1use super::super::*;
2use libc::*;
3
4pub enum SSL_METHOD {}
5pub enum SSL_CIPHER {}
6cfg_if! {
7 if #[cfg(any(ossl110, libressl280))] {
8 pub enum SSL_SESSION {}
9 } else if #[cfg(libressl251)] {
10 #[repr(C)]
11 pub struct SSL_SESSION {
12 ssl_version: c_int,
13 pub master_key_length: c_int,
14 pub master_key: [c_uchar; 48],
15 session_id_length: c_uint,
16 session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
17 sid_ctx_length: c_uint,
18 sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize],
19 peer: *mut X509,
20 verify_result: c_long,
21 timeout: c_long,
22 time: time_t,
23 pub references: c_int,
24 cipher: *const SSL_CIPHER,
25 cipher_id: c_long,
26 ciphers: *mut stack_st_SSL_CIPHER,
27 tlsext_hostname: *mut c_char,
28 tlsext_tick: *mut c_uchar,
29 tlsext_ticklen: size_t,
30 tlsext_tick_lifetime_int: c_long,
31 internal: *mut c_void,
32 }
33 } else if #[cfg(libressl)] {
34 #[repr(C)]
35 pub struct SSL_SESSION {
36 ssl_version: c_int,
37 pub master_key_length: c_int,
38 pub master_key: [c_uchar; 48],
39 session_id_length: c_uint,
40 session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
41 sid_ctx_length: c_uint,
42 sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize],
43 not_resumable: c_int,
44 sess_cert: *mut c_void,
45 peer: *mut X509,
46 verify_result: c_long,
47 timeout: c_long,
48 time: time_t,
49 pub references: c_int,
50 cipher: *const c_void,
51 cipher_id: c_ulong,
52 ciphers: *mut c_void,
53 ex_data: CRYPTO_EX_DATA,
54 prev: *mut c_void,
55 next: *mut c_void,
56 tlsext_hostname: *mut c_char,
57 tlsext_ecpointformatlist_length: size_t,
58 tlsext_ecpointformatlist: *mut u8,
59 tlsext_ellipticcurvelist_length: size_t,
60 tlsext_ellipticcurvelist: *mut u16,
61 tlsext_tick: *mut c_uchar,
62 tlsext_ticklen: size_t,
63 tlsext_tick_lifetime_hint: c_long,
64 }
65 } else {
66 #[repr(C)]
67 pub struct SSL_SESSION {
68 ssl_version: c_int,
69 key_arg_length: c_uint,
70 key_arg: [c_uchar; SSL_MAX_KEY_ARG_LENGTH as usize],
71 pub master_key_length: c_int,
72 pub master_key: [c_uchar; 48],
73 session_id_length: c_uint,
74 session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
75 sid_ctx_length: c_uint,
76 sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize],
77 #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
78 krb5_client_princ_len: c_uint,
79 #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
80 krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize],
81 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
82 psk_identity_hint: *mut c_char,
83 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
84 psk_identity: *mut c_char,
85 not_resumable: c_int,
86 sess_cert: *mut c_void,
87 peer: *mut X509,
88 verify_result: c_long,
89 pub references: c_int,
90 timeout: c_long,
91 time: c_long,
92 compress_meth: c_uint,
93 cipher: *const c_void,
94 cipher_id: c_ulong,
95 ciphers: *mut c_void,
96 ex_data: CRYPTO_EX_DATA,
97 prev: *mut c_void,
98 next: *mut c_void,
99 #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
100 tlsext_hostname: *mut c_char,
101 #[cfg(all(
102 not(osslconf = "OPENSSL_NO_TLSEXT"),
103 not(osslconf = "OPENSSL_NO_EC")
104 ))]
105 tlsext_ecpointformatlist_length: size_t,
106 #[cfg(all(
107 not(osslconf = "OPENSSL_NO_TLSEXT"),
108 not(osslconf = "OPENSSL_NO_EC")
109 ))]
110 tlsext_ecpointformatlist: *mut c_uchar,
111 #[cfg(all(
112 not(osslconf = "OPENSSL_NO_TLSEXT"),
113 not(osslconf = "OPENSSL_NO_EC")
114 ))]
115 tlsext_ellipticcurvelist_length: size_t,
116 #[cfg(all(
117 not(osslconf = "OPENSSL_NO_TLSEXT"),
118 not(osslconf = "OPENSSL_NO_EC")
119 ))]
120 tlsext_ellipticcurvelist: *mut c_uchar,
121 #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
122 tlsext_tick: *mut c_uchar,
123 #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
124 tlsext_ticklen: size_t,
125 #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
126 tlsext_tick_lifetime_hint: c_long,
127 #[cfg(not(osslconf = "OPENSSL_NO_SRP"))]
128 srp_username: *mut c_char,
129 }
130 }
131}
132
133stack!(stack_st_SSL_CIPHER);
134
135#[repr(C)]
136pub struct SRTP_PROTECTION_PROFILE {
137 pub name: *const c_char,
138 pub id: c_ulong,
139}
140
141stack!(stack_st_SRTP_PROTECTION_PROFILE);
142
143pub type tls_session_ticket_ext_cb_fn =
144 Option<unsafe extern "C" fn(*mut SSL, *const c_uchar, c_int, *mut c_void) -> c_int>;
145pub type tls_session_secret_cb_fn = Option<
146 unsafe extern "C" fn(
147 *mut SSL,
148 *mut c_void,
149 *mut c_int,
150 *mut stack_st_SSL_CIPHER,
151 *mut *mut SSL_CIPHER,
152 *mut c_void,
153 ) -> c_int,
154>;
155
156#[cfg(ossl111)]
157pub type SSL_custom_ext_add_cb_ex = Option<
158 unsafe extern "C" fn(
159 ssl: *mut SSL,
160 ext_type: c_uint,
161 context: c_uint,
162 out: *mut *const c_uchar,
163 outlen: *mut size_t,
164 x: *mut X509,
165 chainidx: size_t,
166 al: *mut c_int,
167 add_arg: *mut c_void,
168 ) -> c_int,
169>;
170
171#[cfg(ossl111)]
172pub type SSL_custom_ext_free_cb_ex = Option<
173 unsafe extern "C" fn(
174 ssl: *mut SSL,
175 ext_type: c_uint,
176 context: c_uint,
177 out: *const c_uchar,
178 add_arg: *mut c_void,
179 ),
180>;
181
182#[cfg(ossl111)]
183pub type SSL_custom_ext_parse_cb_ex = Option<
184 unsafe extern "C" fn(
185 ssl: *mut SSL,
186 ext_type: c_uint,
187 context: c_uint,
188 input: *const c_uchar,
189 inlen: size_t,
190 x: *mut X509,
191 chainidx: size_t,
192 al: *mut c_int,
193 parse_arg: *mut c_void,
194 ) -> c_int,
195>;
196
197cfg_if! {
198 if #[cfg(ossl300)] {
199 extern "C" {
200 pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> u64;
201 pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: u64) -> u64;
202 pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: u64) -> u64;
203 }
204 } else if #[cfg(ossl110)] {
205 extern "C" {
206 pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong;
207 pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong;
208 pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong;
209 }
210 }
211}
212
213pub type GEN_SESSION_CB =
214 Option<unsafe extern "C" fn(*const SSL, *mut c_uchar, *mut c_uint) -> c_int>;
215
216unsafeextern "C" {
217 pub unsafefn SSL_CTX_sess_set_new_cb(
218 ctx: *mut SSL_CTX,
219 new_session_cb: Option<unsafe extern "C" fn(*mut SSL, *mut SSL_SESSION) -> c_int>,
220 );
221 pub unsafefn SSL_CTX_sess_set_remove_cb(
222 ctx: *mut SSL_CTX,
223 remove_session_cb: Option<unsafe extern "C" fn(*mut SSL_CTX, *mut SSL_SESSION)>,
224 );
225}
226cfg_if! {
227 // const change in passed function pointer signature
228 if #[cfg(any(ossl110, libressl280))] {
229 extern "C" {
230 pub fn SSL_CTX_sess_set_get_cb(
231 ctx: *mut SSL_CTX,
232 get_session_cb: Option<
233 unsafe extern "C" fn(*mut SSL, *const c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
234 >,
235 );
236 }
237 } else {
238 extern "C" {
239 pub fn SSL_CTX_sess_set_get_cb(
240 ctx: *mut SSL_CTX,
241 get_session_cb: Option<
242 unsafe extern "C" fn(*mut SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
243 >,
244 );
245 }
246 }
247}
248unsafeextern "C" {
249 // FIXME change to unsafe extern "C" fn
250 pub unsafefn SSL_CTX_set_cookie_generate_cb(
251 s: *mut SSL_CTX,
252 cb: Option<
253 extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int,
254 >,
255 );
256}
257
258cfg_if! {
259 // const change in passed function pointer signature
260 if #[cfg(any(ossl110, libressl280))] {
261 extern "C" {
262 pub fn SSL_CTX_set_cookie_verify_cb(
263 s: *mut SSL_CTX,
264 cb: Option<
265 extern "C" fn(ssl: *mut SSL, cookie: *const c_uchar, cookie_len: c_uint) -> c_int,
266 >,
267 );
268 }
269 } else {
270 extern "C" {
271 pub fn SSL_CTX_set_cookie_verify_cb(
272 s: *mut SSL_CTX,
273 cb: Option<extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: c_uint) -> c_int>,
274 );
275 }
276 }
277}
278
279unsafeextern "C" {
280 #[cfg(ossl111)]
281 pub unsafefn SSL_CTX_set_stateless_cookie_generate_cb(
282 s: *mut SSL_CTX,
283 cb: Option<
284 unsafe extern "C" fn(
285 ssl: *mut SSL,
286 cookie: *mut c_uchar,
287 cookie_len: *mut size_t,
288 ) -> c_int,
289 >,
290 );
291 #[cfg(ossl111)]
292 pub unsafefn SSL_CTX_set_stateless_cookie_verify_cb(
293 s: *mut SSL_CTX,
294 cb: Option<
295 unsafe extern "C" fn(
296 ssl: *mut SSL,
297 cookie: *const c_uchar,
298 cookie_len: size_t,
299 ) -> c_int,
300 >,
301 );
302
303 pub unsafefn SSL_CTX_set_next_protos_advertised_cb(
304 ssl: *mut SSL_CTX,
305 cb: extern "C" fn(
306 ssl: *mut SSL,
307 out: *mut *const c_uchar,
308 outlen: *mut c_uint,
309 arg: *mut c_void,
310 ) -> c_int,
311 arg: *mut c_void,
312 );
313 pub unsafefn SSL_CTX_set_next_proto_select_cb(
314 ssl: *mut SSL_CTX,
315 cb: extern "C" fn(
316 ssl: *mut SSL,
317 out: *mut *mut c_uchar,
318 outlen: *mut c_uchar,
319 inbuf: *const c_uchar,
320 inlen: c_uint,
321 arg: *mut c_void,
322 ) -> c_int,
323 arg: *mut c_void,
324 );
325 pub unsafefn SSL_get0_next_proto_negotiated(
326 s: *const SSL,
327 data: *mut *const c_uchar,
328 len: *mut c_uint,
329 );
330
331 pub unsafefn SSL_select_next_proto(
332 out: *mut *mut c_uchar,
333 outlen: *mut c_uchar,
334 inbuf: *const c_uchar,
335 inlen: c_uint,
336 client: *const c_uchar,
337 client_len: c_uint,
338 ) -> c_int;
339}
340
341unsafeextern "C" {
342 #[cfg(any(ossl102, libressl261))]
343 pub unsafefn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int;
344 #[cfg(any(ossl102, libressl261))]
345 pub unsafefn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int;
346 #[cfg(any(ossl102, libressl261))]
347 #[link_name = "SSL_CTX_set_alpn_select_cb"]
348 pub unsafefn SSL_CTX_set_alpn_select_cb__fixed_rust(
349 ssl: *mut SSL_CTX,
350 cb: Option<
351 unsafe extern "C" fn(
352 ssl: *mut SSL,
353 out: *mut *const c_uchar,
354 outlen: *mut c_uchar,
355 inbuf: *const c_uchar,
356 inlen: c_uint,
357 arg: *mut c_void,
358 ) -> c_int,
359 >,
360 arg: *mut c_void,
361 );
362 #[cfg(any(ossl102, libressl261))]
363 pub unsafefn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint);
364}
365
366#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
367unsafeextern "C" {
368 pub unsafefn SSL_CTX_set_psk_client_callback(
369 ssl: *mut SSL_CTX,
370 psk_client_cb: Option<
371 extern "C" fn(
372 *mut SSL,
373 *const c_char,
374 *mut c_char,
375 c_uint,
376 *mut c_uchar,
377 c_uint,
378 ) -> c_uint,
379 >,
380 );
381 pub unsafefn SSL_CTX_set_psk_server_callback(
382 ssl: *mut SSL_CTX,
383 psk_server_cb: Option<
384 extern "C" fn(*mut SSL, *const c_char, *mut c_uchar, c_uint) -> c_uint,
385 >,
386 );
387 pub unsafefn SSL_get_psk_identity_hint(ssl: *const SSL) -> *const c_char;
388 pub unsafefn SSL_get_psk_identity(ssl: *const SSL) -> *const c_char;
389}
390
391unsafeextern "C" {
392 #[cfg(ossl111)]
393 pub unsafefn SSL_CTX_add_custom_ext(
394 ctx: *mut SSL_CTX,
395 ext_type: c_uint,
396 context: c_uint,
397 add_cb: SSL_custom_ext_add_cb_ex,
398 free_cb: SSL_custom_ext_free_cb_ex,
399 add_arg: *mut c_void,
400 parse_cb: SSL_custom_ext_parse_cb_ex,
401 parse_arg: *mut c_void,
402 ) -> c_int;
403
404 #[cfg(ossl102)]
405 pub unsafefn SSL_extension_supported(ext_type: c_uint) -> c_int;
406}
407
408#[cfg(ossl111)]
409pub type SSL_CTX_keylog_cb_func =
410 Option<unsafe extern "C" fn(ssl: *const SSL, line: *const c_char)>;
411
412unsafeextern "C" {
413 #[cfg(ossl111)]
414 pub unsafefn SSL_CTX_set_keylog_callback(ctx: *mut SSL_CTX, cb: SSL_CTX_keylog_cb_func);
415
416 #[cfg(any(ossl111, libressl340))]
417 pub unsafefn SSL_CTX_set_max_early_data(ctx: *mut SSL_CTX, max_early_data: u32) -> c_int;
418 #[cfg(any(ossl111, libressl340))]
419 pub unsafefn SSL_CTX_get_max_early_data(ctx: *const SSL_CTX) -> u32;
420 #[cfg(any(ossl111, libressl340))]
421 pub unsafefn SSL_set_max_early_data(ctx: *mut SSL, max_early_data: u32) -> c_int;
422 #[cfg(any(ossl111, libressl340))]
423 pub unsafefn SSL_get_max_early_data(ctx: *const SSL) -> u32;
424
425 pub unsafefn SSL_get_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t;
426 pub unsafefn SSL_get_peer_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t;
427
428 pub unsafefn SSL_CTX_get_verify_mode(ctx: *const SSL_CTX) -> c_int;
429 pub unsafefn SSL_get_verify_mode(s: *const SSL) -> c_int;
430}
431
432const_ptr_api! {
433 extern "C" {
434 #[cfg(ossl110)]
435 pub fn SSL_is_init_finished(s: #[const_ptr_if(ossl111)] SSL) -> c_int;
436 }
437}
438
439cfg_if! {
440 if #[cfg(libressl261)] {
441 extern "C" {
442 pub fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: u16) -> c_int;
443 pub fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: u16) -> c_int;
444 pub fn SSL_set_min_proto_version(s: *mut SSL, version: u16) -> c_int;
445 pub fn SSL_set_max_proto_version(s: *mut SSL, version: u16) -> c_int;
446 }
447 }
448}
449
450cfg_if! {
451 if #[cfg(libressl270)] {
452 extern "C" {
453 pub fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int;
454 pub fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int;
455 pub fn SSL_get_min_proto_version(s: *mut SSL) -> c_int;
456 pub fn SSL_get_max_proto_version(s: *mut SSL) -> c_int;
457 }
458 }
459}
460
461unsafeextern "C" {
462 pub unsafefn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int;
463 pub unsafefn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX;
464 pub unsafefn SSL_CTX_free(ctx: *mut SSL_CTX);
465 #[cfg(any(ossl110, libressl273))]
466 pub unsafefn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
467 pub unsafefn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE;
468 pub unsafefn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE);
469
470 pub unsafefn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
471 pub unsafefn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int;
472}
473const_ptr_api! {
474 extern "C" {
475 pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> #[const_ptr_if(any(ossl110, libressl280))] c_char;
476 }
477}
478unsafeextern "C" {
479 #[cfg(ossl111)]
480 pub unsafefn SSL_CIPHER_get_handshake_digest(cipher: *const SSL_CIPHER) -> *const EVP_MD;
481 pub unsafefn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;
482 #[cfg(ossl111)]
483 pub unsafefn SSL_CIPHER_standard_name(cipher: *const SSL_CIPHER) -> *const c_char;
484 #[cfg(ossl111)]
485 pub unsafefn OPENSSL_cipher_name(rfc_name: *const c_char) -> *const c_char;
486
487 pub unsafefn SSL_pending(ssl: *const SSL) -> c_int;
488 pub unsafefn SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO);
489 pub unsafefn SSL_get_rbio(ssl: *const SSL) -> *mut BIO;
490 pub unsafefn SSL_get_wbio(ssl: *const SSL) -> *mut BIO;
491 #[cfg(any(ossl111, libressl340))]
492 pub unsafefn SSL_CTX_set_ciphersuites(ctx: *mut SSL_CTX, str: *const c_char) -> c_int;
493 #[cfg(any(ossl111, libressl340))]
494 pub unsafefn SSL_set_ciphersuites(ssl: *mut SSL, str: *const c_char) -> c_int;
495 pub unsafefn SSL_set_cipher_list(ssl: *mut SSL, s: *const c_char) -> c_int;
496 pub unsafefn SSL_set_ssl_method(s: *mut SSL, method: *const SSL_METHOD) -> c_int;
497 pub unsafefn SSL_set_verify(
498 ssl: *mut SSL,
499 mode: c_int,
500 // FIXME should be unsafe
501 verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>,
502 );
503 pub unsafefn SSL_CTX_use_PrivateKey(ctx: *mut SSL_CTX, key: *mut EVP_PKEY) -> c_int;
504 pub unsafefn SSL_CTX_use_certificate(ctx: *mut SSL_CTX, cert: *mut X509) -> c_int;
505
506 pub unsafefn SSL_CTX_use_PrivateKey_file(
507 ctx: *mut SSL_CTX,
508 key_file: *const c_char,
509 file_type: c_int,
510 ) -> c_int;
511 pub unsafefn SSL_CTX_use_certificate_file(
512 ctx: *mut SSL_CTX,
513 cert_file: *const c_char,
514 file_type: c_int,
515 ) -> c_int;
516 pub unsafefn SSL_CTX_use_certificate_chain_file(
517 ctx: *mut SSL_CTX,
518 cert_chain_file: *const c_char,
519 ) -> c_int;
520 pub unsafefn SSL_use_PrivateKey_file(ssl: *mut SSL, file: *const c_char, type_: c_int) -> c_int;
521 pub unsafefn SSL_use_PrivateKey(ssl: *mut SSL, pkey: *mut EVP_PKEY) -> c_int;
522 pub unsafefn SSL_use_certificate(ssl: *mut SSL, x: *mut X509) -> c_int;
523 #[cfg(any(ossl110, libressl332))]
524 pub unsafefn SSL_use_certificate_chain_file(ssl: *mut SSL, file: *const c_char) -> c_int;
525 pub unsafefn SSL_set_client_CA_list(s: *mut SSL, name_list: *mut stack_st_X509_NAME);
526 pub unsafefn SSL_add_client_CA(ssl: *mut SSL, x: *mut X509) -> c_int;
527 pub unsafefn SSL_load_client_CA_file(file: *const c_char) -> *mut stack_st_X509_NAME;
528
529 #[cfg(not(ossl110))]
530 pub fn SSL_load_error_strings();
531 pub unsafefn SSL_state_string(ssl: *const SSL) -> *const c_char;
532 pub unsafefn SSL_state_string_long(ssl: *const SSL) -> *const c_char;
533
534 pub unsafefn SSL_SESSION_get_time(s: *const SSL_SESSION) -> c_long;
535 pub unsafefn SSL_SESSION_get_timeout(s: *const SSL_SESSION) -> c_long;
536 #[cfg(any(ossl110, libressl270))]
537 pub unsafefn SSL_SESSION_get_protocol_version(s: *const SSL_SESSION) -> c_int;
538
539 #[cfg(any(ossl111, libressl340))]
540 pub unsafefn SSL_SESSION_set_max_early_data(ctx: *mut SSL_SESSION, max_early_data: u32) -> c_int;
541 #[cfg(any(ossl111, libressl340))]
542 pub unsafefn SSL_SESSION_get_max_early_data(ctx: *const SSL_SESSION) -> u32;
543
544 pub unsafefn SSL_SESSION_get_id(s: *const SSL_SESSION, len: *mut c_uint) -> *const c_uchar;
545 #[cfg(any(ossl110, libressl273))]
546 pub unsafefn SSL_SESSION_up_ref(ses: *mut SSL_SESSION) -> c_int;
547 pub unsafefn SSL_SESSION_free(s: *mut SSL_SESSION);
548}
549const_ptr_api! {
550 extern "C" {
551 pub fn i2d_SSL_SESSION(s: #[const_ptr_if(ossl300)] SSL_SESSION, pp: *mut *mut c_uchar) -> c_int;
552 }
553}
554unsafeextern "C" {
555 pub unsafefn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int;
556 pub unsafefn SSL_CTX_add_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int;
557 pub unsafefn SSL_CTX_remove_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int;
558 pub unsafefn d2i_SSL_SESSION(
559 a: *mut *mut SSL_SESSION,
560 pp: *mut *const c_uchar,
561 len: c_long,
562 ) -> *mut SSL_SESSION;
563
564 #[cfg(not(ossl300))]
565 pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509;
566 #[cfg(ossl300)]
567 pub unsafefn SSL_get1_peer_certificate(ssl: *const SSL) -> *mut X509;
568
569 pub unsafefn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509;
570
571 pub unsafefn SSL_CTX_set_verify(
572 ctx: *mut SSL_CTX,
573 mode: c_int,
574 verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>,
575 );
576 pub unsafefn SSL_CTX_set_verify_depth(ctx: *mut SSL_CTX, depth: c_int);
577
578 #[cfg(any(ossl111, libressl340))]
579 pub unsafefn SSL_CTX_set_post_handshake_auth(ctx: *mut SSL_CTX, val: c_int);
580
581 pub unsafefn SSL_CTX_check_private_key(ctx: *const SSL_CTX) -> c_int;
582
583 pub unsafefn SSL_CTX_set_session_id_context(
584 ssl: *mut SSL_CTX,
585 sid_ctx: *const c_uchar,
586 sid_ctx_len: c_uint,
587 ) -> c_int;
588
589 pub unsafefn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL;
590
591 #[cfg(any(ossl102, libressl261))]
592 pub unsafefn SSL_CTX_get0_param(ctx: *mut SSL_CTX) -> *mut X509_VERIFY_PARAM;
593
594 #[cfg(any(ossl102, libressl261))]
595 pub unsafefn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM;
596}
597
598#[cfg(ossl111)]
599pub type SSL_client_hello_cb_fn =
600 Option<unsafe extern "C" fn(s: *mut SSL, al: *mut c_int, arg: *mut c_void) -> c_int>;
601unsafeextern "C" {
602 #[cfg(ossl111)]
603 pub unsafefn SSL_CTX_set_client_hello_cb(
604 c: *mut SSL_CTX,
605 cb: SSL_client_hello_cb_fn,
606 arg: *mut c_void,
607 );
608 #[cfg(ossl111)]
609 pub unsafefn SSL_client_hello_isv2(s: *mut SSL) -> c_int;
610 #[cfg(ossl111)]
611 pub unsafefn SSL_client_hello_get0_legacy_version(s: *mut SSL) -> c_uint;
612 #[cfg(ossl111)]
613 pub unsafefn SSL_client_hello_get0_random(s: *mut SSL, out: *mut *const c_uchar) -> size_t;
614 #[cfg(ossl111)]
615 pub unsafefn SSL_client_hello_get0_session_id(s: *mut SSL, out: *mut *const c_uchar) -> size_t;
616 #[cfg(ossl111)]
617 pub unsafefn SSL_client_hello_get0_ciphers(s: *mut SSL, out: *mut *const c_uchar) -> size_t;
618 #[cfg(ossl111)]
619 pub unsafefn SSL_client_hello_get0_compression_methods(
620 s: *mut SSL,
621 out: *mut *const c_uchar,
622 ) -> size_t;
623 #[cfg(ossl111)]
624 pub unsafefn SSL_client_hello_get1_extensions_present(
625 s: *mut SSL,
626 out: *mut *mut c_int,
627 outlen: *mut size_t,
628 ) -> c_int;
629 #[cfg(ossl111)]
630 pub unsafefn SSL_client_hello_get0_ext(
631 s: *mut SSL,
632 type_: c_uint,
633 out: *mut *const c_uchar,
634 outlen: *mut size_t,
635 ) -> c_int;
636
637 pub unsafefn SSL_free(ssl: *mut SSL);
638 pub unsafefn SSL_accept(ssl: *mut SSL) -> c_int;
639 #[cfg(ossl111)]
640 pub unsafefn SSL_stateless(s: *mut SSL) -> c_int;
641 pub unsafefn SSL_connect(ssl: *mut SSL) -> c_int;
642 pub unsafefn SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int;
643 #[cfg(any(ossl111, libressl350))]
644 pub unsafefn SSL_read_ex(ssl: *mut SSL, buf: *mut c_void, num: usize, readbytes: *mut usize)
645 -> c_int;
646 pub unsafefn SSL_peek(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int;
647 #[cfg(any(ossl111, libressl350))]
648 pub unsafefn SSL_peek_ex(ssl: *mut SSL, buf: *mut c_void, num: usize, readbytes: *mut usize)
649 -> c_int;
650 #[cfg(any(ossl111, libressl340))]
651 pub unsafefn SSL_read_early_data(
652 s: *mut SSL,
653 buf: *mut c_void,
654 num: size_t,
655 readbytes: *mut size_t,
656 ) -> c_int;
657 #[cfg(ossl111)]
658 pub unsafefn SSL_bytes_to_cipher_list(
659 s: *mut SSL,
660 bytes: *const c_uchar,
661 len: size_t,
662 isv2format: c_int,
663 sk: *mut *mut stack_st_SSL_CIPHER,
664 scsvs: *mut *mut stack_st_SSL_CIPHER,
665 ) -> c_int;
666}
667
668unsafeextern "C" {
669 pub unsafefn SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int;
670 #[cfg(any(ossl111, libressl350))]
671 pub unsafefn SSL_write_ex(
672 ssl: *mut SSL,
673 buf: *const c_void,
674 num: size_t,
675 written: *mut size_t,
676 ) -> c_int;
677 #[cfg(any(ossl111, libressl340))]
678 pub unsafefn SSL_write_early_data(
679 s: *mut SSL,
680 buf: *const c_void,
681 num: size_t,
682 written: *mut size_t,
683 ) -> c_int;
684 pub unsafefn SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
685 pub unsafefn SSL_CTX_ctrl(ctx: *mut SSL_CTX, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
686 #[link_name = "SSL_CTX_callback_ctrl"]
687 pub unsafefn SSL_CTX_callback_ctrl__fixed_rust(
688 ctx: *mut SSL_CTX,
689 cmd: c_int,
690 fp: Option<unsafe extern "C" fn()>,
691 ) -> c_long;
692}
693
694cfg_if! {
695 if #[cfg(any(ossl110, libressl291))] {
696 extern "C" {
697 pub fn TLS_method() -> *const SSL_METHOD;
698
699 pub fn DTLS_method() -> *const SSL_METHOD;
700
701 pub fn TLS_server_method() -> *const SSL_METHOD;
702
703 pub fn TLS_client_method() -> *const SSL_METHOD;
704 }
705 } else {
706 extern "C" {
707 #[cfg(not(osslconf = "OPENSSL_NO_SSL3_METHOD"))]
708 pub fn SSLv3_method() -> *const SSL_METHOD;
709
710 pub fn SSLv23_method() -> *const SSL_METHOD;
711
712 pub fn SSLv23_client_method() -> *const SSL_METHOD;
713
714 pub fn SSLv23_server_method() -> *const SSL_METHOD;
715
716 pub fn TLSv1_method() -> *const SSL_METHOD;
717
718 pub fn TLSv1_1_method() -> *const SSL_METHOD;
719
720 pub fn TLSv1_2_method() -> *const SSL_METHOD;
721
722 pub fn DTLSv1_method() -> *const SSL_METHOD;
723
724 #[cfg(ossl102)]
725 pub fn DTLSv1_2_method() -> *const SSL_METHOD;
726 }
727 }
728}
729
730unsafeextern "C" {
731 pub unsafefn SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int;
732 pub unsafefn SSL_get_version(ssl: *const SSL) -> *const c_char;
733
734 pub unsafefn SSL_do_handshake(ssl: *mut SSL) -> c_int;
735 pub unsafefn SSL_shutdown(ssl: *mut SSL) -> c_int;
736
737 pub unsafefn SSL_CTX_set_client_CA_list(ctx: *mut SSL_CTX, list: *mut stack_st_X509_NAME);
738
739 pub unsafefn SSL_CTX_add_client_CA(ctx: *mut SSL_CTX, cacert: *mut X509) -> c_int;
740
741 pub unsafefn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int;
742 pub unsafefn SSL_CTX_load_verify_locations(
743 ctx: *mut SSL_CTX,
744 CAfile: *const c_char,
745 CApath: *const c_char,
746 ) -> c_int;
747}
748
749const_ptr_api! {
750 extern "C" {
751 pub fn SSL_get_ssl_method(ssl: #[const_ptr_if(ossl111b)] SSL) -> *const SSL_METHOD;
752 }
753}
754
755unsafeextern "C" {
756 pub unsafefn SSL_set_connect_state(s: *mut SSL);
757 pub unsafefn SSL_set_accept_state(s: *mut SSL);
758
759 #[cfg(not(ossl110))]
760 pub fn SSL_library_init() -> c_int;
761
762 pub unsafefn SSL_CIPHER_description(
763 cipher: *const SSL_CIPHER,
764 buf: *mut c_char,
765 size: c_int,
766 ) -> *mut c_char;
767
768 pub unsafefn SSL_get_certificate(ssl: *const SSL) -> *mut X509;
769}
770const_ptr_api! {
771 extern "C" {
772 pub fn SSL_get_privatekey(ssl: #[const_ptr_if(any(ossl102, libressl280))] SSL) -> *mut EVP_PKEY;
773 }
774}
775
776unsafeextern "C" {
777 #[cfg(any(ossl102, libressl270))]
778 pub unsafefn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509;
779 #[cfg(any(ossl102, libressl340))]
780 pub unsafefn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY;
781
782 pub unsafefn SSL_set_shutdown(ss: *mut SSL, mode: c_int);
783 pub unsafefn SSL_get_shutdown(ssl: *const SSL) -> c_int;
784 pub unsafefn SSL_version(ssl: *const SSL) -> c_int;
785 pub unsafefn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION;
786 pub unsafefn SSL_get_SSL_CTX(ssl: *const SSL) -> *mut SSL_CTX;
787 pub unsafefn SSL_set_SSL_CTX(ssl: *mut SSL, ctx: *mut SSL_CTX) -> *mut SSL_CTX;
788
789 pub unsafefn SSL_get_verify_result(ssl: *const SSL) -> c_long;
790 #[cfg(ossl110)]
791 pub unsafefn SSL_get0_verified_chain(ssl: *const SSL) -> *mut stack_st_X509;
792
793 #[cfg(any(ossl110, libressl270))]
794 pub unsafefn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
795 #[cfg(any(ossl110, libressl270))]
796 pub unsafefn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
797 #[cfg(any(ossl110, libressl273))]
798 pub unsafefn SSL_SESSION_get_master_key(
799 session: *const SSL_SESSION,
800 out: *mut c_uchar,
801 outlen: size_t,
802 ) -> size_t;
803}
804
805unsafeextern "C" {
806 #[cfg(not(ossl110))]
807 pub fn SSL_get_ex_new_index(
808 argl: c_long,
809 argp: *mut c_void,
810 new_func: Option<CRYPTO_EX_new>,
811 dup_func: Option<CRYPTO_EX_dup>,
812 free_func: Option<CRYPTO_EX_free>,
813 ) -> c_int;
814
815 pub unsafefn SSL_set_ex_data(ssl: *mut SSL, idx: c_int, data: *mut c_void) -> c_int;
816 pub unsafefn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void;
817
818 #[cfg(not(ossl110))]
819 pub fn SSL_CTX_get_ex_new_index(
820 argl: c_long,
821 argp: *mut c_void,
822 new_func: Option<CRYPTO_EX_new>,
823 dup_func: Option<CRYPTO_EX_dup>,
824 free_func: Option<CRYPTO_EX_free>,
825 ) -> c_int;
826
827 pub unsafefn SSL_CTX_set_ex_data(ctx: *mut SSL_CTX, idx: c_int, data: *mut c_void) -> c_int;
828 pub unsafefn SSL_CTX_get_ex_data(ctx: *const SSL_CTX, idx: c_int) -> *mut c_void;
829
830 pub unsafefn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int;
831}
832
833unsafeextern "C" {
834 #[link_name = "SSL_CTX_set_tmp_dh_callback"]
835 pub unsafefn SSL_CTX_set_tmp_dh_callback__fixed_rust(
836 ctx: *mut SSL_CTX,
837 dh: Option<
838 unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
839 >,
840 );
841 #[link_name = "SSL_set_tmp_dh_callback"]
842 pub unsafefn SSL_set_tmp_dh_callback__fixed_rust(
843 ctx: *mut SSL,
844 dh: Option<
845 unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
846 >,
847 );
848 #[cfg(not(ossl110))]
849 #[link_name = "SSL_CTX_set_tmp_ecdh_callback"]
850 pub fn SSL_CTX_set_tmp_ecdh_callback__fixed_rust(
851 ctx: *mut SSL_CTX,
852 ecdh: Option<
853 unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut EC_KEY,
854 >,
855 );
856 #[cfg(not(ossl110))]
857 #[link_name = "SSL_set_tmp_ecdh_callback"]
858 pub fn SSL_set_tmp_ecdh_callback__fixed_rust(
859 ssl: *mut SSL,
860 ecdh: Option<
861 unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut EC_KEY,
862 >,
863 );
864}
865
866cfg_if! {
867 if #[cfg(libressl)] {
868 extern "C" {
869 pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const libc::c_void;
870 }
871 } else if #[cfg(not(osslconf = "OPENSSL_NO_COMP"))] {
872 const_ptr_api! {
873 extern "C" {
874 pub fn SSL_get_current_compression(ssl: #[const_ptr_if(ossl111b)] SSL) -> *const COMP_METHOD;
875 }
876 }
877 }
878}
879cfg_if! {
880 if #[cfg(libressl)] {
881 extern "C" {
882 pub fn SSL_COMP_get_name(comp: *const libc::c_void) -> *const c_char;
883 }
884 } else if #[cfg(not(osslconf = "OPENSSL_NO_COMP"))] {
885 extern "C" {
886 pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
887 }
888 }
889}
890
891#[cfg(not(osslconf = "OPENSSL_NO_COMP"))]
892unsafeextern "C" {
893 #[cfg(ossl110)]
894 pub unsafefn COMP_get_type(meth: *const COMP_METHOD) -> i32;
895}
896
897unsafeextern "C" {
898 #[cfg(any(ossl110, libressl270))]
899 pub unsafefn SSL_CIPHER_get_cipher_nid(c: *const SSL_CIPHER) -> c_int;
900 #[cfg(any(ossl110, libressl270))]
901 pub unsafefn SSL_CIPHER_get_digest_nid(c: *const SSL_CIPHER) -> c_int;
902}
903
904const_ptr_api! {
905 extern "C" {
906 #[cfg(ossl110)]
907 pub fn SSL_session_reused(ssl: #[const_ptr_if(ossl111c)] SSL) -> c_int;
908 }
909}
910
911const_ptr_api! {
912 extern "C" {
913 #[cfg(any(ossl102, libressl273))]
914 pub fn SSL_is_server(s: #[const_ptr_if(any(ossl110f, libressl273))] SSL) -> c_int;
915 }
916}
917
918unsafeextern "C" {
919 #[cfg(ossl110)]
920 pub unsafefn OPENSSL_init_ssl(opts: u64, settings: *const OPENSSL_INIT_SETTINGS) -> c_int;
921}
922
923unsafeextern "C" {
924 #[cfg(ossl111)]
925 pub unsafefn SSL_CTX_set_num_tickets(ctx: *mut SSL_CTX, num_tickets: size_t) -> c_int;
926
927 #[cfg(ossl111)]
928 pub unsafefn SSL_set_num_tickets(s: *mut SSL, num_tickets: size_t) -> c_int;
929
930 #[cfg(ossl111b)]
931 pub unsafefn SSL_CTX_get_num_tickets(ctx: *const SSL_CTX) -> size_t;
932 #[cfg(all(ossl111, not(ossl111b)))]
933 pub fn SSL_CTX_get_num_tickets(ctx: *mut SSL_CTX) -> size_t;
934
935 #[cfg(ossl111b)]
936 pub unsafefn SSL_get_num_tickets(s: *const SSL) -> size_t;
937 #[cfg(all(ossl111, not(ossl111b)))]
938 pub fn SSL_get_num_tickets(s: *mut SSL) -> size_t;
939}
940
941unsafeextern "C" {
942 #[cfg(any(ossl110, libressl360))]
943 pub unsafefn SSL_CTX_set_security_level(ctx: *mut SSL_CTX, level: c_int);
944
945 #[cfg(any(ossl110, libressl360))]
946 pub unsafefn SSL_set_security_level(s: *mut SSL, level: c_int);
947
948 #[cfg(any(ossl110, libressl360))]
949 pub unsafefn SSL_CTX_get_security_level(ctx: *const SSL_CTX) -> c_int;
950
951 #[cfg(any(ossl110, libressl360))]
952 pub unsafefn SSL_get_security_level(s: *const SSL) -> c_int;
953}
954
955#[cfg(ossl320)]
956extern "C" {
957 pub fn OSSL_QUIC_client_method() -> *const SSL_METHOD;
958 pub fn OSSL_QUIC_client_thread_method() -> *const SSL_METHOD;
959 pub fn SSL_get_event_timeout(s: *mut SSL, tv: *mut timeval, is_infinite: *mut c_int) -> c_int;
960 pub fn SSL_handle_events(s: *mut SSL) -> c_int;
961 pub fn SSL_get_blocking_mode(s: *mut SSL) -> c_int;
962 pub fn SSL_set_blocking_mode(s: *mut SSL, blocking: c_int) -> c_int;
963 pub fn SSL_get_rpoll_descriptor(s: *mut SSL, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int;
964 pub fn SSL_get_wpoll_descriptor(s: *mut SSL, desc: *mut BIO_POLL_DESCRIPTOR) -> c_int;
965 pub fn SSL_net_read_desired(s: *mut SSL) -> c_int;
966 pub fn SSL_net_write_desired(s: *mut SSL) -> c_int;
967 pub fn SSL_set1_initial_peer_addr(s: *mut SSL, peer_addr: *const BIO_ADDR) -> c_int;
968 pub fn SSL_shutdown_ex(
969 ssl: *mut SSL,
970 flags: u64,
971 args: *const SSL_SHUTDOWN_EX_ARGS,
972 args_len: usize,
973 ) -> c_int;
974 pub fn SSL_stream_conclude(ssl: *mut SSL, flags: u64) -> c_int;
975 pub fn SSL_stream_reset(
976 ssl: *mut SSL,
977 args: *const SSL_STREAM_RESET_ARGS,
978 args_len: usize,
979 ) -> c_int;
980 pub fn SSL_get_stream_read_state(ssl: *mut SSL) -> c_int;
981 pub fn SSL_get_stream_write_state(ssl: *mut SSL) -> c_int;
982 pub fn SSL_get_conn_close_info(
983 ssl: *mut SSL,
984 info: *mut SSL_CONN_CLOSE_INFO,
985 info_len: usize,
986 ) -> c_int;
987 pub fn SSL_get0_connection(s: *mut SSL) -> *mut SSL;
988 pub fn SSL_is_connection(s: *mut SSL) -> c_int;
989 pub fn SSL_get_stream_type(s: *mut SSL) -> c_int;
990 pub fn SSL_get_stream_id(s: *mut SSL) -> u64;
991 pub fn SSL_new_stream(s: *mut SSL, flags: u64) -> *mut SSL;
992 pub fn SSL_accept_stream(s: *mut SSL, flags: u64) -> *mut SSL;
993 pub fn SSL_set_incoming_stream_policy(s: *mut SSL, policy: c_int, aec: u64) -> c_int;
994 pub fn SSL_get_accept_stream_queue_len(s: *mut SSL) -> usize;
995 pub fn SSL_set_default_stream_mode(s: *mut SSL, mode: u32) -> c_int;
996}
997
998#[cfg(ossl330)]
999extern "C" {
1000 pub fn SSL_write_ex2(
1001 s: *mut SSL,
1002 buf: *const c_void,
1003 num: usize,
1004 flags: u64,
1005 written: *mut usize,
1006 ) -> c_int;
1007 pub fn SSL_get_value_uint(s: *mut SSL, class_: u32, id: u32, v: *mut u64) -> c_int;
1008 pub fn SSL_set_value_uint(s: *mut SSL, class_: u32, id: u32, v: u64) -> c_int;
1009}
1010