/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
/* Extension context codes */
/* This extension is only allowed in TLS */
-#define SSL_EXT_TLS_ONLY 0x0001
+#define SSL_EXT_TLS_ONLY 0x00001
/* This extension is only allowed in DTLS */
-#define SSL_EXT_DTLS_ONLY 0x0002
+#define SSL_EXT_DTLS_ONLY 0x00002
/* Some extensions may be allowed in DTLS but we don't implement them for it */
-#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x00004
/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
-#define SSL_EXT_SSL3_ALLOWED 0x0008
+#define SSL_EXT_SSL3_ALLOWED 0x00008
/* Extension is only defined for TLS1.2 and below */
-#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x00010
/* Extension is only defined for TLS1.3 and above */
-#define SSL_EXT_TLS1_3_ONLY 0x0020
+#define SSL_EXT_TLS1_3_ONLY 0x00020
/* Ignore this extension during parsing if we are resuming */
-#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040
-#define SSL_EXT_CLIENT_HELLO 0x0080
+#define SSL_EXT_IGNORE_ON_RESUMPTION 0x00040
+#define SSL_EXT_CLIENT_HELLO 0x00080
/* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100
-#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800
-#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000
-#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION 0x8000
+#define SSL_EXT_TLS1_2_SERVER_HELLO 0x00100
+#define SSL_EXT_TLS1_3_SERVER_HELLO 0x00200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x00400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x00800
+#define SSL_EXT_TLS1_3_CERTIFICATE 0x01000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x02000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x04000
+#define SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION 0x08000
+/* When sending a raw public key in a certificate message */
+#define SSL_EXT_TLS1_3_RAW_PUBLIC_KEY 0x10000
/* Typedefs for handling custom extensions */
# define CERT_PKEY_CERT_TYPE 0x400
/* Cert chain suitable to Suite B */
# define CERT_PKEY_SUITEB 0x800
+/* Cert pkey valid for raw public key use */
+# define CERT_PKEY_RPK 0x1000
# define SSL_CONF_FLAG_CMDLINE 0x1
# define SSL_CONF_FLAG_FILE 0x2
# define SSL_get_max_proto_version(s) \
SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+const char *SSL_get0_group_name(SSL *s);
const char *SSL_group_to_name(SSL *s, int id);
/* Backwards compatibility, original 1.1.0 names */
unsigned int id_len);
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
long length);
+SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp,
+ long length, OSSL_LIB_CTX *libctx,
+ const char *propq);
# ifdef OPENSSL_X509_H
__owur X509 *SSL_get0_peer_certificate(const SSL *s);
SSL *SSL_new(SSL_CTX *ctx);
int SSL_up_ref(SSL *s);
int SSL_is_dtls(const SSL *s);
+int SSL_is_tls(const SSL *s);
+int SSL_is_quic(const SSL *s);
__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
__owur int SSL_get_error(const SSL *s, int ret_code);
__owur const char *SSL_get_version(const SSL *s);
+__owur int SSL_get_handshake_rtt(const SSL *s, uint64_t *rtt);
/* This sets the 'default' SSL version that SSL_new() will create */
# ifndef OPENSSL_NO_DEPRECATED_3_0
int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
+/* QUIC support */
+int SSL_handle_events(SSL *s);
+__owur int SSL_get_event_timeout(SSL *s, struct timeval *tv, int *is_infinite);
+__owur int SSL_get_rpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_get_wpoll_descriptor(SSL *s, BIO_POLL_DESCRIPTOR *desc);
+__owur int SSL_net_read_desired(SSL *s);
+__owur int SSL_net_write_desired(SSL *s);
+__owur int SSL_set_blocking_mode(SSL *s, int blocking);
+__owur int SSL_get_blocking_mode(SSL *s);
+__owur int SSL_set_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
+__owur SSL *SSL_get0_connection(SSL *s);
+__owur int SSL_is_connection(SSL *s);
+
+#define SSL_STREAM_TYPE_NONE 0
+#define SSL_STREAM_TYPE_READ (1U << 0)
+#define SSL_STREAM_TYPE_WRITE (1U << 1)
+#define SSL_STREAM_TYPE_BIDI (SSL_STREAM_TYPE_READ | SSL_STREAM_TYPE_WRITE)
+__owur int SSL_get_stream_type(SSL *s);
+
+__owur uint64_t SSL_get_stream_id(SSL *s);
+
+#define SSL_DEFAULT_STREAM_MODE_NONE 0
+#define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI 1
+#define SSL_DEFAULT_STREAM_MODE_AUTO_UNI 2
+__owur int SSL_set_default_stream_mode(SSL *s, uint32_t mode);
+
+#define SSL_STREAM_FLAG_UNI (1U << 0)
+__owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
+
+#define SSL_INCOMING_STREAM_POLICY_AUTO 0
+#define SSL_INCOMING_STREAM_POLICY_ACCEPT 1
+#define SSL_INCOMING_STREAM_POLICY_REJECT 2
+__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec);
+
+#define SSL_ACCEPT_STREAM_NO_BLOCK (1U << 0)
+__owur SSL *SSL_accept_stream(SSL *s, uint64_t flags);
+__owur size_t SSL_get_accept_stream_queue_len(SSL *s);
+
+# ifndef OPENSSL_NO_QUIC
+__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
+ size_t buf_len,
+ const BIO_ADDR *peer,
+ const BIO_ADDR *local);
+# endif
+
+typedef struct ssl_shutdown_ex_args_st {
+ uint64_t quic_error_code;
+ const char *quic_reason;
+} SSL_SHUTDOWN_EX_ARGS;
+
+#define SSL_SHUTDOWN_FLAG_RAPID (1U << 0)
+#define SSL_SHUTDOWN_FLAG_NO_STREAM_FLUSH (1U << 1)
+
+__owur int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+ const SSL_SHUTDOWN_EX_ARGS *args,
+ size_t args_len);
+
+__owur int SSL_stream_conclude(SSL *ssl, uint64_t flags);
+
+typedef struct ssl_stream_reset_args_st {
+ uint64_t quic_error_code;
+} SSL_STREAM_RESET_ARGS;
+
+__owur int SSL_stream_reset(SSL *ssl,
+ const SSL_STREAM_RESET_ARGS *args,
+ size_t args_len);
+
+#define SSL_STREAM_STATE_NONE 0
+#define SSL_STREAM_STATE_OK 1
+#define SSL_STREAM_STATE_WRONG_DIR 2
+#define SSL_STREAM_STATE_FINISHED 3
+#define SSL_STREAM_STATE_RESET_LOCAL 4
+#define SSL_STREAM_STATE_RESET_REMOTE 5
+#define SSL_STREAM_STATE_CONN_CLOSED 6
+__owur int SSL_get_stream_read_state(SSL *ssl);
+__owur int SSL_get_stream_write_state(SSL *ssl);
+
+__owur int SSL_get_stream_read_error_code(SSL *ssl, uint64_t *app_error_code);
+__owur int SSL_get_stream_write_error_code(SSL *ssl, uint64_t *app_error_code);
+
+typedef struct ssl_conn_close_info_st {
+ uint64_t error_code;
+ char *reason;
+ size_t reason_len;
+ int is_local, is_transport;
+} SSL_CONN_CLOSE_INFO;
+
+__owur int SSL_get_conn_close_info(SSL *ssl,
+ SSL_CONN_CLOSE_INFO *info,
+ size_t info_len);
+
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define SSL_cache_hit(s) SSL_session_reused(s)
# endif
size_t SSL_CTX_get1_compressed_cert(SSL_CTX *ctx, int alg, unsigned char **data, size_t *orig_len);
size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t *orig_len);
+__owur int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk);
+__owur EVP_PKEY *SSL_get0_peer_rpk(const SSL *s);
+__owur EVP_PKEY *SSL_SESSION_get0_peer_rpk(SSL_SESSION *s);
+__owur int SSL_get_negotiated_client_cert_type(const SSL *s);
+__owur int SSL_get_negotiated_server_cert_type(const SSL *s);
+
+__owur int SSL_set1_client_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_set1_server_cert_type(SSL *s, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_client_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_CTX_set1_server_cert_type(SSL_CTX *ctx, const unsigned char *val, size_t len);
+__owur int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len);
+__owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len);
# ifdef __cplusplus
}