diff options
Diffstat (limited to 'lib/libssl/ssl.h')
| -rw-r--r-- | lib/libssl/ssl.h | 507 |
1 files changed, 250 insertions, 257 deletions
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index bf4b2f2cb65..97e4a3f96c2 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -260,9 +260,9 @@ extern "C" { #define SSL_TXT_aKRB5 "aKRB5" #define SSL_TXT_aECDSA "aECDSA" #define SSL_TXT_aPSK "aPSK" -#define SSL_TXT_aGOST94 "aGOST94" -#define SSL_TXT_aGOST01 "aGOST01" -#define SSL_TXT_aGOST "aGOST" +#define SSL_TXT_aGOST94 "aGOST94" +#define SSL_TXT_aGOST01 "aGOST01" +#define SSL_TXT_aGOST "aGOST" #define SSL_TXT_DSS "DSS" #define SSL_TXT_DH "DH" @@ -369,23 +369,22 @@ typedef struct ssl_session_st SSL_SESSION; DECLARE_STACK_OF(SSL_CIPHER) /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ -typedef struct srtp_protection_profile_st - { - const char *name; - unsigned long id; - } SRTP_PROTECTION_PROFILE; +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) -typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg); -typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); - +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); #ifndef OPENSSL_NO_SSL_INTERN /* used to hold info on the particular ciphers used */ -struct ssl_cipher_st - { +struct ssl_cipher_st { int valid; const char *name; /* text name */ unsigned long id; /* id, 4 bytes, first is version */ @@ -401,34 +400,33 @@ struct ssl_cipher_st unsigned long algorithm2; /* Extra flags */ int strength_bits; /* Number of bits really used */ int alg_bits; /* Number of bits for algorithm */ - }; +}; /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ -struct ssl_method_st - { +struct ssl_method_st { int version; int (*ssl_new)(SSL *s); void (*ssl_clear)(SSL *s); void (*ssl_free)(SSL *s); int (*ssl_accept)(SSL *s); int (*ssl_connect)(SSL *s); - int (*ssl_read)(SSL *s,void *buf,int len); - int (*ssl_peek)(SSL *s,void *buf,int len); - int (*ssl_write)(SSL *s,const void *buf,int len); + int (*ssl_read)(SSL *s, void *buf, int len); + int (*ssl_peek)(SSL *s, void *buf, int len); + int (*ssl_write)(SSL *s, const void *buf, int len); int (*ssl_shutdown)(SSL *s); int (*ssl_renegotiate)(SSL *s); int (*ssl_renegotiate_check)(SSL *s); - long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long - max, int *ok); - int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, - int peek); + long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, + long max, int *ok); + int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, + int len, int peek); int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); int (*ssl_dispatch_alert)(SSL *s); - long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); - long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); + long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); + long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); - int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); + int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr); int (*ssl_pending)(const SSL *s); int (*num_ciphers)(void); const SSL_CIPHER *(*get_cipher)(unsigned ncipher); @@ -438,7 +436,7 @@ struct ssl_method_st int (*ssl_version)(void); long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); - }; +}; /* Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { @@ -465,8 +463,7 @@ struct ssl_method_st * Look in ssl/ssl_asn1.c for more details * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). */ -struct ssl_session_st - { +struct ssl_session_st { int ssl_version; /* what ssl version session info is * being kept in here? */ @@ -485,8 +482,8 @@ struct ssl_session_st unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; #ifndef OPENSSL_NO_KRB5 - unsigned int krb5_client_princ_len; - unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; + unsigned int krb5_client_princ_len; + unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK char *psk_identity_hint; @@ -526,7 +523,7 @@ struct ssl_session_st /* These are used to make removal of session-ids more * efficient and to implement a maximum cache size. */ - struct ssl_session_st *prev,*next; + struct ssl_session_st *prev, *next; #ifndef OPENSSL_NO_TLSEXT char *tlsext_hostname; #ifndef OPENSSL_NO_EC @@ -543,7 +540,7 @@ struct ssl_session_st #ifndef OPENSSL_NO_SRP char *srp_username; #endif - }; +}; #endif @@ -684,8 +681,11 @@ struct ssl_session_st #define SSL_get_secure_renegotiation_support(ssl) \ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) -void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); -void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, + int version, int content_type, const void *buf, size_t len, SSL *ssl, + void *arg)); +void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, + int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) @@ -693,8 +693,7 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con #ifndef OPENSSL_NO_SSL_INTERN -typedef struct srp_ctx_st - { +typedef struct srp_ctx_st { /* param for all the callbacks */ void *SRP_cb_arg; /* set client Hello login callback */ @@ -705,13 +704,13 @@ typedef struct srp_ctx_st char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); char *login; - BIGNUM *N,*g,*s,*B,*A; - BIGNUM *a,*b,*v; + BIGNUM *N, *g, *s, *B, *A; + BIGNUM *a, *b, *v; char *info; int strength; unsigned long srp_Mask; - } SRP_CTX; +} SRP_CTX; #endif @@ -721,9 +720,9 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); int SSL_SRP_CTX_free(SSL *ctx); int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); int SSL_srp_server_param_with_username(SSL *s, int *ad); -int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key); +int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); int SRP_Calc_A_param(SSL *s); -int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key); +int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); #endif @@ -745,14 +744,13 @@ int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key); * returns in this case. It is also an error for the callback to set the size to * zero. */ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, - unsigned int *id_len); + unsigned int *id_len); typedef struct ssl_comp_st SSL_COMP; #ifndef OPENSSL_NO_SSL_INTERN -struct ssl_comp_st - { +struct ssl_comp_st { int id; const char *name; #ifndef OPENSSL_NO_COMP @@ -760,13 +758,12 @@ struct ssl_comp_st #else char *method; #endif - }; +}; DECLARE_STACK_OF(SSL_COMP) DECLARE_LHASH_OF(SSL_SESSION); -struct ssl_ctx_st - { +struct ssl_ctx_st { const SSL_METHOD *method; STACK_OF(SSL_CIPHER) *cipher_list; @@ -801,13 +798,12 @@ struct ssl_ctx_st * If remove_session_cb is not null, it will be called when * a session-id is removed from the cache. After the call, * OpenSSL will SSL_SESSION_free() it. */ - int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); - void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); + int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); + void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, - unsigned char *data,int len,int *copy); + unsigned char *data, int len, int *copy); - struct - { + struct { int sess_connect; /* SSL new conn - started */ int sess_connect_renegotiate;/* SSL reneg - requested */ int sess_connect_good; /* SSL new conne/reneg - finished */ @@ -824,7 +820,7 @@ struct ssl_ctx_st * indicates that the application is * supplying session-id's from other * processes - spooky :-) */ - } stats; + } stats; int references; @@ -843,19 +839,19 @@ struct ssl_ctx_st /* get client cert callback */ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); - /* cookie generate callback */ - int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len); + /* cookie generate callback */ + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len); - /* verify cookie callback */ - int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, - unsigned int cookie_len); + /* verify cookie callback */ + int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int cookie_len); CRYPTO_EX_DATA ex_data; - const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ + const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ - const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ + const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ STACK_OF(X509) *extra_certs; STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ @@ -879,7 +875,8 @@ struct ssl_ctx_st int read_ahead; /* callback that allows applications to peek at protocol messages */ - void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); + void (*msg_callback)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; int verify_mode; @@ -920,10 +917,8 @@ struct ssl_ctx_st unsigned char tlsext_tick_hmac_key[16]; unsigned char tlsext_tick_aes_key[16]; /* Callback to support customisation of ticket key setting */ - int (*tlsext_ticket_key_cb)(SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, - HMAC_CTX *hctx, int enc); + int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name, + unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); /* certificate status request info */ /* Callback for status request */ @@ -931,17 +926,18 @@ struct ssl_ctx_st void *tlsext_status_arg; /* draft-rescorla-tls-opaque-prf-input-00.txt information */ - int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); + int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, + size_t len, void *arg); void *tlsext_opaque_prf_input_callback_arg; #endif #ifndef OPENSSL_NO_PSK char *psk_identity_hint; - unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len); + unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len); unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len); + unsigned char *psk, unsigned int max_psk_len); #endif #ifndef OPENSSL_NO_BUF_FREELISTS @@ -963,21 +959,20 @@ struct ssl_ctx_st /* For a server, this contains a callback function by which the set of * advertised protocols can be provided. */ int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, - unsigned int *len, void *arg); + unsigned int *len, void *arg); void *next_protos_advertised_cb_arg; /* For a client, this contains a callback function that selects the * next protocol from the list provided by the server. */ int (*next_proto_select_cb)(SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg); + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg); void *next_proto_select_cb_arg; # endif - /* SRTP profiles we are willing to do from RFC 5764 */ - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; + /* SRTP profiles we are willing to do from RFC 5764 */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; + #endif - }; +}; #endif @@ -1018,42 +1013,49 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); #define SSL_CTX_sess_cache_full(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) -void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); -int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); -void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); -void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); -void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); -SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); -void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); -void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); -void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); -int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data, + int len, int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + unsigned char *Data, int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl, + int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, + EVP_PKEY **pkey); #ifndef OPENSSL_NO_ENGINE int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); #endif -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int cookie_len)); #ifndef OPENSSL_NO_NEXTPROTONEG -void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, - int (*cb) (SSL *ssl, - const unsigned char **out, - unsigned int *outlen, - void *arg), - void *arg); -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, - int (*cb) (SSL *ssl, - unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), - void *arg); +void +SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl, + const unsigned char **out, unsigned int *outlen, void *arg), void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl, + unsigned char **out, unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg), void *arg); int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, unsigned int client_len); -void SSL_get0_next_proto_negotiated(const SSL *s, - const unsigned char **data, unsigned *len); + const unsigned char *in, unsigned int inlen, const unsigned char *client, + unsigned int client_len); +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); #define OPENSSL_NPN_UNSUPPORTED 0 #define OPENSSL_NPN_NEGOTIATED 1 @@ -1065,20 +1067,20 @@ void SSL_get0_next_proto_negotiated(const SSL *s, * resulting identity/psk */ #define PSK_MAX_IDENTITY_LEN 128 #define PSK_MAX_PSK_LEN 256 -void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, - unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)); -void SSL_set_psk_client_callback(SSL *ssl, - unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, - char *identity, unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len)); -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)); +void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, + unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len)); +void SSL_set_psk_client_callback(SSL *ssl, + unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len)); +void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, + unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len)); void SSL_set_psk_server_callback(SSL *ssl, - unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len)); + unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len)); int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); const char *SSL_get_psk_identity_hint(const SSL *s); @@ -1101,8 +1103,7 @@ const char *SSL_get_psk_identity(const SSL *s); #ifndef OPENSSL_NO_SSL_INTERN -struct ssl_st - { +struct ssl_st { /* protocol version * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) */ @@ -1146,9 +1147,9 @@ struct ssl_st int server; /* are we the server side? - mostly used by SSL_clear*/ int new_session;/* Generate a new session or reuse an old one. - * NB: For servers, the 'new' session may actually be a previously - * cached session or even the previous session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ int quiet_shutdown;/* don't send shutdown packets */ int shutdown; /* we have shut things down, 0x01 sent, 0x02 * for received */ @@ -1156,7 +1157,7 @@ struct ssl_st int rstate; /* where we are when reading */ BUF_MEM *init_buf; /* buffer used during init */ - void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ + void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ int init_num; /* amount read/written */ int init_off; /* amount read/written */ @@ -1169,10 +1170,11 @@ struct ssl_st struct dtls1_state_st *d1; /* DTLSv1 variables */ int read_ahead; /* Read as many input bytes as possible - * (for non-blocking reads) */ + * (for non-blocking reads) */ /* callback that allows applications to peek at protocol messages */ - void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); + void (*msg_callback)(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); void *msg_callback_arg; int hit; /* reusing a previous session */ @@ -1190,9 +1192,10 @@ struct ssl_st /* These are the ones being used, the ones in SSL_SESSION are * the ones to be 'copied' into these ones */ - int mac_flags; + int mac_flags; + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ - EVP_MD_CTX *read_hash; /* used for mac generation */ + EVP_MD_CTX *read_hash; /* used for mac generation */ #ifndef OPENSSL_NO_COMP COMP_CTX *expand; /* uncompress */ #else @@ -1200,11 +1203,12 @@ struct ssl_st #endif EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ + EVP_MD_CTX *write_hash; /* used for mac generation */ #ifndef OPENSSL_NO_COMP COMP_CTX *compress; /* compression */ #else - char *compress; + char *compress; + #endif /* session info */ @@ -1235,21 +1239,22 @@ struct ssl_st int error_code; /* actual code */ #ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ + KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK - unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len); + unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, + char *identity, unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len); unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len); + unsigned char *psk, unsigned int max_psk_len); #endif SSL_CTX *ctx; /* set this flag to 1 and a sleep(1) is put into all SSL_read() * and SSL_write() calls, good for nbio debuging :-) */ - int debug; + int debug; + /* extra application data */ long verify_result; @@ -1269,15 +1274,14 @@ struct ssl_st #ifndef OPENSSL_NO_TLSEXT /* TLS extension debug callback */ void (*tlsext_debug_cb)(SSL *s, int client_server, int type, - unsigned char *data, int len, - void *arg); + unsigned char *data, int len, void *arg); void *tlsext_debug_arg; char *tlsext_hostname; - int servername_done; /* no further mod of servername - 0 : call the servername extension callback. - 1 : prepare 2, allow last ack just after in server callback. - 2 : don't call servername callback, no ack in server hello - */ + int servername_done; /* no further mod of servername + 0 : call the servername extension callback. + 1 : prepare 2, allow last ack just after in server callback. + 2 : don't call servername callback, no ack in server hello + */ /* certificate status request info */ /* Status type or -1 if no status type */ int tlsext_status_type; @@ -1330,28 +1334,28 @@ struct ssl_st #define session_ctx initial_ctx - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ - SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ + SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ - unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated? - 0: disabled - 1: enabled - 2: enabled, but not allowed to send Requests - */ + unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated? + 0: disabled + 1: enabled + 2: enabled, but not allowed to send Requests + */ unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ - unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ + unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ #else #define session_ctx ctx #endif /* OPENSSL_NO_TLSEXT */ int renegotiate;/* 1 if we are renegotiating. - * 2 if we are a server and are inside a handshake + * 2 if we are a server and are inside a handshake * (i.e. not just sending a HelloRequest) */ #ifndef OPENSSL_NO_SRP SRP_CTX srp_ctx; /* ctx for SRP authentication */ #endif - }; +}; #endif @@ -1361,10 +1365,10 @@ struct ssl_st #include <openssl/ssl2.h> #include <openssl/ssl3.h> -#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ -#include <openssl/dtls1.h> /* Datagram TLS */ +#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ +#include <openssl/dtls1.h> /* Datagram TLS */ #include <openssl/ssl23.h> -#include <openssl/srtp.h> /* Support for the use_srtp extension */ +#include <openssl/srtp.h> /* Support for the use_srtp extension */ #ifdef __cplusplus extern "C" { @@ -1417,9 +1421,9 @@ extern "C" { /* The following 2 states are kept in ssl->rstate when reads fail, * you should not need these */ -#define SSL_ST_READ_HEADER 0xF0 -#define SSL_ST_READ_BODY 0xF1 -#define SSL_ST_READ_DONE 0xF2 +#define SSL_ST_READ_HEADER 0xF0 +#define SSL_ST_READ_BODY 0xF1 +#define SSL_ST_READ_DONE 0xF2 /* Obtain latest Finished message * -- that we sent (SSL_get_finished) @@ -1646,28 +1650,27 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_ssl(void); -BIO *BIO_new_ssl(SSL_CTX *ctx,int client); +BIO *BIO_new_ssl(SSL_CTX *ctx, int client); BIO *BIO_new_ssl_connect(SSL_CTX *ctx); BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); -int BIO_ssl_copy_session_id(BIO *to,BIO *from); +int BIO_ssl_copy_session_id(BIO *to, BIO *from); void BIO_ssl_shutdown(BIO *ssl_bio); - #endif -int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); +int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); void SSL_CTX_free(SSL_CTX *); -long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); +long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); long SSL_CTX_get_timeout(const SSL_CTX *ctx); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); -void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); int SSL_want(const SSL *s); int SSL_clear(SSL *s); -void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); +int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); char * SSL_CIPHER_get_version(const SSL_CIPHER *c); const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); @@ -1675,7 +1678,7 @@ unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); int SSL_get_fd(const SSL *s); int SSL_get_rfd(const SSL *s); int SSL_get_wfd(const SSL *s); -const char * SSL_get_cipher_list(const SSL *s,int n); +const char * SSL_get_cipher_list(const SSL *s, int n); char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); int SSL_get_read_ahead(const SSL * s); int SSL_pending(const SSL *s); @@ -1685,7 +1688,7 @@ int SSL_set_rfd(SSL *s, int fd); int SSL_set_wfd(SSL *s, int fd); #endif #ifndef OPENSSL_NO_BIO -void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); BIO * SSL_get_rbio(const SSL *s); BIO * SSL_get_wbio(const SSL *s); #endif @@ -1693,16 +1696,16 @@ int SSL_set_cipher_list(SSL *s, const char *str); void SSL_set_read_ahead(SSL *s, int yes); int SSL_get_verify_mode(const SSL *s); int SSL_get_verify_depth(const SSL *s); -int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); +int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, - int (*callback)(int ok,X509_STORE_CTX *ctx)); + int (*callback)(int ok, X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); #ifndef OPENSSL_NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); #endif int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); -int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); +int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len); int SSL_use_certificate(SSL *ssl, X509 *x); int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); @@ -1716,9 +1719,9 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *file); + const char *file); int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, - const char *dir); + const char *dir); #endif void SSL_load_error_strings(void ); @@ -1730,32 +1733,34 @@ long SSL_SESSION_get_time(const SSL_SESSION *s); long SSL_SESSION_set_time(SSL_SESSION *s, long t); long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); -void SSL_copy_session_id(SSL *to,const SSL *from); +void SSL_copy_session_id(SSL *to, const SSL *from); X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); -int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, - unsigned int sid_ctx_len); +int +SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, +unsigned int sid_ctx_len); SSL_SESSION *SSL_SESSION_new(void); -const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, - unsigned int *len); +const unsigned char +*SSL_SESSION_get_id(const SSL_SESSION *s, +unsigned int *len); unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); #ifndef OPENSSL_NO_FP_API -int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); #endif #ifndef OPENSSL_NO_BIO -int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); #endif void SSL_SESSION_free(SSL_SESSION *ses); -int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); +int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); int SSL_set_session(SSL *to, SSL_SESSION *session); int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); -int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); +int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len); -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, - long length); + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); #ifdef HEADER_X509_H X509 * SSL_get_peer_certificate(const SSL *s); @@ -1765,18 +1770,17 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); -int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); -void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, - int (*callback)(int, X509_STORE_CTX *)); -void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); -void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, + int (*callback)(int, X509_STORE_CTX *)); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg); #ifndef OPENSSL_NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); #endif int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, - const unsigned char *d, long len); +int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); @@ -1786,12 +1790,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); int SSL_CTX_check_private_key(const SSL_CTX *ctx); int SSL_check_private_key(const SSL *ctx); -int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, - unsigned int sid_ctx_len); +int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len); -SSL * SSL_new(SSL_CTX *ctx); -int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, - unsigned int sid_ctx_len); +SSL *SSL_new(SSL_CTX *ctx); +int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); int SSL_set_purpose(SSL *s, int purpose); @@ -1802,21 +1804,16 @@ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); #ifndef OPENSSL_NO_SRP -int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name); -int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password); +int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); -int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, - char *(*cb)(SSL *,void *)); -int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, - int (*cb)(SSL *,void *)); -int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, - int (*cb)(SSL *,int *,void *)); +int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *)); +int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *)); +int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *)); int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); -int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, - BIGNUM *sa, BIGNUM *v, char *info); -int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, - const char *grp); +int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info); +int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp); BIGNUM *SSL_get_srp_g(SSL *s); BIGNUM *SSL_get_srp_N(SSL *s); @@ -1828,15 +1825,15 @@ char *SSL_get_srp_userinfo(SSL *s); void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); -int SSL_read(SSL *ssl,void *buf,int num); -int SSL_peek(SSL *ssl,void *buf,int num); -int SSL_write(SSL *ssl,const void *buf,int num); -long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); +int SSL_read(SSL *ssl, void *buf, int num); +int SSL_peek(SSL *ssl, void *buf, int num); +int SSL_write(SSL *ssl, const void *buf, int num); +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); long SSL_callback_ctrl(SSL *, int, void (*)(void)); -long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); -int SSL_get_error(const SSL *s,int ret_code); +int SSL_get_error(const SSL *s, int ret_code); const char *SSL_get_version(const SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ @@ -1852,7 +1849,7 @@ const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ -const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ +const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ @@ -1892,8 +1889,8 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); -int SSL_add_client_CA(SSL *ssl,X509 *x); -int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); +int SSL_add_client_CA(SSL *ssl, X509 *x); +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); @@ -1902,7 +1899,7 @@ long SSL_get_default_timeout(const SSL *s); int SSL_library_init(void ); -char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); +char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); SSL *SSL_dup(SSL *ssl); @@ -1919,35 +1916,36 @@ int SSL_get_shutdown(const SSL *ssl); int SSL_version(const SSL *ssl); int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath); + const char *CApath); #define SSL_get0_session SSL_get_session /* just peek at pointer */ SSL_SESSION *SSL_get_session(const SSL *ssl); SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); void SSL_set_info_callback(SSL *ssl, - void (*cb)(const SSL *ssl,int type,int val)); -void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); + void (*cb)(const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val); int SSL_state(const SSL *ssl); void SSL_set_state(SSL *ssl, int state); -void SSL_set_verify_result(SSL *ssl,long v); +void SSL_set_verify_result(SSL *ssl, long v); long SSL_get_verify_result(const SSL *ssl); -int SSL_set_ex_data(SSL *ssl,int idx,void *data); -void *SSL_get_ex_data(const SSL *ssl,int idx); +int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); -void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); -int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +int SSL_SESSION_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); -int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); -void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); +int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_get_ex_data_X509_STORE_CTX_idx(void ); @@ -1980,31 +1978,25 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); #define SSL_set_max_send_fragment(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) - /* NB: the keylength is only applicable when is_export is true */ +/* NB: the keylength is only applicable when is_export is true */ #ifndef OPENSSL_NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*cb)(SSL *ssl,int is_export, - int keylength)); + RSA *(*cb)(SSL *ssl, int is_export, int keylength)); void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb)(SSL *ssl,int is_export, - int keylength)); + RSA *(*cb)(SSL *ssl, int is_export, int keylength)); #endif #ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh)(SSL *ssl,int is_export, - int keylength)); + DH *(*dh)(SSL *ssl, int is_export, int keylength)); void SSL_set_tmp_dh_callback(SSL *ssl, - DH *(*dh)(SSL *ssl,int is_export, - int keylength)); + DH *(*dh)(SSL *ssl, int is_export, int keylength)); #endif #ifndef OPENSSL_NO_ECDH void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, - EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)); + EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); void SSL_set_tmp_ecdh_callback(SSL *ssl, - EC_KEY *(*ecdh)(SSL *ssl,int is_export, - int keylength)); + EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); #endif #ifndef OPENSSL_NO_COMP @@ -2012,23 +2004,24 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s); const COMP_METHOD *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const COMP_METHOD *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); +int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); #else const void *SSL_get_current_compression(SSL *s); const void *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const void *comp); void *SSL_COMP_get_compression_methods(void); -int SSL_COMP_add_compression_method(int id,void *cm); +int SSL_COMP_add_compression_method(int id, void *cm); #endif /* TLS extensions functions */ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); -int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, - void *arg); +int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, void *arg); /* Pre-shared secret session resumption functions */ -int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); +int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn tls_session_secret_cb, void *arg); void SSL_set_debug(SSL *s, int debug); int SSL_cache_hit(SSL *s); |