X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=include%2Fopenssl%2Fssl.h;h=0b9e5d7dff2f3e1c352f2b7eb77e87f7189fbec1;hp=e3072e726697bab1ced52522886f8b67dbc426e5;hb=e2b420fdd708e14a0b43a21cd2377cafb0d54c02;hpb=e6390acac925f952cfd06ccdbba0b273b8f71551 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e3072e7266..0b9e5d7dff 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -181,8 +181,6 @@ extern "C" { /* These are used to specify which ciphers to use and not to use */ -# define SSL_TXT_EXP40 "EXPORT40" -# define SSL_TXT_EXP56 "EXPORT56" # define SSL_TXT_LOW "LOW" # define SSL_TXT_MEDIUM "MEDIUM" # define SSL_TXT_HIGH "HIGH" @@ -251,6 +249,7 @@ extern "C" { # define SSL_TXT_CAMELLIA128 "CAMELLIA128" # define SSL_TXT_CAMELLIA256 "CAMELLIA256" # define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" # define SSL_TXT_GOST "GOST89" # define SSL_TXT_MD5 "MD5" @@ -268,9 +267,6 @@ extern "C" { # define SSL_TXT_TLSV1_1 "TLSv1.1" # define SSL_TXT_TLSV1_2 "TLSv1.2" -# define SSL_TXT_EXP "EXP" -# define SSL_TXT_EXPORT "EXPORT" - # define SSL_TXT_ALL "ALL" /*- @@ -366,10 +362,11 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, /* Dead forever, see CVE-2010-4180. */ # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U # define SSL_OP_TLSEXT_PADDING 0x00000010U -# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0U # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U -# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080U -# define SSL_OP_TLS_D5_BUG 0x00000100U +/* Ancient SSLeay version, retained for compatibility */ +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +# define SSL_OP_TLS_D5_BUG 0x0U /* Removed from OpenSSL 1.1.0 */ # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U @@ -412,10 +409,10 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_NO_COMPRESSION 0x00020000U /* Permit unsafe legacy renegotiation */ # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U -/* If set, always create a new key when using tmp_ecdh parameters */ -# define SSL_OP_SINGLE_ECDH_USE 0x00080000U -/* If set, always create a new key when using tmp_dh parameters */ -# define SSL_OP_SINGLE_DH_USE 0x00100000U +/* Does nothing: retained for compatibility */ +# define SSL_OP_SINGLE_ECDH_USE 0x0 +/* Does nothing: retained for compatibility */ +# define SSL_OP_SINGLE_DH_USE 0x0 /* Does nothing: retained for compatibiity */ # define SSL_OP_EPHEMERAL_RSA 0x0 /* @@ -1113,13 +1110,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_ERROR_WANT_CONNECT 7 # define SSL_ERROR_WANT_ACCEPT 8 # define SSL_ERROR_WANT_ASYNC 9 -# define SSL_CTRL_NEED_TMP_RSA 1 -# define SSL_CTRL_SET_TMP_RSA 2 # define SSL_CTRL_SET_TMP_DH 3 # define SSL_CTRL_SET_TMP_ECDH 4 -# define SSL_CTRL_SET_TMP_RSA_CB 5 # define SSL_CTRL_SET_TMP_DH_CB 6 -# define SSL_CTRL_SET_TMP_ECDH_CB 7 # define SSL_CTRL_GET_SESSION_REUSED 8 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 @@ -1203,7 +1196,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_CURVES 91 # define SSL_CTRL_SET_CURVES_LIST 92 # define SSL_CTRL_GET_SHARED_CURVE 93 -# define SSL_CTRL_SET_ECDH_AUTO 94 # define SSL_CTRL_SET_SIGALGS 97 # define SSL_CTRL_SET_SIGALGS_LIST 98 # define SSL_CTRL_CERT_FLAGS 99 @@ -1244,10 +1236,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) # define SSL_total_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) -# define SSL_CTX_need_tmp_RSA(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) -# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) # define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ @@ -1256,10 +1244,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_dh_auto(s, onoff) \ SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -# define SSL_need_tmp_RSA(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) -# define SSL_set_tmp_rsa(ssl,rsa) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) # define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_set_tmp_ecdh(ssl,ecdh) \ @@ -1336,10 +1320,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) # define SSL_get_shared_curve(s, n) \ SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) -# define SSL_CTX_set_ecdh_auto(ctx, onoff) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) -# define SSL_set_ecdh_auto(s, onoff) \ - SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) # define SSL_CTX_set1_sigalgs_list(ctx, s) \ @@ -1391,7 +1371,7 @@ __owur int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -__owur int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); __owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); @@ -1755,15 +1735,6 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) /* NB: the keylength is only applicable when is_export is true */ -# ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*cb) (SSL *ssl, int is_export, - int keylength)); - -void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb) (SSL *ssl, int is_export, - int keylength)); -# endif # ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh) (SSL *ssl, int is_export, @@ -1772,14 +1743,6 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, int keylength)); # endif -# ifndef OPENSSL_NO_EC -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)); -void SSL_set_tmp_ecdh_callback(SSL *ssl, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)); -# endif __owur const COMP_METHOD *SSL_get_current_compression(SSL *s); __owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); @@ -1833,6 +1796,10 @@ __owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); __owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); __owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); +void SSL_add_ssl_module(void); +int SSL_config(SSL *s, const char *name); +int SSL_CTX_config(SSL_CTX *ctx, const char *name); + # ifndef OPENSSL_NO_SSL_TRACE void SSL_trace(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); @@ -1869,7 +1836,7 @@ __owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); /* Sanity check of curve server selects */ # define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) /* Temporary DH key */ -# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_DH) +# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) /* SSL/TLS version */ # define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) /* Session tickets */ @@ -1993,6 +1960,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 # define SSL_F_SSL3_ENC 134 +# define SSL_F_SSL3_FINAL_FINISH_MAC 285 # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 # define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 # define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 @@ -2011,7 +1979,6 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 # define SSL_F_SSL3_GET_SERVER_DONE 145 # define SSL_F_SSL3_GET_SERVER_HELLO 146 -# define SSL_F_SSL3_FINAL_FINISH_MAC 285 # define SSL_F_SSL3_NEW_SESSION_TICKET 287 # define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 # define SSL_F_SSL3_PEEK 235 @@ -2082,6 +2049,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 # define SSL_F_SSL_CTX_USE_SERVERINFO 336 # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +# define SSL_F_SSL_DO_CONFIG 391 # define SSL_F_SSL_DO_HANDSHAKE 180 # define SSL_F_SSL_GET_NEW_SESSION 181 # define SSL_F_SSL_GET_PREV_SESSION 217 @@ -2091,6 +2059,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_GET_SIGN_PKEY 183 # define SSL_F_SSL_INIT_WBIO_BUFFER 184 # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +# define SSL_F_SSL_MODULE_INIT 392 # define SSL_F_SSL_NEW 186 # define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 # define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 @@ -2207,7 +2176,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_BAD_ECC_CERT 304 # define SSL_R_BAD_ECDSA_SIGNATURE 305 # define SSL_R_BAD_ECPOINT 306 -# define SSL_R_BAD_GOST_SIGNATURE 406 # define SSL_R_BAD_HANDSHAKE_LENGTH 332 # define SSL_R_BAD_HELLO_REQUEST 105 # define SSL_R_BAD_LENGTH 271 @@ -2273,7 +2241,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_EE_KEY_TOO_SMALL 399 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 @@ -2287,8 +2254,10 @@ void ERR_load_SSL_strings(void); # define SSL_R_ILLEGAL_SUITEB_DIGEST 380 # define SSL_R_INAPPROPRIATE_FALLBACK 373 # define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EXTMS 104 # define SSL_R_INVALID_COMMAND 280 # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +# define SSL_R_INVALID_CONFIGURATION_NAME 113 # define SSL_R_INVALID_NULL_CMD_NAME 385 # define SSL_R_INVALID_PURPOSE 278 # define SSL_R_INVALID_SEQUENCE_NUMBER 402 @@ -2308,16 +2277,12 @@ void ERR_load_SSL_strings(void); # define SSL_R_MISSING_DSA_SIGNING_CERT 165 # define SSL_R_MISSING_ECDH_CERT 382 # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 -# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 -# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 # define SSL_R_MISSING_RSA_CERTIFICATE 168 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 # define SSL_R_MISSING_RSA_SIGNING_CERT 170 # define SSL_R_MISSING_SRP_PARAM 358 # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 -# define SSL_R_MISSING_TMP_RSA_KEY 172 -# define SSL_R_MISSING_TMP_RSA_PKEY 173 # define SSL_R_MISSING_VERIFY_MESSAGE 174 # define SSL_R_MULTIPLE_SGC_RESTARTS 346 # define SSL_R_NO_CERTIFICATES_RETURNED 176 @@ -2397,10 +2362,14 @@ void ERR_load_SSL_strings(void); # define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 # define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 # define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 # define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 # define SSL_R_SSL_HANDSHAKE_FAILURE 229 # define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 # define SSL_R_SSL_NEGATIVE_LENGTH 372 +# define SSL_R_SSL_SECTION_EMPTY 126 +# define SSL_R_SSL_SECTION_NOT_FOUND 136 # define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 # define SSL_R_SSL_SESSION_ID_CONFLICT 302 # define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 @@ -2446,6 +2415,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_UNKNOWN_CIPHER_RETURNED 248 # define SSL_R_UNKNOWN_CIPHER_TYPE 249 # define SSL_R_UNKNOWN_CMD_NAME 386 +# define SSL_R_UNKNOWN_COMMAND 139 # define SSL_R_UNKNOWN_DIGEST 368 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 # define SSL_R_UNKNOWN_PKEY_TYPE 251