# define SSL_TXT_CAMELLIA128 "CAMELLIA128"
# define SSL_TXT_CAMELLIA256 "CAMELLIA256"
# define SSL_TXT_CAMELLIA "CAMELLIA"
+# define SSL_TXT_CHACHA20 "CHACHA20"
# define SSL_TXT_GOST "GOST89"
# define SSL_TXT_MD5 "MD5"
/* Dead forever, see CVE-2010-4180. */
# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U
# define SSL_OP_TLSEXT_PADDING 0x00000010U
-# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0U
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U
-# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080U
-# define SSL_OP_TLS_D5_BUG 0x00000100U
+/* Ancient SSLeay version, retained for compatibility */
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
+# define SSL_OP_TLS_D5_BUG 0x0U
/* Removed from OpenSSL 1.1.0 */
# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U
# define SSL_OP_NO_COMPRESSION 0x00020000U
/* Permit unsafe legacy renegotiation */
# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U
-/* If set, always create a new key when using tmp_ecdh parameters */
-# define SSL_OP_SINGLE_ECDH_USE 0x00080000U
-/* If set, always create a new key when using tmp_dh parameters */
-# define SSL_OP_SINGLE_DH_USE 0x00100000U
+/* Does nothing: retained for compatibility */
+# define SSL_OP_SINGLE_ECDH_USE 0x0
+/* Does nothing: retained for compatibility */
+# define SSL_OP_SINGLE_DH_USE 0x0
/* Does nothing: retained for compatibiity */
# define SSL_OP_EPHEMERAL_RSA 0x0
/*
# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
+# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
+
/* Removed from previous versions */
# define SSL_OP_PKCS1_CHECK_1 0x0
# define SSL_CTRL_SELECT_CURRENT_CERT 116
# define SSL_CTRL_SET_CURRENT_CERT 117
# define SSL_CTRL_SET_DH_AUTO 118
-# define SSL_CTRL_CHECK_PROTO_VERSION 119
# define DTLS_CTRL_SET_LINK_MTU 120
# define DTLS_CTRL_GET_LINK_MIN_MTU 121
# define SSL_CTRL_GET_EXTMS_SUPPORT 122
+# define SSL_CTRL_SET_MIN_PROTO_VERSION 123
+# define SSL_CTRL_SET_MAX_PROTO_VERSION 124
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
# define SSL_get0_ec_point_formats(s, plst) \
SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+#define SSL_CTX_set_min_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_CTX_set_max_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+#define SSL_set_min_proto_version(s, version) \
+ SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+#define SSL_set_max_proto_version(s, version) \
+ SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+
__owur BIO_METHOD *BIO_f_ssl(void);
__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *file);
-# ifndef OPENSSL_SYS_VMS
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *dir);
-# endif
void SSL_load_error_strings(void);
__owur const char *SSL_state_string(const SSL *s);
__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+void SSL_add_ssl_module(void);
+int SSL_config(SSL *s, const char *name);
+int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+
# ifndef OPENSSL_NO_SSL_TRACE
void SSL_trace(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
/* Sanity check of curve server selects */
# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE)
/* Temporary DH key */
-# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_DH)
+# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY)
/* SSL/TLS version */
# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE)
/* Session tickets */
# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
# define SSL_F_SSL3_ENC 134
+# define SSL_F_SSL3_FINAL_FINISH_MAC 285
# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388
# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
# define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
# define SSL_F_SSL3_GET_SERVER_DONE 145
# define SSL_F_SSL3_GET_SERVER_HELLO 146
-# define SSL_F_SSL3_FINAL_FINISH_MAC 285
# define SSL_F_SSL3_NEW_SESSION_TICKET 287
# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
# define SSL_F_SSL3_PEEK 235
# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
# define SSL_F_SSL_CTX_USE_SERVERINFO 336
# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337
+# define SSL_F_SSL_DO_CONFIG 391
# define SSL_F_SSL_DO_HANDSHAKE 180
# define SSL_F_SSL_GET_NEW_SESSION 181
# define SSL_F_SSL_GET_PREV_SESSION 217
# define SSL_F_SSL_GET_SIGN_PKEY 183
# define SSL_F_SSL_INIT_WBIO_BUFFER 184
# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
+# define SSL_F_SSL_MODULE_INIT 392
# define SSL_F_SSL_NEW 186
# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
# define SSL_F_SSL_SET_TRUST 228
-# define SSL_F_SSL_SET_VERSION 347
# define SSL_F_SSL_SET_WFD 196
# define SSL_F_SSL_SHUTDOWN 224
# define SSL_F_SSL_SRP_CTX_INIT 313
/* Reason codes. */
# define SSL_R_APP_DATA_IN_HANDSHAKE 100
# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
+# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143
+# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158
# define SSL_R_BAD_ALERT_RECORD 101
# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
# define SSL_R_BAD_DATA 390
# define SSL_R_BAD_ECC_CERT 304
# define SSL_R_BAD_ECDSA_SIGNATURE 305
# define SSL_R_BAD_ECPOINT 306
-# define SSL_R_BAD_GOST_SIGNATURE 406
# define SSL_R_BAD_HANDSHAKE_LENGTH 332
# define SSL_R_BAD_HELLO_REQUEST 105
# define SSL_R_BAD_LENGTH 271
# define SSL_R_ILLEGAL_SUITEB_DIGEST 380
# define SSL_R_INAPPROPRIATE_FALLBACK 373
# define SSL_R_INCONSISTENT_COMPRESSION 340
+# define SSL_R_INCONSISTENT_EXTMS 104
# define SSL_R_INVALID_COMMAND 280
# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
+# define SSL_R_INVALID_CONFIGURATION_NAME 113
# define SSL_R_INVALID_NULL_CMD_NAME 385
# define SSL_R_INVALID_PURPOSE 278
# define SSL_R_INVALID_SEQUENCE_NUMBER 402
# define SSL_R_NULL_SSL_METHOD_PASSED 196
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
-# define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387
-# define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379
-# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
# define SSL_R_PACKET_LENGTH_TOO_LONG 198
# define SSL_R_PARSE_TLSEXT 227
# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
+# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117
+# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125
# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
# define SSL_R_SSL_HANDSHAKE_FAILURE 229
# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
# define SSL_R_SSL_NEGATIVE_LENGTH 372
+# define SSL_R_SSL_SECTION_EMPTY 126
+# define SSL_R_SSL_SECTION_NOT_FOUND 136
# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
# define SSL_R_SSL_SESSION_ID_CONFLICT 302
# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
# define SSL_R_UNKNOWN_CIPHER_RETURNED 248
# define SSL_R_UNKNOWN_CIPHER_TYPE 249
# define SSL_R_UNKNOWN_CMD_NAME 386
+# define SSL_R_UNKNOWN_COMMAND 139
# define SSL_R_UNKNOWN_DIGEST 368
# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
# define SSL_R_UNKNOWN_PKEY_TYPE 251
# define SSL_R_UNSUPPORTED_SSL_VERSION 259
# define SSL_R_UNSUPPORTED_STATUS_TYPE 329
# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
+# define SSL_R_VERSION_TOO_HIGH 166
# define SSL_R_VERSION_TOO_LOW 396
# define SSL_R_WRONG_CERTIFICATE_TYPE 383
# define SSL_R_WRONG_CIPHER_RETURNED 261