1// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15#ifndef _SSL_H_ 16#define _SSL_H_ 17 18#ifdef __cplusplus 19 extern "C" { 20#endif 21 22#include <stdlib.h> 23#include "ssl_x509.h" 24#include "ssl_pkey.h" 25 26/* 27{ 28*/ 29 30#define SSL_CB_ALERT 0x4000 31 32#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT (1 << 0) 33#define X509_CHECK_FLAG_NO_WILDCARDS (1 << 1) 34#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS (1 << 2) 35#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS (1 << 3) 36#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS (1 << 4) 37 38 mbedtls_x509_crt * 39 ssl_ctx_get_mbedtls_x509_crt(SSL_CTX *ssl_ctx); 40 41 mbedtls_x509_crt * 42 ssl_get_peer_mbedtls_x509_crt(SSL *ssl); 43 44 int SSL_set_sni_callback(SSL *ssl, int(*cb)(void *, mbedtls_ssl_context *, 45 const unsigned char *, size_t), void *param); 46 47 void SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); 48 49 int SSL_CTX_add_client_CA_ASN1(SSL_CTX *ssl, int len, 50 const unsigned char *d); 51 52 SSL *SSL_SSL_from_mbedtls_ssl_context(mbedtls_ssl_context *msc); 53 54 mbedtls_ssl_context *SSL_mbedtls_ssl_context_from_SSL(SSL *ssl); 55 56/** 57 * @brief create a SSL context 58 * 59 * @param method - the SSL context method point 60 * 61 * @return the context point 62 */ 63SSL_CTX* SSL_CTX_new(const SSL_METHOD *method, void *rngctx); 64 65/** 66 * @brief free a SSL context 67 * 68 * @param method - the SSL context point 69 * 70 * @return none 71 */ 72void SSL_CTX_free(SSL_CTX *ctx); 73 74/** 75 * @brief create a SSL 76 * 77 * @param ctx - the SSL context point 78 * 79 * @return the SSL point 80 */ 81SSL* SSL_new(SSL_CTX *ctx); 82 83/** 84 * @brief free the SSL 85 * 86 * @param ssl - the SSL point 87 * 88 * @return none 89 */ 90void SSL_free(SSL *ssl); 91 92/** 93 * @brief connect to the remote SSL server 94 * 95 * @param ssl - the SSL point 96 * 97 * @return result 98 * 1 : OK 99 * -1 : failed 100 */ 101int SSL_connect(SSL *ssl); 102 103/** 104 * @brief accept the remote connection 105 * 106 * @param ssl - the SSL point 107 * 108 * @return result 109 * 1 : OK 110 * -1 : failed 111 */ 112int SSL_accept(SSL *ssl); 113 114/** 115 * @brief read data from to remote 116 * 117 * @param ssl - the SSL point which has been connected 118 * @param buffer - the received data buffer point 119 * @param len - the received data length 120 * 121 * @return result 122 * > 0 : OK, and return received data bytes 123 * = 0 : connection is closed 124 * < 0 : an error catch 125 */ 126int SSL_read(SSL *ssl, void *buffer, int len); 127 128/** 129 * @brief send the data to remote 130 * 131 * @param ssl - the SSL point which has been connected 132 * @param buffer - the send data buffer point 133 * @param len - the send data length 134 * 135 * @return result 136 * > 0 : OK, and return sent data bytes 137 * = 0 : connection is closed 138 * < 0 : an error catch 139 */ 140int SSL_write(SSL *ssl, const void *buffer, int len); 141 142/** 143 * @brief get the verifying result of the SSL certification 144 * 145 * @param ssl - the SSL point 146 * 147 * @return the result of verifying 148 */ 149long SSL_get_verify_result(const SSL *ssl); 150 151/** 152 * @brief shutdown the connection 153 * 154 * @param ssl - the SSL point 155 * 156 * @return result 157 * 1 : OK 158 * 0 : shutdown is not finished 159 * -1 : an error catch 160 */ 161int SSL_shutdown(SSL *ssl); 162 163/** 164 * @brief bind the socket file description into the SSL 165 * 166 * @param ssl - the SSL point 167 * @param fd - socket handle 168 * 169 * @return result 170 * 1 : OK 171 * 0 : failed 172 */ 173int SSL_set_fd(SSL *ssl, int fd); 174 175/** 176 * @brief These functions load the private key into the SSL_CTX or SSL object 177 * 178 * @param ctx - the SSL context point 179 * @param pkey - private key object point 180 * 181 * @return result 182 * 1 : OK 183 * 0 : failed 184 */ 185int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 186 187/** 188 * @brief These functions load the certification into the SSL_CTX or SSL object 189 * 190 * @param ctx - the SSL context point 191 * @param pkey - certification object point 192 * 193 * @return result 194 * 1 : OK 195 * 0 : failed 196 */ 197int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 198 199/** 200 * @brief create the target SSL context client method 201 * 202 * @param none 203 * 204 * @return the SSLV2.3 version SSL context client method 205 */ 206const SSL_METHOD* SSLv23_client_method(void); 207 208/** 209 * @brief create the target SSL context client method 210 * 211 * @param none 212 * 213 * @return the TLSV1.0 version SSL context client method 214 */ 215const SSL_METHOD* TLSv1_client_method(void); 216 217/** 218 * @brief create the target SSL context client method 219 * 220 * @param none 221 * 222 * @return the SSLV1.0 version SSL context client method 223 */ 224const SSL_METHOD* SSLv3_client_method(void); 225 226/** 227 * @brief create the target SSL context client method 228 * 229 * @param none 230 * 231 * @return the TLSV1.1 version SSL context client method 232 */ 233const SSL_METHOD* TLSv1_1_client_method(void); 234 235/** 236 * @brief create the target SSL context client method 237 * 238 * @param none 239 * 240 * @return the TLSV1.2 version SSL context client method 241 */ 242const SSL_METHOD* TLSv1_2_client_method(void); 243 244/** 245 * @brief create the target SSL context server method 246 * 247 * @param none 248 * 249 * @return the TLS any version SSL context client method 250 */ 251const SSL_METHOD* TLS_client_method(void); 252 253/** 254 * @brief create the target SSL context server method 255 * 256 * @param none 257 * 258 * @return the SSLV2.3 version SSL context server method 259 */ 260const SSL_METHOD* SSLv23_server_method(void); 261 262/** 263 * @brief create the target SSL context server method 264 * 265 * @param none 266 * 267 * @return the TLSV1.1 version SSL context server method 268 */ 269const SSL_METHOD* TLSv1_1_server_method(void); 270 271/** 272 * @brief create the target SSL context server method 273 * 274 * @param none 275 * 276 * @return the TLSV1.2 version SSL context server method 277 */ 278const SSL_METHOD* TLSv1_2_server_method(void); 279 280/** 281 * @brief create the target SSL context server method 282 * 283 * @param none 284 * 285 * @return the TLSV1.0 version SSL context server method 286 */ 287const SSL_METHOD* TLSv1_server_method(void); 288 289/** 290 * @brief create the target SSL context server method 291 * 292 * @param none 293 * 294 * @return the SSLV3.0 version SSL context server method 295 */ 296const SSL_METHOD* SSLv3_server_method(void); 297 298/** 299 * @brief create the target SSL context server method 300 * 301 * @param none 302 * 303 * @return the TLS any version SSL context server method 304 */ 305const SSL_METHOD* TLS_server_method(void); 306 307 308/** 309 * @brief set the SSL context ALPN select callback function 310 * 311 * @param ctx - SSL context point 312 * @param cb - ALPN select callback function 313 * @param arg - ALPN select callback function entry private data point 314 * 315 * @return none 316 */ 317void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, next_proto_cb cb, 318 void *arg); 319 320void SSL_set_alpn_select_cb(SSL *ssl, void *arg); 321 322/** 323 * @brief set the SSL context ALPN select protocol 324 * 325 * @param ctx - SSL context point 326 * @param protos - ALPN protocol name 327 * @param protos_len - ALPN protocol name bytes 328 * 329 * @return result 330 * 0 : OK 331 * 1 : failed 332 */ 333int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len); 334 335/** 336 * @brief set the SSL context next ALPN select callback function 337 * 338 * @param ctx - SSL context point 339 * @param cb - ALPN select callback function 340 * @param arg - ALPN select callback function entry private data point 341 * 342 * @return none 343 */ 344void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, 345 int (*cb) (SSL *ssl, 346 unsigned char **out, 347 unsigned char *outlen, 348 const unsigned char *in, 349 unsigned int inlen, 350 void *arg), 351 void *arg); 352 353void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 354 unsigned int *len); 355 356void _ssl_set_alpn_list(const SSL *ssl); 357 358/** 359 * @brief get SSL error code 360 * 361 * @param ssl - SSL point 362 * @param ret_code - SSL return code 363 * 364 * @return SSL error number 365 */ 366int SSL_get_error(const SSL *ssl, int ret_code); 367 368/** 369 * @brief clear the SSL error code 370 * 371 * @param none 372 * 373 * @return none 374 */ 375void ERR_clear_error(void); 376 377/** 378 * @brief get the current SSL error code 379 * 380 * @param none 381 * 382 * @return current SSL error number 383 */ 384int ERR_get_error(void); 385 386/** 387 * @brief register the SSL error strings 388 * 389 * @param none 390 * 391 * @return none 392 */ 393void ERR_load_SSL_strings(void); 394 395/** 396 * @brief initialize the SSL library 397 * 398 * @param none 399 * 400 * @return none 401 */ 402void SSL_library_init(void); 403 404/** 405 * @brief generates a human-readable string representing the error code e 406 * and store it into the "ret" point memory 407 * 408 * @param e - error code 409 * @param ret - memory point to store the string 410 * 411 * @return the result string point 412 */ 413char *ERR_error_string(unsigned long e, char *ret); 414 415/** 416 * @brief add the SSL context option 417 * 418 * @param ctx - SSL context point 419 * @param opt - new SSL context option 420 * 421 * @return the SSL context option 422 */ 423unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt); 424 425/** 426 * @brief add the SSL context mode 427 * 428 * @param ctx - SSL context point 429 * @param mod - new SSL context mod 430 * 431 * @return result 432 * 1 : OK 433 * 0 : failed 434 */ 435int SSL_CTX_set_mode(SSL_CTX *ctx, int mod); 436 437/* 438} 439*/ 440 441/** 442 * @brief perform the SSL handshake 443 * 444 * @param ssl - SSL point 445 * 446 * @return result 447 * 1 : OK 448 * 0 : failed 449 * -1 : a error catch 450 */ 451int SSL_do_handshake(SSL *ssl); 452 453/** 454 * @brief get the SSL current version 455 * 456 * @param ssl - SSL point 457 * 458 * @return the version string 459 */ 460const char *SSL_get_version(const SSL *ssl); 461 462/** 463 * @brief set the SSL context version 464 * 465 * @param ctx - SSL context point 466 * @param meth - SSL method point 467 * 468 * @return result 469 * 1 : OK 470 * 0 : failed 471 */ 472int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); 473 474/** 475 * @brief get the bytes numbers which are to be read 476 * 477 * @param ssl - SSL point 478 * 479 * @return bytes number 480 */ 481int SSL_pending(const SSL *ssl); 482 483/** 484 * @brief check if SSL want nothing 485 * 486 * @param ssl - SSL point 487 * 488 * @return result 489 * 0 : false 490 * 1 : true 491 */ 492int SSL_want_nothing(const SSL *ssl); 493 494/** 495 * @brief check if SSL want to read 496 * 497 * @param ssl - SSL point 498 * 499 * @return result 500 * 0 : false 501 * 1 : true 502 */ 503int SSL_want_read(const SSL *ssl); 504 505/** 506 * @brief check if SSL want to write 507 * 508 * @param ssl - SSL point 509 * 510 * @return result 511 * 0 : false 512 * 1 : true 513 */ 514int SSL_want_write(const SSL *ssl); 515 516/** 517 * @brief get the SSL context current method 518 * 519 * @param ctx - SSL context point 520 * 521 * @return the SSL context current method 522 */ 523const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); 524 525/** 526 * @brief get the SSL current method 527 * 528 * @param ssl - SSL point 529 * 530 * @return the SSL current method 531 */ 532const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); 533 534/** 535 * @brief set the SSL method 536 * 537 * @param ssl - SSL point 538 * @param meth - SSL method point 539 * 540 * @return result 541 * 1 : OK 542 * 0 : failed 543 */ 544int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); 545 546/** 547 * @brief add CA client certification into the SSL 548 * 549 * @param ssl - SSL point 550 * @param x - CA certification point 551 * 552 * @return result 553 * 1 : OK 554 * 0 : failed 555 */ 556int SSL_add_client_CA(SSL *ssl, X509 *x); 557 558/** 559 * @brief add CA client certification into the SSL context 560 * 561 * @param ctx - SSL context point 562 * @param x - CA certification point 563 * 564 * @return result 565 * 1 : OK 566 * 0 : failed 567 */ 568int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); 569 570/** 571 * @brief set the SSL CA certification list 572 * 573 * @param ssl - SSL point 574 * @param name_list - CA certification list 575 * 576 * @return none 577 */ 578void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list); 579 580/** 581 * @brief set the SSL context CA certification list 582 * 583 * @param ctx - SSL context point 584 * @param name_list - CA certification list 585 * 586 * @return none 587 */ 588void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); 589 590/** 591 * @briefget the SSL CA certification list 592 * 593 * @param ssl - SSL point 594 * 595 * @return CA certification list 596 */ 597STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); 598 599/** 600 * @brief get the SSL context CA certification list 601 * 602 * @param ctx - SSL context point 603 * 604 * @return CA certification list 605 */ 606STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); 607 608/** 609 * @brief get the SSL certification point 610 * 611 * @param ssl - SSL point 612 * 613 * @return SSL certification point 614 */ 615X509 *SSL_get_certificate(const SSL *ssl); 616 617/** 618 * @brief get the SSL private key point 619 * 620 * @param ssl - SSL point 621 * 622 * @return SSL private key point 623 */ 624EVP_PKEY *SSL_get_privatekey(const SSL *ssl); 625 626/** 627 * @brief set the SSL information callback function 628 * 629 * @param ssl - SSL point 630 * @param cb - information callback function 631 * 632 * @return none 633 */ 634void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)); 635 636/** 637 * @brief get the SSL state 638 * 639 * @param ssl - SSL point 640 * 641 * @return SSL state 642 */ 643OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); 644 645/** 646 * @brief set the SSL context read buffer length 647 * 648 * @param ctx - SSL context point 649 * @param len - read buffer length 650 * 651 * @return none 652 */ 653void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); 654 655/** 656 * @brief set the SSL read buffer length 657 * 658 * @param ssl - SSL point 659 * @param len - read buffer length 660 * 661 * @return none 662 */ 663void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); 664 665/** 666 * @brief set the SSL security level 667 * 668 * @param ssl - SSL point 669 * @param level - security level 670 * 671 * @return none 672 */ 673void SSL_set_security_level(SSL *ssl, int level); 674 675/** 676 * @brief get the SSL security level 677 * 678 * @param ssl - SSL point 679 * 680 * @return security level 681 */ 682int SSL_get_security_level(const SSL *ssl); 683 684/** 685 * @brief get the SSL verifying mode of the SSL context 686 * 687 * @param ctx - SSL context point 688 * 689 * @return verifying mode 690 */ 691int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); 692 693/** 694 * @brief get the SSL verifying depth of the SSL context 695 * 696 * @param ctx - SSL context point 697 * 698 * @return verifying depth 699 */ 700int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); 701 702/** 703 * @brief set the SSL context verifying of the SSL context 704 * 705 * @param ctx - SSL context point 706 * @param mode - verifying mode 707 * @param verify_callback - verifying callback function 708 * 709 * @return none 710 */ 711void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(SSL *, mbedtls_x509_crt *)); 712 713/** 714 * @brief set the SSL verifying of the SSL context 715 * 716 * @param ctx - SSL point 717 * @param mode - verifying mode 718 * @param verify_callback - verifying callback function 719 * 720 * @return none 721 */ 722void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(SSL *, mbedtls_x509_crt *)); 723 724/** 725 * @brief set the SSL verify depth of the SSL context 726 * 727 * @param ctx - SSL context point 728 * @param depth - verifying depth 729 * 730 * @return none 731 */ 732void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); 733 734/** 735 * @brief certification verifying callback function 736 * 737 * @param preverify_ok - verifying result 738 * @param x509_ctx - X509 certification point 739 * 740 * @return verifying result 741 */ 742int verify_callback(SSL *, mbedtls_x509_crt *); 743 744/** 745 * @brief set the session timeout time 746 * 747 * @param ctx - SSL context point 748 * @param t - new session timeout time 749 * 750 * @return old session timeout time 751 */ 752long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); 753 754/** 755 * @brief get the session timeout time 756 * 757 * @param ctx - SSL context point 758 * 759 * @return current session timeout time 760 */ 761long SSL_CTX_get_timeout(const SSL_CTX *ctx); 762 763/** 764 * @brief set the SSL context cipher through the list string 765 * 766 * @param ctx - SSL context point 767 * @param str - cipher controller list string 768 * 769 * @return result 770 * 1 : OK 771 * 0 : failed 772 */ 773int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); 774 775/** 776 * @brief set the SSL cipher through the list string 777 * 778 * @param ssl - SSL point 779 * @param str - cipher controller list string 780 * 781 * @return result 782 * 1 : OK 783 * 0 : failed 784 */ 785int SSL_set_cipher_list(SSL *ssl, const char *str); 786 787/** 788 * @brief get the SSL cipher list string 789 * 790 * @param ssl - SSL point 791 * 792 * @return cipher controller list string 793 */ 794const char *SSL_get_cipher_list(const SSL *ssl, int n); 795 796/** 797 * @brief get the SSL cipher 798 * 799 * @param ssl - SSL point 800 * 801 * @return current cipher 802 */ 803const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); 804 805/** 806 * @brief get the SSL cipher string 807 * 808 * @param ssl - SSL point 809 * 810 * @return cipher string 811 */ 812const char *SSL_get_cipher(const SSL *ssl); 813 814/** 815 * @brief get the SSL context object X509 certification storage 816 * 817 * @param ctx - SSL context point 818 * 819 * @return x509 certification storage 820 */ 821X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); 822 823/** 824 * @brief set the SSL context object X509 certification store 825 * 826 * @param ctx - SSL context point 827 * @param store - X509 certification store 828 * 829 * @return none 830 */ 831void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); 832 833/** 834 * @brief get the SSL specifical statement 835 * 836 * @param ssl - SSL point 837 * 838 * @return specifical statement 839 */ 840int SSL_want(const SSL *ssl); 841 842/** 843 * @brief check if the SSL is SSL_X509_LOOKUP state 844 * 845 * @param ssl - SSL point 846 * 847 * @return result 848 * 1 : OK 849 * 0 : failed 850 */ 851int SSL_want_x509_lookup(const SSL *ssl); 852 853/** 854 * @brief reset the SSL 855 * 856 * @param ssl - SSL point 857 * 858 * @return result 859 * 1 : OK 860 * 0 : failed 861 */ 862int SSL_clear(SSL *ssl); 863 864/** 865 * @brief get the socket handle of the SSL 866 * 867 * @param ssl - SSL point 868 * 869 * @return result 870 * >= 0 : yes, and return socket handle 871 * < 0 : a error catch 872 */ 873int SSL_get_fd(const SSL *ssl); 874 875/** 876 * @brief get the read only socket handle of the SSL 877 * 878 * @param ssl - SSL point 879 * 880 * @return result 881 * >= 0 : yes, and return socket handle 882 * < 0 : a error catch 883 */ 884int SSL_get_rfd(const SSL *ssl); 885 886/** 887 * @brief get the write only socket handle of the SSL 888 * 889 * @param ssl - SSL point 890 * 891 * @return result 892 * >= 0 : yes, and return socket handle 893 * < 0 : a error catch 894 */ 895int SSL_get_wfd(const SSL *ssl); 896 897/** 898 * @brief set the SSL if we can read as many as data 899 * 900 * @param ssl - SSL point 901 * @param yes - enable the function 902 * 903 * @return none 904 */ 905void SSL_set_read_ahead(SSL *s, int yes); 906 907/** 908 * @brief set the SSL context if we can read as many as data 909 * 910 * @param ctx - SSL context point 911 * @param yes - enbale the function 912 * 913 * @return none 914 */ 915void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); 916 917/** 918 * @brief get the SSL ahead signal if we can read as many as data 919 * 920 * @param ssl - SSL point 921 * 922 * @return SSL context ahead signal 923 */ 924int SSL_get_read_ahead(const SSL *ssl); 925 926/** 927 * @brief get the SSL context ahead signal if we can read as many as data 928 * 929 * @param ctx - SSL context point 930 * 931 * @return SSL context ahead signal 932 */ 933long SSL_CTX_get_read_ahead(SSL_CTX *ctx); 934 935/** 936 * @brief check if some data can be read 937 * 938 * @param ssl - SSL point 939 * 940 * @return 941 * 1 : there are bytes to be read 942 * 0 : no data 943 */ 944int SSL_has_pending(const SSL *ssl); 945 946/** 947 * @brief load the X509 certification into SSL context 948 * 949 * @param ctx - SSL context point 950 * @param x - X509 certification point 951 * 952 * @return result 953 * 1 : OK 954 * 0 : failed 955 */ 956int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x into ctx 957 958/** 959 * @brief load the ASN1 certification into SSL context 960 * 961 * @param ctx - SSL context point 962 * @param len - certification length 963 * @param d - data point 964 * 965 * @return result 966 * 1 : OK 967 * 0 : failed 968 */ 969int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); 970 971/** 972 * @brief load the certification file into SSL context 973 * 974 * @param ctx - SSL context point 975 * @param file - certification file name 976 * @param type - certification encoding type 977 * 978 * @return result 979 * 1 : OK 980 * 0 : failed 981 */ 982int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); 983 984/** 985 * @brief load the certification chain file into SSL context 986 * 987 * @param ctx - SSL context point 988 * @param file - certification chain file name 989 * 990 * @return result 991 * 1 : OK 992 * 0 : failed 993 */ 994int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); 995 996 997/** 998 * @brief load the ASN1 private key into SSL context 999 * 1000 * @param ctx - SSL context point 1001 * @param d - data point 1002 * @param len - private key length 1003 * 1004 * @return result 1005 * 1 : OK 1006 * 0 : failed 1007 */ 1008int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx 1009 1010/** 1011 * @brief load the private key file into SSL context 1012 * 1013 * @param ctx - SSL context point 1014 * @param file - private key file name 1015 * @param type - private key encoding type 1016 * 1017 * @return result 1018 * 1 : OK 1019 * 0 : failed 1020 */ 1021int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); 1022 1023/** 1024 * @brief load the RSA private key into SSL context 1025 * 1026 * @param ctx - SSL context point 1027 * @param x - RSA private key point 1028 * 1029 * @return result 1030 * 1 : OK 1031 * 0 : failed 1032 */ 1033int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 1034 1035/** 1036 * @brief load the RSA ASN1 private key into SSL context 1037 * 1038 * @param ctx - SSL context point 1039 * @param d - data point 1040 * @param len - RSA private key length 1041 * 1042 * @return result 1043 * 1 : OK 1044 * 0 : failed 1045 */ 1046int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); 1047 1048/** 1049 * @brief load the RSA private key file into SSL context 1050 * 1051 * @param ctx - SSL context point 1052 * @param file - RSA private key file name 1053 * @param type - private key encoding type 1054 * 1055 * @return result 1056 * 1 : OK 1057 * 0 : failed 1058 */ 1059int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); 1060 1061 1062/** 1063 * @brief check if the private key and certification is matched 1064 * 1065 * @param ctx - SSL context point 1066 * 1067 * @return result 1068 * 1 : OK 1069 * 0 : failed 1070 */ 1071int SSL_CTX_check_private_key(const SSL_CTX *ctx); 1072 1073/** 1074 * @brief set the SSL context server information 1075 * 1076 * @param ctx - SSL context point 1077 * @param serverinfo - server information string 1078 * @param serverinfo_length - server information length 1079 * 1080 * @return result 1081 * 1 : OK 1082 * 0 : failed 1083 */ 1084int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, size_t serverinfo_length); 1085 1086/** 1087 * @brief load the SSL context server infomation file into SSL context 1088 * 1089 * @param ctx - SSL context point 1090 * @param file - server information file 1091 * 1092 * @return result 1093 * 1 : OK 1094 * 0 : failed 1095 */ 1096int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); 1097 1098/** 1099 * @brief SSL select next function 1100 * 1101 * @param out - point of output data point 1102 * @param outlen - output data length 1103 * @param in - input data 1104 * @param inlen - input data length 1105 * @param client - client data point 1106 * @param client_len -client data length 1107 * 1108 * @return NPN state 1109 * OPENSSL_NPN_UNSUPPORTED : not support 1110 * OPENSSL_NPN_NEGOTIATED : negotiated 1111 * OPENSSL_NPN_NO_OVERLAP : no overlap 1112 */ 1113int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1114 const unsigned char *in, unsigned int inlen, 1115 const unsigned char *client, unsigned int client_len); 1116 1117/** 1118 * @brief load the extra certification chain into the SSL context 1119 * 1120 * @param ctx - SSL context point 1121 * @param x509 - X509 certification 1122 * 1123 * @return result 1124 * 1 : OK 1125 * 0 : failed 1126 */ 1127long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *); 1128 1129/** 1130 * @brief control the SSL context 1131 * 1132 * @param ctx - SSL context point 1133 * @param cmd - command 1134 * @param larg - parameter length 1135 * @param parg - parameter point 1136 * 1137 * @return result 1138 * 1 : OK 1139 * 0 : failed 1140 */ 1141long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); 1142 1143/** 1144 * @brief get the SSL context cipher 1145 * 1146 * @param ctx - SSL context point 1147 * 1148 * @return SSL context cipher 1149 */ 1150STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx); 1151 1152/** 1153 * @brief check if the SSL context can read as many as data 1154 * 1155 * @param ctx - SSL context point 1156 * 1157 * @return result 1158 * 1 : OK 1159 * 0 : failed 1160 */ 1161long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); 1162 1163/** 1164 * @brief get the SSL context extra data 1165 * 1166 * @param ctx - SSL context point 1167 * @param idx - index 1168 * 1169 * @return data point 1170 */ 1171void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); 1172 1173/** 1174 * @brief get the SSL context quiet shutdown option 1175 * 1176 * @param ctx - SSL context point 1177 * 1178 * @return quiet shutdown option 1179 */ 1180int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); 1181 1182/** 1183 * @brief load the SSL context CA file 1184 * 1185 * @param ctx - SSL context point 1186 * @param CAfile - CA certification file 1187 * @param CApath - CA certification file path 1188 * 1189 * @return result 1190 * 1 : OK 1191 * 0 : failed 1192 */ 1193int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); 1194 1195/** 1196 * @brief add SSL context reference count by '1' 1197 * 1198 * @param ctx - SSL context point 1199 * 1200 * @return result 1201 * 1 : OK 1202 * 0 : failed 1203 */ 1204int SSL_CTX_up_ref(SSL_CTX *ctx); 1205 1206/** 1207 * @brief set SSL context application private data 1208 * 1209 * @param ctx - SSL context point 1210 * @param arg - private data 1211 * 1212 * @return result 1213 * 1 : OK 1214 * 0 : failed 1215 */ 1216int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg); 1217 1218/** 1219 * @brief set SSL context client certification callback function 1220 * 1221 * @param ctx - SSL context point 1222 * @param cb - callback function 1223 * 1224 * @return none 1225 */ 1226void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); 1227 1228/** 1229 * @brief set the SSL context if we can read as many as data 1230 * 1231 * @param ctx - SSL context point 1232 * @param m - enable the fuction 1233 * 1234 * @return none 1235 */ 1236void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m); 1237 1238/** 1239 * @brief set SSL context default verifying path 1240 * 1241 * @param ctx - SSL context point 1242 * 1243 * @return result 1244 * 1 : OK 1245 * 0 : failed 1246 */ 1247int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); 1248 1249/** 1250 * @brief set SSL context default verifying directory 1251 * 1252 * @param ctx - SSL context point 1253 * 1254 * @return result 1255 * 1 : OK 1256 * 0 : failed 1257 */ 1258int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); 1259 1260/** 1261 * @brief set SSL context default verifying file 1262 * 1263 * @param ctx - SSL context point 1264 * 1265 * @return result 1266 * 1 : OK 1267 * 0 : failed 1268 */ 1269int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); 1270 1271/** 1272 * @brief set SSL context extra data 1273 * 1274 * @param ctx - SSL context point 1275 * @param idx - data index 1276 * @param arg - data point 1277 * 1278 * @return result 1279 * 1 : OK 1280 * 0 : failed 1281 */ 1282int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg); 1283 1284/** 1285 * @brief clear the SSL context option bit of "op" 1286 * 1287 * @param ctx - SSL context point 1288 * @param op - option 1289 * 1290 * @return SSL context option 1291 */ 1292unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); 1293 1294/** 1295 * @brief get the SSL context option 1296 * 1297 * @param ctx - SSL context point 1298 * @param op - option 1299 * 1300 * @return SSL context option 1301 */ 1302unsigned long SSL_CTX_get_options(SSL_CTX *ctx); 1303 1304/** 1305 * @brief set the SSL context quiet shutdown mode 1306 * 1307 * @param ctx - SSL context point 1308 * @param mode - mode 1309 * 1310 * @return none 1311 */ 1312void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); 1313 1314/** 1315 * @brief get the SSL context X509 certification 1316 * 1317 * @param ctx - SSL context point 1318 * 1319 * @return X509 certification 1320 */ 1321X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); 1322 1323/** 1324 * @brief get the SSL context private key 1325 * 1326 * @param ctx - SSL context point 1327 * 1328 * @return private key 1329 */ 1330EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); 1331 1332/** 1333 * @brief set SSL context PSK identity hint 1334 * 1335 * @param ctx - SSL context point 1336 * @param hint - PSK identity hint 1337 * 1338 * @return result 1339 * 1 : OK 1340 * 0 : failed 1341 */ 1342int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); 1343 1344/** 1345 * @brief set SSL context PSK server callback function 1346 * 1347 * @param ctx - SSL context point 1348 * @param callback - callback function 1349 * 1350 * @return none 1351 */ 1352void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 1353 unsigned int (*callback)(SSL *ssl, 1354 const char *identity, 1355 unsigned char *psk, 1356 int max_psk_len)); 1357/** 1358 * @brief get alert description string 1359 * 1360 * @param value - alert value 1361 * 1362 * @return alert description string 1363 */ 1364const char *SSL_alert_desc_string(int value); 1365 1366/** 1367 * @brief get alert description long string 1368 * 1369 * @param value - alert value 1370 * 1371 * @return alert description long string 1372 */ 1373const char *SSL_alert_desc_string_long(int value); 1374 1375/** 1376 * @brief get alert type string 1377 * 1378 * @param value - alert value 1379 * 1380 * @return alert type string 1381 */ 1382const char *SSL_alert_type_string(int value); 1383 1384/** 1385 * @brief get alert type long string 1386 * 1387 * @param value - alert value 1388 * 1389 * @return alert type long string 1390 */ 1391const char *SSL_alert_type_string_long(int value); 1392 1393/** 1394 * @brief get SSL context of the SSL 1395 * 1396 * @param ssl - SSL point 1397 * 1398 * @return SSL context 1399 */ 1400SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); 1401 1402/** 1403 * @brief get SSL application data 1404 * 1405 * @param ssl - SSL point 1406 * 1407 * @return application data 1408 */ 1409char *SSL_get_app_data(SSL *ssl); 1410 1411/** 1412 * @brief get SSL cipher bits 1413 * 1414 * @param ssl - SSL point 1415 * @param alg_bits - algorithm bits 1416 * 1417 * @return strength bits 1418 */ 1419int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits); 1420 1421/** 1422 * @brief get SSL cipher name 1423 * 1424 * @param ssl - SSL point 1425 * 1426 * @return SSL cipher name 1427 */ 1428char *SSL_get_cipher_name(const SSL *ssl); 1429 1430/** 1431 * @brief get SSL cipher version 1432 * 1433 * @param ssl - SSL point 1434 * 1435 * @return SSL cipher version 1436 */ 1437char *SSL_get_cipher_version(const SSL *ssl); 1438 1439/** 1440 * @brief get SSL extra data 1441 * 1442 * @param ssl - SSL point 1443 * @param idx - data index 1444 * 1445 * @return extra data 1446 */ 1447char *SSL_get_ex_data(const SSL *ssl, int idx); 1448 1449/** 1450 * @brief get index of the SSL extra data X509 storage context 1451 * 1452 * @param none 1453 * 1454 * @return data index 1455 */ 1456int SSL_get_ex_data_X509_STORE_CTX_idx(void); 1457 1458/** 1459 * @brief get peer certification chain 1460 * 1461 * @param ssl - SSL point 1462 * 1463 * @return certification chain 1464 */ 1465STACK *SSL_get_peer_cert_chain(const SSL *ssl); 1466 1467/** 1468 * @brief get peer certification 1469 * 1470 * @param ssl - SSL point 1471 * 1472 * @return certification 1473 */ 1474X509 *SSL_get_peer_certificate(const SSL *ssl); 1475 1476/** 1477 * @brief get SSL quiet shutdown mode 1478 * 1479 * @param ssl - SSL point 1480 * 1481 * @return quiet shutdown mode 1482 */ 1483int SSL_get_quiet_shutdown(const SSL *ssl); 1484 1485/** 1486 * @brief get SSL read only IO handle 1487 * 1488 * @param ssl - SSL point 1489 * 1490 * @return IO handle 1491 */ 1492BIO *SSL_get_rbio(const SSL *ssl); 1493 1494/** 1495 * @brief get SSL shared ciphers 1496 * 1497 * @param ssl - SSL point 1498 * @param buf - buffer to store the ciphers 1499 * @param len - buffer len 1500 * 1501 * @return shared ciphers 1502 */ 1503char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len); 1504 1505/** 1506 * @brief get SSL shutdown mode 1507 * 1508 * @param ssl - SSL point 1509 * 1510 * @return shutdown mode 1511 */ 1512int SSL_get_shutdown(const SSL *ssl); 1513 1514/** 1515 * @brief get SSL session time 1516 * 1517 * @param ssl - SSL point 1518 * 1519 * @return session time 1520 */ 1521long SSL_get_time(const SSL *ssl); 1522 1523/** 1524 * @brief get SSL session timeout time 1525 * 1526 * @param ssl - SSL point 1527 * 1528 * @return session timeout time 1529 */ 1530long SSL_get_timeout(const SSL *ssl); 1531 1532/** 1533 * @brief get SSL verifying mode 1534 * 1535 * @param ssl - SSL point 1536 * 1537 * @return verifying mode 1538 */ 1539int SSL_get_verify_mode(const SSL *ssl); 1540 1541/** 1542 * @brief get SSL verify parameters 1543 * 1544 * @param ssl - SSL point 1545 * 1546 * @return verify parameters 1547 */ 1548X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); 1549 1550/** 1551 * @brief set expected hostname the peer cert CN should have 1552 * 1553 * @param param - verify parameters from SSL_get0_param() 1554 * 1555 * @param name - the expected hostname 1556 * 1557 * @param namelen - the length of the hostname, or 0 if NUL terminated 1558 * 1559 * @return verify parameters 1560 */ 1561int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, 1562 const char *name, size_t namelen); 1563 1564/** 1565 * @brief set parameters for X509 host verify action 1566 * 1567 * @param param -verify parameters from SSL_get0_param() 1568 * 1569 * @param flags - bitfield of X509_CHECK_FLAG_... parameters to set 1570 * 1571 * @return 1 for success, 0 for failure 1572 */ 1573int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, 1574 unsigned long flags); 1575 1576/** 1577 * @brief clear parameters for X509 host verify action 1578 * 1579 * @param param -verify parameters from SSL_get0_param() 1580 * 1581 * @param flags - bitfield of X509_CHECK_FLAG_... parameters to clear 1582 * 1583 * @return 1 for success, 0 for failure 1584 */ 1585int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param, 1586 unsigned long flags); 1587 1588/** 1589 * @brief get SSL write only IO handle 1590 * 1591 * @param ssl - SSL point 1592 * 1593 * @return IO handle 1594 */ 1595BIO *SSL_get_wbio(const SSL *ssl); 1596 1597/** 1598 * @brief load SSL client CA certification file 1599 * 1600 * @param file - file name 1601 * 1602 * @return certification loading object 1603 */ 1604STACK *SSL_load_client_CA_file(const char *file); 1605 1606/** 1607 * @brief add SSL reference by '1' 1608 * 1609 * @param ssl - SSL point 1610 * 1611 * @return result 1612 * 1 : OK 1613 * 0 : failed 1614 */ 1615int SSL_up_ref(SSL *ssl); 1616 1617/** 1618 * @brief read and put data into buf, but not clear the SSL low-level storage 1619 * 1620 * @param ssl - SSL point 1621 * @param buf - storage buffer point 1622 * @param num - data bytes 1623 * 1624 * @return result 1625 * > 0 : OK, and return read bytes 1626 * = 0 : connect is closed 1627 * < 0 : a error catch 1628 */ 1629int SSL_peek(SSL *ssl, void *buf, int num); 1630 1631/** 1632 * @brief make SSL renegotiate 1633 * 1634 * @param ssl - SSL point 1635 * 1636 * @return result 1637 * 1 : OK 1638 * 0 : failed 1639 */ 1640int SSL_renegotiate(SSL *ssl); 1641 1642/** 1643 * @brief get the state string where SSL is reading 1644 * 1645 * @param ssl - SSL point 1646 * 1647 * @return state string 1648 */ 1649const char *SSL_rstate_string(SSL *ssl); 1650 1651/** 1652 * @brief get the statement long string where SSL is reading 1653 * 1654 * @param ssl - SSL point 1655 * 1656 * @return statement long string 1657 */ 1658const char *SSL_rstate_string_long(SSL *ssl); 1659 1660/** 1661 * @brief set SSL accept statement 1662 * 1663 * @param ssl - SSL point 1664 * 1665 * @return none 1666 */ 1667void SSL_set_accept_state(SSL *ssl); 1668 1669/** 1670 * @brief set SSL application data 1671 * 1672 * @param ssl - SSL point 1673 * @param arg - SSL application data point 1674 * 1675 * @return none 1676 */ 1677void SSL_set_app_data(SSL *ssl, char *arg); 1678 1679/** 1680 * @brief set SSL BIO 1681 * 1682 * @param ssl - SSL point 1683 * @param rbio - read only IO 1684 * @param wbio - write only IO 1685 * 1686 * @return none 1687 */ 1688void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); 1689 1690/** 1691 * @brief clear SSL option 1692 * 1693 * @param ssl - SSL point 1694 * @param op - clear option 1695 * 1696 * @return SSL option 1697 */ 1698unsigned long SSL_clear_options(SSL *ssl, unsigned long op); 1699 1700/** 1701 * @brief get SSL option 1702 * 1703 * @param ssl - SSL point 1704 * 1705 * @return SSL option 1706 */ 1707unsigned long SSL_get_options(SSL *ssl); 1708 1709/** 1710 * @brief clear SSL option 1711 * 1712 * @param ssl - SSL point 1713 * @param op - setting option 1714 * 1715 * @return SSL option 1716 */ 1717unsigned long SSL_set_options(SSL *ssl, unsigned long op); 1718 1719/** 1720 * @brief set SSL quiet shutdown mode 1721 * 1722 * @param ssl - SSL point 1723 * @param mode - quiet shutdown mode 1724 * 1725 * @return none 1726 */ 1727void SSL_set_quiet_shutdown(SSL *ssl, int mode); 1728 1729/** 1730 * @brief set SSL shutdown mode 1731 * 1732 * @param ssl - SSL point 1733 * @param mode - shutdown mode 1734 * 1735 * @return none 1736 */ 1737void SSL_set_shutdown(SSL *ssl, int mode); 1738 1739/** 1740 * @brief set SSL session time 1741 * 1742 * @param ssl - SSL point 1743 * @param t - session time 1744 * 1745 * @return session time 1746 */ 1747long SSL_set_time(SSL *ssl, long t); 1748 1749/** 1750 * @brief set SSL session timeout time 1751 * 1752 * @param ssl - SSL point 1753 * @param t - session timeout time 1754 * 1755 * @return session timeout time 1756 */ 1757long SSL_set_timeout(SSL *ssl, long t); 1758 1759/** 1760 * @brief get SSL statement string 1761 * 1762 * @param ssl - SSL point 1763 * 1764 * @return SSL statement string 1765 */ 1766char *SSL_state_string(const SSL *ssl); 1767 1768/** 1769 * @brief get SSL statement long string 1770 * 1771 * @param ssl - SSL point 1772 * 1773 * @return SSL statement long string 1774 */ 1775char *SSL_state_string_long(const SSL *ssl); 1776 1777/** 1778 * @brief get SSL renegotiation count 1779 * 1780 * @param ssl - SSL point 1781 * 1782 * @return renegotiation count 1783 */ 1784long SSL_total_renegotiations(SSL *ssl); 1785 1786/** 1787 * @brief get SSL version 1788 * 1789 * @param ssl - SSL point 1790 * 1791 * @return SSL version 1792 */ 1793int SSL_version(const SSL *ssl); 1794 1795/** 1796 * @brief set SSL PSK identity hint 1797 * 1798 * @param ssl - SSL point 1799 * @param hint - identity hint 1800 * 1801 * @return result 1802 * 1 : OK 1803 * 0 : failed 1804 */ 1805int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); 1806 1807/** 1808 * @brief get SSL PSK identity hint 1809 * 1810 * @param ssl - SSL point 1811 * 1812 * @return identity hint 1813 */ 1814const char *SSL_get_psk_identity_hint(SSL *ssl); 1815 1816/** 1817 * @brief get SSL PSK identity 1818 * 1819 * @param ssl - SSL point 1820 * 1821 * @return identity 1822 */ 1823const char *SSL_get_psk_identity(SSL *ssl); 1824 1825#ifdef __cplusplus 1826} 1827#endif 1828 1829#endif 1830