X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=include%2Fopenssl%2Fssl.h;h=9d6e1c502473b62138c6d56c2a7e4a3965e674aa;hb=b9ce85f631cf376cd781fd3dfdc80e927d88ee77;hp=ffe158388d6ae486c10afd4c95250916a53a5d1c;hpb=18958cefd82449daf3c589b74a074f0c88159d47;p=openssl.git diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index ffe158388d..9d6e1c5024 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3,7 +3,7 @@ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -16,7 +16,7 @@ # include # include # include -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # include # include # include @@ -293,24 +293,30 @@ typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, /* Typedef for verification callback */ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); +/* Typedef for SSL async callback */ +typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); + /* - * Some values are reserved until OpenSSL 1.2.0 because they were previously + * Some values are reserved until OpenSSL 3.0.0 because they were previously * included in SSL_OP_ALL in a 1.1.x release. - * - * Reserved value (until OpenSSL 1.2.0) 0x00000001U - * Reserved value (until OpenSSL 1.2.0) 0x00000002U */ + +/* Disable Extended master secret */ +# define SSL_OP_NO_EXTENDED_MASTER_SECRET 0x00000001U + +/* Reserved value (until OpenSSL 3.0.0) 0x00000002U */ + /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U -/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ +/* Reserved value (until OpenSSL 3.0.0) 0x00000008U */ # define SSL_OP_TLSEXT_PADDING 0x00000010U -/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ +/* Reserved value (until OpenSSL 3.0.0) 0x00000020U */ # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U /* - * Reserved value (until OpenSSL 1.2.0) 0x00000080U - * Reserved value (until OpenSSL 1.2.0) 0x00000100U - * Reserved value (until OpenSSL 1.2.0) 0x00000200U + * Reserved value (until OpenSSL 3.0.0) 0x00000080U + * Reserved value (until OpenSSL 3.0.0) 0x00000100U + * Reserved value (until OpenSSL 3.0.0) 0x00000200U */ /* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ @@ -493,6 +499,22 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); * Support Asynchronous operation */ # define SSL_MODE_ASYNC 0x00000100U +/* + * Use the kernel TLS transmission data-path. + */ +# define SSL_MODE_NO_KTLS_TX 0x00000200U +/* + * When using DTLS/SCTP, include the terminating zero in the label + * used for computing the endpoint-pair shared secret. Required for + * interoperability with implementations having this bug like these + * older version of OpenSSL: + * - OpenSSL 1.0.0 series + * - OpenSSL 1.0.1 series + * - OpenSSL 1.0.2 series + * - OpenSSL 1.1.0 series + * - OpenSSL 1.1.1 and 1.1.1a + */ +# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U /* Cert related flags */ /* @@ -1089,7 +1111,7 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_CLIENT_ONCE 0x04 # define SSL_VERIFY_POST_HANDSHAKE 0x08 -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() # endif @@ -1271,7 +1293,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_VERIFY_CERT_STORE 106 # define SSL_CTRL_SET_CHAIN_CERT_STORE 107 # define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 -# define SSL_CTRL_GET_SERVER_TMP_KEY 109 +# define SSL_CTRL_GET_PEER_TMP_KEY 109 # define SSL_CTRL_GET_RAW_CIPHERLIST 110 # define SSL_CTRL_GET_EC_POINT_FORMATS 111 # define SSL_CTRL_GET_CHAIN_CERTS 115 @@ -1290,6 +1312,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 # define SSL_CTRL_GET_MIN_PROTO_VERSION 130 # define SSL_CTRL_GET_MAX_PROTO_VERSION 131 +# define SSL_CTRL_GET_SIGNATURE_NID 132 +# define SSL_CTRL_GET_TMP_KEY 133 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1305,16 +1329,18 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) # define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) # define SSL_CTX_set_dh_auto(ctx, onoff) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_dh_auto(s, onoff) \ SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh)) -# define SSL_set_tmp_ecdh(ssl,ecdh) \ +# if !OPENSSL_API_3 +# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# define SSL_set_tmp_ecdh(ssl,ecdh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh)) +# endif # define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509)) # define SSL_CTX_get_extra_chain_certs(ctx,px509) \ @@ -1410,10 +1436,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) (char *)(clist)) # define SSL_set1_client_certificate_types(s, clist, clistlen) \ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist)) +# define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn) # define SSL_get_peer_signature_nid(s, pn) \ SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) -# define SSL_get_server_tmp_key(s, pk) \ - SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) +# define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk) +# define SSL_get_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk) # define SSL_get0_raw_cipherlist(s, plst) \ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) # define SSL_get0_ec_point_formats(s, plst) \ @@ -1435,6 +1465,12 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_max_proto_version(s) \ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) +/* Backwards compatibility, original 1.1.0 names */ +# define SSL_CTRL_GET_SERVER_TMP_KEY \ + SSL_CTRL_GET_PEER_TMP_KEY +# define SSL_get_server_tmp_key(s, pk) \ + SSL_get_peer_tmp_key(s, pk) + /* * The following symbol names are old and obsolete. They are kept * for compatibility reasons only and should not be used anymore. @@ -1452,7 +1488,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get_shared_curve SSL_get_shared_group -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 /* Provide some compatibility macros for removed functionality. */ # define SSL_CTX_need_tmp_RSA(ctx) 0 # define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 @@ -1580,7 +1616,7 @@ __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_load_error_strings() \ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) @@ -1797,6 +1833,12 @@ __owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); __owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, OSSL_ASYNC_FD *delfd, size_t *numdelfds); +__owur int SSL_CTX_set_async_callback(SSL_CTX *ctx, SSL_async_callback_fn callback); +__owur int SSL_CTX_set_async_callback_arg(SSL_CTX *ctx, void *arg); +__owur int SSL_set_async_callback(SSL *s, SSL_async_callback_fn callback); +__owur int SSL_set_async_callback_arg(SSL *s, void *arg); +__owur int SSL_get_async_status(SSL *s, int *status); + # endif __owur int SSL_accept(SSL *ssl); __owur int SSL_stateless(SSL *s); @@ -1892,17 +1934,17 @@ __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); __owur int SSL_do_handshake(SSL *s); int SSL_key_update(SSL *s, int updatetype); -int SSL_get_key_update_type(SSL *s); +int SSL_get_key_update_type(const SSL *s); int SSL_renegotiate(SSL *s); int SSL_renegotiate_abbreviated(SSL *s); -__owur int SSL_renegotiate_pending(SSL *s); +__owur int SSL_renegotiate_pending(const SSL *s); int SSL_shutdown(SSL *s); __owur int SSL_verify_client_post_handshake(SSL *s); void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); void SSL_set_post_handshake_auth(SSL *s, int val); -__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); -__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s); +__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); +__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s); __owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); __owur const char *SSL_alert_type_string_long(int value); __owur const char *SSL_alert_type_string(int value); @@ -1929,7 +1971,7 @@ void SSL_set_accept_state(SSL *s); __owur long SSL_get_default_timeout(const SSL *s); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_library_init() OPENSSL_init_ssl(0, NULL) # endif @@ -2050,15 +2092,15 @@ void SSL_set_tmp_dh_callback(SSL *ssl, int keylength)); # endif -__owur const COMP_METHOD *SSL_get_current_compression(SSL *s); -__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); +__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s); +__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s); __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); __owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); __owur int SSL_COMP_get_id(const SSL_COMP *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_COMP_free_compression_methods() while(0) continue # endif __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); @@ -2095,22 +2137,22 @@ void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb) (SSL *ssl, int type, size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); -void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx); +void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb) (SSL *ssl, int type, size_t len, void *arg)); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); -void *SSL_get_record_padding_callback_arg(SSL *ssl); +void *SSL_get_record_padding_callback_arg(const SSL *ssl); int SSL_set_block_padding(SSL *ssl, size_t block_size); int SSL_set_num_tickets(SSL *s, size_t num_tickets); -size_t SSL_get_num_tickets(SSL *s); +size_t SSL_get_num_tickets(const SSL *s); int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); -size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); -# if OPENSSL_API_COMPAT < 0x10100000L +# if !OPENSSL_API_1_1_0 # define SSL_cache_hit(s) SSL_session_reused(s) # endif