509) \
  # define SSL_CTX_add0_chain_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
  # define SSL_CTX_add1_chain_cert(ctx,x509) \
  # define SSL_CTX_add1_chain_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
  # define SSL_CTX_get0_chain_certs(ctx,px509) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
  # define SSL_CTX_clear_chain_certs(ctx) \
  # define SSL_CTX_get0_chain_certs(ctx,px509) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
  # define SSL_CTX_clear_chain_certs(ctx) \
@@ -1266,25 +1268,25 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
  # define SSL_CTX_build_cert_chain(ctx, flags) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
  # define SSL_CTX_select_current_cert(ctx,x509) \
  # define SSL_CTX_build_cert_chain(ctx, flags) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
  # define SSL_CTX_select_current_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
  # define SSL_CTX_set_current_cert(ctx, op) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
  # define SSL_CTX_set0_verify_cert_store(ctx,st) \
  # define SSL_CTX_set_current_cert(ctx, op) \
          SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
  # define SSL_CTX_set0_verify_cert_store(ctx,st) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
  # define SSL_CTX_set1_verify_cert_store(ctx,st) \
  # define SSL_CTX_set1_verify_cert_store(ctx,st) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
  # define SSL_CTX_set0_chain_cert_store(ctx,st) \
  # define SSL_CTX_set0_chain_cert_store(ctx,st) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
  # define SSL_CTX_set1_chain_cert_store(ctx,st) \
  # define SSL_CTX_set1_chain_cert_store(ctx,st) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
  # define SSL_set0_chain(ctx,sk) \
  # define SSL_set0_chain(ctx,sk) \
-        SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
  # define SSL_set1_chain(ctx,sk) \
  # define SSL_set1_chain(ctx,sk) \
-        SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
  # define SSL_add0_chain_cert(ctx,x509) \
  # define SSL_add0_chain_cert(ctx,x509) \
-        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
  # define SSL_add1_chain_cert(ctx,x509) \
  # define SSL_add1_chain_cert(ctx,x509) \
-        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
+        SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
  # define SSL_get0_chain_certs(ctx,px509) \
          SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
  # define SSL_clear_chain_certs(ctx) \
  # define SSL_get0_chain_certs(ctx,px509) \
          SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
  # define SSL_clear_chain_certs(ctx) \
@@ -1292,33 +1294,33 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
  # define SSL_build_cert_chain(s, flags) \
          SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
  # define SSL_select_current_cert(ctx,x509) \
  # define SSL_build_cert_chain(s, flags) \
          SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
  # define SSL_select_current_cert(ctx,x509) \
-        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
+        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
  # define SSL_set_current_cert(ctx,op) \
          SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
  # define SSL_set0_verify_cert_store(s,st) \
  # define SSL_set_current_cert(ctx,op) \
          SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
  # define SSL_set0_verify_cert_store(s,st) \
-        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
  # define SSL_set1_verify_cert_store(s,st) \
  # define SSL_set1_verify_cert_store(s,st) \
-        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st)
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
  # define SSL_set0_chain_cert_store(s,st) \
  # define SSL_set0_chain_cert_store(s,st) \
-        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st)
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
  # define SSL_set1_chain_cert_store(s,st) \
  # define SSL_set1_chain_cert_store(s,st) \
-        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st)
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
  # define SSL_get1_groups(ctx, s) \
  # define SSL_get1_groups(ctx, s) \
-        SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)s)
+        SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)(s))
  # define SSL_get1_curves(ctx, s) \
          SSL_get1_groups((ctx), (s))
  # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
  # define SSL_get1_curves(ctx, s) \
          SSL_get1_groups((ctx), (s))
  # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)glist)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
  # define SSL_CTX_set1_groups_list(ctx, s) \
  # define SSL_CTX_set1_groups_list(ctx, s) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)s)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
  # define SSL_CTX_set1_curves(ctx, clist, clistlen) \
          SSL_CTX_set1_groups((ctx), (clist), (clistlen))
  # define SSL_CTX_set1_curves_list(ctx, s) \
          SSL_CTX_set1_groups_list((ctx), (s))
  # define SSL_set1_groups(ctx, glist, glistlen) \
  # define SSL_CTX_set1_curves(ctx, clist, clistlen) \
          SSL_CTX_set1_groups((ctx), (clist), (clistlen))
  # define SSL_CTX_set1_curves_list(ctx, s) \
          SSL_CTX_set1_groups_list((ctx), (s))
  # define SSL_set1_groups(ctx, glist, glistlen) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)glist)
+        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
  # define SSL_set1_groups_list(ctx, s) \
  # define SSL_set1_groups_list(ctx, s) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)s)
+        SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
  # define SSL_set1_curves(ctx, clist, clistlen) \
          SSL_set1_groups((ctx), (clist), (clistlen))
  # define SSL_set1_curves_list(ctx, s) \
  # define SSL_set1_curves(ctx, clist, clistlen) \
          SSL_set1_groups((ctx), (clist), (clistlen))
  # define SSL_set1_curves_list(ctx, s) \
@@ -1328,27 +1330,28 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
  # define SSL_get_shared_curve(s, n) \
          SSL_get_shared_group((s), (n))
  # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
  # define SSL_get_shared_curve(s, n) \
          SSL_get_shared_group((s), (n))
  # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
  # define SSL_CTX_set1_sigalgs_list(ctx, s) \
  # define SSL_CTX_set1_sigalgs_list(ctx, s) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
  # define SSL_set1_sigalgs(ctx, slist, slistlen) \
  # define SSL_set1_sigalgs(ctx, slist, slistlen) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
  # define SSL_set1_sigalgs_list(ctx, s) \
  # define SSL_set1_sigalgs_list(ctx, s) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
  # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
  # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist))
  # define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
  # define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
  # define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
  # define SSL_set1_client_sigalgs(ctx, slist, slistlen) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist)
+        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)(slist))
  # define SSL_set1_client_sigalgs_list(ctx, s) \
  # define SSL_set1_client_sigalgs_list(ctx, s) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s)
+        SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
  # define SSL_get0_certificate_types(s, clist) \
  # define SSL_get0_certificate_types(s, clist) \
-        SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist)
+        SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist))
  # define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
  # define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \
+                     (char *)(clist))
  # define SSL_set1_client_certificate_types(s, clist, clistlen) \
  # define SSL_set1_client_certificate_types(s, clist, clistlen) \
-        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist)
+        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist))
  # define SSL_get_peer_signature_nid(s, pn) \
          SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
  # define SSL_get_server_tmp_key(s, pk) \
  # define SSL_get_peer_signature_nid(s, pn) \
          SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
  # define SSL_get_server_tmp_key(s, pk) \
@@ -1448,9 +1451,17 @@ __owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
  __owur int SSL_use_certificate(SSL *ssl, X509 *x);
  __owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
  
  __owur int SSL_use_certificate(SSL *ssl, X509 *x);
  __owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
  
+
+/* serverinfo file format versions */
+# define SSL_SERVERINFOV1   1
+# define SSL_SERVERINFOV2   2
+
  /* Set serverinfo data for the current active cert. */
  __owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
                             size_t serverinfo_length);
  /* Set serverinfo data for the current active cert. */
  __owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
                             size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                                     const unsigned char *serverinfo,
+                                     size_t serverinfo_length);
  __owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
  
  #ifndef OPENSSL_NO_RSA
  __owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
  
  #ifndef OPENSSL_NO_RSA
@@ -1502,6 +1513,7 @@ __owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_
                                  unsigned int sid_ctx_len);
  __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
                                 unsigned int sid_len);
                                  unsigned int sid_ctx_len);
  __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
                                 unsigned int sid_len);
+__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s);
  
  __owur SSL_SESSION *SSL_SESSION_new(void);
  const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
  
  __owur SSL_SESSION *SSL_SESSION_new(void);
  const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
@@ -1948,6 +1960,21 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
                                              int (*cb) (SSL *ssl,
                                                         int
                                                         is_forward_secure));
                                              int (*cb) (SSL *ssl,
                                                         int
                                                         is_forward_secure));
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
+                                         size_t (*cb) (SSL *ssl, int type,
+                                                       size_t len, void *arg));
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
+void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx);
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+
+void SSL_set_record_padding_callback(SSL *ssl,
+                                    size_t (*cb) (SSL *ssl, int type,
+                                                  size_t len, void *arg));
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
+void *SSL_get_record_padding_callback_arg(SSL *ssl);
+int SSL_set_block_padding(SSL *ssl, size_t block_size);
+
  # if OPENSSL_API_COMPAT < 0x10100000L
  #  define SSL_cache_hit(s) SSL_session_reused(s)
  # endif
  # if OPENSSL_API_COMPAT < 0x10100000L
  #  define SSL_cache_hit(s) SSL_session_reused(s)
  # endif
@@ -2309,6 +2336,7 @@ int ERR_load_SSL_strings(void);
  # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
  # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
  # define SSL_F_SSL_CTX_USE_SERVERINFO                     336
  # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
  # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
  # define SSL_F_SSL_CTX_USE_SERVERINFO                     336
+# define SSL_F_SSL_CTX_USE_SERVERINFO_EX                  543
  # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE                337
  # define SSL_F_SSL_DANE_DUP                               403
  # define SSL_F_SSL_DANE_ENABLE                            395
  # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE                337
  # define SSL_F_SSL_DANE_DUP                               403
  # define SSL_F_SSL_DANE_ENABLE                            395
@@ -2468,6 +2496,7 @@ int ERR_load_SSL_strings(void);
  # define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME             459
  # define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET          460
  # define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST          461
  # define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME             459
  # define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET          460
  # define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST          461
+# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS        544
  # define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP                462
  # define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO        521
  # define SSL_F_TLS_GET_MESSAGE_BODY                       351
  # define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP                462
  # define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO        521
  # define SSL_F_TLS_GET_MESSAGE_BODY                       351
@@ -2607,6 +2636,7 @@ int ERR_load_SSL_strings(void);
  # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
  # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
  # define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
  # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
  # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
  # define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
+# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE                  194
  # define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
  # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
  # define SSL_R_EXT_LENGTH_MISMATCH                        163
  # define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
  # define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
  # define SSL_R_EXT_LENGTH_MISMATCH                        163
@@ -2620,6 +2650,7 @@ int ERR_load_SSL_strings(void);
  # define SSL_R_INAPPROPRIATE_FALLBACK                     373
  # define SSL_R_INCONSISTENT_COMPRESSION                   340
  # define SSL_R_INCONSISTENT_EXTMS                         104
  # define SSL_R_INAPPROPRIATE_FALLBACK                     373
  # define SSL_R_INCONSISTENT_COMPRESSION                   340
  # define SSL_R_INCONSISTENT_EXTMS                         104
+# define SSL_R_INVALID_ALERT                              205
  # define SSL_R_INVALID_COMMAND                            280
  # define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
  # define SSL_R_INVALID_CONFIGURATION_NAME                 113
  # define SSL_R_INVALID_COMMAND                            280
  # define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
  # define SSL_R_INVALID_CONFIGURATION_NAME                 113
@@ -2644,12 +2675,14 @@ int ERR_load_SSL_strings(void);
  # define SSL_R_MISSING_RSA_SIGNING_CERT                   170
  # define SSL_R_MISSING_SIGALGS_EXTENSION                  112
  # define SSL_R_MISSING_SRP_PARAM                          358
  # define SSL_R_MISSING_RSA_SIGNING_CERT                   170
  # define SSL_R_MISSING_SIGALGS_EXTENSION                  112
  # define SSL_R_MISSING_SRP_PARAM                          358
+# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209
  # define SSL_R_MISSING_TMP_DH_KEY                         171
  # define SSL_R_MISSING_TMP_ECDH_KEY                       311
  # define SSL_R_NOT_ON_RECORD_BOUNDARY                     182
  # define SSL_R_NO_CERTIFICATES_RETURNED                   176
  # define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
  # define SSL_R_NO_CERTIFICATE_SET                         179
  # define SSL_R_MISSING_TMP_DH_KEY                         171
  # define SSL_R_MISSING_TMP_ECDH_KEY                       311
  # define SSL_R_NOT_ON_RECORD_BOUNDARY                     182
  # define SSL_R_NO_CERTIFICATES_RETURNED                   176
  # define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
  # define SSL_R_NO_CERTIFICATE_SET                         179
+# define SSL_R_NO_CHANGE_FOLLOWING_HRR                    205
  # define SSL_R_NO_CIPHERS_AVAILABLE                       181
  # define SSL_R_NO_CIPHERS_SPECIFIED                       183
  # define SSL_R_NO_CIPHER_MATCH                            185
  # define SSL_R_NO_CIPHERS_AVAILABLE                       181
  # define SSL_R_NO_CIPHERS_SPECIFIED                       183
  # define SSL_R_NO_CIPHER_MATCH                            185