ssl.h source code [engine/third_party/boringssl/src/include/openssl/ssl.h]

1	/ Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)*
2	* All rights reserved.
3	*
4	* This package is an SSL implementation written
5	* by Eric Young (eay@cryptsoft.com).
6	* The implementation was written so as to conform with Netscapes SSL.
7	*
8	* This library is free for commercial and non-commercial use as long as
9	* the following conditions are aheared to. The following conditions
10	* apply to all code found in this distribution, be it the RC4, RSA,
11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
12	* included with this distribution is covered by the same copyright terms
13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
14	*
15	* Copyright remains Eric Young's, and as such any Copyright notices in
16	* the code are not to be removed.
17	* If this package is used in a product, Eric Young should be given attribution
18	* as the author of the parts of the library used.
19	* This can be in the form of a textual message at program startup or
20	* in documentation (online or textual) provided with the package.
21	*
22	* Redistribution and use in source and binary forms, with or without
23	* modification, are permitted provided that the following conditions
24	* are met:
25	* 1. Redistributions of source code must retain the copyright
26	* notice, this list of conditions and the following disclaimer.
27	* 2. Redistributions in binary form must reproduce the above copyright
28	* notice, this list of conditions and the following disclaimer in the
29	* documentation and/or other materials provided with the distribution.
30	* 3. All advertising materials mentioning features or use of this software
31	* must display the following acknowledgement:
32	* "This product includes cryptographic software written by
33	* Eric Young (eay@cryptsoft.com)"
34	* The word 'cryptographic' can be left out if the rouines from the library
35	* being used are not cryptographic related :-).
36	* 4. If you include any Windows specific code (or a derivative thereof) from
37	* the apps directory (application code) you must include an acknowledgement:
38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39	*
40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50	* SUCH DAMAGE.
51	*
52	* The licence and distribution terms for any publically available version or
53	* derivative of this code cannot be changed. i.e. this code cannot simply be
54	* copied and put under another distribution licence
55	* [including the GNU Public Licence.]
56	*/
57	/ ====================================================================*
58	* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59	*
60	* Redistribution and use in source and binary forms, with or without
61	* modification, are permitted provided that the following conditions
62	* are met:
63	*
64	* 1. Redistributions of source code must retain the above copyright
65	* notice, this list of conditions and the following disclaimer.
66	*
67	* 2. Redistributions in binary form must reproduce the above copyright
68	* notice, this list of conditions and the following disclaimer in
69	* the documentation and/or other materials provided with the
70	* distribution.
71	*
72	* 3. All advertising materials mentioning features or use of this
73	* software must display the following acknowledgment:
74	* "This product includes software developed by the OpenSSL Project
75	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76	*
77	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78	* endorse or promote products derived from this software without
79	* prior written permission. For written permission, please contact
80	* openssl-core@openssl.org.
81	*
82	* 5. Products derived from this software may not be called "OpenSSL"
83	* nor may "OpenSSL" appear in their names without prior written
84	* permission of the OpenSSL Project.
85	*
86	* 6. Redistributions of any form whatsoever must retain the following
87	* acknowledgment:
88	* "This product includes software developed by the OpenSSL Project
89	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90	*
91	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102	* OF THE POSSIBILITY OF SUCH DAMAGE.
103	* ====================================================================
104	*
105	* This product includes cryptographic software written by Eric Young
106	* (eay@cryptsoft.com). This product includes software written by Tim
107	* Hudson (tjh@cryptsoft.com).
108	*
109	*/
110	/ ====================================================================*
111	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112	* ECC cipher suite support in OpenSSL originally developed by
113	* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114	*/
115	/ ====================================================================*
116	* Copyright 2005 Nokia. All rights reserved.
117	*
118	* The portions of the attached software ("Contribution") is developed by
119	* Nokia Corporation and is licensed pursuant to the OpenSSL open source
120	* license.
121	*
122	* The Contribution, originally written by Mika Kousa and Pasi Eronen of
123	* Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124	* support (see RFC 4279) to OpenSSL.
125	*
126	* No patent licenses or other rights except those expressly stated in
127	* the OpenSSL open source license shall be deemed granted or received
128	* expressly, by implication, estoppel, or otherwise.
129	*
130	* No assurances are provided by Nokia that the Contribution does not
131	* infringe the patent or other intellectual property rights of any third
132	* party or that the license provides you with all the necessary rights
133	* to make use of the Contribution.
134	*
135	* THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136	* ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137	* SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138	* OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
139	* OTHERWISE.
140	*/
141
142	#ifndef OPENSSL_HEADER_SSL_H
143	#define OPENSSL_HEADER_SSL_H
144
145	#include <openssl/base.h>
146
147	#include <openssl/bio.h>
148	#include <openssl/buf.h>
149	#include <openssl/pem.h>
150	#include <openssl/span.h>
151	#include <openssl/ssl3.h>
152	#include <openssl/thread.h>
153	#include <openssl/tls1.h>
154	#include <openssl/x509.h>
155
156	#if !defined(OPENSSL_WINDOWS)
157	#include <sys/time.h>
158	#endif
159
160	// NGINX needs this #include. Consider revisiting this after NGINX 1.14.0 has
161	// been out for a year or so (assuming that they fix it in that release.) See
162	// https://boringssl-review.googlesource.com/c/boringssl/+/21664.
163	#include <openssl/hmac.h>
164
165	// Forward-declare struct timeval. On Windows, it is defined in winsock2.h and
166	// Windows headers define too many macros to be included in public headers.
167	// However, only a forward declaration is needed.
168	struct timeval;
169
170	#if defined(__cplusplus)
171	extern "C" {
172	#endif
173
174
175	// SSL implementation.
176
177
178	// SSL contexts.
179	//
180	// \|SSL_CTX\| objects manage shared state and configuration between multiple TLS
181	// or DTLS connections. Whether the connections are TLS or DTLS is selected by
182	// an \|SSL_METHOD\| on creation.
183	//
184	// \|SSL_CTX\| are reference-counted and may be shared by connections across
185	// multiple threads. Once shared, functions which change the \|SSL_CTX\|'s
186	// configuration may not be used.
187
188	// TLS_method is the \|SSL_METHOD\| used for TLS connections.
189	OPENSSL_EXPORT const SSL_METHOD TLS_method(void*);
190
191	// DTLS_method is the \|SSL_METHOD\| used for DTLS connections.
192	OPENSSL_EXPORT const SSL_METHOD DTLS_method(void*);
193
194	// TLS_with_buffers_method is like \|TLS_method\|, but avoids all use of
195	// crypto/x509. All client connections created with \|TLS_with_buffers_method\|
196	// will fail unless a certificate verifier is installed with
197	// \|SSL_set_custom_verify\| or \|SSL_CTX_set_custom_verify\|.
198	OPENSSL_EXPORT const SSL_METHOD TLS_with_buffers_method(void*);
199
200	// DTLS_with_buffers_method is like \|DTLS_method\|, but avoids all use of
201	// crypto/x509.
202	OPENSSL_EXPORT const SSL_METHOD DTLS_with_buffers_method(void*);
203
204	// SSL_CTX_new returns a newly-allocated \|SSL_CTX\| with default settings or NULL
205	// on error.
206	OPENSSL_EXPORT SSL_CTX SSL_CTX_new(const* SSL_METHOD *method);
207
208	// SSL_CTX_up_ref increments the reference count of \|ctx\|. It returns one.
209	OPENSSL_EXPORT int SSL_CTX_up_ref(SSL_CTX *ctx);
210
211	// SSL_CTX_free releases memory associated with \|ctx\|.
212	OPENSSL_EXPORT void SSL_CTX_free(SSL_CTX *ctx);
213
214
215	// SSL connections.
216	//
217	// An \|SSL\| object represents a single TLS or DTLS connection. Although the
218	// shared \|SSL_CTX\| is thread-safe, an \|SSL\| is not thread-safe and may only be
219	// used on one thread at a time.
220
221	// SSL_new returns a newly-allocated \|SSL\| using \|ctx\| or NULL on error. The new
222	// connection inherits settings from \|ctx\| at the time of creation. Settings may
223	// also be individually configured on the connection.
224	//
225	// On creation, an \|SSL\| is not configured to be either a client or server. Call
226	// \|SSL_set_connect_state\| or \|SSL_set_accept_state\| to set this.
227	OPENSSL_EXPORT SSL SSL_new(SSL_CTX ctx);
228
229	// SSL_free releases memory associated with \|ssl\|.
230	OPENSSL_EXPORT void SSL_free(SSL *ssl);
231
232	// SSL_get_SSL_CTX returns the \|SSL_CTX\| associated with \|ssl\|. If
233	// \|SSL_set_SSL_CTX\| is called, it returns the new \|SSL_CTX\|, not the initial
234	// one.
235	OPENSSL_EXPORT SSL_CTX SSL_get_SSL_CTX(const* SSL *ssl);
236
237	// SSL_set_connect_state configures \|ssl\| to be a client.
238	OPENSSL_EXPORT void SSL_set_connect_state(SSL *ssl);
239
240	// SSL_set_accept_state configures \|ssl\| to be a server.
241	OPENSSL_EXPORT void SSL_set_accept_state(SSL *ssl);
242
243	// SSL_is_server returns one if \|ssl\| is configured as a server and zero
244	// otherwise.
245	OPENSSL_EXPORT int SSL_is_server(const SSL *ssl);
246
247	// SSL_is_dtls returns one if \|ssl\| is a DTLS connection and zero otherwise.
248	OPENSSL_EXPORT int SSL_is_dtls(const SSL *ssl);
249
250	// SSL_set_bio configures \|ssl\| to read from \|rbio\| and write to \|wbio\|. \|ssl\|
251	// takes ownership of the two \|BIO\|s. If \|rbio\| and \|wbio\| are the same, \|ssl\|
252	// only takes ownership of one reference.
253	//
254	// In DTLS, \|rbio\| must be non-blocking to properly handle timeouts and
255	// retransmits.
256	//
257	// If \|rbio\| is the same as the currently configured \|BIO\| for reading, that
258	// side is left untouched and is not freed.
259	//
260	// If \|wbio\| is the same as the currently configured \|BIO\| for writing AND \|ssl\|
261	// is not currently configured to read from and write to the same \|BIO\|, that
262	// side is left untouched and is not freed. This asymmetry is present for
263	// historical reasons.
264	//
265	// Due to the very complex historical behavior of this function, calling this
266	// function if \|ssl\| already has \|BIO\|s configured is deprecated. Prefer
267	// \|SSL_set0_rbio\| and \|SSL_set0_wbio\| instead.
268	OPENSSL_EXPORT void SSL_set_bio(SSL ssl, BIO rbio, BIO *wbio);
269
270	// SSL_set0_rbio configures \|ssl\| to write to \|rbio\|. It takes ownership of
271	// \|rbio\|.
272	//
273	// Note that, although this function and \|SSL_set0_wbio\| may be called on the
274	// same \|BIO\|, each call takes a reference. Use \|BIO_up_ref\| to balance this.
275	OPENSSL_EXPORT void SSL_set0_rbio(SSL ssl, BIO rbio);
276
277	// SSL_set0_wbio configures \|ssl\| to write to \|wbio\|. It takes ownership of
278	// \|wbio\|.
279	//
280	// Note that, although this function and \|SSL_set0_rbio\| may be called on the
281	// same \|BIO\|, each call takes a reference. Use \|BIO_up_ref\| to balance this.
282	OPENSSL_EXPORT void SSL_set0_wbio(SSL ssl, BIO wbio);
283
284	// SSL_get_rbio returns the \|BIO\| that \|ssl\| reads from.
285	OPENSSL_EXPORT BIO SSL_get_rbio(const* SSL *ssl);
286
287	// SSL_get_wbio returns the \|BIO\| that \|ssl\| writes to.
288	OPENSSL_EXPORT BIO SSL_get_wbio(const* SSL *ssl);
289
290	// SSL_get_fd calls \|SSL_get_rfd\|.
291	OPENSSL_EXPORT int SSL_get_fd(const SSL *ssl);
292
293	// SSL_get_rfd returns the file descriptor that \|ssl\| is configured to read
294	// from. If \|ssl\|'s read \|BIO\| is not configured or doesn't wrap a file
295	// descriptor then it returns -1.
296	//
297	// Note: On Windows, this may return either a file descriptor or a socket (cast
298	// to int), depending on whether \|ssl\| was configured with a file descriptor or
299	// socket \|BIO\|.
300	OPENSSL_EXPORT int SSL_get_rfd(const SSL *ssl);
301
302	// SSL_get_wfd returns the file descriptor that \|ssl\| is configured to write
303	// to. If \|ssl\|'s write \|BIO\| is not configured or doesn't wrap a file
304	// descriptor then it returns -1.
305	//
306	// Note: On Windows, this may return either a file descriptor or a socket (cast
307	// to int), depending on whether \|ssl\| was configured with a file descriptor or
308	// socket \|BIO\|.
309	OPENSSL_EXPORT int SSL_get_wfd(const SSL *ssl);
310
311	// SSL_set_fd configures \|ssl\| to read from and write to \|fd\|. It returns one
312	// on success and zero on allocation error. The caller retains ownership of
313	// \|fd\|.
314	//
315	// On Windows, \|fd\| is cast to a \|SOCKET\| and used with Winsock APIs.
316	OPENSSL_EXPORT int SSL_set_fd(SSL ssl, int* fd);
317
318	// SSL_set_rfd configures \|ssl\| to read from \|fd\|. It returns one on success and
319	// zero on allocation error. The caller retains ownership of \|fd\|.
320	//
321	// On Windows, \|fd\| is cast to a \|SOCKET\| and used with Winsock APIs.
322	OPENSSL_EXPORT int SSL_set_rfd(SSL ssl, int* fd);
323
324	// SSL_set_wfd configures \|ssl\| to write to \|fd\|. It returns one on success and
325	// zero on allocation error. The caller retains ownership of \|fd\|.
326	//
327	// On Windows, \|fd\| is cast to a \|SOCKET\| and used with Winsock APIs.
328	OPENSSL_EXPORT int SSL_set_wfd(SSL ssl, int* fd);
329
330	// SSL_do_handshake continues the current handshake. If there is none or the
331	// handshake has completed or False Started, it returns one. Otherwise, it
332	// returns <= 0. The caller should pass the value into \|SSL_get_error\| to
333	// determine how to proceed.
334	//
335	// In DTLS, the caller must drive retransmissions. Whenever \|SSL_get_error\|
336	// signals \|SSL_ERROR_WANT_READ\|, use \|DTLSv1_get_timeout\| to determine the
337	// current timeout. If it expires before the next retry, call
338	// \|DTLSv1_handle_timeout\|. Note that DTLS handshake retransmissions use fresh
339	// sequence numbers, so it is not sufficient to replay packets at the transport.
340	//
341	// TODO(davidben): Ensure 0 is only returned on transport EOF.
342	// https://crbug.com/466303.
343	OPENSSL_EXPORT int SSL_do_handshake(SSL *ssl);
344
345	// SSL_connect configures \|ssl\| as a client, if unconfigured, and calls
346	// \|SSL_do_handshake\|.
347	OPENSSL_EXPORT int SSL_connect(SSL *ssl);
348
349	// SSL_accept configures \|ssl\| as a server, if unconfigured, and calls
350	// \|SSL_do_handshake\|.
351	OPENSSL_EXPORT int SSL_accept(SSL *ssl);
352
353	// SSL_read reads up to \|num\| bytes from \|ssl\| into \|buf\|. It implicitly runs
354	// any pending handshakes, including renegotiations when enabled. On success, it
355	// returns the number of bytes read. Otherwise, it returns <= 0. The caller
356	// should pass the value into \|SSL_get_error\| to determine how to proceed.
357	//
358	// TODO(davidben): Ensure 0 is only returned on transport EOF.
359	// https://crbug.com/466303.
360	OPENSSL_EXPORT int SSL_read(SSL ssl, void* buf, int* num);
361
362	// SSL_peek behaves like \|SSL_read\| but does not consume any bytes returned.
363	OPENSSL_EXPORT int SSL_peek(SSL ssl, void* buf, int* num);
364
365	// SSL_pending returns the number of bytes available in \|ssl\|. It does not read
366	// from the transport.
367	OPENSSL_EXPORT int SSL_pending(const SSL *ssl);
368
369	// SSL_write writes up to \|num\| bytes from \|buf\| into \|ssl\|. It implicitly runs
370	// any pending handshakes, including renegotiations when enabled. On success, it
371	// returns the number of bytes written. Otherwise, it returns <= 0. The caller
372	// should pass the value into \|SSL_get_error\| to determine how to proceed.
373	//
374	// In TLS, a non-blocking \|SSL_write\| differs from non-blocking \|write\| in that
375	// a failed \|SSL_write\| still commits to the data passed in. When retrying, the
376	// caller must supply the original write buffer (or a larger one containing the
377	// original as a prefix). By default, retries will fail if they also do not
378	// reuse the same \|buf\| pointer. This may be relaxed with
379	// \|SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\|, but the buffer contents still must be
380	// unchanged.
381	//
382	// By default, in TLS, \|SSL_write\| will not return success until all \|num\| bytes
383	// are written. This may be relaxed with \|SSL_MODE_ENABLE_PARTIAL_WRITE\|. It
384	// allows \|SSL_write\| to complete with a partial result when only part of the
385	// input was written in a single record.
386	//
387	// In DTLS, neither \|SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\| and
388	// \|SSL_MODE_ENABLE_PARTIAL_WRITE\| do anything. The caller may retry with a
389	// different buffer freely. A single call to \|SSL_write\| only ever writes a
390	// single record in a single packet, so \|num\| must be at most
391	// \|SSL3_RT_MAX_PLAIN_LENGTH\|.
392	//
393	// TODO(davidben): Ensure 0 is only returned on transport EOF.
394	// https://crbug.com/466303.
395	OPENSSL_EXPORT int SSL_write(SSL ssl, const* void buf, int* num);
396
397	// SSL_KEY_UPDATE_REQUESTED indicates that the peer should reply to a KeyUpdate
398	// message with its own, thus updating traffic secrets for both directions on
399	// the connection.
400	#define SSL_KEY_UPDATE_REQUESTED 1
401
402	// SSL_KEY_UPDATE_NOT_REQUESTED indicates that the peer should not reply with
403	// it's own KeyUpdate message.
404	#define SSL_KEY_UPDATE_NOT_REQUESTED 0
405
406	// SSL_key_update queues a TLS 1.3 KeyUpdate message to be sent on \|ssl\|
407	// if one is not already queued. The \|request_type\| argument must one of the
408	// \|SSL_KEY_UPDATE_\| values. This function requires that \|ssl\| have completed a*
409	// TLS >= 1.3 handshake. It returns one on success or zero on error.
410	//
411	// Note that this function does not _send_ the message itself. The next call to
412	// \|SSL_write\| will cause the message to be sent. \|SSL_write\| may be called with
413	// a zero length to flush a KeyUpdate message when no application data is
414	// pending.
415	OPENSSL_EXPORT int SSL_key_update(SSL ssl, int* request_type);
416
417	// SSL_shutdown shuts down \|ssl\|. It runs in two stages. First, it sends
418	// close_notify and returns zero or one on success or -1 on failure. Zero
419	// indicates that close_notify was sent, but not received, and one additionally
420	// indicates that the peer's close_notify had already been received.
421	//
422	// To then wait for the peer's close_notify, run \|SSL_shutdown\| to completion a
423	// second time. This returns 1 on success and -1 on failure. Application data
424	// is considered a fatal error at this point. To process or discard it, read
425	// until close_notify with \|SSL_read\| instead.
426	//
427	// In both cases, on failure, pass the return value into \|SSL_get_error\| to
428	// determine how to proceed.
429	//
430	// Most callers should stop at the first stage. Reading for close_notify is
431	// primarily used for uncommon protocols where the underlying transport is
432	// reused after TLS completes. Additionally, DTLS uses an unordered transport
433	// and is unordered, so the second stage is a no-op in DTLS.
434	OPENSSL_EXPORT int SSL_shutdown(SSL *ssl);
435
436	// SSL_CTX_set_quiet_shutdown sets quiet shutdown on \|ctx\| to \|mode\|. If
437	// enabled, \|SSL_shutdown\| will not send a close_notify alert or wait for one
438	// from the peer. It will instead synchronously return one.
439	OPENSSL_EXPORT void SSL_CTX_set_quiet_shutdown(SSL_CTX ctx, int* mode);
440
441	// SSL_CTX_get_quiet_shutdown returns whether quiet shutdown is enabled for
442	// \|ctx\|.
443	OPENSSL_EXPORT int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
444
445	// SSL_set_quiet_shutdown sets quiet shutdown on \|ssl\| to \|mode\|. If enabled,
446	// \|SSL_shutdown\| will not send a close_notify alert or wait for one from the
447	// peer. It will instead synchronously return one.
448	OPENSSL_EXPORT void SSL_set_quiet_shutdown(SSL ssl, int* mode);
449
450	// SSL_get_quiet_shutdown returns whether quiet shutdown is enabled for
451	// \|ssl\|.
452	OPENSSL_EXPORT int SSL_get_quiet_shutdown(const SSL *ssl);
453
454	// SSL_get_error returns a \|SSL_ERROR_\| value for the most recent operation on*
455	// \|ssl\|. It should be called after an operation failed to determine whether the
456	// error was fatal and, if not, when to retry.
457	OPENSSL_EXPORT int SSL_get_error(const SSL ssl, int* ret_code);
458
459	// SSL_ERROR_NONE indicates the operation succeeded.
460	#define SSL_ERROR_NONE 0
461
462	// SSL_ERROR_SSL indicates the operation failed within the library. The caller
463	// may inspect the error queue for more information.
464	#define SSL_ERROR_SSL 1
465
466	// SSL_ERROR_WANT_READ indicates the operation failed attempting to read from
467	// the transport. The caller may retry the operation when the transport is ready
468	// for reading.
469	//
470	// If signaled by a DTLS handshake, the caller must also call
471	// \|DTLSv1_get_timeout\| and \|DTLSv1_handle_timeout\| as appropriate. See
472	// \|SSL_do_handshake\|.
473	#define SSL_ERROR_WANT_READ 2
474
475	// SSL_ERROR_WANT_WRITE indicates the operation failed attempting to write to
476	// the transport. The caller may retry the operation when the transport is ready
477	// for writing.
478	#define SSL_ERROR_WANT_WRITE 3
479
480	// SSL_ERROR_WANT_X509_LOOKUP indicates the operation failed in calling the
481	// \|cert_cb\| or \|client_cert_cb\|. The caller may retry the operation when the
482	// callback is ready to return a certificate or one has been configured
483	// externally.
484	//
485	// See also \|SSL_CTX_set_cert_cb\| and \|SSL_CTX_set_client_cert_cb\|.
486	#define SSL_ERROR_WANT_X509_LOOKUP 4
487
488	// SSL_ERROR_SYSCALL indicates the operation failed externally to the library.
489	// The caller should consult the system-specific error mechanism. This is
490	// typically \|errno\| but may be something custom if using a custom \|BIO\|. It
491	// may also be signaled if the transport returned EOF, in which case the
492	// operation's return value will be zero.
493	#define SSL_ERROR_SYSCALL 5
494
495	// SSL_ERROR_ZERO_RETURN indicates the operation failed because the connection
496	// was cleanly shut down with a close_notify alert.
497	#define SSL_ERROR_ZERO_RETURN 6
498
499	// SSL_ERROR_WANT_CONNECT indicates the operation failed attempting to connect
500	// the transport (the \|BIO\| signaled \|BIO_RR_CONNECT\|). The caller may retry the
501	// operation when the transport is ready.
502	#define SSL_ERROR_WANT_CONNECT 7
503
504	// SSL_ERROR_WANT_ACCEPT indicates the operation failed attempting to accept a
505	// connection from the transport (the \|BIO\| signaled \|BIO_RR_ACCEPT\|). The
506	// caller may retry the operation when the transport is ready.
507	//
508	// TODO(davidben): Remove this. It's used by accept BIOs which are bizarre.
509	#define SSL_ERROR_WANT_ACCEPT 8
510
511	// SSL_ERROR_WANT_CHANNEL_ID_LOOKUP indicates the operation failed looking up
512	// the Channel ID key. The caller may retry the operation when \|channel_id_cb\|
513	// is ready to return a key or one has been configured with
514	// \|SSL_set1_tls_channel_id\|.
515	//
516	// See also \|SSL_CTX_set_channel_id_cb\|.
517	#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9
518
519	// SSL_ERROR_PENDING_SESSION indicates the operation failed because the session
520	// lookup callback indicated the session was unavailable. The caller may retry
521	// the operation when lookup has completed.
522	//
523	// See also \|SSL_CTX_sess_set_get_cb\| and \|SSL_magic_pending_session_ptr\|.
524	#define SSL_ERROR_PENDING_SESSION 11
525
526	// SSL_ERROR_PENDING_CERTIFICATE indicates the operation failed because the
527	// early callback indicated certificate lookup was incomplete. The caller may
528	// retry the operation when lookup has completed.
529	//
530	// See also \|SSL_CTX_set_select_certificate_cb\|.
531	#define SSL_ERROR_PENDING_CERTIFICATE 12
532
533	// SSL_ERROR_WANT_PRIVATE_KEY_OPERATION indicates the operation failed because
534	// a private key operation was unfinished. The caller may retry the operation
535	// when the private key operation is complete.
536	//
537	// See also \|SSL_set_private_key_method\| and
538	// \|SSL_CTX_set_private_key_method\|.
539	#define SSL_ERROR_WANT_PRIVATE_KEY_OPERATION 13
540
541	// SSL_ERROR_PENDING_TICKET indicates that a ticket decryption is pending. The
542	// caller may retry the operation when the decryption is ready.
543	//
544	// See also \|SSL_CTX_set_ticket_aead_method\|.
545	#define SSL_ERROR_PENDING_TICKET 14
546
547	// SSL_ERROR_EARLY_DATA_REJECTED indicates that early data was rejected. The
548	// caller should treat this as a connection failure and retry any operations
549	// associated with the rejected early data. \|SSL_reset_early_data_reject\| may be
550	// used to reuse the underlying connection for the retry.
551	#define SSL_ERROR_EARLY_DATA_REJECTED 15
552
553	// SSL_ERROR_WANT_CERTIFICATE_VERIFY indicates the operation failed because
554	// certificate verification was incomplete. The caller may retry the operation
555	// when certificate verification is complete.
556	//
557	// See also \|SSL_CTX_set_custom_verify\|.
558	#define SSL_ERROR_WANT_CERTIFICATE_VERIFY 16
559
560	#define SSL_ERROR_HANDOFF 17
561	#define SSL_ERROR_HANDBACK 18
562
563	// SSL_set_mtu sets the \|ssl\|'s MTU in DTLS to \|mtu\|. It returns one on success
564	// and zero on failure.
565	OPENSSL_EXPORT int SSL_set_mtu(SSL ssl, unsigned* mtu);
566
567	// DTLSv1_set_initial_timeout_duration sets the initial duration for a DTLS
568	// handshake timeout.
569	//
570	// This duration overrides the default of 1 second, which is the strong
571	// recommendation of RFC 6347 (see section 4.2.4.1). However, there may exist
572	// situations where a shorter timeout would be beneficial, such as for
573	// time-sensitive applications.
574	OPENSSL_EXPORT void DTLSv1_set_initial_timeout_duration(SSL *ssl,
575	unsigned duration_ms);
576
577	// DTLSv1_get_timeout queries the next DTLS handshake timeout. If there is a
578	// timeout in progress, it sets \|out\| to the time remaining and returns one.*
579	// Otherwise, it returns zero.
580	//
581	// When the timeout expires, call \|DTLSv1_handle_timeout\| to handle the
582	// retransmit behavior.
583	//
584	// NOTE: This function must be queried again whenever the handshake state
585	// machine changes, including when \|DTLSv1_handle_timeout\| is called.
586	OPENSSL_EXPORT int DTLSv1_get_timeout(const SSL ssl, struct* timeval *out);
587
588	// DTLSv1_handle_timeout is called when a DTLS handshake timeout expires. If no
589	// timeout had expired, it returns 0. Otherwise, it retransmits the previous
590	// flight of handshake messages and returns 1. If too many timeouts had expired
591	// without progress or an error occurs, it returns -1.
592	//
593	// The caller's external timer should be compatible with the one \|ssl\| queries
594	// within some fudge factor. Otherwise, the call will be a no-op, but
595	// \|DTLSv1_get_timeout\| will return an updated timeout.
596	//
597	// If the function returns -1, checking if \|SSL_get_error\| returns
598	// \|SSL_ERROR_WANT_WRITE\| may be used to determine if the retransmit failed due
599	// to a non-fatal error at the write \|BIO\|. However, the operation may not be
600	// retried until the next timeout fires.
601	//
602	// WARNING: This function breaks the usual return value convention.
603	//
604	// TODO(davidben): This \|SSL_ERROR_WANT_WRITE\| behavior is kind of bizarre.
605	OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
606
607
608	// Protocol versions.
609
610	#define DTLS1_VERSION_MAJOR 0xfe
611	#define SSL3_VERSION_MAJOR 0x03
612
613	#define SSL3_VERSION 0x0300
614	#define TLS1_VERSION 0x0301
615	#define TLS1_1_VERSION 0x0302
616	#define TLS1_2_VERSION 0x0303
617	#define TLS1_3_VERSION 0x0304
618
619	#define DTLS1_VERSION 0xfeff
620	#define DTLS1_2_VERSION 0xfefd
621
622	// SSL_CTX_set_min_proto_version sets the minimum protocol version for \|ctx\| to
623	// \|version\|. If \|version\| is zero, the default minimum version is used. It
624	// returns one on success and zero if \|version\| is invalid.
625	OPENSSL_EXPORT int SSL_CTX_set_min_proto_version(SSL_CTX *ctx,
626	uint16_t version);
627
628	// SSL_CTX_set_max_proto_version sets the maximum protocol version for \|ctx\| to
629	// \|version\|. If \|version\| is zero, the default maximum version is used. It
630	// returns one on success and zero if \|version\| is invalid.
631	OPENSSL_EXPORT int SSL_CTX_set_max_proto_version(SSL_CTX *ctx,
632	uint16_t version);
633
634	// SSL_CTX_get_min_proto_version returns the minimum protocol version for \|ctx\|
635	OPENSSL_EXPORT uint16_t SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
636
637	// SSL_CTX_get_max_proto_version returns the maximum protocol version for \|ctx\|
638	OPENSSL_EXPORT uint16_t SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
639
640	// SSL_set_min_proto_version sets the minimum protocol version for \|ssl\| to
641	// \|version\|. If \|version\| is zero, the default minimum version is used. It
642	// returns one on success and zero if \|version\| is invalid.
643	OPENSSL_EXPORT int SSL_set_min_proto_version(SSL *ssl, uint16_t version);
644
645	// SSL_set_max_proto_version sets the maximum protocol version for \|ssl\| to
646	// \|version\|. If \|version\| is zero, the default maximum version is used. It
647	// returns one on success and zero if \|version\| is invalid.
648	OPENSSL_EXPORT int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
649
650	// SSL_version returns the TLS or DTLS protocol version used by \|ssl\|, which is
651	// one of the \|_VERSION\| values. (E.g. \|TLS1_2_VERSION\|.) Before the version*
652	// is negotiated, the result is undefined.
653	OPENSSL_EXPORT int SSL_version(const SSL *ssl);
654
655
656	// Options.
657	//
658	// Options configure protocol behavior.
659
660	// SSL_OP_NO_QUERY_MTU, in DTLS, disables querying the MTU from the underlying
661	// \|BIO\|. Instead, the MTU is configured with \|SSL_set_mtu\|.
662	#define SSL_OP_NO_QUERY_MTU 0x00001000L
663
664	// SSL_OP_NO_TICKET disables session ticket support (RFC 5077).
665	#define SSL_OP_NO_TICKET 0x00004000L
666
667	// SSL_OP_CIPHER_SERVER_PREFERENCE configures servers to select ciphers and
668	// ECDHE curves according to the server's preferences instead of the
669	// client's.
670	#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
671
672	// The following flags toggle individual protocol versions. This is deprecated.
673	// Use \|SSL_CTX_set_min_proto_version\| and \|SSL_CTX_set_max_proto_version\|
674	// instead.
675	#define SSL_OP_NO_TLSv1 0x04000000L
676	#define SSL_OP_NO_TLSv1_2 0x08000000L
677	#define SSL_OP_NO_TLSv1_1 0x10000000L
678	#define SSL_OP_NO_TLSv1_3 0x20000000L
679	#define SSL_OP_NO_DTLSv1 SSL_OP_NO_TLSv1
680	#define SSL_OP_NO_DTLSv1_2 SSL_OP_NO_TLSv1_2
681
682	// SSL_CTX_set_options enables all options set in \|options\| (which should be one
683	// or more of the \|SSL_OP_\| values, ORed together) in \|ctx\|. It returns a*
684	// bitmask representing the resulting enabled options.
685	OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options);
686
687	// SSL_CTX_clear_options disables all options set in \|options\| (which should be
688	// one or more of the \|SSL_OP_\| values, ORed together) in \|ctx\|. It returns a*
689	// bitmask representing the resulting enabled options.
690	OPENSSL_EXPORT uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options);
691
692	// SSL_CTX_get_options returns a bitmask of \|SSL_OP_\| values that represent all*
693	// the options enabled for \|ctx\|.
694	OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx);
695
696	// SSL_set_options enables all options set in \|options\| (which should be one or
697	// more of the \|SSL_OP_\| values, ORed together) in \|ssl\|. It returns a bitmask*
698	// representing the resulting enabled options.
699	OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options);
700
701	// SSL_clear_options disables all options set in \|options\| (which should be one
702	// or more of the \|SSL_OP_\| values, ORed together) in \|ssl\|. It returns a*
703	// bitmask representing the resulting enabled options.
704	OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options);
705
706	// SSL_get_options returns a bitmask of \|SSL_OP_\| values that represent all the*
707	// options enabled for \|ssl\|.
708	OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl);
709
710
711	// Modes.
712	//
713	// Modes configure API behavior.
714
715	// SSL_MODE_ENABLE_PARTIAL_WRITE, in TLS, allows \|SSL_write\| to complete with a
716	// partial result when the only part of the input was written in a single
717	// record. In DTLS, it does nothing.
718	#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
719
720	// SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, in TLS, allows retrying an incomplete
721	// \|SSL_write\| with a different buffer. However, \|SSL_write\| still assumes the
722	// buffer contents are unchanged. This is not the default to avoid the
723	// misconception that non-blocking \|SSL_write\| behaves like non-blocking
724	// \|write\|. In DTLS, it does nothing.
725	#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
726
727	// SSL_MODE_NO_AUTO_CHAIN disables automatically building a certificate chain
728	// before sending certificates to the peer. This flag is set (and the feature
729	// disabled) by default.
730	// TODO(davidben): Remove this behavior. https://crbug.com/boringssl/42.
731	#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
732
733	// SSL_MODE_ENABLE_FALSE_START allows clients to send application data before
734	// receipt of ChangeCipherSpec and Finished. This mode enables full handshakes
735	// to 'complete' in one RTT. See RFC 7918.
736	//
737	// When False Start is enabled, \|SSL_do_handshake\| may succeed before the
738	// handshake has completely finished. \|SSL_write\| will function at this point,
739	// and \|SSL_read\| will transparently wait for the final handshake leg before
740	// returning application data. To determine if False Start occurred or when the
741	// handshake is completely finished, see \|SSL_in_false_start\|, \|SSL_in_init\|,
742	// and \|SSL_CB_HANDSHAKE_DONE\| from \|SSL_CTX_set_info_callback\|.
743	#define SSL_MODE_ENABLE_FALSE_START 0x00000080L
744
745	// SSL_MODE_CBC_RECORD_SPLITTING causes multi-byte CBC records in TLS 1.0 to be
746	// split in two: the first record will contain a single byte and the second will
747	// contain the remainder. This effectively randomises the IV and prevents BEAST
748	// attacks.
749	#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L
750
751	// SSL_MODE_NO_SESSION_CREATION will cause any attempts to create a session to
752	// fail with SSL_R_SESSION_MAY_NOT_BE_CREATED. This can be used to enforce that
753	// session resumption is used for a given SSL.*
754	#define SSL_MODE_NO_SESSION_CREATION 0x00000200L
755
756	// SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello.
757	// To be set only by applications that reconnect with a downgraded protocol
758	// version; see RFC 7507 for details.
759	//
760	// DO NOT ENABLE THIS if your application attempts a normal handshake. Only use
761	// this in explicit fallback retries, following the guidance in RFC 7507.
762	#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L
763
764	// SSL_CTX_set_mode enables all modes set in \|mode\| (which should be one or more
765	// of the \|SSL_MODE_\| values, ORed together) in \|ctx\|. It returns a bitmask*
766	// representing the resulting enabled modes.
767	OPENSSL_EXPORT uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode);
768
769	// SSL_CTX_clear_mode disables all modes set in \|mode\| (which should be one or
770	// more of the \|SSL_MODE_\| values, ORed together) in \|ctx\|. It returns a*
771	// bitmask representing the resulting enabled modes.
772	OPENSSL_EXPORT uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode);
773
774	// SSL_CTX_get_mode returns a bitmask of \|SSL_MODE_\| values that represent all*
775	// the modes enabled for \|ssl\|.
776	OPENSSL_EXPORT uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx);
777
778	// SSL_set_mode enables all modes set in \|mode\| (which should be one or more of
779	// the \|SSL_MODE_\| values, ORed together) in \|ssl\|. It returns a bitmask*
780	// representing the resulting enabled modes.
781	OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode);
782
783	// SSL_clear_mode disables all modes set in \|mode\| (which should be one or more
784	// of the \|SSL_MODE_\| values, ORed together) in \|ssl\|. It returns a bitmask*
785	// representing the resulting enabled modes.
786	OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode);
787
788	// SSL_get_mode returns a bitmask of \|SSL_MODE_\| values that represent all the*
789	// modes enabled for \|ssl\|.
790	OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl);
791
792	// SSL_CTX_set0_buffer_pool sets a \|CRYPTO_BUFFER_POOL\| that will be used to
793	// store certificates. This can allow multiple connections to share
794	// certificates and thus save memory.
795	//
796	// The SSL_CTX does not take ownership of \|pool\| and the caller must ensure
797	// that \|pool\| outlives \|ctx\| and all objects linked to it, including \|SSL\|,
798	// \|X509\| and \|SSL_SESSION\| objects. Basically, don't ever free \|pool\|.
799	OPENSSL_EXPORT void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx,
800	CRYPTO_BUFFER_POOL *pool);
801
802
803	// Configuring certificates and private keys.
804	//
805	// These functions configure the connection's leaf certificate, private key, and
806	// certificate chain. The certificate chain is ordered leaf to root (as sent on
807	// the wire) but does not include the leaf. Both client and server certificates
808	// use these functions.
809	//
810	// Certificates and keys may be configured before the handshake or dynamically
811	// in the early callback and certificate callback.
812
813	// SSL_CTX_use_certificate sets \|ctx\|'s leaf certificate to \|x509\|. It returns
814	// one on success and zero on failure.
815	OPENSSL_EXPORT int SSL_CTX_use_certificate(SSL_CTX ctx, X509 x509);
816
817	// SSL_use_certificate sets \|ssl\|'s leaf certificate to \|x509\|. It returns one
818	// on success and zero on failure.
819	OPENSSL_EXPORT int SSL_use_certificate(SSL ssl, X509 x509);
820
821	// SSL_CTX_use_PrivateKey sets \|ctx\|'s private key to \|pkey\|. It returns one on
822	// success and zero on failure.
823	OPENSSL_EXPORT int SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey);
824
825	// SSL_use_PrivateKey sets \|ssl\|'s private key to \|pkey\|. It returns one on
826	// success and zero on failure.
827	OPENSSL_EXPORT int SSL_use_PrivateKey(SSL ssl, EVP_PKEY pkey);
828
829	// SSL_CTX_set0_chain sets \|ctx\|'s certificate chain, excluding the leaf, to
830	// \|chain\|. On success, it returns one and takes ownership of \|chain\|.
831	// Otherwise, it returns zero.
832	OPENSSL_EXPORT int SSL_CTX_set0_chain(SSL_CTX ctx, STACK_OF(X509) chain);
833
834	// SSL_CTX_set1_chain sets \|ctx\|'s certificate chain, excluding the leaf, to
835	// \|chain\|. It returns one on success and zero on failure. The caller retains
836	// ownership of \|chain\| and may release it freely.
837	OPENSSL_EXPORT int SSL_CTX_set1_chain(SSL_CTX ctx, STACK_OF(X509) chain);
838
839	// SSL_set0_chain sets \|ssl\|'s certificate chain, excluding the leaf, to
840	// \|chain\|. On success, it returns one and takes ownership of \|chain\|.
841	// Otherwise, it returns zero.
842	OPENSSL_EXPORT int SSL_set0_chain(SSL ssl, STACK_OF(X509) chain);
843
844	// SSL_set1_chain sets \|ssl\|'s certificate chain, excluding the leaf, to
845	// \|chain\|. It returns one on success and zero on failure. The caller retains
846	// ownership of \|chain\| and may release it freely.
847	OPENSSL_EXPORT int SSL_set1_chain(SSL ssl, STACK_OF(X509) chain);
848
849	// SSL_CTX_add0_chain_cert appends \|x509\| to \|ctx\|'s certificate chain. On
850	// success, it returns one and takes ownership of \|x509\|. Otherwise, it returns
851	// zero.
852	OPENSSL_EXPORT int SSL_CTX_add0_chain_cert(SSL_CTX ctx, X509 x509);
853
854	// SSL_CTX_add1_chain_cert appends \|x509\| to \|ctx\|'s certificate chain. It
855	// returns one on success and zero on failure. The caller retains ownership of
856	// \|x509\| and may release it freely.
857	OPENSSL_EXPORT int SSL_CTX_add1_chain_cert(SSL_CTX ctx, X509 x509);
858
859	// SSL_add0_chain_cert appends \|x509\| to \|ctx\|'s certificate chain. On success,
860	// it returns one and takes ownership of \|x509\|. Otherwise, it returns zero.
861	OPENSSL_EXPORT int SSL_add0_chain_cert(SSL ssl, X509 x509);
862
863	// SSL_CTX_add_extra_chain_cert calls \|SSL_CTX_add0_chain_cert\|.
864	OPENSSL_EXPORT int SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 x509);
865
866	// SSL_add1_chain_cert appends \|x509\| to \|ctx\|'s certificate chain. It returns
867	// one on success and zero on failure. The caller retains ownership of \|x509\|
868	// and may release it freely.
869	OPENSSL_EXPORT int SSL_add1_chain_cert(SSL ssl, X509 x509);
870
871	// SSL_CTX_clear_chain_certs clears \|ctx\|'s certificate chain and returns
872	// one.
873	OPENSSL_EXPORT int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
874
875	// SSL_CTX_clear_extra_chain_certs calls \|SSL_CTX_clear_chain_certs\|.
876	OPENSSL_EXPORT int SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
877
878	// SSL_clear_chain_certs clears \|ssl\|'s certificate chain and returns one.
879	OPENSSL_EXPORT int SSL_clear_chain_certs(SSL *ssl);
880
881	// SSL_CTX_set_cert_cb sets a callback that is called to select a certificate.
882	// The callback returns one on success, zero on internal error, and a negative
883	// number on failure or to pause the handshake. If the handshake is paused,
884	// \|SSL_get_error\| will return \|SSL_ERROR_WANT_X509_LOOKUP\|.
885	//
886	// On the client, the callback may call \|SSL_get0_certificate_types\| and
887	// \|SSL_get_client_CA_list\| for information on the server's certificate
888	// request.
889	//
890	// On the server, the callback will be called after extensions have been
891	// processed, but before the resumption decision has been made. This differs
892	// from OpenSSL which handles resumption before selecting the certificate.
893	OPENSSL_EXPORT void SSL_CTX_set_cert_cb(SSL_CTX *ctx,
894	int (cb)(SSL ssl, void *arg),
895	void *arg);
896
897	// SSL_set_cert_cb sets a callback that is called to select a certificate. The
898	// callback returns one on success, zero on internal error, and a negative
899	// number on failure or to pause the handshake. If the handshake is paused,
900	// \|SSL_get_error\| will return \|SSL_ERROR_WANT_X509_LOOKUP\|.
901	//
902	// On the client, the callback may call \|SSL_get0_certificate_types\| and
903	// \|SSL_get_client_CA_list\| for information on the server's certificate
904	// request.
905	//
906	// On the server, the callback will be called after extensions have been
907	// processed, but before the resumption decision has been made. This differs
908	// from OpenSSL which handles resumption before selecting the certificate.
909	OPENSSL_EXPORT void SSL_set_cert_cb(SSL ssl, int* (cb)(SSL ssl, void *arg),
910	void *arg);
911
912	// SSL_get0_certificate_types, for a client, sets \|out_types\| to an array*
913	// containing the client certificate types requested by a server. It returns the
914	// length of the array. Note this list is always empty in TLS 1.3. The server
915	// will instead send signature algorithms. See
916	// \|SSL_get0_peer_verify_algorithms\|.
917	//
918	// The behavior of this function is undefined except during the callbacks set by
919	// by \|SSL_CTX_set_cert_cb\| and \|SSL_CTX_set_client_cert_cb\| or when the
920	// handshake is paused because of them.
921	OPENSSL_EXPORT size_t SSL_get0_certificate_types(const SSL *ssl,
922	const uint8_t **out_types);
923
924	// SSL_get0_peer_verify_algorithms sets \|out_sigalgs\| to an array containing*
925	// the signature algorithms the peer is able to verify. It returns the length of
926	// the array. Note these values are only sent starting TLS 1.2 and only
927	// mandatory starting TLS 1.3. If not sent, the empty array is returned. For the
928	// historical client certificate types list, see \|SSL_get0_certificate_types\|.
929	//
930	// The behavior of this function is undefined except during the callbacks set by
931	// by \|SSL_CTX_set_cert_cb\| and \|SSL_CTX_set_client_cert_cb\| or when the
932	// handshake is paused because of them.
933	OPENSSL_EXPORT size_t
934	SSL_get0_peer_verify_algorithms(const SSL ssl, const* uint16_t **out_sigalgs);
935
936	// SSL_certs_clear resets the private key, leaf certificate, and certificate
937	// chain of \|ssl\|.
938	OPENSSL_EXPORT void SSL_certs_clear(SSL *ssl);
939
940	// SSL_CTX_check_private_key returns one if the certificate and private key
941	// configured in \|ctx\| are consistent and zero otherwise.
942	OPENSSL_EXPORT int SSL_CTX_check_private_key(const SSL_CTX *ctx);
943
944	// SSL_check_private_key returns one if the certificate and private key
945	// configured in \|ssl\| are consistent and zero otherwise.
946	OPENSSL_EXPORT int SSL_check_private_key(const SSL *ssl);
947
948	// SSL_CTX_get0_certificate returns \|ctx\|'s leaf certificate.
949	OPENSSL_EXPORT X509 SSL_CTX_get0_certificate(const* SSL_CTX *ctx);
950
951	// SSL_get_certificate returns \|ssl\|'s leaf certificate.
952	OPENSSL_EXPORT X509 SSL_get_certificate(const* SSL *ssl);
953
954	// SSL_CTX_get0_privatekey returns \|ctx\|'s private key.
955	OPENSSL_EXPORT EVP_PKEY SSL_CTX_get0_privatekey(const* SSL_CTX *ctx);
956
957	// SSL_get_privatekey returns \|ssl\|'s private key.
958	OPENSSL_EXPORT EVP_PKEY SSL_get_privatekey(const* SSL *ssl);
959
960	// SSL_CTX_get0_chain_certs sets \|out_chain\| to \|ctx\|'s certificate chain and*
961	// returns one.
962	OPENSSL_EXPORT int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx,
963	STACK_OF(X509) **out_chain);
964
965	// SSL_CTX_get_extra_chain_certs calls \|SSL_CTX_get0_chain_certs\|.
966	OPENSSL_EXPORT int SSL_CTX_get_extra_chain_certs(const SSL_CTX *ctx,
967	STACK_OF(X509) **out_chain);
968
969	// SSL_get0_chain_certs sets \|out_chain\| to \|ssl\|'s certificate chain and*
970	// returns one.
971	OPENSSL_EXPORT int SSL_get0_chain_certs(const SSL *ssl,
972	STACK_OF(X509) **out_chain);
973
974	// SSL_CTX_set_signed_cert_timestamp_list sets the list of signed certificate
975	// timestamps that is sent to clients that request it. The \|list\| argument must
976	// contain one or more SCT structures serialised as a SignedCertificateTimestamp
977	// List (see https://tools.ietf.org/html/rfc6962#section-3.3) – i.e. each SCT
978	// is prefixed by a big-endian, uint16 length and the concatenation of one or
979	// more such prefixed SCTs are themselves also prefixed by a uint16 length. It
980	// returns one on success and zero on error. The caller retains ownership of
981	// \|list\|.
982	OPENSSL_EXPORT int SSL_CTX_set_signed_cert_timestamp_list(SSL_CTX *ctx,
983	const uint8_t *list,
984	size_t list_len);
985
986	// SSL_set_signed_cert_timestamp_list sets the list of signed certificate
987	// timestamps that is sent to clients that request is. The same format as the
988	// one used for \|SSL_CTX_set_signed_cert_timestamp_list\| applies. The caller
989	// retains ownership of \|list\|.
990	OPENSSL_EXPORT int SSL_set_signed_cert_timestamp_list(SSL *ctx,
991	const uint8_t *list,
992	size_t list_len);
993
994	// SSL_CTX_set_ocsp_response sets the OCSP response that is sent to clients
995	// which request it. It returns one on success and zero on error. The caller
996	// retains ownership of \|response\|.
997	OPENSSL_EXPORT int SSL_CTX_set_ocsp_response(SSL_CTX *ctx,
998	const uint8_t *response,
999	size_t response_len);
1000
1001	// SSL_set_ocsp_response sets the OCSP response that is sent to clients which
1002	// request it. It returns one on success and zero on error. The caller retains
1003	// ownership of \|response\|.
1004	OPENSSL_EXPORT int SSL_set_ocsp_response(SSL *ssl,
1005	const uint8_t *response,
1006	size_t response_len);
1007
1008	// SSL_SIGN_ are signature algorithm values as defined in TLS 1.3.*
1009	#define SSL_SIGN_RSA_PKCS1_SHA1 0x0201
1010	#define SSL_SIGN_RSA_PKCS1_SHA256 0x0401
1011	#define SSL_SIGN_RSA_PKCS1_SHA384 0x0501
1012	#define SSL_SIGN_RSA_PKCS1_SHA512 0x0601
1013	#define SSL_SIGN_ECDSA_SHA1 0x0203
1014	#define SSL_SIGN_ECDSA_SECP256R1_SHA256 0x0403
1015	#define SSL_SIGN_ECDSA_SECP384R1_SHA384 0x0503
1016	#define SSL_SIGN_ECDSA_SECP521R1_SHA512 0x0603
1017	#define SSL_SIGN_RSA_PSS_RSAE_SHA256 0x0804
1018	#define SSL_SIGN_RSA_PSS_RSAE_SHA384 0x0805
1019	#define SSL_SIGN_RSA_PSS_RSAE_SHA512 0x0806
1020	#define SSL_SIGN_ED25519 0x0807
1021
1022	// SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal signature algorithm used to
1023	// specify raw RSASSA-PKCS1-v1_5 with an MD5/SHA-1 concatenation, as used in TLS
1024	// before TLS 1.2.
1025	#define SSL_SIGN_RSA_PKCS1_MD5_SHA1 0xff01
1026
1027	// SSL_get_signature_algorithm_name returns a human-readable name for \|sigalg\|,
1028	// or NULL if unknown. If \|include_curve\| is one, the curve for ECDSA algorithms
1029	// is included as in TLS 1.3. Otherwise, it is excluded as in TLS 1.2.
1030	OPENSSL_EXPORT const char *SSL_get_signature_algorithm_name(uint16_t sigalg,
1031	int include_curve);
1032
1033	// SSL_get_signature_algorithm_key_type returns the key type associated with
1034	// \|sigalg\| as an \|EVP_PKEY_\| constant or \|EVP_PKEY_NONE\| if unknown.*
1035	OPENSSL_EXPORT int SSL_get_signature_algorithm_key_type(uint16_t sigalg);
1036
1037	// SSL_get_signature_algorithm_digest returns the digest function associated
1038	// with \|sigalg\| or \|NULL\| if \|sigalg\| has no prehash (Ed25519) or is unknown.
1039	OPENSSL_EXPORT const EVP_MD *SSL_get_signature_algorithm_digest(
1040	uint16_t sigalg);
1041
1042	// SSL_is_signature_algorithm_rsa_pss returns one if \|sigalg\| is an RSA-PSS
1043	// signature algorithm and zero otherwise.
1044	OPENSSL_EXPORT int SSL_is_signature_algorithm_rsa_pss(uint16_t sigalg);
1045
1046	// SSL_CTX_set_signing_algorithm_prefs configures \|ctx\| to use \|prefs\| as the
1047	// preference list when signing with \|ctx\|'s private key. It returns one on
1048	// success and zero on error. \|prefs\| should not include the internal-only value
1049	// \|SSL_SIGN_RSA_PKCS1_MD5_SHA1\|.
1050	OPENSSL_EXPORT int SSL_CTX_set_signing_algorithm_prefs(SSL_CTX *ctx,
1051	const uint16_t *prefs,
1052	size_t num_prefs);
1053
1054	// SSL_set_signing_algorithm_prefs configures \|ssl\| to use \|prefs\| as the
1055	// preference list when signing with \|ssl\|'s private key. It returns one on
1056	// success and zero on error. \|prefs\| should not include the internal-only value
1057	// \|SSL_SIGN_RSA_PKCS1_MD5_SHA1\|.
1058	OPENSSL_EXPORT int SSL_set_signing_algorithm_prefs(SSL *ssl,
1059	const uint16_t *prefs,
1060	size_t num_prefs);
1061
1062
1063	// Certificate and private key convenience functions.
1064
1065	// SSL_CTX_set_chain_and_key sets the certificate chain and private key for a
1066	// TLS client or server. References to the given \|CRYPTO_BUFFER\| and \|EVP_PKEY\|
1067	// objects are added as needed. Exactly one of \|privkey\| or \|privkey_method\|
1068	// may be non-NULL. Returns one on success and zero on error.
1069	OPENSSL_EXPORT int SSL_CTX_set_chain_and_key(
1070	SSL_CTX ctx, CRYPTO_BUFFER const *certs, size_t num_certs,
1071	EVP_PKEY privkey, const* SSL_PRIVATE_KEY_METHOD *privkey_method);
1072
1073	// SSL_set_chain_and_key sets the certificate chain and private key for a TLS
1074	// client or server. References to the given \|CRYPTO_BUFFER\| and \|EVP_PKEY\|
1075	// objects are added as needed. Exactly one of \|privkey\| or \|privkey_method\|
1076	// may be non-NULL. Returns one on success and zero on error.
1077	OPENSSL_EXPORT int SSL_set_chain_and_key(
1078	SSL ssl, CRYPTO_BUFFER const certs, size_t num_certs, EVP_PKEY privkey,
1079	const SSL_PRIVATE_KEY_METHOD *privkey_method);
1080
1081	// SSL_CTX_use_RSAPrivateKey sets \|ctx\|'s private key to \|rsa\|. It returns one
1082	// on success and zero on failure.
1083	OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa);
1084
1085	// SSL_use_RSAPrivateKey sets \|ctx\|'s private key to \|rsa\|. It returns one on
1086	// success and zero on failure.
1087	OPENSSL_EXPORT int SSL_use_RSAPrivateKey(SSL ssl, RSA rsa);
1088
1089	// The following functions configure certificates or private keys but take as
1090	// input DER-encoded structures. They return one on success and zero on
1091	// failure.
1092
1093	OPENSSL_EXPORT int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, size_t der_len,
1094	const uint8_t *der);
1095	OPENSSL_EXPORT int SSL_use_certificate_ASN1(SSL ssl, const* uint8_t *der,
1096	size_t der_len);
1097
1098	OPENSSL_EXPORT int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
1099	const uint8_t *der,
1100	size_t der_len);
1101	OPENSSL_EXPORT int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
1102	const uint8_t *der, size_t der_len);
1103
1104	OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx,
1105	const uint8_t *der,
1106	size_t der_len);
1107	OPENSSL_EXPORT int SSL_use_RSAPrivateKey_ASN1(SSL ssl, const* uint8_t *der,
1108	size_t der_len);
1109
1110	// The following functions configure certificates or private keys but take as
1111	// input files to read from. They return one on success and zero on failure. The
1112	// \|type\| parameter is one of the \|SSL_FILETYPE_\| values and determines whether*
1113	// the file's contents are read as PEM or DER.
1114
1115	#define SSL_FILETYPE_PEM 1
1116	#define SSL_FILETYPE_ASN1 2
1117
1118	OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx,
1119	const char *file,
1120	int type);
1121	OPENSSL_EXPORT int SSL_use_RSAPrivateKey_file(SSL ssl, const* char *file,
1122	int type);
1123
1124	OPENSSL_EXPORT int SSL_CTX_use_certificate_file(SSL_CTX ctx, const* char *file,
1125	int type);
1126	OPENSSL_EXPORT int SSL_use_certificate_file(SSL ssl, const* char *file,
1127	int type);
1128
1129	OPENSSL_EXPORT int SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const* char *file,
1130	int type);
1131	OPENSSL_EXPORT int SSL_use_PrivateKey_file(SSL ssl, const* char *file,
1132	int type);
1133
1134	// SSL_CTX_use_certificate_chain_file configures certificates for \|ctx\|. It
1135	// reads the contents of \|file\| as a PEM-encoded leaf certificate followed
1136	// optionally by the certificate chain to send to the peer. It returns one on
1137	// success and zero on failure.
1138	OPENSSL_EXPORT int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx,
1139	const char *file);
1140
1141	// SSL_CTX_set_default_passwd_cb sets the password callback for PEM-based
1142	// convenience functions called on \|ctx\|.
1143	OPENSSL_EXPORT void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,
1144	pem_password_cb *cb);
1145
1146	// SSL_CTX_get_default_passwd_cb returns the callback set by
1147	// \|SSL_CTX_set_default_passwd_cb\|.
1148	OPENSSL_EXPORT pem_password_cb *SSL_CTX_get_default_passwd_cb(
1149	const SSL_CTX *ctx);
1150
1151	// SSL_CTX_set_default_passwd_cb_userdata sets the userdata parameter for
1152	// \|ctx\|'s password callback.
1153	OPENSSL_EXPORT void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,
1154	void *data);
1155
1156	// SSL_CTX_get_default_passwd_cb_userdata returns the userdata parameter set by
1157	// \|SSL_CTX_set_default_passwd_cb_userdata\|.
1158	OPENSSL_EXPORT void SSL_CTX_get_default_passwd_cb_userdata(const* SSL_CTX *ctx);
1159
1160
1161	// Custom private keys.
1162
1163	enum ssl_private_key_result_t BORINGSSL_ENUM_INT {
1164	ssl_private_key_success,
1165	ssl_private_key_retry,
1166	ssl_private_key_failure,
1167	};
1168
1169	// ssl_private_key_method_st (aka \|SSL_PRIVATE_KEY_METHOD\|) describes private
1170	// key hooks. This is used to off-load signing operations to a custom,
1171	// potentially asynchronous, backend. Metadata about the key such as the type
1172	// and size are parsed out of the certificate.
1173	struct ssl_private_key_method_st {
1174	// sign signs the message \|in\| in using the specified signature algorithm. On
1175	// success, it returns \|ssl_private_key_success\| and writes at most \|max_out\|
1176	// bytes of signature data to \|out\| and sets \|out_len\| to the number of bytes*
1177	// written. On failure, it returns \|ssl_private_key_failure\|. If the operation
1178	// has not completed, it returns \|ssl_private_key_retry\|. \|sign\| should
1179	// arrange for the high-level operation on \|ssl\| to be retried when the
1180	// operation is completed. This will result in a call to \|complete\|.
1181	//
1182	// \|signature_algorithm\| is one of the \|SSL_SIGN_\| values, as defined in TLS*
1183	// 1.3. Note that, in TLS 1.2, ECDSA algorithms do not require that curve
1184	// sizes match hash sizes, so the curve portion of \|SSL_SIGN_ECDSA_\| values*
1185	// must be ignored. BoringSSL will internally handle the curve matching logic
1186	// where appropriate.
1187	//
1188	// It is an error to call \|sign\| while another private key operation is in
1189	// progress on \|ssl\|.
1190	enum ssl_private_key_result_t (sign)(SSL ssl, uint8_t out, size_t out_len,
1191	size_t max_out,
1192	uint16_t signature_algorithm,
1193	const uint8_t *in, size_t in_len);
1194
1195	// decrypt decrypts \|in_len\| bytes of encrypted data from \|in\|. On success it
1196	// returns \|ssl_private_key_success\|, writes at most \|max_out\| bytes of
1197	// decrypted data to \|out\| and sets \|out_len\| to the actual number of bytes*
1198	// written. On failure it returns \|ssl_private_key_failure\|. If the operation
1199	// has not completed, it returns \|ssl_private_key_retry\|. The caller should
1200	// arrange for the high-level operation on \|ssl\| to be retried when the
1201	// operation is completed, which will result in a call to \|complete\|. This
1202	// function only works with RSA keys and should perform a raw RSA decryption
1203	// operation with no padding.
1204	//
1205	// It is an error to call \|decrypt\| while another private key operation is in
1206	// progress on \|ssl\|.
1207	enum ssl_private_key_result_t (decrypt)(SSL ssl, uint8_t *out,
1208	size_t *out_len, size_t max_out,
1209	const uint8_t *in, size_t in_len);
1210
1211	// complete completes a pending operation. If the operation has completed, it
1212	// returns \|ssl_private_key_success\| and writes the result to \|out\| as in
1213	// \|sign\|. Otherwise, it returns \|ssl_private_key_failure\| on failure and
1214	// \|ssl_private_key_retry\| if the operation is still in progress.
1215	//
1216	// \|complete\| may be called arbitrarily many times before completion, but it
1217	// is an error to call \|complete\| if there is no pending operation in progress
1218	// on \|ssl\|.
1219	enum ssl_private_key_result_t (complete)(SSL ssl, uint8_t *out,
1220	size_t *out_len, size_t max_out);
1221	};
1222
1223	// SSL_set_private_key_method configures a custom private key on \|ssl\|.
1224	// \|key_method\| must remain valid for the lifetime of \|ssl\|.
1225	OPENSSL_EXPORT void SSL_set_private_key_method(
1226	SSL ssl, const* SSL_PRIVATE_KEY_METHOD *key_method);
1227
1228	// SSL_CTX_set_private_key_method configures a custom private key on \|ctx\|.
1229	// \|key_method\| must remain valid for the lifetime of \|ctx\|.
1230	OPENSSL_EXPORT void SSL_CTX_set_private_key_method(
1231	SSL_CTX ctx, const* SSL_PRIVATE_KEY_METHOD *key_method);
1232
1233
1234	// Cipher suites.
1235	//
1236	// \|SSL_CIPHER\| objects represent cipher suites.
1237
1238	DEFINE_CONST_STACK_OF(SSL_CIPHER)
1239
1240	// SSL_get_cipher_by_value returns the structure representing a TLS cipher
1241	// suite based on its assigned number, or NULL if unknown. See
1242	// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4.
1243	OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value);
1244
1245	// SSL_CIPHER_get_id returns \|cipher\|'s id. It may be cast to a \|uint16_t\| to
1246	// get the cipher suite value.
1247	OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
1248
1249	// SSL_CIPHER_is_aead returns one if \|cipher\| uses an AEAD cipher.
1250	OPENSSL_EXPORT int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher);
1251
1252	// SSL_CIPHER_is_block_cipher returns one if \|cipher\| is a block cipher.
1253	OPENSSL_EXPORT int SSL_CIPHER_is_block_cipher(const SSL_CIPHER *cipher);
1254
1255	// SSL_CIPHER_get_cipher_nid returns the NID for \|cipher\|'s bulk
1256	// cipher. Possible values are \|NID_aes_128_gcm\|, \|NID_aes_256_gcm\|,
1257	// \|NID_chacha20_poly1305\|, \|NID_aes_128_cbc\|, \|NID_aes_256_cbc\|, and
1258	// \|NID_des_ede3_cbc\|.
1259	OPENSSL_EXPORT int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *cipher);
1260
1261	// SSL_CIPHER_get_digest_nid returns the NID for \|cipher\|'s HMAC if it is a
1262	// legacy cipher suite. For modern AEAD-based ciphers (see
1263	// \|SSL_CIPHER_is_aead\|), it returns \|NID_undef\|.
1264	//
1265	// Note this function only returns the legacy HMAC digest, not the PRF hash.
1266	OPENSSL_EXPORT int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher);
1267
1268	// SSL_CIPHER_get_kx_nid returns the NID for \|cipher\|'s key exchange. This may
1269	// be \|NID_kx_rsa\|, \|NID_kx_ecdhe\|, or \|NID_kx_psk\| for TLS 1.2. In TLS 1.3,
1270	// cipher suites do not specify the key exchange, so this function returns
1271	// \|NID_kx_any\|.
1272	OPENSSL_EXPORT int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *cipher);
1273
1274	// SSL_CIPHER_get_auth_nid returns the NID for \|cipher\|'s authentication
1275	// type. This may be \|NID_auth_rsa\|, \|NID_auth_ecdsa\|, or \|NID_auth_psk\| for TLS
1276	// 1.2. In TLS 1.3, cipher suites do not specify authentication, so this
1277	// function returns \|NID_auth_any\|.
1278	OPENSSL_EXPORT int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *cipher);
1279
1280	// SSL_CIPHER_get_prf_nid retuns the NID for \|cipher\|'s PRF hash. If \|cipher\| is
1281	// a pre-TLS-1.2 cipher, it returns \|NID_md5_sha1\| but note these ciphers use
1282	// SHA-256 in TLS 1.2. Other return values may be treated uniformly in all
1283	// applicable versions.
1284	OPENSSL_EXPORT int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *cipher);
1285
1286	// SSL_CIPHER_get_min_version returns the minimum protocol version required
1287	// for \|cipher\|.
1288	OPENSSL_EXPORT uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher);
1289
1290	// SSL_CIPHER_get_max_version returns the maximum protocol version that
1291	// supports \|cipher\|.
1292	OPENSSL_EXPORT uint16_t SSL_CIPHER_get_max_version(const SSL_CIPHER *cipher);
1293
1294	// SSL_CIPHER_standard_name returns the standard IETF name for \|cipher\|. For
1295	// example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256".
1296	OPENSSL_EXPORT const char SSL_CIPHER_standard_name(const* SSL_CIPHER *cipher);
1297
1298	// SSL_CIPHER_get_name returns the OpenSSL name of \|cipher\|. For example,
1299	// "ECDHE-RSA-AES128-GCM-SHA256". Callers are recommended to use
1300	// \|SSL_CIPHER_standard_name\| instead.
1301	OPENSSL_EXPORT const char SSL_CIPHER_get_name(const* SSL_CIPHER *cipher);
1302
1303	// SSL_CIPHER_get_kx_name returns a string that describes the key-exchange
1304	// method used by \|cipher\|. For example, "ECDHE_ECDSA". TLS 1.3 AEAD-only
1305	// ciphers return the string "GENERIC".
1306	OPENSSL_EXPORT const char SSL_CIPHER_get_kx_name(const* SSL_CIPHER *cipher);
1307
1308	// SSL_CIPHER_get_bits returns the strength, in bits, of \|cipher\|. If
1309	// \|out_alg_bits\| is not NULL, it writes the number of bits consumed by the
1310	// symmetric algorithm to \|out_alg_bits\|.*
1311	OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher,
1312	int *out_alg_bits);
1313
1314
1315	// Cipher suite configuration.
1316	//
1317	// OpenSSL uses a mini-language to configure cipher suites. The language
1318	// maintains an ordered list of enabled ciphers, along with an ordered list of
1319	// disabled but available ciphers. Initially, all ciphers are disabled with a
1320	// default ordering. The cipher string is then interpreted as a sequence of
1321	// directives, separated by colons, each of which modifies this state.
1322	//
1323	// Most directives consist of a one character or empty opcode followed by a
1324	// selector which matches a subset of available ciphers.
1325	//
1326	// Available opcodes are:
1327	//
1328	// The empty opcode enables and appends all matching disabled ciphers to the
1329	// end of the enabled list. The newly appended ciphers are ordered relative to
1330	// each other matching their order in the disabled list.
1331	//
1332	// \|-\| disables all matching enabled ciphers and prepends them to the disabled
1333	// list, with relative order from the enabled list preserved. This means the
1334	// most recently disabled ciphers get highest preference relative to other
1335	// disabled ciphers if re-enabled.
1336	//
1337	// \|+\| moves all matching enabled ciphers to the end of the enabled list, with
1338	// relative order preserved.
1339	//
1340	// \|!\| deletes all matching ciphers, enabled or not, from either list. Deleted
1341	// ciphers will not matched by future operations.
1342	//
1343	// A selector may be a specific cipher (using either the standard or OpenSSL
1344	// name for the cipher) or one or more rules separated by \|+\|. The final
1345	// selector matches the intersection of each rule. For instance, \|AESGCM+aECDSA\|
1346	// matches ECDSA-authenticated AES-GCM ciphers.
1347	//
1348	// Available cipher rules are:
1349	//
1350	// \|ALL\| matches all ciphers.
1351	//
1352	// \|kRSA\|, \|kDHE\|, \|kECDHE\|, and \|kPSK\| match ciphers using plain RSA, DHE,
1353	// ECDHE, and plain PSK key exchanges, respectively. Note that ECDHE_PSK is
1354	// matched by \|kECDHE\| and not \|kPSK\|.
1355	//
1356	// \|aRSA\|, \|aECDSA\|, and \|aPSK\| match ciphers authenticated by RSA, ECDSA, and
1357	// a pre-shared key, respectively.
1358	//
1359	// \|RSA\|, \|DHE\|, \|ECDHE\|, \|PSK\|, \|ECDSA\|, and \|PSK\| are aliases for the
1360	// corresponding \|k\| or \|a\| cipher rule. \|RSA\| is an alias for \|kRSA\|, not
1361	// \|aRSA\|.
1362	//
1363	// \|3DES\|, \|AES128\|, \|AES256\|, \|AES\|, \|AESGCM\|, \|CHACHA20\| match ciphers
1364	// whose bulk cipher use the corresponding encryption scheme. Note that
1365	// \|AES\|, \|AES128\|, and \|AES256\| match both CBC and GCM ciphers.
1366	//
1367	// \|SHA1\|, and its alias \|SHA\|, match legacy cipher suites using HMAC-SHA1.
1368	//
1369	// Although implemented, authentication-only ciphers match no rules and must be
1370	// explicitly selected by name.
1371	//
1372	// Deprecated cipher rules:
1373	//
1374	// \|kEDH\|, \|EDH\|, \|kEECDH\|, and \|EECDH\| are legacy aliases for \|kDHE\|, \|DHE\|,
1375	// \|kECDHE\|, and \|ECDHE\|, respectively.
1376	//
1377	// \|HIGH\| is an alias for \|ALL\|.
1378	//
1379	// \|FIPS\| is an alias for \|HIGH\|.
1380	//
1381	// \|SSLv3\| and \|TLSv1\| match ciphers available in TLS 1.1 or earlier.
1382	// \|TLSv1_2\| matches ciphers new in TLS 1.2. This is confusing and should not
1383	// be used.
1384	//
1385	// Unknown rules are silently ignored by legacy APIs, and rejected by APIs with
1386	// "strict" in the name, which should be preferred. Cipher lists can be long
1387	// and it's easy to commit typos. Strict functions will also reject the use of
1388	// spaces, semi-colons and commas as alternative separators.
1389	//
1390	// The special \|@STRENGTH\| directive will sort all enabled ciphers by strength.
1391	//
1392	// The \|DEFAULT\| directive, when appearing at the front of the string, expands
1393	// to the default ordering of available ciphers.
1394	//
1395	// If configuring a server, one may also configure equal-preference groups to
1396	// partially respect the client's preferences when
1397	// \|SSL_OP_CIPHER_SERVER_PREFERENCE\| is enabled. Ciphers in an equal-preference
1398	// group have equal priority and use the client order. This may be used to
1399	// enforce that AEADs are preferred but select AES-GCM vs. ChaCha20-Poly1305
1400	// based on client preferences. An equal-preference is specified with square
1401	// brackets, combining multiple selectors separated by \|. For example:
1402	//
1403	// [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\|TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]
1404	//
1405	// Once an equal-preference group is used, future directives must be
1406	// opcode-less. Inside an equal-preference group, spaces are not allowed.
1407	//
1408	// TLS 1.3 ciphers do not participate in this mechanism and instead have a
1409	// built-in preference order. Functions to set cipher lists do not affect TLS
1410	// 1.3, and functions to query the cipher list do not include TLS 1.3
1411	// ciphers.
1412
1413	// SSL_DEFAULT_CIPHER_LIST is the default cipher suite configuration. It is
1414	// substituted when a cipher string starts with 'DEFAULT'.
1415	#define SSL_DEFAULT_CIPHER_LIST "ALL"
1416
1417	// SSL_CTX_set_strict_cipher_list configures the cipher list for \|ctx\|,
1418	// evaluating \|str\| as a cipher string and returning error if \|str\| contains
1419	// anything meaningless. It returns one on success and zero on failure.
1420	OPENSSL_EXPORT int SSL_CTX_set_strict_cipher_list(SSL_CTX *ctx,
1421	const char *str);
1422
1423	// SSL_CTX_set_cipher_list configures the cipher list for \|ctx\|, evaluating
1424	// \|str\| as a cipher string. It returns one on success and zero on failure.
1425	//
1426	// Prefer to use \|SSL_CTX_set_strict_cipher_list\|. This function tolerates
1427	// garbage inputs, unless an empty cipher list results.
1428	OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX ctx, const* char *str);
1429
1430	// SSL_set_strict_cipher_list configures the cipher list for \|ssl\|, evaluating
1431	// \|str\| as a cipher string and returning error if \|str\| contains anything
1432	// meaningless. It returns one on success and zero on failure.
1433	OPENSSL_EXPORT int SSL_set_strict_cipher_list(SSL ssl, const* char *str);
1434
1435	// SSL_set_cipher_list configures the cipher list for \|ssl\|, evaluating \|str\| as
1436	// a cipher string. It returns one on success and zero on failure.
1437	//
1438	// Prefer to use \|SSL_set_strict_cipher_list\|. This function tolerates garbage
1439	// inputs, unless an empty cipher list results.
1440	OPENSSL_EXPORT int SSL_set_cipher_list(SSL ssl, const* char *str);
1441
1442	// SSL_CTX_get_ciphers returns the cipher list for \|ctx\|, in order of
1443	// preference.
1444	OPENSSL_EXPORT STACK_OF(SSL_CIPHER) SSL_CTX_get_ciphers(const* SSL_CTX *ctx);
1445
1446	// SSL_CTX_cipher_in_group returns one if the \|i\|th cipher (see
1447	// \|SSL_CTX_get_ciphers\|) is in the same equipreference group as the one
1448	// following it and zero otherwise.
1449	OPENSSL_EXPORT int SSL_CTX_cipher_in_group(const SSL_CTX *ctx, size_t i);
1450
1451	// SSL_get_ciphers returns the cipher list for \|ssl\|, in order of preference.
1452	OPENSSL_EXPORT STACK_OF(SSL_CIPHER) SSL_get_ciphers(const* SSL *ssl);
1453
1454
1455	// Connection information.
1456
1457	// SSL_is_init_finished returns one if \|ssl\| has completed its initial handshake
1458	// and has no pending handshake. It returns zero otherwise.
1459	OPENSSL_EXPORT int SSL_is_init_finished(const SSL *ssl);
1460
1461	// SSL_in_init returns one if \|ssl\| has a pending handshake and zero
1462	// otherwise.
1463	OPENSSL_EXPORT int SSL_in_init(const SSL *ssl);
1464
1465	// SSL_in_false_start returns one if \|ssl\| has a pending handshake that is in
1466	// False Start. \|SSL_write\| may be called at this point without waiting for the
1467	// peer, but \|SSL_read\| will complete the handshake before accepting application
1468	// data.
1469	//
1470	// See also \|SSL_MODE_ENABLE_FALSE_START\|.
1471	OPENSSL_EXPORT int SSL_in_false_start(const SSL *ssl);
1472
1473	// SSL_get_peer_certificate returns the peer's leaf certificate or NULL if the
1474	// peer did not use certificates. The caller must call \|X509_free\| on the
1475	// result to release it.
1476	OPENSSL_EXPORT X509 SSL_get_peer_certificate(const* SSL *ssl);
1477
1478	// SSL_get_peer_cert_chain returns the peer's certificate chain or NULL if
1479	// unavailable or the peer did not use certificates. This is the unverified list
1480	// of certificates as sent by the peer, not the final chain built during
1481	// verification. The caller does not take ownership of the result.
1482	//
1483	// WARNING: This function behaves differently between client and server. If
1484	// \|ssl\| is a server, the returned chain does not include the leaf certificate.
1485	// If a client, it does.
1486	OPENSSL_EXPORT STACK_OF(X509) SSL_get_peer_cert_chain(const* SSL *ssl);
1487
1488	// SSL_get_peer_full_cert_chain returns the peer's certificate chain, or NULL if
1489	// unavailable or the peer did not use certificates. This is the unverified list
1490	// of certificates as sent by the peer, not the final chain built during
1491	// verification. The caller does not take ownership of the result.
1492	//
1493	// This is the same as \|SSL_get_peer_cert_chain\| except that this function
1494	// always returns the full chain, i.e. the first element of the return value
1495	// (if any) will be the leaf certificate. In constrast,
1496	// \|SSL_get_peer_cert_chain\| returns only the intermediate certificates if the
1497	// \|ssl\| is a server.
1498	OPENSSL_EXPORT STACK_OF(X509) SSL_get_peer_full_cert_chain(const* SSL *ssl);
1499
1500	// SSL_get0_peer_certificates returns the peer's certificate chain, or NULL if
1501	// unavailable or the peer did not use certificates. This is the unverified list
1502	// of certificates as sent by the peer, not the final chain built during
1503	// verification. The caller does not take ownership of the result.
1504	//
1505	// This is the \|CRYPTO_BUFFER\| variant of \|SSL_get_peer_full_cert_chain\|.
1506	OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
1507	SSL_get0_peer_certificates(const SSL *ssl);
1508
1509	// SSL_get0_signed_cert_timestamp_list sets \|out\| and \|out_len\| to point to
1510	// \|out_len\| bytes of SCT information from the server. This is only valid if*
1511	// \|ssl\| is a client. The SCT information is a SignedCertificateTimestampList
1512	// (including the two leading length bytes).
1513	// See https://tools.ietf.org/html/rfc6962#section-3.3
1514	// If no SCT was received then \|out_len\| will be zero on return.*
1515	//
1516	// WARNING: the returned data is not guaranteed to be well formed.
1517	OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl,
1518	const uint8_t **out,
1519	size_t *out_len);
1520
1521	// SSL_get0_ocsp_response sets \|out\| and \|out_len\| to point to \|out_len\|*
1522	// bytes of an OCSP response from the server. This is the DER encoding of an
1523	// OCSPResponse type as defined in RFC 2560.
1524	//
1525	// WARNING: the returned data is not guaranteed to be well formed.
1526	OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL ssl, const* uint8_t **out,
1527	size_t *out_len);
1528
1529	// SSL_get_tls_unique writes at most \|max_out\| bytes of the tls-unique value
1530	// for \|ssl\| to \|out\| and sets \|out_len\| to the number of bytes written. It*
1531	// returns one on success or zero on error. In general \|max_out\| should be at
1532	// least 12.
1533	//
1534	// This function will always fail if the initial handshake has not completed.
1535	// The tls-unique value will change after a renegotiation but, since
1536	// renegotiations can be initiated by the server at any point, the higher-level
1537	// protocol must either leave them disabled or define states in which the
1538	// tls-unique value can be read.
1539	//
1540	// The tls-unique value is defined by
1541	// https://tools.ietf.org/html/rfc5929#section-3.1. Due to a weakness in the
1542	// TLS protocol, tls-unique is broken for resumed connections unless the
1543	// Extended Master Secret extension is negotiated. Thus this function will
1544	// return zero if \|ssl\| performed session resumption unless EMS was used when
1545	// negotiating the original session.
1546	OPENSSL_EXPORT int SSL_get_tls_unique(const SSL ssl, uint8_t out,
1547	size_t *out_len, size_t max_out);
1548
1549	// SSL_get_extms_support returns one if the Extended Master Secret extension or
1550	// TLS 1.3 was negotiated. Otherwise, it returns zero.
1551	OPENSSL_EXPORT int SSL_get_extms_support(const SSL *ssl);
1552
1553	// SSL_get_current_cipher returns cipher suite used by \|ssl\|, or NULL if it has
1554	// not been negotiated yet.
1555	OPENSSL_EXPORT const SSL_CIPHER SSL_get_current_cipher(const* SSL *ssl);
1556
1557	// SSL_session_reused returns one if \|ssl\| performed an abbreviated handshake
1558	// and zero otherwise.
1559	//
1560	// TODO(davidben): Hammer down the semantics of this API while a handshake,
1561	// initial or renego, is in progress.
1562	OPENSSL_EXPORT int SSL_session_reused(const SSL *ssl);
1563
1564	// SSL_get_secure_renegotiation_support returns one if the peer supports secure
1565	// renegotiation (RFC 5746) or TLS 1.3. Otherwise, it returns zero.
1566	OPENSSL_EXPORT int SSL_get_secure_renegotiation_support(const SSL *ssl);
1567
1568	// SSL_export_keying_material exports a value derived from the master secret, as
1569	// specified in RFC 5705. It writes \|out_len\| bytes to \|out\| given a label and
1570	// optional context. (Since a zero length context is allowed, the \|use_context\|
1571	// flag controls whether a context is included.)
1572	//
1573	// It returns one on success and zero otherwise.
1574	OPENSSL_EXPORT int SSL_export_keying_material(
1575	SSL ssl, uint8_t out, size_t out_len, const char *label, size_t label_len,
1576	const uint8_t context, size_t context_len, int* use_context);
1577
1578
1579	// Sessions.
1580	//
1581	// An \|SSL_SESSION\| represents an SSL session that may be resumed in an
1582	// abbreviated handshake. It is reference-counted and immutable. Once
1583	// established, an \|SSL_SESSION\| may be shared by multiple \|SSL\| objects on
1584	// different threads and must not be modified.
1585
1586	DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1587
1588	// SSL_SESSION_new returns a newly-allocated blank \|SSL_SESSION\| or NULL on
1589	// error. This may be useful when writing tests but should otherwise not be
1590	// used.
1591	OPENSSL_EXPORT SSL_SESSION SSL_SESSION_new(const* SSL_CTX *ctx);
1592
1593	// SSL_SESSION_up_ref increments the reference count of \|session\| and returns
1594	// one.
1595	OPENSSL_EXPORT int SSL_SESSION_up_ref(SSL_SESSION *session);
1596
1597	// SSL_SESSION_free decrements the reference count of \|session\|. If it reaches
1598	// zero, all data referenced by \|session\| and \|session\| itself are released.
1599	OPENSSL_EXPORT void SSL_SESSION_free(SSL_SESSION *session);
1600
1601	// SSL_SESSION_to_bytes serializes \|in\| into a newly allocated buffer and sets
1602	// \|out_data\| to that buffer and \|out_len\| to its length. The caller takes
1603	// ownership of the buffer and must call \|OPENSSL_free\| when done. It returns
1604	// one on success and zero on error.
1605	OPENSSL_EXPORT int SSL_SESSION_to_bytes(const SSL_SESSION *in,
1606	uint8_t *out_data, size_t out_len);
1607
1608	// SSL_SESSION_to_bytes_for_ticket serializes \|in\|, but excludes the session
1609	// identification information, namely the session ID and ticket.
1610	OPENSSL_EXPORT int SSL_SESSION_to_bytes_for_ticket(const SSL_SESSION *in,
1611	uint8_t **out_data,
1612	size_t *out_len);
1613
1614	// SSL_SESSION_from_bytes parses \|in_len\| bytes from \|in\| as an SSL_SESSION. It
1615	// returns a newly-allocated \|SSL_SESSION\| on success or NULL on error.
1616	OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes(
1617	const uint8_t in, size_t in_len, const* SSL_CTX *ctx);
1618
1619	// SSL_SESSION_get_version returns a string describing the TLS or DTLS version
1620	// \|session\| was established at. For example, "TLSv1.2" or "DTLSv1".
1621	OPENSSL_EXPORT const char SSL_SESSION_get_version(const* SSL_SESSION *session);
1622
1623	// SSL_SESSION_get_protocol_version returns the TLS or DTLS version \|session\|
1624	// was established at.
1625	OPENSSL_EXPORT uint16_t
1626	SSL_SESSION_get_protocol_version(const SSL_SESSION *session);
1627
1628	// SSL_SESSION_set_protocol_version sets \|session\|'s TLS or DTLS version to
1629	// \|version\|. This may be useful when writing tests but should otherwise not be
1630	// used. It returns one on success and zero on error.
1631	OPENSSL_EXPORT int SSL_SESSION_set_protocol_version(SSL_SESSION *session,
1632	uint16_t version);
1633
1634	// SSL_MAX_SSL_SESSION_ID_LENGTH is the maximum length of an SSL session ID.
1635	#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
1636
1637	// SSL_SESSION_get_id returns a pointer to a buffer containing \|session\|'s
1638	// session ID and sets \|out_len\| to its length.*
1639	OPENSSL_EXPORT const uint8_t SSL_SESSION_get_id(const* SSL_SESSION *session,
1640	unsigned *out_len);
1641
1642	// SSL_SESSION_set1_id sets \|session\|'s session ID to \|sid\|, It returns one on
1643	// success and zero on error. This function may be useful in writing tests but
1644	// otherwise should not be used.
1645	OPENSSL_EXPORT int SSL_SESSION_set1_id(SSL_SESSION session, const* uint8_t *sid,
1646	size_t sid_len);
1647
1648	// SSL_SESSION_get_time returns the time at which \|session\| was established in
1649	// seconds since the UNIX epoch.
1650	OPENSSL_EXPORT uint64_t SSL_SESSION_get_time(const SSL_SESSION *session);
1651
1652	// SSL_SESSION_get_timeout returns the lifetime of \|session\| in seconds.
1653	OPENSSL_EXPORT uint32_t SSL_SESSION_get_timeout(const SSL_SESSION *session);
1654
1655	// SSL_SESSION_get0_peer returns the peer leaf certificate stored in
1656	// \|session\|.
1657	//
1658	// TODO(davidben): This should return a const X509 .*
1659	OPENSSL_EXPORT X509 SSL_SESSION_get0_peer(const* SSL_SESSION *session);
1660
1661	// SSL_SESSION_get0_peer_certificates returns the peer certificate chain stored
1662	// in \|session\|, or NULL if the peer did not use certificates. This is the
1663	// unverified list of certificates as sent by the peer, not the final chain
1664	// built during verification. The caller does not take ownership of the result.
1665	OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
1666	SSL_SESSION_get0_peer_certificates(const SSL_SESSION *session);
1667
1668	// SSL_SESSION_get0_signed_cert_timestamp_list sets \|out\| and \|out_len\| to
1669	// point to \|out_len\| bytes of SCT information stored in \|session\|. This is*
1670	// only valid for client sessions. The SCT information is a
1671	// SignedCertificateTimestampList (including the two leading length bytes). See
1672	// https://tools.ietf.org/html/rfc6962#section-3.3 If no SCT was received then
1673	// \|out_len\| will be zero on return.*
1674	//
1675	// WARNING: the returned data is not guaranteed to be well formed.
1676	OPENSSL_EXPORT void SSL_SESSION_get0_signed_cert_timestamp_list(
1677	const SSL_SESSION session, const* uint8_t *out, size_t out_len);
1678
1679	// SSL_SESSION_get0_ocsp_response sets \|out\| and \|out_len\| to point to
1680	// \|out_len\| bytes of an OCSP response from the server. This is the DER*
1681	// encoding of an OCSPResponse type as defined in RFC 2560.
1682	//
1683	// WARNING: the returned data is not guaranteed to be well formed.
1684	OPENSSL_EXPORT void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session,
1685	const uint8_t **out,
1686	size_t *out_len);
1687
1688	// SSL_MAX_MASTER_KEY_LENGTH is the maximum length of a master secret.
1689	#define SSL_MAX_MASTER_KEY_LENGTH 48
1690
1691	// SSL_SESSION_get_master_key writes up to \|max_out\| bytes of \|session\|'s master
1692	// secret to \|out\| and returns the number of bytes written. If \|max_out\| is
1693	// zero, it returns the size of the master secret.
1694	OPENSSL_EXPORT size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
1695	uint8_t *out, size_t max_out);
1696
1697	// SSL_SESSION_set_time sets \|session\|'s creation time to \|time\| and returns
1698	// \|time\|. This function may be useful in writing tests but otherwise should not
1699	// be used.
1700	OPENSSL_EXPORT uint64_t SSL_SESSION_set_time(SSL_SESSION *session,
1701	uint64_t time);
1702
1703	// SSL_SESSION_set_timeout sets \|session\|'s timeout to \|timeout\| and returns
1704	// one. This function may be useful in writing tests but otherwise should not
1705	// be used.
1706	OPENSSL_EXPORT uint32_t SSL_SESSION_set_timeout(SSL_SESSION *session,
1707	uint32_t timeout);
1708
1709	// SSL_SESSION_get0_id_context returns a pointer to a buffer containing
1710	// \|session\|'s session ID context (see \|SSL_CTX_set_session_id_context\|) and
1711	// sets \|out_len\| to its length.*
1712	OPENSSL_EXPORT const uint8_t *SSL_SESSION_get0_id_context(
1713	const SSL_SESSION session, unsigned* *out_len);
1714
1715	// SSL_SESSION_set1_id_context sets \|session\|'s session ID context (see
1716	// \|SSL_CTX_set_session_id_context\|) to \|sid_ctx\|. It returns one on success and
1717	// zero on error. This function may be useful in writing tests but otherwise
1718	// should not be used.
1719	OPENSSL_EXPORT int SSL_SESSION_set1_id_context(SSL_SESSION *session,
1720	const uint8_t *sid_ctx,
1721	size_t sid_ctx_len);
1722
1723	// SSL_SESSION_should_be_single_use returns one if \|session\| should be
1724	// single-use (TLS 1.3 and later) and zero otherwise.
1725	//
1726	// If this function returns one, clients retain multiple sessions and use each
1727	// only once. This prevents passive observers from correlating connections with
1728	// tickets. See RFC 8446, appendix C.4. If it returns zero, \|session\| cannot be
1729	// used without leaking a correlator.
1730	OPENSSL_EXPORT int SSL_SESSION_should_be_single_use(const SSL_SESSION *session);
1731
1732	// SSL_SESSION_is_resumable returns one if \|session\| is resumable and zero
1733	// otherwise.
1734	OPENSSL_EXPORT int SSL_SESSION_is_resumable(const SSL_SESSION *session);
1735
1736	// SSL_SESSION_has_ticket returns one if \|session\| has a ticket and zero
1737	// otherwise.
1738	OPENSSL_EXPORT int SSL_SESSION_has_ticket(const SSL_SESSION *session);
1739
1740	// SSL_SESSION_get0_ticket sets \|out_ticket\| and \|out_len\| to \|session\|'s
1741	// ticket, or NULL and zero if it does not have one. \|out_ticket\| may be NULL
1742	// if only the ticket length is needed.
1743	OPENSSL_EXPORT void SSL_SESSION_get0_ticket(const SSL_SESSION *session,
1744	const uint8_t **out_ticket,
1745	size_t *out_len);
1746
1747	// SSL_SESSION_set_ticket sets \|session\|'s ticket to \|ticket\|. It returns one on
1748	// success and zero on error. This function may be useful in writing tests but
1749	// otherwise should not be used.
1750	OPENSSL_EXPORT int SSL_SESSION_set_ticket(SSL_SESSION *session,
1751	const uint8_t *ticket,
1752	size_t ticket_len);
1753
1754	// SSL_SESSION_get_ticket_lifetime_hint returns ticket lifetime hint of
1755	// \|session\| in seconds or zero if none was set.
1756	OPENSSL_EXPORT uint32_t
1757	SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session);
1758
1759	// SSL_SESSION_get0_cipher returns the cipher negotiated by the connection which
1760	// established \|session\|.
1761	//
1762	// Note that, in TLS 1.3, there is no guarantee that resumptions with \|session\|
1763	// will use that cipher. Prefer calling \|SSL_get_current_cipher\| on the \|SSL\|
1764	// instead.
1765	OPENSSL_EXPORT const SSL_CIPHER *SSL_SESSION_get0_cipher(
1766	const SSL_SESSION *session);
1767
1768	// SSL_SESSION_has_peer_sha256 returns one if \|session\| has a SHA-256 hash of
1769	// the peer's certificate retained and zero if the peer did not present a
1770	// certificate or if this was not enabled when \|session\| was created. See also
1771	// \|SSL_CTX_set_retain_only_sha256_of_client_certs\|.
1772	OPENSSL_EXPORT int SSL_SESSION_has_peer_sha256(const SSL_SESSION *session);
1773
1774	// SSL_SESSION_get0_peer_sha256 sets \|out_ptr\| and \|out_len\| to the SHA-256
1775	// hash of the peer certificate retained in \|session\|, or NULL and zero if it
1776	// does not have one. See also \|SSL_CTX_set_retain_only_sha256_of_client_certs\|.
1777	OPENSSL_EXPORT void SSL_SESSION_get0_peer_sha256(const SSL_SESSION *session,
1778	const uint8_t **out_ptr,
1779	size_t *out_len);
1780
1781
1782	// Session caching.
1783	//
1784	// Session caching allows connections to be established more efficiently based
1785	// on saved parameters from a previous connection, called a session (see
1786	// \|SSL_SESSION\|). The client offers a saved session, using an opaque identifier
1787	// from a previous connection. The server may accept the session, if it has the
1788	// parameters available. Otherwise, it will decline and continue with a full
1789	// handshake.
1790	//
1791	// This requires both the client and the server to retain session state. A
1792	// client does so with a stateful session cache. A server may do the same or, if
1793	// supported by both sides, statelessly using session tickets. For more
1794	// information on the latter, see the next section.
1795	//
1796	// For a server, the library implements a built-in internal session cache as an
1797	// in-memory hash table. Servers may also use \|SSL_CTX_sess_set_get_cb\| and
1798	// \|SSL_CTX_sess_set_new_cb\| to implement a custom external session cache. In
1799	// particular, this may be used to share a session cache between multiple
1800	// servers in a large deployment. An external cache may be used in addition to
1801	// or instead of the internal one. Use \|SSL_CTX_set_session_cache_mode\| to
1802	// toggle the internal cache.
1803	//
1804	// For a client, the only option is an external session cache. Clients may use
1805	// \|SSL_CTX_sess_set_new_cb\| to register a callback for when new sessions are
1806	// available. These may be cached and, in subsequent compatible connections,
1807	// configured with \|SSL_set_session\|.
1808	//
1809	// Note that offering or accepting a session short-circuits certificate
1810	// verification and most parameter negotiation. Resuming sessions across
1811	// different contexts may result in security failures and surprising
1812	// behavior. For a typical client, this means sessions for different hosts must
1813	// be cached under different keys. A client that connects to the same host with,
1814	// e.g., different cipher suite settings or client certificates should also use
1815	// separate session caches between those contexts. Servers should also partition
1816	// session caches between SNI hosts with \|SSL_CTX_set_session_id_context\|.
1817	//
1818	// Note also, in TLS 1.2 and earlier, offering sessions allows passive observers
1819	// to correlate different client connections. TLS 1.3 and later fix this,
1820	// provided clients use sessions at most once. Session caches are managed by the
1821	// caller in BoringSSL, so this must be implemented externally. See
1822	// \|SSL_SESSION_should_be_single_use\| for details.
1823
1824	// SSL_SESS_CACHE_OFF disables all session caching.
1825	#define SSL_SESS_CACHE_OFF 0x0000
1826
1827	// SSL_SESS_CACHE_CLIENT enables session caching for a client. The internal
1828	// cache is never used on a client, so this only enables the callbacks.
1829	#define SSL_SESS_CACHE_CLIENT 0x0001
1830
1831	// SSL_SESS_CACHE_SERVER enables session caching for a server.
1832	#define SSL_SESS_CACHE_SERVER 0x0002
1833
1834	// SSL_SESS_CACHE_BOTH enables session caching for both client and server.
1835	#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT \| SSL_SESS_CACHE_SERVER)
1836
1837	// SSL_SESS_CACHE_NO_AUTO_CLEAR disables automatically calling
1838	// \|SSL_CTX_flush_sessions\| every 255 connections.
1839	#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
1840
1841	// SSL_SESS_CACHE_NO_INTERNAL_LOOKUP, on a server, disables looking up a session
1842	// from the internal session cache.
1843	#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
1844
1845	// SSL_SESS_CACHE_NO_INTERNAL_STORE, on a server, disables storing sessions in
1846	// the internal session cache.
1847	#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
1848
1849	// SSL_SESS_CACHE_NO_INTERNAL, on a server, disables the internal session
1850	// cache.
1851	#define SSL_SESS_CACHE_NO_INTERNAL \
1852	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP \| SSL_SESS_CACHE_NO_INTERNAL_STORE)
1853
1854	// SSL_CTX_set_session_cache_mode sets the session cache mode bits for \|ctx\| to
1855	// \|mode\|. It returns the previous value.
1856	OPENSSL_EXPORT int SSL_CTX_set_session_cache_mode(SSL_CTX ctx, int* mode);
1857
1858	// SSL_CTX_get_session_cache_mode returns the session cache mode bits for
1859	// \|ctx\|
1860	OPENSSL_EXPORT int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx);
1861
1862	// SSL_set_session, for a client, configures \|ssl\| to offer to resume \|session\|
1863	// in the initial handshake and returns one. The caller retains ownership of
1864	// \|session\|. Note that configuring a session assumes the authentication in the
1865	// session is valid. For callers that wish to revalidate the session before
1866	// offering, see \|SSL_SESSION_get0_peer_certificates\|,
1867	// \|SSL_SESSION_get0_signed_cert_timestamp_list\|, and
1868	// \|SSL_SESSION_get0_ocsp_response\|.
1869	//
1870	// It is an error to call this function after the handshake has begun.
1871	OPENSSL_EXPORT int SSL_set_session(SSL ssl, SSL_SESSION session);
1872
1873	// SSL_DEFAULT_SESSION_TIMEOUT is the default lifetime, in seconds, of a
1874	// session in TLS 1.2 or earlier. This is how long we are willing to use the
1875	// secret to encrypt traffic without fresh key material.
1876	#define SSL_DEFAULT_SESSION_TIMEOUT (2 * 60 * 60)
1877
1878	// SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT is the default lifetime, in seconds, of a
1879	// session for TLS 1.3 psk_dhe_ke. This is how long we are willing to use the
1880	// secret as an authenticator.
1881	#define SSL_DEFAULT_SESSION_PSK_DHE_TIMEOUT (2 * 24 * 60 * 60)
1882
1883	// SSL_DEFAULT_SESSION_AUTH_TIMEOUT is the default non-renewable lifetime, in
1884	// seconds, of a TLS 1.3 session. This is how long we are willing to trust the
1885	// signature in the initial handshake.
1886	#define SSL_DEFAULT_SESSION_AUTH_TIMEOUT (7 * 24 * 60 * 60)
1887
1888	// SSL_CTX_set_timeout sets the lifetime, in seconds, of TLS 1.2 (or earlier)
1889	// sessions created in \|ctx\| to \|timeout\|.
1890	OPENSSL_EXPORT uint32_t SSL_CTX_set_timeout(SSL_CTX *ctx, uint32_t timeout);
1891
1892	// SSL_CTX_set_session_psk_dhe_timeout sets the lifetime, in seconds, of TLS 1.3
1893	// sessions created in \|ctx\| to \|timeout\|.
1894	OPENSSL_EXPORT void SSL_CTX_set_session_psk_dhe_timeout(SSL_CTX *ctx,
1895	uint32_t timeout);
1896
1897	// SSL_CTX_get_timeout returns the lifetime, in seconds, of TLS 1.2 (or earlier)
1898	// sessions created in \|ctx\|.
1899	OPENSSL_EXPORT uint32_t SSL_CTX_get_timeout(const SSL_CTX *ctx);
1900
1901	// SSL_MAX_SID_CTX_LENGTH is the maximum length of a session ID context.
1902	#define SSL_MAX_SID_CTX_LENGTH 32
1903
1904	// SSL_CTX_set_session_id_context sets \|ctx\|'s session ID context to \|sid_ctx\|.
1905	// It returns one on success and zero on error. The session ID context is an
1906	// application-defined opaque byte string. A session will not be used in a
1907	// connection without a matching session ID context.
1908	//
1909	// For a server, if \|SSL_VERIFY_PEER\| is enabled, it is an error to not set a
1910	// session ID context.
1911	OPENSSL_EXPORT int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
1912	const uint8_t *sid_ctx,
1913	size_t sid_ctx_len);
1914
1915	// SSL_set_session_id_context sets \|ssl\|'s session ID context to \|sid_ctx\|. It
1916	// returns one on success and zero on error. See also
1917	// \|SSL_CTX_set_session_id_context\|.
1918	OPENSSL_EXPORT int SSL_set_session_id_context(SSL ssl, const* uint8_t *sid_ctx,
1919	size_t sid_ctx_len);
1920
1921	// SSL_get0_session_id_context returns a pointer to \|ssl\|'s session ID context
1922	// and sets \|out_len\| to its length. It returns NULL on error.*
1923	OPENSSL_EXPORT const uint8_t SSL_get0_session_id_context(const* SSL *ssl,
1924	size_t *out_len);
1925
1926	// SSL_SESSION_CACHE_MAX_SIZE_DEFAULT is the default maximum size of a session
1927	// cache.
1928	#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024 * 20)
1929
1930	// SSL_CTX_sess_set_cache_size sets the maximum size of \|ctx\|'s internal session
1931	// cache to \|size\|. It returns the previous value.
1932	OPENSSL_EXPORT unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,
1933	unsigned long size);
1934
1935	// SSL_CTX_sess_get_cache_size returns the maximum size of \|ctx\|'s internal
1936	// session cache.
1937	OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx);
1938
1939	// SSL_CTX_sess_number returns the number of sessions in \|ctx\|'s internal
1940	// session cache.
1941	OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx);
1942
1943	// SSL_CTX_add_session inserts \|session\| into \|ctx\|'s internal session cache. It
1944	// returns one on success and zero on error or if \|session\| is already in the
1945	// cache. The caller retains its reference to \|session\|.
1946	OPENSSL_EXPORT int SSL_CTX_add_session(SSL_CTX ctx, SSL_SESSION session);
1947
1948	// SSL_CTX_remove_session removes \|session\| from \|ctx\|'s internal session cache.
1949	// It returns one on success and zero if \|session\| was not in the cache.
1950	OPENSSL_EXPORT int SSL_CTX_remove_session(SSL_CTX ctx, SSL_SESSION session);
1951
1952	// SSL_CTX_flush_sessions removes all sessions from \|ctx\| which have expired as
1953	// of time \|time\|. If \|time\| is zero, all sessions are removed.
1954	OPENSSL_EXPORT void SSL_CTX_flush_sessions(SSL_CTX *ctx, uint64_t time);
1955
1956	// SSL_CTX_sess_set_new_cb sets the callback to be called when a new session is
1957	// established and ready to be cached. If the session cache is disabled (the
1958	// appropriate one of \|SSL_SESS_CACHE_CLIENT\| or \|SSL_SESS_CACHE_SERVER\| is
1959	// unset), the callback is not called.
1960	//
1961	// The callback is passed a reference to \|session\|. It returns one if it takes
1962	// ownership (and then calls \|SSL_SESSION_free\| when done) and zero otherwise. A
1963	// consumer which places \|session\| into an in-memory cache will likely return
1964	// one, with the cache calling \|SSL_SESSION_free\|. A consumer which serializes
1965	// \|session\| with \|SSL_SESSION_to_bytes\| may not need to retain \|session\| and
1966	// will likely return zero. Returning one is equivalent to calling
1967	// \|SSL_SESSION_up_ref\| and then returning zero.
1968	//
1969	// Note: For a client, the callback may be called on abbreviated handshakes if a
1970	// ticket is renewed. Further, it may not be called until some time after
1971	// \|SSL_do_handshake\| or \|SSL_connect\| completes if False Start is enabled. Thus
1972	// it's recommended to use this callback over calling \|SSL_get_session\| on
1973	// handshake completion.
1974	OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb(
1975	SSL_CTX ctx, int* (new_session_cb)(SSL ssl, SSL_SESSION *session));
1976
1977	// SSL_CTX_sess_get_new_cb returns the callback set by
1978	// \|SSL_CTX_sess_set_new_cb\|.
1979	OPENSSL_EXPORT int (SSL_CTX_sess_get_new_cb(SSL_CTX ctx))(
1980	SSL ssl, SSL_SESSION session);
1981
1982	// SSL_CTX_sess_set_remove_cb sets a callback which is called when a session is
1983	// removed from the internal session cache.
1984	//
1985	// TODO(davidben): What is the point of this callback? It seems useless since it
1986	// only fires on sessions in the internal cache.
1987	OPENSSL_EXPORT void SSL_CTX_sess_set_remove_cb(
1988	SSL_CTX *ctx,
1989	void (remove_session_cb)(SSL_CTX ctx, SSL_SESSION *session));
1990
1991	// SSL_CTX_sess_get_remove_cb returns the callback set by
1992	// \|SSL_CTX_sess_set_remove_cb\|.
1993	OPENSSL_EXPORT void (SSL_CTX_sess_get_remove_cb(SSL_CTX ctx))(
1994	SSL_CTX ctx, SSL_SESSION session);
1995
1996	// SSL_CTX_sess_set_get_cb sets a callback to look up a session by ID for a
1997	// server. The callback is passed the session ID and should return a matching
1998	// \|SSL_SESSION\| or NULL if not found. It should set \|out_copy\| to zero and*
1999	// return a new reference to the session. This callback is not used for a
2000	// client.
2001	//
2002	// For historical reasons, if \|out_copy\| is set to one (default), the SSL*
2003	// library will take a new reference to the returned \|SSL_SESSION\|, expecting
2004	// the callback to return a non-owning pointer. This is not recommended. If
2005	// \|ctx\| and thus the callback is used on multiple threads, the session may be
2006	// removed and invalidated before the SSL library calls \|SSL_SESSION_up_ref\|,
2007	// whereas the callback may synchronize internally.
2008	//
2009	// To look up a session asynchronously, the callback may return
2010	// \|SSL_magic_pending_session_ptr\|. See the documentation for that function and
2011	// \|SSL_ERROR_PENDING_SESSION\|.
2012	//
2013	// If the internal session cache is enabled, the callback is only consulted if
2014	// the internal cache does not return a match.
2015	OPENSSL_EXPORT void SSL_CTX_sess_set_get_cb(
2016	SSL_CTX ctx, SSL_SESSION (get_session_cb)(SSL ssl, const uint8_t *id,
2017	int id_len, int *out_copy));
2018
2019	// SSL_CTX_sess_get_get_cb returns the callback set by
2020	// \|SSL_CTX_sess_set_get_cb\|.
2021	OPENSSL_EXPORT SSL_SESSION (SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(
2022	SSL ssl, const* uint8_t id, int* id_len, int *out_copy);
2023
2024	// SSL_magic_pending_session_ptr returns a magic \|SSL_SESSION\| which indicates*
2025	// that the session isn't currently unavailable. \|SSL_get_error\| will then
2026	// return \|SSL_ERROR_PENDING_SESSION\| and the handshake can be retried later
2027	// when the lookup has completed.
2028	OPENSSL_EXPORT SSL_SESSION SSL_magic_pending_session_ptr(void*);
2029
2030
2031	// Session tickets.
2032	//
2033	// Session tickets, from RFC 5077, allow session resumption without server-side
2034	// state. The server maintains a secret ticket key and sends the client opaque
2035	// encrypted session parameters, called a ticket. When offering the session, the
2036	// client sends the ticket which the server decrypts to recover session state.
2037	// Session tickets are enabled by default but may be disabled with
2038	// \|SSL_OP_NO_TICKET\|.
2039	//
2040	// On the client, ticket-based sessions use the same APIs as ID-based tickets.
2041	// Callers do not need to handle them differently.
2042	//
2043	// On the server, tickets are encrypted and authenticated with a secret key.
2044	// By default, an \|SSL_CTX\| will manage session ticket encryption keys by
2045	// generating them internally and rotating every 48 hours. Tickets are minted
2046	// and processed transparently. The following functions may be used to configure
2047	// a persistent key or implement more custom behavior, including key rotation
2048	// and sharing keys between multiple servers in a large deployment. There are
2049	// three levels of customisation possible:
2050	//
2051	// 1) One can simply set the keys with \|SSL_CTX_set_tlsext_ticket_keys\|.
2052	// 2) One can configure an \|EVP_CIPHER_CTX\| and \|HMAC_CTX\| directly for
2053	// encryption and authentication.
2054	// 3) One can configure an \|SSL_TICKET_AEAD_METHOD\| to have more control
2055	// and the option of asynchronous decryption.
2056	//
2057	// An attacker that compromises a server's session ticket key can impersonate
2058	// the server and, prior to TLS 1.3, retroactively decrypt all application
2059	// traffic from sessions using that ticket key. Thus ticket keys must be
2060	// regularly rotated for forward secrecy. Note the default key is rotated
2061	// automatically once every 48 hours but manually configured keys are not.
2062
2063	// SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL is the interval with which the
2064	// default session ticket encryption key is rotated, if in use. If any
2065	// non-default ticket encryption mechanism is configured, automatic rotation is
2066	// disabled.
2067	#define SSL_DEFAULT_TICKET_KEY_ROTATION_INTERVAL (2 * 24 * 60 * 60)
2068
2069	// SSL_CTX_get_tlsext_ticket_keys writes \|ctx\|'s session ticket key material to
2070	// \|len\| bytes of \|out\|. It returns one on success and zero if \|len\| is not
2071	// 48. If \|out\| is NULL, it returns 48 instead.
2072	OPENSSL_EXPORT int SSL_CTX_get_tlsext_ticket_keys(SSL_CTX ctx, void* *out,
2073	size_t len);
2074
2075	// SSL_CTX_set_tlsext_ticket_keys sets \|ctx\|'s session ticket key material to
2076	// \|len\| bytes of \|in\|. It returns one on success and zero if \|len\| is not
2077	// 48. If \|in\| is NULL, it returns 48 instead.
2078	OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX ctx, const* void *in,
2079	size_t len);
2080
2081	// SSL_TICKET_KEY_NAME_LEN is the length of the key name prefix of a session
2082	// ticket.
2083	#define SSL_TICKET_KEY_NAME_LEN 16
2084
2085	// SSL_CTX_set_tlsext_ticket_key_cb sets the ticket callback to \|callback\| and
2086	// returns one. \|callback\| will be called when encrypting a new ticket and when
2087	// decrypting a ticket from the client.
2088	//
2089	// In both modes, \|ctx\| and \|hmac_ctx\| will already have been initialized with
2090	// \|EVP_CIPHER_CTX_init\| and \|HMAC_CTX_init\|, respectively. \|callback\|
2091	// configures \|hmac_ctx\| with an HMAC digest and key, and configures \|ctx\|
2092	// for encryption or decryption, based on the mode.
2093	//
2094	// When encrypting a new ticket, \|encrypt\| will be one. It writes a public
2095	// 16-byte key name to \|key_name\| and a fresh IV to \|iv\|. The output IV length
2096	// must match \|EVP_CIPHER_CTX_iv_length\| of the cipher selected. In this mode,
2097	// \|callback\| returns 1 on success and -1 on error.
2098	//
2099	// When decrypting a ticket, \|encrypt\| will be zero. \|key_name\| will point to a
2100	// 16-byte key name and \|iv\| points to an IV. The length of the IV consumed must
2101	// match \|EVP_CIPHER_CTX_iv_length\| of the cipher selected. In this mode,
2102	// \|callback\| returns -1 to abort the handshake, 0 if decrypting the ticket
2103	// failed, and 1 or 2 on success. If it returns 2, the ticket will be renewed.
2104	// This may be used to re-key the ticket.
2105	//
2106	// WARNING: \|callback\| wildly breaks the usual return value convention and is
2107	// called in two different modes.
2108	OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb(
2109	SSL_CTX ctx, int* (callback)(SSL ssl, uint8_t key_name, uint8_t iv,
2110	EVP_CIPHER_CTX ctx, HMAC_CTX hmac_ctx,
2111	int encrypt));
2112
2113	// ssl_ticket_aead_result_t enumerates the possible results from decrypting a
2114	// ticket with an \|SSL_TICKET_AEAD_METHOD\|.
2115	enum ssl_ticket_aead_result_t BORINGSSL_ENUM_INT {
2116	// ssl_ticket_aead_success indicates that the ticket was successfully
2117	// decrypted.
2118	ssl_ticket_aead_success,
2119	// ssl_ticket_aead_retry indicates that the operation could not be
2120	// immediately completed and must be reattempted, via \|open\|, at a later
2121	// point.
2122	ssl_ticket_aead_retry,
2123	// ssl_ticket_aead_ignore_ticket indicates that the ticket should be ignored
2124	// (i.e. is corrupt or otherwise undecryptable).
2125	ssl_ticket_aead_ignore_ticket,
2126	// ssl_ticket_aead_error indicates that a fatal error occured and the
2127	// handshake should be terminated.
2128	ssl_ticket_aead_error,
2129	};
2130
2131	// ssl_ticket_aead_method_st (aka \|SSL_TICKET_AEAD_METHOD\|) contains methods
2132	// for encrypting and decrypting session tickets.
2133	struct ssl_ticket_aead_method_st {
2134	// max_overhead returns the maximum number of bytes of overhead that \|seal\|
2135	// may add.
2136	size_t (max_overhead)(SSL ssl);
2137
2138	// seal encrypts and authenticates \|in_len\| bytes from \|in\|, writes, at most,
2139	// \|max_out_len\| bytes to \|out\|, and puts the number of bytes written in
2140	// \|out_len\|. The \|in\| and \|out\| buffers may be equal but will not otherwise*
2141	// alias. It returns one on success or zero on error.
2142	int (seal)(SSL ssl, uint8_t out, size_t out_len, size_t max_out_len,
2143	const uint8_t *in, size_t in_len);
2144
2145	// open authenticates and decrypts \|in_len\| bytes from \|in\|, writes, at most,
2146	// \|max_out_len\| bytes of plaintext to \|out\|, and puts the number of bytes
2147	// written in \|out_len\|. The \|in\| and \|out\| buffers may be equal but will*
2148	// not otherwise alias. See \|ssl_ticket_aead_result_t\| for details of the
2149	// return values. In the case that a retry is indicated, the caller should
2150	// arrange for the high-level operation on \|ssl\| to be retried when the
2151	// operation is completed, which will result in another call to \|open\|.
2152	enum ssl_ticket_aead_result_t (open)(SSL ssl, uint8_t out, size_t out_len,
2153	size_t max_out_len, const uint8_t *in,
2154	size_t in_len);
2155	};
2156
2157	// SSL_CTX_set_ticket_aead_method configures a custom ticket AEAD method table
2158	// on \|ctx\|. \|aead_method\| must remain valid for the lifetime of \|ctx\|.
2159	OPENSSL_EXPORT void SSL_CTX_set_ticket_aead_method(
2160	SSL_CTX ctx, const* SSL_TICKET_AEAD_METHOD *aead_method);
2161
2162
2163	// Elliptic curve Diffie-Hellman.
2164	//
2165	// Cipher suites using an ECDHE key exchange perform Diffie-Hellman over an
2166	// elliptic curve negotiated by both endpoints. See RFC 4492. Only named curves
2167	// are supported. ECDHE is always enabled, but the curve preferences may be
2168	// configured with these functions.
2169	//
2170	// Note that TLS 1.3 renames these from curves to groups. For consistency, we
2171	// currently use the TLS 1.2 name in the API.
2172
2173	// SSL_CTX_set1_curves sets the preferred curves for \|ctx\| to be \|curves\|. Each
2174	// element of \|curves\| should be a curve nid. It returns one on success and
2175	// zero on failure.
2176	//
2177	// Note that this API uses nid values from nid.h and not the \|SSL_CURVE_\|*
2178	// values defined below.
2179	OPENSSL_EXPORT int SSL_CTX_set1_curves(SSL_CTX ctx, const* int *curves,
2180	size_t curves_len);
2181
2182	// SSL_set1_curves sets the preferred curves for \|ssl\| to be \|curves\|. Each
2183	// element of \|curves\| should be a curve nid. It returns one on success and
2184	// zero on failure.
2185	//
2186	// Note that this API uses nid values from nid.h and not the \|SSL_CURVE_\|*
2187	// values defined below.
2188	OPENSSL_EXPORT int SSL_set1_curves(SSL ssl, const* int *curves,
2189	size_t curves_len);
2190
2191	// SSL_CTX_set1_curves_list sets the preferred curves for \|ctx\| to be the
2192	// colon-separated list \|curves\|. Each element of \|curves\| should be a curve
2193	// name (e.g. P-256, X25519, ...). It returns one on success and zero on
2194	// failure.
2195	OPENSSL_EXPORT int SSL_CTX_set1_curves_list(SSL_CTX ctx, const* char *curves);
2196
2197	// SSL_set1_curves_list sets the preferred curves for \|ssl\| to be the
2198	// colon-separated list \|curves\|. Each element of \|curves\| should be a curve
2199	// name (e.g. P-256, X25519, ...). It returns one on success and zero on
2200	// failure.
2201	OPENSSL_EXPORT int SSL_set1_curves_list(SSL ssl, const* char *curves);
2202
2203	// SSL_CURVE_ define TLS curve IDs.*
2204	#define SSL_CURVE_SECP224R1 21
2205	#define SSL_CURVE_SECP256R1 23
2206	#define SSL_CURVE_SECP384R1 24
2207	#define SSL_CURVE_SECP521R1 25
2208	#define SSL_CURVE_X25519 29
2209	#define SSL_CURVE_CECPQ2 16696
2210	#define SSL_CURVE_CECPQ2b 65074
2211
2212	// SSL_get_curve_id returns the ID of the curve used by \|ssl\|'s most recently
2213	// completed handshake or 0 if not applicable.
2214	//
2215	// TODO(davidben): This API currently does not work correctly if there is a
2216	// renegotiation in progress. Fix this.
2217	OPENSSL_EXPORT uint16_t SSL_get_curve_id(const SSL *ssl);
2218
2219	// SSL_get_curve_name returns a human-readable name for the curve specified by
2220	// the given TLS curve id, or NULL if the curve is unknown.
2221	OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id);
2222
2223
2224	// Certificate verification.
2225	//
2226	// SSL may authenticate either endpoint with an X.509 certificate. Typically
2227	// this is used to authenticate the server to the client. These functions
2228	// configure certificate verification.
2229	//
2230	// WARNING: By default, certificate verification errors on a client are not
2231	// fatal. See \|SSL_VERIFY_NONE\| This may be configured with
2232	// \|SSL_CTX_set_verify\|.
2233	//
2234	// By default clients are anonymous but a server may request a certificate from
2235	// the client by setting \|SSL_VERIFY_PEER\|.
2236	//
2237	// Many of these functions use OpenSSL's legacy X.509 stack which is
2238	// underdocumented and deprecated, but the replacement isn't ready yet. For
2239	// now, consumers may use the existing stack or bypass it by performing
2240	// certificate verification externally. This may be done with
2241	// \|SSL_CTX_set_cert_verify_callback\| or by extracting the chain with
2242	// \|SSL_get_peer_cert_chain\| after the handshake. In the future, functions will
2243	// be added to use the SSL stack without dependency on any part of the legacy
2244	// X.509 and ASN.1 stack.
2245	//
2246	// To augment certificate verification, a client may also enable OCSP stapling
2247	// (RFC 6066) and Certificate Transparency (RFC 6962) extensions.
2248
2249	// SSL_VERIFY_NONE, on a client, verifies the server certificate but does not
2250	// make errors fatal. The result may be checked with \|SSL_get_verify_result\|. On
2251	// a server it does not request a client certificate. This is the default.
2252	#define SSL_VERIFY_NONE 0x00
2253
2254	// SSL_VERIFY_PEER, on a client, makes server certificate errors fatal. On a
2255	// server it requests a client certificate and makes errors fatal. However,
2256	// anonymous clients are still allowed. See
2257	// \|SSL_VERIFY_FAIL_IF_NO_PEER_CERT\|.
2258	#define SSL_VERIFY_PEER 0x01
2259
2260	// SSL_VERIFY_FAIL_IF_NO_PEER_CERT configures a server to reject connections if
2261	// the client declines to send a certificate. This flag must be used together
2262	// with \|SSL_VERIFY_PEER\|, otherwise it won't work.
2263	#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
2264
2265	// SSL_VERIFY_PEER_IF_NO_OBC configures a server to request a client certificate
2266	// if and only if Channel ID is not negotiated.
2267	#define SSL_VERIFY_PEER_IF_NO_OBC 0x04
2268
2269	// SSL_CTX_set_verify configures certificate verification behavior. \|mode\| is
2270	// one of the \|SSL_VERIFY_\| values defined above. \|callback\|, if not NULL, is*
2271	// used to customize certificate verification. See the behavior of
2272	// \|X509_STORE_CTX_set_verify_cb\|.
2273	//
2274	// The callback may use \|SSL_get_ex_data_X509_STORE_CTX_idx\| with
2275	// \|X509_STORE_CTX_get_ex_data\| to look up the \|SSL\| from \|store_ctx\|.
2276	OPENSSL_EXPORT void SSL_CTX_set_verify(
2277	SSL_CTX ctx, int* mode, int (callback)(int* ok, X509_STORE_CTX *store_ctx));
2278
2279	// SSL_set_verify configures certificate verification behavior. \|mode\| is one of
2280	// the \|SSL_VERIFY_\| values defined above. \|callback\|, if not NULL, is used to*
2281	// customize certificate verification. See the behavior of
2282	// \|X509_STORE_CTX_set_verify_cb\|.
2283	//
2284	// The callback may use \|SSL_get_ex_data_X509_STORE_CTX_idx\| with
2285	// \|X509_STORE_CTX_get_ex_data\| to look up the \|SSL\| from \|store_ctx\|.
2286	OPENSSL_EXPORT void SSL_set_verify(SSL ssl, int* mode,
2287	int (callback)(int* ok,
2288	X509_STORE_CTX *store_ctx));
2289
2290	enum ssl_verify_result_t BORINGSSL_ENUM_INT {
2291	ssl_verify_ok,
2292	ssl_verify_invalid,
2293	ssl_verify_retry,
2294	};
2295
2296	// SSL_CTX_set_custom_verify configures certificate verification. \|mode\| is one
2297	// of the \|SSL_VERIFY_\| values defined above. \|callback\| performs the*
2298	// certificate verification.
2299	//
2300	// The callback may call \|SSL_get0_peer_certificates\| for the certificate chain
2301	// to validate. The callback should return \|ssl_verify_ok\| if the certificate is
2302	// valid. If the certificate is invalid, the callback should return
2303	// \|ssl_verify_invalid\| and optionally set \|out_alert\| to an alert to send to*
2304	// the peer. Some useful alerts include \|SSL_AD_CERTIFICATE_EXPIRED\|,
2305	// \|SSL_AD_CERTIFICATE_REVOKED\|, \|SSL_AD_UNKNOWN_CA\|, \|SSL_AD_BAD_CERTIFICATE\|,
2306	// \|SSL_AD_CERTIFICATE_UNKNOWN\|, and \|SSL_AD_INTERNAL_ERROR\|. See RFC 5246
2307	// section 7.2.2 for their precise meanings. If unspecified,
2308	// \|SSL_AD_CERTIFICATE_UNKNOWN\| will be sent by default.
2309	//
2310	// To verify a certificate asynchronously, the callback may return
2311	// \|ssl_verify_retry\|. The handshake will then pause with \|SSL_get_error\|
2312	// returning \|SSL_ERROR_WANT_CERTIFICATE_VERIFY\|.
2313	OPENSSL_EXPORT void SSL_CTX_set_custom_verify(
2314	SSL_CTX ctx, int* mode,
2315	enum ssl_verify_result_t (callback)(SSL ssl, uint8_t *out_alert));
2316
2317	// SSL_set_custom_verify behaves like \|SSL_CTX_set_custom_verify\| but configures
2318	// an individual \|SSL\|.
2319	OPENSSL_EXPORT void SSL_set_custom_verify(
2320	SSL ssl, int* mode,
2321	enum ssl_verify_result_t (callback)(SSL ssl, uint8_t *out_alert));
2322
2323	// SSL_CTX_get_verify_mode returns \|ctx\|'s verify mode, set by
2324	// \|SSL_CTX_set_verify\|.
2325	OPENSSL_EXPORT int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
2326
2327	// SSL_get_verify_mode returns \|ssl\|'s verify mode, set by \|SSL_CTX_set_verify\|
2328	// or \|SSL_set_verify\|. It returns -1 on error.
2329	OPENSSL_EXPORT int SSL_get_verify_mode(const SSL *ssl);
2330
2331	// SSL_CTX_get_verify_callback returns the callback set by
2332	// \|SSL_CTX_set_verify\|.
2333	OPENSSL_EXPORT int (SSL_CTX_get_verify_callback(const* SSL_CTX *ctx))(
2334	int ok, X509_STORE_CTX *store_ctx);
2335
2336	// SSL_get_verify_callback returns the callback set by \|SSL_CTX_set_verify\| or
2337	// \|SSL_set_verify\|.
2338	OPENSSL_EXPORT int (SSL_get_verify_callback(const* SSL *ssl))(
2339	int ok, X509_STORE_CTX *store_ctx);
2340
2341	// SSL_CTX_set_verify_depth sets the maximum depth of a certificate chain
2342	// accepted in verification. This number does not include the leaf, so a depth
2343	// of 1 allows the leaf and one CA certificate.
2344	OPENSSL_EXPORT void SSL_CTX_set_verify_depth(SSL_CTX ctx, int* depth);
2345
2346	// SSL_set_verify_depth sets the maximum depth of a certificate chain accepted
2347	// in verification. This number does not include the leaf, so a depth of 1
2348	// allows the leaf and one CA certificate.
2349	OPENSSL_EXPORT void SSL_set_verify_depth(SSL ssl, int* depth);
2350
2351	// SSL_CTX_get_verify_depth returns the maximum depth of a certificate accepted
2352	// in verification.
2353	OPENSSL_EXPORT int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
2354
2355	// SSL_get_verify_depth returns the maximum depth of a certificate accepted in
2356	// verification.
2357	OPENSSL_EXPORT int SSL_get_verify_depth(const SSL *ssl);
2358
2359	// SSL_CTX_set1_param sets verification parameters from \|param\|. It returns one
2360	// on success and zero on failure. The caller retains ownership of \|param\|.
2361	OPENSSL_EXPORT int SSL_CTX_set1_param(SSL_CTX *ctx,
2362	const X509_VERIFY_PARAM *param);
2363
2364	// SSL_set1_param sets verification parameters from \|param\|. It returns one on
2365	// success and zero on failure. The caller retains ownership of \|param\|.
2366	OPENSSL_EXPORT int SSL_set1_param(SSL *ssl,
2367	const X509_VERIFY_PARAM *param);
2368
2369	// SSL_CTX_get0_param returns \|ctx\|'s \|X509_VERIFY_PARAM\| for certificate
2370	// verification. The caller must not release the returned pointer but may call
2371	// functions on it to configure it.
2372	OPENSSL_EXPORT X509_VERIFY_PARAM SSL_CTX_get0_param(SSL_CTX ctx);
2373
2374	// SSL_get0_param returns \|ssl\|'s \|X509_VERIFY_PARAM\| for certificate
2375	// verification. The caller must not release the returned pointer but may call
2376	// functions on it to configure it.
2377	OPENSSL_EXPORT X509_VERIFY_PARAM SSL_get0_param(SSL ssl);
2378
2379	// SSL_CTX_set_purpose sets \|ctx\|'s \|X509_VERIFY_PARAM\|'s 'purpose' parameter to
2380	// \|purpose\|. It returns one on success and zero on error.
2381	OPENSSL_EXPORT int SSL_CTX_set_purpose(SSL_CTX ctx, int* purpose);
2382
2383	// SSL_set_purpose sets \|ssl\|'s \|X509_VERIFY_PARAM\|'s 'purpose' parameter to
2384	// \|purpose\|. It returns one on success and zero on error.
2385	OPENSSL_EXPORT int SSL_set_purpose(SSL ssl, int* purpose);
2386
2387	// SSL_CTX_set_trust sets \|ctx\|'s \|X509_VERIFY_PARAM\|'s 'trust' parameter to
2388	// \|trust\|. It returns one on success and zero on error.
2389	OPENSSL_EXPORT int SSL_CTX_set_trust(SSL_CTX ctx, int* trust);
2390
2391	// SSL_set_trust sets \|ssl\|'s \|X509_VERIFY_PARAM\|'s 'trust' parameter to
2392	// \|trust\|. It returns one on success and zero on error.
2393	OPENSSL_EXPORT int SSL_set_trust(SSL ssl, int* trust);
2394
2395	// SSL_CTX_set_cert_store sets \|ctx\|'s certificate store to \|store\|. It takes
2396	// ownership of \|store\|. The store is used for certificate verification.
2397	//
2398	// The store is also used for the auto-chaining feature, but this is deprecated.
2399	// See also \|SSL_MODE_NO_AUTO_CHAIN\|.
2400	OPENSSL_EXPORT void SSL_CTX_set_cert_store(SSL_CTX ctx, X509_STORE store);
2401
2402	// SSL_CTX_get_cert_store returns \|ctx\|'s certificate store.
2403	OPENSSL_EXPORT X509_STORE SSL_CTX_get_cert_store(const* SSL_CTX *ctx);
2404
2405	// SSL_CTX_set_default_verify_paths loads the OpenSSL system-default trust
2406	// anchors into \|ctx\|'s store. It returns one on success and zero on failure.
2407	OPENSSL_EXPORT int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
2408
2409	// SSL_CTX_load_verify_locations loads trust anchors into \|ctx\|'s store from
2410	// \|ca_file\| and \|ca_dir\|, either of which may be NULL. If \|ca_file\| is passed,
2411	// it is opened and PEM-encoded CA certificates are read. If \|ca_dir\| is passed,
2412	// it is treated as a directory in OpenSSL's hashed directory format. It returns
2413	// one on success and zero on failure.
2414	//
2415	// See
2416	// https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_load_verify_locations.html
2417	// for documentation on the directory format.
2418	OPENSSL_EXPORT int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
2419	const char *ca_file,
2420	const char *ca_dir);
2421
2422	// SSL_get_verify_result returns the result of certificate verification. It is
2423	// either \|X509_V_OK\| or a \|X509_V_ERR_\| value.*
2424	OPENSSL_EXPORT long SSL_get_verify_result(const SSL *ssl);
2425
2426	// SSL_alert_from_verify_result returns the SSL alert code, such as
2427	// \|SSL_AD_CERTIFICATE_EXPIRED\|, that corresponds to an \|X509_V_ERR_\| value.*
2428	// The return value is always an alert, even when \|result\| is \|X509_V_OK\|.
2429	OPENSSL_EXPORT int SSL_alert_from_verify_result(long result);
2430
2431	// SSL_get_ex_data_X509_STORE_CTX_idx returns the ex_data index used to look up
2432	// the \|SSL\| associated with an \|X509_STORE_CTX\| in the verify callback.
2433	OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void);
2434
2435	// SSL_CTX_set_cert_verify_callback sets a custom callback to be called on
2436	// certificate verification rather than \|X509_verify_cert\|. \|store_ctx\| contains
2437	// the verification parameters. The callback should return one on success and
2438	// zero on fatal error. It may use \|X509_STORE_CTX_set_error\| to set a
2439	// verification result.
2440	//
2441	// The callback may use \|SSL_get_ex_data_X509_STORE_CTX_idx\| to recover the
2442	// \|SSL\| object from \|store_ctx\|.
2443	OPENSSL_EXPORT void SSL_CTX_set_cert_verify_callback(
2444	SSL_CTX ctx, int* (callback)(X509_STORE_CTX store_ctx, void *arg),
2445	void *arg);
2446
2447	// SSL_enable_signed_cert_timestamps causes \|ssl\| (which must be the client end
2448	// of a connection) to request SCTs from the server. See
2449	// https://tools.ietf.org/html/rfc6962.
2450	//
2451	// Call \|SSL_get0_signed_cert_timestamp_list\| to recover the SCT after the
2452	// handshake.
2453	OPENSSL_EXPORT void SSL_enable_signed_cert_timestamps(SSL *ssl);
2454
2455	// SSL_CTX_enable_signed_cert_timestamps enables SCT requests on all client SSL
2456	// objects created from \|ctx\|.
2457	//
2458	// Call \|SSL_get0_signed_cert_timestamp_list\| to recover the SCT after the
2459	// handshake.
2460	OPENSSL_EXPORT void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx);
2461
2462	// SSL_enable_ocsp_stapling causes \|ssl\| (which must be the client end of a
2463	// connection) to request a stapled OCSP response from the server.
2464	//
2465	// Call \|SSL_get0_ocsp_response\| to recover the OCSP response after the
2466	// handshake.
2467	OPENSSL_EXPORT void SSL_enable_ocsp_stapling(SSL *ssl);
2468
2469	// SSL_CTX_enable_ocsp_stapling enables OCSP stapling on all client SSL objects
2470	// created from \|ctx\|.
2471	//
2472	// Call \|SSL_get0_ocsp_response\| to recover the OCSP response after the
2473	// handshake.
2474	OPENSSL_EXPORT void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx);
2475
2476	// SSL_CTX_set0_verify_cert_store sets an \|X509_STORE\| that will be used
2477	// exclusively for certificate verification and returns one. Ownership of
2478	// \|store\| is transferred to the \|SSL_CTX\|.
2479	OPENSSL_EXPORT int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx,
2480	X509_STORE *store);
2481
2482	// SSL_CTX_set1_verify_cert_store sets an \|X509_STORE\| that will be used
2483	// exclusively for certificate verification and returns one. An additional
2484	// reference to \|store\| will be taken.
2485	OPENSSL_EXPORT int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx,
2486	X509_STORE *store);
2487
2488	// SSL_set0_verify_cert_store sets an \|X509_STORE\| that will be used
2489	// exclusively for certificate verification and returns one. Ownership of
2490	// \|store\| is transferred to the \|SSL\|.
2491	OPENSSL_EXPORT int SSL_set0_verify_cert_store(SSL ssl, X509_STORE store);
2492
2493	// SSL_set1_verify_cert_store sets an \|X509_STORE\| that will be used
2494	// exclusively for certificate verification and returns one. An additional
2495	// reference to \|store\| will be taken.
2496	OPENSSL_EXPORT int SSL_set1_verify_cert_store(SSL ssl, X509_STORE store);
2497
2498	// SSL_CTX_set_ed25519_enabled configures whether \|ctx\| advertises support for
2499	// the Ed25519 signature algorithm when using the default preference list. It is
2500	// disabled by default and may be enabled if the certificate verifier supports
2501	// Ed25519.
2502	OPENSSL_EXPORT void SSL_CTX_set_ed25519_enabled(SSL_CTX ctx, int* enabled);
2503
2504	// SSL_CTX_set_rsa_pss_rsae_certs_enabled configures whether \|ctx\| advertises
2505	// support for rsa_pss_rsae_ signatures within the certificate chain. It is*
2506	// enabled by default but should be disabled if using a custom certificate
2507	// verifier which does not support RSA-PSS signatures.
2508	OPENSSL_EXPORT void SSL_CTX_set_rsa_pss_rsae_certs_enabled(SSL_CTX *ctx,
2509	int enabled);
2510
2511	// SSL_CTX_set_verify_algorithm_prefs configures \|ctx\| to use \|prefs\| as the
2512	// preference list when verifying signature's from the peer's long-term key. It
2513	// returns one on zero on error. \|prefs\| should not include the internal-only
2514	// value \|SSL_SIGN_RSA_PKCS1_MD5_SHA1\|.
2515	OPENSSL_EXPORT int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx,
2516	const uint16_t *prefs,
2517	size_t num_prefs);
2518
2519
2520	// Client certificate CA list.
2521	//
2522	// When requesting a client certificate, a server may advertise a list of
2523	// certificate authorities which are accepted. These functions may be used to
2524	// configure this list.
2525
2526	// SSL_set_client_CA_list sets \|ssl\|'s client certificate CA list to
2527	// \|name_list\|. It takes ownership of \|name_list\|.
2528	OPENSSL_EXPORT void SSL_set_client_CA_list(SSL *ssl,
2529	STACK_OF(X509_NAME) *name_list);
2530
2531	// SSL_CTX_set_client_CA_list sets \|ctx\|'s client certificate CA list to
2532	// \|name_list\|. It takes ownership of \|name_list\|.
2533	OPENSSL_EXPORT void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,
2534	STACK_OF(X509_NAME) *name_list);
2535
2536	// SSL_set0_client_CAs sets \|ssl\|'s client certificate CA list to \|name_list\|,
2537	// which should contain DER-encoded distinguished names (RFC 5280). It takes
2538	// ownership of \|name_list\|.
2539	OPENSSL_EXPORT void SSL_set0_client_CAs(SSL *ssl,
2540	STACK_OF(CRYPTO_BUFFER) *name_list);
2541
2542	// SSL_CTX_set0_client_CAs sets \|ctx\|'s client certificate CA list to
2543	// \|name_list\|, which should contain DER-encoded distinguished names (RFC 5280).
2544	// It takes ownership of \|name_list\|.
2545	OPENSSL_EXPORT void SSL_CTX_set0_client_CAs(SSL_CTX *ctx,
2546	STACK_OF(CRYPTO_BUFFER) *name_list);
2547
2548	// SSL_get_client_CA_list returns \|ssl\|'s client certificate CA list. If \|ssl\|
2549	// has not been configured as a client, this is the list configured by
2550	// \|SSL_CTX_set_client_CA_list\|.
2551	//
2552	// If configured as a client, it returns the client certificate CA list sent by
2553	// the server. In this mode, the behavior is undefined except during the
2554	// callbacks set by \|SSL_CTX_set_cert_cb\| and \|SSL_CTX_set_client_cert_cb\| or
2555	// when the handshake is paused because of them.
2556	OPENSSL_EXPORT STACK_OF(X509_NAME) SSL_get_client_CA_list(const* SSL *ssl);
2557
2558	// SSL_get0_server_requested_CAs returns the CAs sent by a server to guide a
2559	// client in certificate selection. They are a series of DER-encoded X.509
2560	// names. This function may only be called during a callback set by
2561	// \|SSL_CTX_set_cert_cb\| or when the handshake is paused because of it.
2562	//
2563	// The returned stack is owned by \|ssl\|, as are its contents. It should not be
2564	// used past the point where the handshake is restarted after the callback.
2565	OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
2566	SSL_get0_server_requested_CAs(const SSL *ssl);
2567
2568	// SSL_CTX_get_client_CA_list returns \|ctx\|'s client certificate CA list.
2569	OPENSSL_EXPORT STACK_OF(X509_NAME) *
2570	SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
2571
2572	// SSL_add_client_CA appends \|x509\|'s subject to the client certificate CA list.
2573	// It returns one on success or zero on error. The caller retains ownership of
2574	// \|x509\|.
2575	OPENSSL_EXPORT int SSL_add_client_CA(SSL ssl, X509 x509);
2576
2577	// SSL_CTX_add_client_CA appends \|x509\|'s subject to the client certificate CA
2578	// list. It returns one on success or zero on error. The caller retains
2579	// ownership of \|x509\|.
2580	OPENSSL_EXPORT int SSL_CTX_add_client_CA(SSL_CTX ctx, X509 x509);
2581
2582	// SSL_load_client_CA_file opens \|file\| and reads PEM-encoded certificates from
2583	// it. It returns a newly-allocated stack of the certificate subjects or NULL
2584	// on error.
2585	OPENSSL_EXPORT STACK_OF(X509_NAME) SSL_load_client_CA_file(const* char *file);
2586
2587	// SSL_dup_CA_list makes a deep copy of \|list\|. It returns the new list on
2588	// success or NULL on allocation error.
2589	OPENSSL_EXPORT STACK_OF(X509_NAME) SSL_dup_CA_list(STACK_OF(X509_NAME) list);
2590
2591	// SSL_add_file_cert_subjects_to_stack behaves like \|SSL_load_client_CA_file\|
2592	// but appends the result to \|out\|. It returns one on success or zero on
2593	// error.
2594	OPENSSL_EXPORT int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *out,
2595	const char *file);
2596
2597
2598	// Server name indication.
2599	//
2600	// The server_name extension (RFC 3546) allows the client to advertise the name
2601	// of the server it is connecting to. This is used in virtual hosting
2602	// deployments to select one of a several certificates on a single IP. Only the
2603	// host_name name type is supported.
2604
2605	#define TLSEXT_NAMETYPE_host_name 0
2606
2607	// SSL_set_tlsext_host_name, for a client, configures \|ssl\| to advertise \|name\|
2608	// in the server_name extension. It returns one on success and zero on error.
2609	OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL ssl, const* char *name);
2610
2611	// SSL_get_servername, for a server, returns the hostname supplied by the
2612	// client or NULL if there was none. The \|type\| argument must be
2613	// \|TLSEXT_NAMETYPE_host_name\|.
2614	OPENSSL_EXPORT const char SSL_get_servername(const* SSL ssl, const* int type);
2615
2616	// SSL_get_servername_type, for a server, returns \|TLSEXT_NAMETYPE_host_name\|
2617	// if the client sent a hostname and -1 otherwise.
2618	OPENSSL_EXPORT int SSL_get_servername_type(const SSL *ssl);
2619
2620	// SSL_CTX_set_tlsext_servername_callback configures \|callback\| to be called on
2621	// the server after ClientHello extensions have been parsed and returns one.
2622	// The callback may use \|SSL_get_servername\| to examine the server_name
2623	// extension and returns a \|SSL_TLSEXT_ERR_\| value. The value of \|arg\| may be*
2624	// set by calling \|SSL_CTX_set_tlsext_servername_arg\|.
2625	//
2626	// If the callback returns \|SSL_TLSEXT_ERR_NOACK\|, the server_name extension is
2627	// not acknowledged in the ServerHello. If the return value is
2628	// \|SSL_TLSEXT_ERR_ALERT_FATAL\|, then \|out_alert\| is the alert to send,*
2629	// defaulting to \|SSL_AD_UNRECOGNIZED_NAME\|. \|SSL_TLSEXT_ERR_ALERT_WARNING\| is
2630	// ignored and treated as \|SSL_TLSEXT_ERR_OK\|.
2631	OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback(
2632	SSL_CTX ctx, int* (callback)(SSL ssl, int out_alert, void* *arg));
2633
2634	// SSL_CTX_set_tlsext_servername_arg sets the argument to the servername
2635	// callback and returns one. See \|SSL_CTX_set_tlsext_servername_callback\|.
2636	OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX ctx, void* *arg);
2637
2638	// SSL_TLSEXT_ERR_ are values returned by some extension-related callbacks.*
2639	#define SSL_TLSEXT_ERR_OK 0
2640	#define SSL_TLSEXT_ERR_ALERT_WARNING 1
2641	#define SSL_TLSEXT_ERR_ALERT_FATAL 2
2642	#define SSL_TLSEXT_ERR_NOACK 3
2643
2644	// SSL_set_SSL_CTX changes \|ssl\|'s \|SSL_CTX\|. \|ssl\| will use the
2645	// certificate-related settings from \|ctx\|, and \|SSL_get_SSL_CTX\| will report
2646	// \|ctx\|. This function may be used during the callbacks registered by
2647	// \|SSL_CTX_set_select_certificate_cb\|,
2648	// \|SSL_CTX_set_tlsext_servername_callback\|, and \|SSL_CTX_set_cert_cb\| or when
2649	// the handshake is paused from them. It is typically used to switch
2650	// certificates based on SNI.
2651	//
2652	// Note the session cache and related settings will continue to use the initial
2653	// \|SSL_CTX\|. Callers should use \|SSL_CTX_set_session_id_context\| to partition
2654	// the session cache between different domains.
2655	//
2656	// TODO(davidben): Should other settings change after this call?
2657	OPENSSL_EXPORT SSL_CTX SSL_set_SSL_CTX(SSL ssl, SSL_CTX *ctx);
2658
2659
2660	// Application-layer protocol negotiation.
2661	//
2662	// The ALPN extension (RFC 7301) allows negotiating different application-layer
2663	// protocols over a single port. This is used, for example, to negotiate
2664	// HTTP/2.
2665
2666	// SSL_CTX_set_alpn_protos sets the client ALPN protocol list on \|ctx\| to
2667	// \|protos\|. \|protos\| must be in wire-format (i.e. a series of non-empty, 8-bit
2668	// length-prefixed strings). It returns zero on success and one on failure.
2669	// Configuring this list enables ALPN on a client.
2670	//
2671	// WARNING: this function is dangerous because it breaks the usual return value
2672	// convention.
2673	OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX ctx, const* uint8_t *protos,
2674	unsigned protos_len);
2675
2676	// SSL_set_alpn_protos sets the client ALPN protocol list on \|ssl\| to \|protos\|.
2677	// \|protos\| must be in wire-format (i.e. a series of non-empty, 8-bit
2678	// length-prefixed strings). It returns zero on success and one on failure.
2679	// Configuring this list enables ALPN on a client.
2680	//
2681	// WARNING: this function is dangerous because it breaks the usual return value
2682	// convention.
2683	OPENSSL_EXPORT int SSL_set_alpn_protos(SSL ssl, const* uint8_t *protos,
2684	unsigned protos_len);
2685
2686	// SSL_CTX_set_alpn_select_cb sets a callback function on \|ctx\| that is called
2687	// during ClientHello processing in order to select an ALPN protocol from the
2688	// client's list of offered protocols. Configuring this callback enables ALPN on
2689	// a server.
2690	//
2691	// The callback is passed a wire-format (i.e. a series of non-empty, 8-bit
2692	// length-prefixed strings) ALPN protocol list in \|in\|. It should set \|out\| and*
2693	// \|out_len\| to the selected protocol and return \|SSL_TLSEXT_ERR_OK\| on*
2694	// success. It does not pass ownership of the buffer. Otherwise, it should
2695	// return \|SSL_TLSEXT_ERR_NOACK\|. Other \|SSL_TLSEXT_ERR_\| values are*
2696	// unimplemented and will be treated as \|SSL_TLSEXT_ERR_NOACK\|.
2697	//
2698	// The cipher suite is selected before negotiating ALPN. The callback may use
2699	// \|SSL_get_pending_cipher\| to query the cipher suite.
2700	OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb(
2701	SSL_CTX ctx, int* (cb)(SSL ssl, const uint8_t *out, uint8_t out_len,
2702	const uint8_t in, unsigned* in_len, void *arg),
2703	void *arg);
2704
2705	// SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from \|ssl\|.
2706	// On return it sets \|out_data\| to point to \|out_len\| bytes of protocol name
2707	// (not including the leading length-prefix byte). If the server didn't respond
2708	// with a negotiated protocol then \|out_len\| will be zero.*
2709	OPENSSL_EXPORT void SSL_get0_alpn_selected(const SSL *ssl,
2710	const uint8_t **out_data,
2711	unsigned *out_len);
2712
2713	// SSL_CTX_set_allow_unknown_alpn_protos configures client connections on \|ctx\|
2714	// to allow unknown ALPN protocols from the server. Otherwise, by default, the
2715	// client will require that the protocol be advertised in
2716	// \|SSL_CTX_set_alpn_protos\|.
2717	OPENSSL_EXPORT void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx,
2718	int enabled);
2719
2720
2721	// Certificate compression.
2722	//
2723	// Certificates in TLS 1.3 can be compressed[1]. BoringSSL supports this as both
2724	// a client and a server, but does not link against any specific compression
2725	// libraries in order to keep dependencies to a minimum. Instead, hooks for
2726	// compression and decompression can be installed in an \|SSL_CTX\| to enable
2727	// support.
2728	//
2729	// [1] https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03.
2730
2731	// ssl_cert_compression_func_t is a pointer to a function that performs
2732	// compression. It must write the compressed representation of \|in\| to \|out\|,
2733	// returning one on success and zero on error. The results of compressing
2734	// certificates are not cached internally. Implementations may wish to implement
2735	// their own cache if they expect it to be useful given the certificates that
2736	// they serve.
2737	typedef int (ssl_cert_compression_func_t)(SSL ssl, CBB *out,
2738	const uint8_t *in, size_t in_len);
2739
2740	// ssl_cert_decompression_func_t is a pointer to a function that performs
2741	// decompression. The compressed data from the peer is passed as \|in\| and the
2742	// decompressed result must be exactly \|uncompressed_len\| bytes long. It returns
2743	// one on success, in which case \|out\| must be set to the result of*
2744	// decompressing \|in\|, or zero on error. Setting \|out\| transfers ownership,*
2745	// i.e. \|CRYPTO_BUFFER_free\| will be called on \|out\| at some point in the*
2746	// future. The results of decompressions are not cached internally.
2747	// Implementations may wish to implement their own cache if they expect it to be
2748	// useful.
2749	typedef int (ssl_cert_decompression_func_t)(SSL ssl, CRYPTO_BUFFER **out,
2750	size_t uncompressed_len,
2751	const uint8_t *in, size_t in_len);
2752
2753	// SSL_CTX_add_cert_compression_alg registers a certificate compression
2754	// algorithm on \|ctx\| with ID \|alg_id\|. (The value of \|alg_id\| should be an IANA
2755	// assigned value and each can only be registered once.)
2756	//
2757	// One of the function pointers may be NULL to avoid having to implement both
2758	// sides of a compression algorithm if you're only going to use it in one
2759	// direction. In this case, the unimplemented direction acts like it was never
2760	// configured.
2761	//
2762	// For a server, algorithms are registered in preference order with the most
2763	// preferable first. It returns one on success or zero on error.
2764	OPENSSL_EXPORT int SSL_CTX_add_cert_compression_alg(
2765	SSL_CTX *ctx, uint16_t alg_id, ssl_cert_compression_func_t compress,
2766	ssl_cert_decompression_func_t decompress);
2767
2768
2769	// Next protocol negotiation.
2770	//
2771	// The NPN extension (draft-agl-tls-nextprotoneg-03) is the predecessor to ALPN
2772	// and deprecated in favor of it.
2773
2774	// SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
2775	// TLS server needs a list of supported protocols for Next Protocol
2776	// Negotiation. The returned list must be in wire format. The list is returned
2777	// by setting \|out\| to point to it and \|out_len\| to its length. This memory
2778	// will not be modified, but one should assume that \|ssl\| keeps a reference to
2779	// it.
2780	//
2781	// The callback should return \|SSL_TLSEXT_ERR_OK\| if it wishes to advertise.
2782	// Otherwise, no such extension will be included in the ServerHello.
2783	OPENSSL_EXPORT void SSL_CTX_set_next_protos_advertised_cb(
2784	SSL_CTX *ctx,
2785	int (cb)(SSL ssl, const uint8_t *out, unsigned* out_len, void* *arg),
2786	void *arg);
2787
2788	// SSL_CTX_set_next_proto_select_cb sets a callback that is called when a client
2789	// needs to select a protocol from the server's provided list. \|out\| must be*
2790	// set to point to the selected protocol (which may be within \|in\|). The length
2791	// of the protocol name must be written into \|out_len\|. The server's advertised*
2792	// protocols are provided in \|in\| and \|in_len\|. The callback can assume that
2793	// \|in\| is syntactically valid.
2794	//
2795	// The client must select a protocol. It is fatal to the connection if this
2796	// callback returns a value other than \|SSL_TLSEXT_ERR_OK\|.
2797	//
2798	// Configuring this callback enables NPN on a client.
2799	OPENSSL_EXPORT void SSL_CTX_set_next_proto_select_cb(
2800	SSL_CTX ctx, int* (cb)(SSL ssl, uint8_t *out, uint8_t out_len,
2801	const uint8_t in, unsigned* in_len, void *arg),
2802	void *arg);
2803
2804	// SSL_get0_next_proto_negotiated sets \|out_data\| and \|out_len\| to point to
2805	// the client's requested protocol for this connection. If the client didn't
2806	// request any protocol, then \|out_data\| is set to NULL.*
2807	//
2808	// Note that the client can request any protocol it chooses. The value returned
2809	// from this function need not be a member of the list of supported protocols
2810	// provided by the server.
2811	OPENSSL_EXPORT void SSL_get0_next_proto_negotiated(const SSL *ssl,
2812	const uint8_t **out_data,
2813	unsigned *out_len);
2814
2815	// SSL_select_next_proto implements the standard protocol selection. It is
2816	// expected that this function is called from the callback set by
2817	// \|SSL_CTX_set_next_proto_select_cb\|.
2818	//
2819	// \|peer\| and \|supported\| must be vectors of 8-bit, length-prefixed byte strings
2820	// containing the peer and locally-configured protocols, respectively. The
2821	// length byte itself is not included in the length. A byte string of length 0
2822	// is invalid. No byte string may be truncated. \|supported\| is assumed to be
2823	// non-empty.
2824	//
2825	// This function finds the first protocol in \|peer\| which is also in
2826	// \|supported\|. If one was found, it sets \|out\| and \|out_len\| to point to it
2827	// and returns \|OPENSSL_NPN_NEGOTIATED\|. Otherwise, it returns
2828	// \|OPENSSL_NPN_NO_OVERLAP\| and sets \|out\| and \|out_len\| to the first
2829	// supported protocol.
2830	OPENSSL_EXPORT int SSL_select_next_proto(uint8_t *out, uint8_t out_len,
2831	const uint8_t peer, unsigned* peer_len,
2832	const uint8_t *supported,
2833	unsigned supported_len);
2834
2835	#define OPENSSL_NPN_UNSUPPORTED 0
2836	#define OPENSSL_NPN_NEGOTIATED 1
2837	#define OPENSSL_NPN_NO_OVERLAP 2
2838
2839
2840	// Channel ID.
2841	//
2842	// See draft-balfanz-tls-channelid-01.
2843
2844	// SSL_CTX_set_tls_channel_id_enabled configures whether connections associated
2845	// with \|ctx\| should enable Channel ID.
2846	OPENSSL_EXPORT void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx,
2847	int enabled);
2848
2849	// SSL_set_tls_channel_id_enabled configures whether \|ssl\| should enable Channel
2850	// ID.
2851	OPENSSL_EXPORT void SSL_set_tls_channel_id_enabled(SSL ssl, int* enabled);
2852
2853	// SSL_CTX_set1_tls_channel_id configures a TLS client to send a TLS Channel ID
2854	// to compatible servers. \|private_key\| must be a P-256 EC key. It returns one
2855	// on success and zero on error.
2856	OPENSSL_EXPORT int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx,
2857	EVP_PKEY *private_key);
2858
2859	// SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
2860	// compatible servers. \|private_key\| must be a P-256 EC key. It returns one on
2861	// success and zero on error.
2862	OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL ssl, EVP_PKEY private_key);
2863
2864	// SSL_get_tls_channel_id gets the client's TLS Channel ID from a server \|SSL\|*
2865	// and copies up to the first \|max_out\| bytes into \|out\|. The Channel ID
2866	// consists of the client's P-256 public key as an (x,y) pair where each is a
2867	// 32-byte, big-endian field element. It returns 0 if the client didn't offer a
2868	// Channel ID and the length of the complete Channel ID otherwise.
2869	OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL ssl, uint8_t out,
2870	size_t max_out);
2871
2872	// SSL_CTX_set_channel_id_cb sets a callback to be called when a TLS Channel ID
2873	// is requested. The callback may set \|out_pkey\| to a key, passing a reference*
2874	// to the caller. If none is returned, the handshake will pause and
2875	// \|SSL_get_error\| will return \|SSL_ERROR_WANT_CHANNEL_ID_LOOKUP\|.
2876	//
2877	// See also \|SSL_ERROR_WANT_CHANNEL_ID_LOOKUP\|.
2878	OPENSSL_EXPORT void SSL_CTX_set_channel_id_cb(
2879	SSL_CTX ctx, void* (channel_id_cb)(SSL ssl, EVP_PKEY **out_pkey));
2880
2881	// SSL_CTX_get_channel_id_cb returns the callback set by
2882	// \|SSL_CTX_set_channel_id_cb\|.
2883	OPENSSL_EXPORT void (SSL_CTX_get_channel_id_cb(SSL_CTX ctx))(
2884	SSL ssl, EVP_PKEY *out_pkey);
2885
2886
2887	// Token Binding.
2888	//
2889	// See draft-ietf-tokbind-protocol-16.
2890
2891	// SSL_set_token_binding_params sets \|params\| as the Token Binding Key
2892	// parameters (section 3 of draft-ietf-tokbind-protocol-16) to negotiate on the
2893	// connection. If this function is not called, or if \|len\| is 0, then this
2894	// endpoint will not attempt to negotiate Token Binding. \|params\| are provided
2895	// in preference order, with the more preferred parameters at the beginning of
2896	// the list. This function returns 1 on success and 0 on failure.
2897	OPENSSL_EXPORT int SSL_set_token_binding_params(SSL ssl, const* uint8_t *params,
2898	size_t len);
2899
2900	// SSL_is_token_binding_negotiated returns 1 if Token Binding was negotiated
2901	// on this connection and 0 otherwise. On a server, it is possible for this
2902	// function to return 1 when the client's view of the connection is that Token
2903	// Binding was not negotiated. This occurs when the server indicates a version
2904	// of Token Binding less than the client's minimum version.
2905	OPENSSL_EXPORT int SSL_is_token_binding_negotiated(const SSL *ssl);
2906
2907	// SSL_get_negotiated_token_binding_param returns the TokenBindingKeyParameters
2908	// enum value that was negotiated. It is only valid to call this function if
2909	// SSL_is_token_binding_negotiated returned 1, otherwise this function returns
2910	// an undefined value.
2911	OPENSSL_EXPORT uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl);
2912
2913
2914	// DTLS-SRTP.
2915	//
2916	// See RFC 5764.
2917
2918	// srtp_protection_profile_st (aka \|SRTP_PROTECTION_PROFILE\|) is an SRTP
2919	// profile for use with the use_srtp extension.
2920	struct srtp_protection_profile_st {
2921	const char *name;
2922	unsigned long id;
2923	} / SRTP_PROTECTION_PROFILE /;
2924
2925	DEFINE_CONST_STACK_OF(SRTP_PROTECTION_PROFILE)
2926
2927	// SRTP_ define constants for SRTP profiles.*
2928	#define SRTP_AES128_CM_SHA1_80 0x0001
2929	#define SRTP_AES128_CM_SHA1_32 0x0002
2930	#define SRTP_AES128_F8_SHA1_80 0x0003
2931	#define SRTP_AES128_F8_SHA1_32 0x0004
2932	#define SRTP_NULL_SHA1_80 0x0005
2933	#define SRTP_NULL_SHA1_32 0x0006
2934	#define SRTP_AEAD_AES_128_GCM 0x0007
2935	#define SRTP_AEAD_AES_256_GCM 0x0008
2936
2937	// SSL_CTX_set_srtp_profiles enables SRTP for all SSL objects created from
2938	// \|ctx\|. \|profile\| contains a colon-separated list of profile names. It returns
2939	// one on success and zero on failure.
2940	OPENSSL_EXPORT int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx,
2941	const char *profiles);
2942
2943	// SSL_set_srtp_profiles enables SRTP for \|ssl\|. \|profile\| contains a
2944	// colon-separated list of profile names. It returns one on success and zero on
2945	// failure.
2946	OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL ssl, const* char *profiles);
2947
2948	// SSL_get_srtp_profiles returns the SRTP profiles supported by \|ssl\|.
2949	OPENSSL_EXPORT STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(
2950	SSL *ssl);
2951
2952	// SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if
2953	// SRTP was not negotiated.
2954	OPENSSL_EXPORT const SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(
2955	SSL *ssl);
2956
2957
2958	// Pre-shared keys.
2959	//
2960	// Connections may be configured with PSK (Pre-Shared Key) cipher suites. These
2961	// authenticate using out-of-band pre-shared keys rather than certificates. See
2962	// RFC 4279.
2963	//
2964	// This implementation uses NUL-terminated C strings for identities and identity
2965	// hints, so values with a NUL character are not supported. (RFC 4279 does not
2966	// specify the format of an identity.)
2967
2968	// PSK_MAX_IDENTITY_LEN is the maximum supported length of a PSK identity,
2969	// excluding the NUL terminator.
2970	#define PSK_MAX_IDENTITY_LEN 128
2971
2972	// PSK_MAX_PSK_LEN is the maximum supported length of a pre-shared key.
2973	#define PSK_MAX_PSK_LEN 256
2974
2975	// SSL_CTX_set_psk_client_callback sets the callback to be called when PSK is
2976	// negotiated on the client. This callback must be set to enable PSK cipher
2977	// suites on the client.
2978	//
2979	// The callback is passed the identity hint in \|hint\| or NULL if none was
2980	// provided. It should select a PSK identity and write the identity and the
2981	// corresponding PSK to \|identity\| and \|psk\|, respectively. The identity is
2982	// written as a NUL-terminated C string of length (excluding the NUL terminator)
2983	// at most \|max_identity_len\|. The PSK's length must be at most \|max_psk_len\|.
2984	// The callback returns the length of the PSK or 0 if no suitable identity was
2985	// found.
2986	OPENSSL_EXPORT void SSL_CTX_set_psk_client_callback(
2987	SSL_CTX ctx, unsigned* (cb)(SSL ssl, const char hint, char* *identity,
2988	unsigned max_identity_len, uint8_t *psk,
2989	unsigned max_psk_len));
2990
2991	// SSL_set_psk_client_callback sets the callback to be called when PSK is
2992	// negotiated on the client. This callback must be set to enable PSK cipher
2993	// suites on the client. See also \|SSL_CTX_set_psk_client_callback\|.
2994	OPENSSL_EXPORT void SSL_set_psk_client_callback(
2995	SSL ssl, unsigned* (cb)(SSL ssl, const char hint, char* *identity,
2996	unsigned max_identity_len, uint8_t *psk,
2997	unsigned max_psk_len));
2998
2999	// SSL_CTX_set_psk_server_callback sets the callback to be called when PSK is
3000	// negotiated on the server. This callback must be set to enable PSK cipher
3001	// suites on the server.
3002	//
3003	// The callback is passed the identity in \|identity\|. It should write a PSK of
3004	// length at most \|max_psk_len\| to \|psk\| and return the number of bytes written
3005	// or zero if the PSK identity is unknown.
3006	OPENSSL_EXPORT void SSL_CTX_set_psk_server_callback(
3007	SSL_CTX ctx, unsigned* (cb)(SSL ssl, const char identity, uint8_t psk,
3008	unsigned max_psk_len));
3009
3010	// SSL_set_psk_server_callback sets the callback to be called when PSK is
3011	// negotiated on the server. This callback must be set to enable PSK cipher
3012	// suites on the server. See also \|SSL_CTX_set_psk_server_callback\|.
3013	OPENSSL_EXPORT void SSL_set_psk_server_callback(
3014	SSL ssl, unsigned* (cb)(SSL ssl, const char identity, uint8_t psk,
3015	unsigned max_psk_len));
3016
3017	// SSL_CTX_use_psk_identity_hint configures server connections to advertise an
3018	// identity hint of \|identity_hint\|. It returns one on success and zero on
3019	// error.
3020	OPENSSL_EXPORT int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx,
3021	const char *identity_hint);
3022
3023	// SSL_use_psk_identity_hint configures server connections to advertise an
3024	// identity hint of \|identity_hint\|. It returns one on success and zero on
3025	// error.
3026	OPENSSL_EXPORT int SSL_use_psk_identity_hint(SSL *ssl,
3027	const char *identity_hint);
3028
3029	// SSL_get_psk_identity_hint returns the PSK identity hint advertised for \|ssl\|
3030	// or NULL if there is none.
3031	OPENSSL_EXPORT const char SSL_get_psk_identity_hint(const* SSL *ssl);
3032
3033	// SSL_get_psk_identity, after the handshake completes, returns the PSK identity
3034	// that was negotiated by \|ssl\| or NULL if PSK was not used.
3035	OPENSSL_EXPORT const char SSL_get_psk_identity(const* SSL *ssl);
3036
3037
3038	// Post-quantum experiment signaling extension.
3039	//
3040	// * EXPERIMENTAL *
3041	//
3042	// In order to define a control group in an experiment of post-quantum key
3043	// agreements, clients and servers may send a non-IANA defined extension as a
3044	// signaling bit. These functions should not be used without explicit permission
3045	// from BoringSSL-team.
3046
3047	OPENSSL_EXPORT void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx);
3048	OPENSSL_EXPORT int SSL_pq_experiment_signal_seen(const SSL *ssl);
3049
3050
3051	// QUIC transport parameters.
3052	//
3053	// draft-ietf-quic-tls defines a new TLS extension quic_transport_parameters
3054	// used by QUIC for each endpoint to unilaterally declare its supported
3055	// transport parameters. draft-ietf-quic-transport (section 7.4) defines the
3056	// contents of that extension (a TransportParameters struct) and describes how
3057	// to handle it and its semantic meaning.
3058	//
3059	// BoringSSL handles this extension as an opaque byte string. The caller is
3060	// responsible for serializing and parsing it.
3061
3062	// SSL_set_quic_transport_params configures \|ssl\| to send \|params\| (of length
3063	// \|params_len\|) in the quic_transport_parameters extension in either the
3064	// ClientHello or EncryptedExtensions handshake message. This extension will
3065	// only be sent if the TLS version is at least 1.3, and for a server, only if
3066	// the client sent the extension. The buffer pointed to by \|params\| only need be
3067	// valid for the duration of the call to this function. This function returns 1
3068	// on success and 0 on failure.
3069	OPENSSL_EXPORT int SSL_set_quic_transport_params(SSL *ssl,
3070	const uint8_t *params,
3071	size_t params_len);
3072
3073	// SSL_get_peer_quic_transport_params provides the caller with the value of the
3074	// quic_transport_parameters extension sent by the peer. A pointer to the buffer
3075	// containing the TransportParameters will be put in \|out_params\|, and its*
3076	// length in \|params_len\|. This buffer will be valid for the lifetime of the*
3077	// \|SSL\|. If no params were received from the peer, \|out_params_len\| will be 0.*
3078	OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(const SSL *ssl,
3079	const uint8_t **out_params,
3080	size_t *out_params_len);
3081
3082
3083	// Delegated credentials.
3084	//
3085	// * EXPERIMENTAL — PRONE TO CHANGE *
3086	//
3087	// draft-ietf-tls-subcerts is a proposed extension for TLS 1.3 and above that
3088	// allows an end point to use its certificate to delegate credentials for
3089	// authentication. If the peer indicates support for this extension, then this
3090	// host may use a delegated credential to sign the handshake. Once issued,
3091	// credentials can't be revoked. In order to mitigate the damage in case the
3092	// credential secret key is compromised, the credential is only valid for a
3093	// short time (days, hours, or even minutes). This library implements draft-03
3094	// of the protocol spec.
3095	//
3096	// The extension ID has not been assigned; we're using 0xff02 for the time
3097	// being. Currently only the server side is implemented.
3098	//
3099	// Servers configure a DC for use in the handshake via
3100	// \|SSL_set1_delegated_credential\|. It must be signed by the host's end-entity
3101	// certificate as defined in draft-ietf-tls-subcerts-03.
3102
3103	// SSL_set1_delegated_credential configures the delegated credential (DC) that
3104	// will be sent to the peer for the current connection. \|dc\| is the DC in wire
3105	// format, and \|pkey\| or \|key_method\| is the corresponding private key.
3106	// Currently (as of draft-03), only servers may configure a DC to use in the
3107	// handshake.
3108	//
3109	// The DC will only be used if the protocol version is correct and the signature
3110	// scheme is supported by the peer. If not, the DC will not be negotiated and
3111	// the handshake will use the private key (or private key method) associated
3112	// with the certificate.
3113	OPENSSL_EXPORT int SSL_set1_delegated_credential(
3114	SSL ssl, CRYPTO_BUFFER dc, EVP_PKEY *pkey,
3115	const SSL_PRIVATE_KEY_METHOD *key_method);
3116
3117	// SSL_delegated_credential_used returns one if a delegated credential was used
3118	// and zero otherwise.
3119	OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
3120
3121
3122	// QUIC integration.
3123	//
3124	// QUIC acts as an underlying transport for the TLS 1.3 handshake. The following
3125	// functions allow a QUIC implementation to serve as the underlying transport as
3126	// described in draft-ietf-quic-tls.
3127	//
3128	// When configured for QUIC, \|SSL_do_handshake\| will drive the handshake as
3129	// before, but it will not use the configured \|BIO\|. It will call functions on
3130	// \|SSL_QUIC_METHOD\| to configure secrets and send data. If data is needed from
3131	// the peer, it will return \|SSL_ERROR_WANT_READ\|. When received, the caller
3132	// should call \|SSL_provide_quic_data\| and then \|SSL_do_handshake\| to continue
3133	// the handshake. After the handshake is complete, the caller should call
3134	// \|SSL_provide_quic_data\| for any post-handshake data, followed by
3135	// \|SSL_process_quic_post_handshake\| to process it. It is an error to call
3136	// \|SSL_read\| and \|SSL_write\| in QUIC.
3137	//
3138	// Note that secrets for an encryption level may be available to QUIC before the
3139	// level is active in TLS. Callers should use \|SSL_quic_read_level\| to determine
3140	// the active read level for \|SSL_provide_quic_data\|. \|SSL_do_handshake\| will
3141	// pass the active write level to \|SSL_QUIC_METHOD\| when writing data. Callers
3142	// can use \|SSL_quic_write_level\| to query the active write level when
3143	// generating their own errors.
3144	//
3145	// See https://tools.ietf.org/html/draft-ietf-quic-tls-15#section-4.1 for more
3146	// details.
3147	//
3148	// To avoid DoS attacks, the QUIC implementation must limit the amount of data
3149	// being queued up. The implementation can call
3150	// \|SSL_quic_max_handshake_flight_len\| to get the maximum buffer length at each
3151	// encryption level.
3152	//
3153	// Note: 0-RTT is not currently supported via this API.
3154
3155	// ssl_encryption_level_t represents a specific QUIC encryption level used to
3156	// transmit handshake messages.
3157	enum ssl_encryption_level_t BORINGSSL_ENUM_INT {
3158	ssl_encryption_initial = `0`,
3159	ssl_encryption_early_data,
3160	ssl_encryption_handshake,
3161	ssl_encryption_application,
3162	};
3163
3164	// ssl_quic_method_st (aka \|SSL_QUIC_METHOD\|) describes custom QUIC hooks.
3165	struct ssl_quic_method_st {
3166	// set_encryption_secrets configures the read and write secrets for the given
3167	// encryption level. This function will always be called before an encryption
3168	// level other than \|ssl_encryption_initial\| is used. Note, however, that
3169	// secrets for a level may be configured before TLS is ready to send or accept
3170	// data at that level.
3171	//
3172	// When reading packets at a given level, the QUIC implementation must send
3173	// ACKs at the same level, so this function provides read and write secrets
3174	// together. The exception is \|ssl_encryption_early_data\|, where secrets are
3175	// only available in the client to server direction. The other secret will be
3176	// NULL. The server acknowledges such data at \|ssl_encryption_application\|,
3177	// which will be configured in the same \|SSL_do_handshake\| call.
3178	//
3179	// This function should use \|SSL_get_current_cipher\| to determine the TLS
3180	// cipher suite.
3181	//
3182	// It returns one on success and zero on error.
3183	int (set_encryption_secrets)(SSL ssl, enum ssl_encryption_level_t level,
3184	const uint8_t *read_secret,
3185	const uint8_t *write_secret, size_t secret_len);
3186	// add_handshake_data adds handshake data to the current flight at the given
3187	// encryption level. It returns one on success and zero on error.
3188	//
3189	// BoringSSL will pack data from a single encryption level together, but a
3190	// single handshake flight may include multiple encryption levels. Callers
3191	// should defer writing data to the network until \|flush_flight\| to better
3192	// pack QUIC packets into transport datagrams.
3193	int (add_handshake_data)(SSL ssl, enum ssl_encryption_level_t level,
3194	const uint8_t *data, size_t len);
3195	// flush_flight is called when the current flight is complete and should be
3196	// written to the transport. Note a flight may contain data at several
3197	// encryption levels. It returns one on success and zero on error.
3198	int (flush_flight)(SSL ssl);
3199	// send_alert sends a fatal alert at the specified encryption level. It
3200	// returns one on success and zero on error.
3201	int (send_alert)(SSL ssl, enum ssl_encryption_level_t level, uint8_t alert);
3202	};
3203
3204	// SSL_quic_max_handshake_flight_len returns returns the maximum number of bytes
3205	// that may be received at the given encryption level. This function should be
3206	// used to limit buffering in the QUIC implementation.
3207	//
3208	// See https://tools.ietf.org/html/draft-ietf-quic-transport-16#section-4.4.
3209	OPENSSL_EXPORT size_t SSL_quic_max_handshake_flight_len(
3210	const SSL ssl, enum* ssl_encryption_level_t level);
3211
3212	// SSL_quic_read_level returns the current read encryption level.
3213	OPENSSL_EXPORT enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl);
3214
3215	// SSL_quic_write_level returns the current write encryption level.
3216	OPENSSL_EXPORT enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl);
3217
3218	// SSL_provide_quic_data provides data from QUIC at a particular encryption
3219	// level \|level\|. It is an error to call this function outside of the handshake
3220	// or with an encryption level other than the current read level. It returns one
3221	// on success and zero on error.
3222	OPENSSL_EXPORT int SSL_provide_quic_data(SSL *ssl,
3223	enum ssl_encryption_level_t level,
3224	const uint8_t *data, size_t len);
3225
3226
3227	// SSL_process_quic_post_handshake processes any data that QUIC has provided
3228	// after the handshake has completed. This includes NewSessionTicket messages
3229	// sent by the server. It returns one on success and zero on error.
3230	OPENSSL_EXPORT int SSL_process_quic_post_handshake(SSL *ssl);
3231
3232	// SSL_CTX_set_quic_method configures the QUIC hooks. This should only be
3233	// configured with a minimum version of TLS 1.3. \|quic_method\| must remain valid
3234	// for the lifetime of \|ctx\|. It returns one on success and zero on error.
3235	OPENSSL_EXPORT int SSL_CTX_set_quic_method(SSL_CTX *ctx,
3236	const SSL_QUIC_METHOD *quic_method);
3237
3238	// SSL_set_quic_method configures the QUIC hooks. This should only be
3239	// configured with a minimum version of TLS 1.3. \|quic_method\| must remain valid
3240	// for the lifetime of \|ssl\|. It returns one on success and zero on error.
3241	OPENSSL_EXPORT int SSL_set_quic_method(SSL *ssl,
3242	const SSL_QUIC_METHOD *quic_method);
3243
3244
3245	// Early data.
3246	//
3247	// WARNING: 0-RTT support in BoringSSL is currently experimental and not fully
3248	// implemented. It may cause interoperability or security failures when used.
3249	//
3250	// Early data, or 0-RTT, is a feature in TLS 1.3 which allows clients to send
3251	// data on the first flight during a resumption handshake. This can save a
3252	// round-trip in some application protocols.
3253	//
3254	// WARNING: A 0-RTT handshake has different security properties from normal
3255	// handshake, so it is off by default unless opted in. In particular, early data
3256	// is replayable by a network attacker. Callers must account for this when
3257	// sending or processing data before the handshake is confirmed. See RFC 8446
3258	// for more information.
3259	//
3260	// As a server, if early data is accepted, \|SSL_do_handshake\| will complete as
3261	// soon as the ClientHello is processed and server flight sent. \|SSL_write\| may
3262	// be used to send half-RTT data. \|SSL_read\| will consume early data and
3263	// transition to 1-RTT data as appropriate. Prior to the transition,
3264	// \|SSL_in_init\| will report the handshake is still in progress. Callers may use
3265	// it or \|SSL_in_early_data\| to defer or reject requests as needed.
3266	//
3267	// Early data as a client is more complex. If the offered session (see
3268	// \|SSL_set_session\|) is 0-RTT-capable, the handshake will return after sending
3269	// the ClientHello. The predicted peer certificates and ALPN protocol will be
3270	// available via the usual APIs. \|SSL_write\| will write early data, up to the
3271	// session's limit. Writes past this limit and \|SSL_read\| will complete the
3272	// handshake before continuing. Callers may also call \|SSL_do_handshake\| again
3273	// to complete the handshake sooner.
3274	//
3275	// If the server accepts early data, the handshake will succeed. \|SSL_read\| and
3276	// \|SSL_write\| will then act as in a 1-RTT handshake. The peer certificates and
3277	// ALPN protocol will be as predicted and need not be re-queried.
3278	//
3279	// If the server rejects early data, \|SSL_do_handshake\| (and thus \|SSL_read\| and
3280	// \|SSL_write\|) will then fail with \|SSL_get_error\| returning
3281	// \|SSL_ERROR_EARLY_DATA_REJECTED\|. The caller should treat this as a connection
3282	// error and most likely perform a high-level retry. Note the server may still
3283	// have processed the early data due to attacker replays.
3284	//
3285	// To then continue the handshake on the original connection, use
3286	// \|SSL_reset_early_data_reject\|. The connection will then behave as one which
3287	// had not yet completed the handshake. This allows a faster retry than making a
3288	// fresh connection. \|SSL_do_handshake\| will complete the full handshake,
3289	// possibly resulting in different peer certificates, ALPN protocol, and other
3290	// properties. The caller must disregard any values from before the reset and
3291	// query again.
3292	//
3293	// Finally, to implement the fallback described in RFC 8446 appendix D.3, retry
3294	// on a fresh connection without 0-RTT if the handshake fails with
3295	// \|SSL_R_WRONG_VERSION_ON_EARLY_DATA\|.
3296
3297	// SSL_CTX_set_early_data_enabled sets whether early data is allowed to be used
3298	// with resumptions using \|ctx\|.
3299	OPENSSL_EXPORT void SSL_CTX_set_early_data_enabled(SSL_CTX ctx, int* enabled);
3300
3301	// SSL_set_early_data_enabled sets whether early data is allowed to be used
3302	// with resumptions using \|ssl\|. See \|SSL_CTX_set_early_data_enabled\| for more
3303	// information.
3304	OPENSSL_EXPORT void SSL_set_early_data_enabled(SSL ssl, int* enabled);
3305
3306	// SSL_in_early_data returns one if \|ssl\| has a pending handshake that has
3307	// progressed enough to send or receive early data. Clients may call \|SSL_write\|
3308	// to send early data, but \|SSL_read\| will complete the handshake before
3309	// accepting application data. Servers may call \|SSL_read\| to read early data
3310	// and \|SSL_write\| to send half-RTT data.
3311	OPENSSL_EXPORT int SSL_in_early_data(const SSL *ssl);
3312
3313	// SSL_SESSION_early_data_capable returns whether early data would have been
3314	// attempted with \|session\| if enabled.
3315	OPENSSL_EXPORT int SSL_SESSION_early_data_capable(const SSL_SESSION *session);
3316
3317	// SSL_early_data_accepted returns whether early data was accepted on the
3318	// handshake performed by \|ssl\|.
3319	OPENSSL_EXPORT int SSL_early_data_accepted(const SSL *ssl);
3320
3321	// SSL_reset_early_data_reject resets \|ssl\| after an early data reject. All
3322	// 0-RTT state is discarded, including any pending \|SSL_write\| calls. The caller
3323	// should treat \|ssl\| as a logically fresh connection, usually by driving the
3324	// handshake to completion using \|SSL_do_handshake\|.
3325	//
3326	// It is an error to call this function on an \|SSL\| object that is not signaling
3327	// \|SSL_ERROR_EARLY_DATA_REJECTED\|.
3328	OPENSSL_EXPORT void SSL_reset_early_data_reject(SSL *ssl);
3329
3330	// SSL_export_early_keying_material behaves like \|SSL_export_keying_material\|,
3331	// but it uses the early exporter. The operation will fail if \|ssl\| did not
3332	// negotiate TLS 1.3 or 0-RTT.
3333	OPENSSL_EXPORT int SSL_export_early_keying_material(
3334	SSL ssl, uint8_t out, size_t out_len, const char *label, size_t label_len,
3335	const uint8_t *context, size_t context_len);
3336
3337	// SSL_get_ticket_age_skew returns the difference, in seconds, between the
3338	// client-sent ticket age and the server-computed value in TLS 1.3 server
3339	// connections which resumed a session.
3340	OPENSSL_EXPORT int32_t SSL_get_ticket_age_skew(const SSL *ssl);
3341
3342	enum ssl_early_data_reason_t BORINGSSL_ENUM_INT {
3343	// The handshake has not progressed far enough for the 0-RTT status to be
3344	// known.
3345	ssl_early_data_unknown,
3346	// 0-RTT is disabled for this connection.
3347	ssl_early_data_disabled,
3348	// 0-RTT was accepted.
3349	ssl_early_data_accepted,
3350	// The negotiated protocol version does not support 0-RTT.
3351	ssl_early_data_protocol_version,
3352	// The peer declined to offer or accept 0-RTT for an unknown reason.
3353	ssl_early_data_peer_declined,
3354	// The client did not offer a session.
3355	ssl_early_data_no_session_offered,
3356	// The server declined to resume the session.
3357	ssl_early_data_session_not_resumed,
3358	// The session does not support 0-RTT.
3359	ssl_early_data_unsupported_for_session,
3360	// The server sent a HelloRetryRequest.
3361	ssl_early_data_hello_retry_request,
3362	// The negotiated ALPN protocol did not match the session.
3363	ssl_early_data_alpn_mismatch,
3364	// The connection negotiated Channel ID, which is incompatible with 0-RTT.
3365	ssl_early_data_channel_id,
3366	// The connection negotiated token binding, which is incompatible with 0-RTT.
3367	ssl_early_data_token_binding,
3368	// The client and server ticket age were too far apart.
3369	ssl_early_data_ticket_age_skew,
3370	};
3371
3372	// SSL_get_early_data_reason returns details why 0-RTT was accepted or rejected
3373	// on \|ssl\|. This is primarily useful on the server.
3374	OPENSSL_EXPORT enum ssl_early_data_reason_t SSL_get_early_data_reason(
3375	const SSL *ssl);
3376
3377
3378	// Alerts.
3379	//
3380	// TLS uses alerts to signal error conditions. Alerts have a type (warning or
3381	// fatal) and description. OpenSSL internally handles fatal alerts with
3382	// dedicated error codes (see \|SSL_AD_REASON_OFFSET\|). Except for close_notify,
3383	// warning alerts are silently ignored and may only be surfaced with
3384	// \|SSL_CTX_set_info_callback\|.
3385
3386	// SSL_AD_REASON_OFFSET is the offset between error reasons and \|SSL_AD_\|*
3387	// values. Any error code under \|ERR_LIB_SSL\| with an error reason above this
3388	// value corresponds to an alert description. Consumers may add or subtract
3389	// \|SSL_AD_REASON_OFFSET\| to convert between them.
3390	//
3391	// make_errors.go reserves error codes above 1000 for manually-assigned errors.
3392	// This value must be kept in sync with reservedReasonCode in make_errors.h
3393	#define SSL_AD_REASON_OFFSET 1000
3394
3395	// SSL_AD_ are alert descriptions.*
3396	#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
3397	#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE
3398	#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC
3399	#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
3400	#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
3401	#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE
3402	#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE
3403	#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE // Legacy SSL 3.0 value
3404	#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
3405	#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
3406	#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
3407	#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
3408	#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
3409	#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER
3410	#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA
3411	#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED
3412	#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR
3413	#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
3414	#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION
3415	#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION
3416	#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY
3417	#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR
3418	#define SSL_AD_INAPPROPRIATE_FALLBACK SSL3_AD_INAPPROPRIATE_FALLBACK
3419	#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
3420	#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
3421	#define SSL_AD_MISSING_EXTENSION TLS1_AD_MISSING_EXTENSION
3422	#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
3423	#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
3424	#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
3425	#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE \
3426	TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
3427	#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
3428	#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
3429	#define SSL_AD_CERTIFICATE_REQUIRED TLS1_AD_CERTIFICATE_REQUIRED
3430
3431	// SSL_alert_type_string_long returns a string description of \|value\| as an
3432	// alert type (warning or fatal).
3433	OPENSSL_EXPORT const char SSL_alert_type_string_long(int* value);
3434
3435	// SSL_alert_desc_string_long returns a string description of \|value\| as an
3436	// alert description or "unknown" if unknown.
3437	OPENSSL_EXPORT const char SSL_alert_desc_string_long(int* value);
3438
3439	// SSL_send_fatal_alert sends a fatal alert over \|ssl\| of the specified type,
3440	// which should be one of the \|SSL_AD_\| constants. It returns one on success*
3441	// and <= 0 on error. The caller should pass the return value into
3442	// \|SSL_get_error\| to determine how to proceed. Once this function has been
3443	// called, future calls to \|SSL_write\| will fail.
3444	//
3445	// If retrying a failed operation due to \|SSL_ERROR_WANT_WRITE\|, subsequent
3446	// calls must use the same \|alert\| parameter.
3447	OPENSSL_EXPORT int SSL_send_fatal_alert(SSL *ssl, uint8_t alert);
3448
3449
3450	// ex_data functions.
3451	//
3452	// See \|ex_data.h\| for details.
3453
3454	OPENSSL_EXPORT int SSL_set_ex_data(SSL ssl, int* idx, void *data);
3455	OPENSSL_EXPORT void SSL_get_ex_data(const* SSL ssl, int* idx);
3456	OPENSSL_EXPORT int SSL_get_ex_new_index(long argl, void *argp,
3457	CRYPTO_EX_unused *unused,
3458	CRYPTO_EX_dup *dup_unused,
3459	CRYPTO_EX_free *free_func);
3460
3461	OPENSSL_EXPORT int SSL_SESSION_set_ex_data(SSL_SESSION session, int* idx,
3462	void *data);
3463	OPENSSL_EXPORT void SSL_SESSION_get_ex_data(const* SSL_SESSION *session,
3464	int idx);
3465	OPENSSL_EXPORT int SSL_SESSION_get_ex_new_index(long argl, void *argp,
3466	CRYPTO_EX_unused *unused,
3467	CRYPTO_EX_dup *dup_unused,
3468	CRYPTO_EX_free *free_func);
3469
3470	OPENSSL_EXPORT int SSL_CTX_set_ex_data(SSL_CTX ctx, int* idx, void *data);
3471	OPENSSL_EXPORT void SSL_CTX_get_ex_data(const* SSL_CTX ctx, int* idx);
3472	OPENSSL_EXPORT int SSL_CTX_get_ex_new_index(long argl, void *argp,
3473	CRYPTO_EX_unused *unused,
3474	CRYPTO_EX_dup *dup_unused,
3475	CRYPTO_EX_free *free_func);
3476
3477
3478	// Low-level record-layer state.
3479
3480	// SSL_get_ivs sets \|out_iv_len\| to the length of the IVs for the ciphers*
3481	// underlying \|ssl\| and sets \|out_read_iv\| and \|out_write_iv\| to point to the
3482	// current IVs for the read and write directions. This is only meaningful for
3483	// connections with implicit IVs (i.e. CBC mode with TLS 1.0).
3484	//
3485	// It returns one on success or zero on error.
3486	OPENSSL_EXPORT int SSL_get_ivs(const SSL ssl, const* uint8_t **out_read_iv,
3487	const uint8_t **out_write_iv,
3488	size_t *out_iv_len);
3489
3490	// SSL_get_key_block_len returns the length of \|ssl\|'s key block.
3491	OPENSSL_EXPORT size_t SSL_get_key_block_len(const SSL *ssl);
3492
3493	// SSL_generate_key_block generates \|out_len\| bytes of key material for \|ssl\|'s
3494	// current connection state.
3495	OPENSSL_EXPORT int SSL_generate_key_block(const SSL ssl, uint8_t out,
3496	size_t out_len);
3497
3498	// SSL_get_read_sequence returns, in TLS, the expected sequence number of the
3499	// next incoming record in the current epoch. In DTLS, it returns the maximum
3500	// sequence number received in the current epoch and includes the epoch number
3501	// in the two most significant bytes.
3502	OPENSSL_EXPORT uint64_t SSL_get_read_sequence(const SSL *ssl);
3503
3504	// SSL_get_write_sequence returns the sequence number of the next outgoing
3505	// record in the current epoch. In DTLS, it includes the epoch number in the
3506	// two most significant bytes.
3507	OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl);
3508
3509
3510	// Obscure functions.
3511
3512	// SSL_CTX_set_msg_callback installs \|cb\| as the message callback for \|ctx\|.
3513	// This callback will be called when sending or receiving low-level record
3514	// headers, complete handshake messages, ChangeCipherSpec, and alerts.
3515	// \|write_p\| is one for outgoing messages and zero for incoming messages.
3516	//
3517	// For each record header, \|cb\| is called with \|version\| = 0 and \|content_type\|
3518	// = \|SSL3_RT_HEADER\|. The \|len\| bytes from \|buf\| contain the header. Note that
3519	// this does not include the record body. If the record is sealed, the length
3520	// in the header is the length of the ciphertext.
3521	//
3522	// For each handshake message, ChangeCipherSpec, and alert, \|version\| is the
3523	// protocol version and \|content_type\| is the corresponding record type. The
3524	// \|len\| bytes from \|buf\| contain the handshake message, one-byte
3525	// ChangeCipherSpec body, and two-byte alert, respectively.
3526	//
3527	// For a V2ClientHello, \|version\| is \|SSL2_VERSION\|, \|content_type\| is zero, and
3528	// the \|len\| bytes from \|buf\| contain the V2ClientHello structure.
3529	OPENSSL_EXPORT void SSL_CTX_set_msg_callback(
3530	SSL_CTX ctx, void* (cb)(int* write_p, int version, int content_type,
3531	const void buf, size_t len, SSL ssl, void *arg));
3532
3533	// SSL_CTX_set_msg_callback_arg sets the \|arg\| parameter of the message
3534	// callback.
3535	OPENSSL_EXPORT void SSL_CTX_set_msg_callback_arg(SSL_CTX ctx, void* *arg);
3536
3537	// SSL_set_msg_callback installs \|cb\| as the message callback of \|ssl\|. See
3538	// \|SSL_CTX_set_msg_callback\| for when this callback is called.
3539	OPENSSL_EXPORT void SSL_set_msg_callback(
3540	SSL ssl, void* (cb)(int* write_p, int version, int content_type,
3541	const void buf, size_t len, SSL ssl, void *arg));
3542
3543	// SSL_set_msg_callback_arg sets the \|arg\| parameter of the message callback.
3544	OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL ssl, void* *arg);
3545
3546	// SSL_CTX_set_keylog_callback configures a callback to log key material. This
3547	// is intended for debugging use with tools like Wireshark. The \|cb\| function
3548	// should log \|line\| followed by a newline, synchronizing with any concurrent
3549	// access to the log.
3550	//
3551	// The format is described in
3552	// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format.
3553	OPENSSL_EXPORT void SSL_CTX_set_keylog_callback(
3554	SSL_CTX ctx, void* (cb)(const* SSL ssl, const* char *line));
3555
3556	// SSL_CTX_get_keylog_callback returns the callback configured by
3557	// \|SSL_CTX_set_keylog_callback\|.
3558	OPENSSL_EXPORT void (SSL_CTX_get_keylog_callback(const* SSL_CTX *ctx))(
3559	const SSL ssl, const* char *line);
3560
3561	// SSL_CTX_set_current_time_cb configures a callback to retrieve the current
3562	// time, which should be set in \|out_clock\|. This can be used for testing*
3563	// purposes; for example, a callback can be configured that returns a time
3564	// set explicitly by the test. The \|ssl\| pointer passed to \|cb\| is always null.
3565	OPENSSL_EXPORT void SSL_CTX_set_current_time_cb(
3566	SSL_CTX ctx, void* (cb)(const* SSL ssl, struct* timeval *out_clock));
3567
3568	// SSL_set_shed_handshake_config allows some of the configuration of \|ssl\| to be
3569	// freed after its handshake completes. Once configuration has been shed, APIs
3570	// that query it may fail. "Configuration" in this context means anything that
3571	// was set by the caller, as distinct from information derived from the
3572	// handshake. For example, \|SSL_get_ciphers\| queries how the \|SSL\| was
3573	// configured by the caller, and fails after configuration has been shed,
3574	// whereas \|SSL_get_cipher\| queries the result of the handshake, and is
3575	// unaffected by configuration shedding.
3576	//
3577	// If configuration shedding is enabled, it is an error to call \|SSL_clear\|.
3578	//
3579	// Note that configuration shedding as a client additionally depends on
3580	// renegotiation being disabled (see \|SSL_set_renegotiate_mode\|). If
3581	// renegotiation is possible, the configuration will be retained. If
3582	// configuration shedding is enabled and renegotiation later disabled after the
3583	// handshake, \|SSL_set_renegotiate_mode\| will shed configuration then. This may
3584	// be useful for clients which support renegotiation with some ALPN protocols,
3585	// such as HTTP/1.1, and not others, such as HTTP/2.
3586	OPENSSL_EXPORT void SSL_set_shed_handshake_config(SSL ssl, int* enable);
3587
3588	enum ssl_renegotiate_mode_t BORINGSSL_ENUM_INT {
3589	ssl_renegotiate_never = `0`,
3590	ssl_renegotiate_once,
3591	ssl_renegotiate_freely,
3592	ssl_renegotiate_ignore,
3593	};
3594
3595	// SSL_set_renegotiate_mode configures how \|ssl\|, a client, reacts to
3596	// renegotiation attempts by a server. If \|ssl\| is a server, peer-initiated
3597	// renegotiations are always* rejected and this function does nothing.*
3598	//
3599	// The renegotiation mode defaults to \|ssl_renegotiate_never\|, but may be set
3600	// at any point in a connection's lifetime. Set it to \|ssl_renegotiate_once\| to
3601	// allow one renegotiation, \|ssl_renegotiate_freely\| to allow all
3602	// renegotiations or \|ssl_renegotiate_ignore\| to ignore HelloRequest messages.
3603	// Note that ignoring HelloRequest messages may cause the connection to stall
3604	// if the server waits for the renegotiation to complete.
3605	//
3606	// If configuration shedding is enabled (see \|SSL_set_shed_handshake_config\|),
3607	// configuration is released if, at any point after the handshake, renegotiation
3608	// is disabled. It is not possible to switch from disabling renegotiation to
3609	// enabling it on a given connection. Callers that condition renegotiation on,
3610	// e.g., ALPN must enable renegotiation before the handshake and conditionally
3611	// disable it afterwards.
3612	//
3613	// There is no support in BoringSSL for initiating renegotiations as a client
3614	// or server.
3615	OPENSSL_EXPORT void SSL_set_renegotiate_mode(SSL *ssl,
3616	enum ssl_renegotiate_mode_t mode);
3617
3618	// SSL_renegotiate_pending returns one if \|ssl\| is in the middle of a
3619	// renegotiation.
3620	OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl);
3621
3622	// SSL_total_renegotiations returns the total number of renegotiation handshakes
3623	// performed by \|ssl\|. This includes the pending renegotiation, if any.
3624	OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);
3625
3626	// SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer
3627	// certificate chain.
3628	#define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100)
3629
3630	// SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer
3631	// certificate chain accepted by \|ctx\|.
3632	OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx);
3633
3634	// SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer
3635	// certificate chain to \|max_cert_list\|. This affects how much memory may be
3636	// consumed during the handshake.
3637	OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx,
3638	size_t max_cert_list);
3639
3640	// SSL_get_max_cert_list returns the maximum length, in bytes, of a peer
3641	// certificate chain accepted by \|ssl\|.
3642	OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl);
3643
3644	// SSL_set_max_cert_list sets the maximum length, in bytes, of a peer
3645	// certificate chain to \|max_cert_list\|. This affects how much memory may be
3646	// consumed during the handshake.
3647	OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
3648
3649	// SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records
3650	// sent by \|ctx\|. Beyond this length, handshake messages and application data
3651	// will be split into multiple records. It returns one on success or zero on
3652	// error.
3653	OPENSSL_EXPORT int SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
3654	size_t max_send_fragment);
3655
3656	// SSL_set_max_send_fragment sets the maximum length, in bytes, of records sent
3657	// by \|ssl\|. Beyond this length, handshake messages and application data will
3658	// be split into multiple records. It returns one on success or zero on
3659	// error.
3660	OPENSSL_EXPORT int SSL_set_max_send_fragment(SSL *ssl,
3661	size_t max_send_fragment);
3662
3663	// ssl_early_callback_ctx (aka \|SSL_CLIENT_HELLO\|) is passed to certain
3664	// callbacks that are called very early on during the server handshake. At this
3665	// point, much of the SSL hasn't been filled out and only the ClientHello can*
3666	// be depended on.
3667	typedef struct ssl_early_callback_ctx {
3668	SSL *ssl;
3669	const uint8_t *client_hello;
3670	size_t client_hello_len;
3671	uint16_t version;
3672	const uint8_t *random;
3673	size_t random_len;
3674	const uint8_t *session_id;
3675	size_t session_id_len;
3676	const uint8_t *cipher_suites;
3677	size_t cipher_suites_len;
3678	const uint8_t *compression_methods;
3679	size_t compression_methods_len;
3680	const uint8_t *extensions;
3681	size_t extensions_len;
3682	} SSL_CLIENT_HELLO;
3683
3684	// ssl_select_cert_result_t enumerates the possible results from selecting a
3685	// certificate with \|select_certificate_cb\|.
3686	enum ssl_select_cert_result_t BORINGSSL_ENUM_INT {
3687	// ssl_select_cert_success indicates that the certificate selection was
3688	// successful.
3689	ssl_select_cert_success = `1`,
3690	// ssl_select_cert_retry indicates that the operation could not be
3691	// immediately completed and must be reattempted at a later point.
3692	ssl_select_cert_retry = `0`,
3693	// ssl_select_cert_error indicates that a fatal error occured and the
3694	// handshake should be terminated.
3695	ssl_select_cert_error = -`1`,
3696	};
3697
3698	// SSL_early_callback_ctx_extension_get searches the extensions in
3699	// \|client_hello\| for an extension of the given type. If not found, it returns
3700	// zero. Otherwise it sets \|out_data\| to point to the extension contents (not
3701	// including the type and length bytes), sets \|out_len\| to the length of the
3702	// extension contents and returns one.
3703	OPENSSL_EXPORT int SSL_early_callback_ctx_extension_get(
3704	const SSL_CLIENT_HELLO *client_hello, uint16_t extension_type,
3705	const uint8_t *out_data, size_t out_len);
3706
3707	// SSL_CTX_set_select_certificate_cb sets a callback that is called before most
3708	// ClientHello processing and before the decision whether to resume a session
3709	// is made. The callback may inspect the ClientHello and configure the
3710	// connection. See \|ssl_select_cert_result_t\| for details of the return values.
3711	//
3712	// In the case that a retry is indicated, \|SSL_get_error\| will return
3713	// \|SSL_ERROR_PENDING_CERTIFICATE\| and the caller should arrange for the
3714	// high-level operation on \|ssl\| to be retried at a later time, which will
3715	// result in another call to \|cb\|.
3716	//
3717	// Note: The \|SSL_CLIENT_HELLO\| is only valid for the duration of the callback
3718	// and is not valid while the handshake is paused.
3719	OPENSSL_EXPORT void SSL_CTX_set_select_certificate_cb(
3720	SSL_CTX *ctx,
3721	enum ssl_select_cert_result_t (cb)(const* SSL_CLIENT_HELLO *));
3722
3723	// SSL_CTX_set_dos_protection_cb sets a callback that is called once the
3724	// resumption decision for a ClientHello has been made. It can return one to
3725	// allow the handshake to continue or zero to cause the handshake to abort.
3726	OPENSSL_EXPORT void SSL_CTX_set_dos_protection_cb(
3727	SSL_CTX ctx, int* (cb)(const* SSL_CLIENT_HELLO *));
3728
3729	// SSL_CTX_set_reverify_on_resume configures whether the certificate
3730	// verification callback will be used to reverify stored certificates
3731	// when resuming a session. This only works with \|SSL_CTX_set_custom_verify\|.
3732	// For now, this is incompatible with \|SSL_VERIFY_NONE\| mode, and is only
3733	// respected on clients.
3734	OPENSSL_EXPORT void SSL_CTX_set_reverify_on_resume(SSL_CTX ctx, int* enabled);
3735
3736	// SSL_set_enforce_rsa_key_usage configures whether the keyUsage extension of
3737	// RSA leaf certificates will be checked for consistency with the TLS
3738	// usage. This parameter may be set late; it will not be read until after the
3739	// certificate verification callback.
3740	OPENSSL_EXPORT void SSL_set_enforce_rsa_key_usage(SSL ssl, int* enabled);
3741
3742	// SSL_ST_ are possible values for \|SSL_state\|, the bitmasks that make them up,*
3743	// and some historical values for compatibility. Only \|SSL_ST_INIT\| and
3744	// \|SSL_ST_OK\| are ever returned.
3745	#define SSL_ST_CONNECT 0x1000
3746	#define SSL_ST_ACCEPT 0x2000
3747	#define SSL_ST_MASK 0x0FFF
3748	#define SSL_ST_INIT (SSL_ST_CONNECT \| SSL_ST_ACCEPT)
3749	#define SSL_ST_OK 0x03
3750	#define SSL_ST_RENEGOTIATE (0x04 \| SSL_ST_INIT)
3751	#define SSL_ST_BEFORE (0x05 \| SSL_ST_INIT)
3752
3753	// TLS_ST_ are aliases for \|SSL_ST_\| for OpenSSL 1.1.0 compatibility.
3754	#define TLS_ST_OK SSL_ST_OK
3755	#define TLS_ST_BEFORE SSL_ST_BEFORE
3756
3757	// SSL_CB_ are possible values for the \|type\| parameter in the info*
3758	// callback and the bitmasks that make them up.
3759	#define SSL_CB_LOOP 0x01
3760	#define SSL_CB_EXIT 0x02
3761	#define SSL_CB_READ 0x04
3762	#define SSL_CB_WRITE 0x08
3763	#define SSL_CB_ALERT 0x4000
3764	#define SSL_CB_READ_ALERT (SSL_CB_ALERT \| SSL_CB_READ)
3765	#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT \| SSL_CB_WRITE)
3766	#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT \| SSL_CB_LOOP)
3767	#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT \| SSL_CB_EXIT)
3768	#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT \| SSL_CB_LOOP)
3769	#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT \| SSL_CB_EXIT)
3770	#define SSL_CB_HANDSHAKE_START 0x10
3771	#define SSL_CB_HANDSHAKE_DONE 0x20
3772
3773	// SSL_CTX_set_info_callback configures a callback to be run when various
3774	// events occur during a connection's lifetime. The \|type\| argument determines
3775	// the type of event and the meaning of the \|value\| argument. Callbacks must
3776	// ignore unexpected \|type\| values.
3777	//
3778	// \|SSL_CB_READ_ALERT\| is signaled for each alert received, warning or fatal.
3779	// The \|value\| argument is a 16-bit value where the alert level (either
3780	// \|SSL3_AL_WARNING\| or \|SSL3_AL_FATAL\|) is in the most-significant eight bits
3781	// and the alert type (one of \|SSL_AD_\|) is in the least-significant eight.*
3782	//
3783	// \|SSL_CB_WRITE_ALERT\| is signaled for each alert sent. The \|value\| argument
3784	// is constructed as with \|SSL_CB_READ_ALERT\|.
3785	//
3786	// \|SSL_CB_HANDSHAKE_START\| is signaled when a handshake begins. The \|value\|
3787	// argument is always one.
3788	//
3789	// \|SSL_CB_HANDSHAKE_DONE\| is signaled when a handshake completes successfully.
3790	// The \|value\| argument is always one. If a handshake False Starts, this event
3791	// may be used to determine when the Finished message is received.
3792	//
3793	// The following event types expose implementation details of the handshake
3794	// state machine. Consuming them is deprecated.
3795	//
3796	// \|SSL_CB_ACCEPT_LOOP\| (respectively, \|SSL_CB_CONNECT_LOOP\|) is signaled when
3797	// a server (respectively, client) handshake progresses. The \|value\| argument
3798	// is always one.
3799	//
3800	// \|SSL_CB_ACCEPT_EXIT\| (respectively, \|SSL_CB_CONNECT_EXIT\|) is signaled when
3801	// a server (respectively, client) handshake completes, fails, or is paused.
3802	// The \|value\| argument is one if the handshake succeeded and <= 0
3803	// otherwise.
3804	OPENSSL_EXPORT void SSL_CTX_set_info_callback(
3805	SSL_CTX ctx, void* (cb)(const* SSL ssl, int* type, int value));
3806
3807	// SSL_CTX_get_info_callback returns the callback set by
3808	// \|SSL_CTX_set_info_callback\|.
3809	OPENSSL_EXPORT void (SSL_CTX_get_info_callback(SSL_CTX ctx))(const SSL *ssl,
3810	int type,
3811	int value);
3812
3813	// SSL_set_info_callback configures a callback to be run at various events
3814	// during a connection's lifetime. See \|SSL_CTX_set_info_callback\|.
3815	OPENSSL_EXPORT void SSL_set_info_callback(
3816	SSL ssl, void* (cb)(const* SSL ssl, int* type, int value));
3817
3818	// SSL_get_info_callback returns the callback set by \|SSL_set_info_callback\|.
3819	OPENSSL_EXPORT void (SSL_get_info_callback(const* SSL ssl))(const* SSL *ssl,
3820	int type,
3821	int value);
3822
3823	// SSL_state_string_long returns the current state of the handshake state
3824	// machine as a string. This may be useful for debugging and logging.
3825	OPENSSL_EXPORT const char SSL_state_string_long(const* SSL *ssl);
3826
3827	#define SSL_SENT_SHUTDOWN 1
3828	#define SSL_RECEIVED_SHUTDOWN 2
3829
3830	// SSL_get_shutdown returns a bitmask with a subset of \|SSL_SENT_SHUTDOWN\| and
3831	// \|SSL_RECEIVED_SHUTDOWN\| to query whether close_notify was sent or received,
3832	// respectively.
3833	OPENSSL_EXPORT int SSL_get_shutdown(const SSL *ssl);
3834
3835	// SSL_get_peer_signature_algorithm returns the signature algorithm used by the
3836	// peer. If not applicable, it returns zero.
3837	OPENSSL_EXPORT uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl);
3838
3839	// SSL_get_client_random writes up to \|max_out\| bytes of the most recent
3840	// handshake's client_random to \|out\| and returns the number of bytes written.
3841	// If \|max_out\| is zero, it returns the size of the client_random.
3842	OPENSSL_EXPORT size_t SSL_get_client_random(const SSL ssl, uint8_t out,
3843	size_t max_out);
3844
3845	// SSL_get_server_random writes up to \|max_out\| bytes of the most recent
3846	// handshake's server_random to \|out\| and returns the number of bytes written.
3847	// If \|max_out\| is zero, it returns the size of the server_random.
3848	OPENSSL_EXPORT size_t SSL_get_server_random(const SSL ssl, uint8_t out,
3849	size_t max_out);
3850
3851	// SSL_get_pending_cipher returns the cipher suite for the current handshake or
3852	// NULL if one has not been negotiated yet or there is no pending handshake.
3853	OPENSSL_EXPORT const SSL_CIPHER SSL_get_pending_cipher(const* SSL *ssl);
3854
3855	// SSL_set_retain_only_sha256_of_client_certs, on a server, sets whether only
3856	// the SHA-256 hash of peer's certificate should be saved in memory and in the
3857	// session. This can save memory, ticket size and session cache space. If
3858	// enabled, \|SSL_get_peer_certificate\| will return NULL after the handshake
3859	// completes. See \|SSL_SESSION_has_peer_sha256\| and
3860	// \|SSL_SESSION_get0_peer_sha256\| to query the hash.
3861	OPENSSL_EXPORT void SSL_set_retain_only_sha256_of_client_certs(SSL *ssl,
3862	int enable);
3863
3864	// SSL_CTX_set_retain_only_sha256_of_client_certs, on a server, sets whether
3865	// only the SHA-256 hash of peer's certificate should be saved in memory and in
3866	// the session. This can save memory, ticket size and session cache space. If
3867	// enabled, \|SSL_get_peer_certificate\| will return NULL after the handshake
3868	// completes. See \|SSL_SESSION_has_peer_sha256\| and
3869	// \|SSL_SESSION_get0_peer_sha256\| to query the hash.
3870	OPENSSL_EXPORT void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx,
3871	int enable);
3872
3873	// SSL_CTX_set_grease_enabled configures whether sockets on \|ctx\| should enable
3874	// GREASE. See draft-davidben-tls-grease-01.
3875	OPENSSL_EXPORT void SSL_CTX_set_grease_enabled(SSL_CTX ctx, int* enabled);
3876
3877	// SSL_max_seal_overhead returns the maximum overhead, in bytes, of sealing a
3878	// record with \|ssl\|.
3879	OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl);
3880
3881	// SSL_CTX_set_false_start_allowed_without_alpn configures whether connections
3882	// on \|ctx\| may use False Start (if \|SSL_MODE_ENABLE_FALSE_START\| is enabled)
3883	// without negotiating ALPN.
3884	OPENSSL_EXPORT void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx,
3885	int allowed);
3886
3887	// SSL_CTX_set_ignore_tls13_downgrade configures whether connections on \|ctx\|
3888	// ignore the downgrade signal in the server's random value.
3889	OPENSSL_EXPORT void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx,
3890	int ignore);
3891
3892	// SSL_set_ignore_tls13_downgrade configures whether \|ssl\| ignores the downgrade
3893	// signal in the server's random value.
3894	OPENSSL_EXPORT void SSL_set_ignore_tls13_downgrade(SSL ssl, int* ignore);
3895
3896	// SSL_is_tls13_downgrade returns one if the TLS 1.3 anti-downgrade
3897	// mechanism would have aborted \|ssl\|'s handshake and zero otherwise.
3898	OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl);
3899
3900	// SSL_set_jdk11_workaround configures whether to workaround various bugs in
3901	// JDK 11's TLS 1.3 implementation by disabling TLS 1.3 for such clients.
3902	//
3903	// https://bugs.openjdk.java.net/browse/JDK-8211806
3904	// https://bugs.openjdk.java.net/browse/JDK-8212885
3905	// https://bugs.openjdk.java.net/browse/JDK-8213202
3906	OPENSSL_EXPORT void SSL_set_jdk11_workaround(SSL ssl, int* enable);
3907
3908
3909	// Deprecated functions.
3910
3911	// SSL_library_init calls \|CRYPTO_library_init\| and returns one.
3912	OPENSSL_EXPORT int SSL_library_init(void);
3913
3914	// SSL_CIPHER_description writes a description of \|cipher\| into \|buf\| and
3915	// returns \|buf\|. If \|buf\| is NULL, it returns a newly allocated string, to be
3916	// freed with \|OPENSSL_free\|, or NULL on error.
3917	//
3918	// The description includes a trailing newline and has the form:
3919	// AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
3920	//
3921	// Consider \|SSL_CIPHER_standard_name\| or \|SSL_CIPHER_get_name\| instead.
3922	OPENSSL_EXPORT const char SSL_CIPHER_description(const* SSL_CIPHER *cipher,
3923	char buf, int* len);
3924
3925	// SSL_CIPHER_get_version returns the string "TLSv1/SSLv3".
3926	OPENSSL_EXPORT const char SSL_CIPHER_get_version(const* SSL_CIPHER *cipher);
3927
3928	// SSL_CIPHER_get_rfc_name returns a newly-allocated string containing the
3929	// result of \|SSL_CIPHER_standard_name\| or NULL on error. The caller is
3930	// responsible for calling \|OPENSSL_free\| on the result.
3931	//
3932	// Use \|SSL_CIPHER_standard_name\| instead.
3933	OPENSSL_EXPORT char SSL_CIPHER_get_rfc_name(const* SSL_CIPHER *cipher);
3934
3935	typedef void COMP_METHOD;
3936	typedef struct ssl_comp_st SSL_COMP;
3937
3938	// SSL_COMP_get_compression_methods returns NULL.
3939	OPENSSL_EXPORT STACK_OF(SSL_COMP) SSL_COMP_get_compression_methods(void*);
3940
3941	// SSL_COMP_add_compression_method returns one.
3942	OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
3943
3944	// SSL_COMP_get_name returns NULL.
3945	OPENSSL_EXPORT const char SSL_COMP_get_name(const* COMP_METHOD *comp);
3946
3947	// SSL_COMP_get0_name returns the \|name\| member of \|comp\|.
3948	OPENSSL_EXPORT const char SSL_COMP_get0_name(const* SSL_COMP *comp);
3949
3950	// SSL_COMP_get_id returns the \|id\| member of \|comp\|.
3951	OPENSSL_EXPORT int SSL_COMP_get_id(const SSL_COMP *comp);
3952
3953	// SSL_COMP_free_compression_methods does nothing.
3954	OPENSSL_EXPORT void SSL_COMP_free_compression_methods(void);
3955
3956	// SSLv23_method calls \|TLS_method\|.
3957	OPENSSL_EXPORT const SSL_METHOD SSLv23_method(void*);
3958
3959	// These version-specific methods behave exactly like \|TLS_method\| and
3960	// \|DTLS_method\| except they also call \|SSL_CTX_set_min_proto_version\| and
3961	// \|SSL_CTX_set_max_proto_version\| to lock connections to that protocol
3962	// version.
3963	OPENSSL_EXPORT const SSL_METHOD TLSv1_method(void*);
3964	OPENSSL_EXPORT const SSL_METHOD TLSv1_1_method(void*);
3965	OPENSSL_EXPORT const SSL_METHOD TLSv1_2_method(void*);
3966	OPENSSL_EXPORT const SSL_METHOD DTLSv1_method(void*);
3967	OPENSSL_EXPORT const SSL_METHOD DTLSv1_2_method(void*);
3968
3969	// These client- and server-specific methods call their corresponding generic
3970	// methods.
3971	OPENSSL_EXPORT const SSL_METHOD TLS_server_method(void*);
3972	OPENSSL_EXPORT const SSL_METHOD TLS_client_method(void*);
3973	OPENSSL_EXPORT const SSL_METHOD SSLv23_server_method(void*);
3974	OPENSSL_EXPORT const SSL_METHOD SSLv23_client_method(void*);
3975	OPENSSL_EXPORT const SSL_METHOD TLSv1_server_method(void*);
3976	OPENSSL_EXPORT const SSL_METHOD TLSv1_client_method(void*);
3977	OPENSSL_EXPORT const SSL_METHOD TLSv1_1_server_method(void*);
3978	OPENSSL_EXPORT const SSL_METHOD TLSv1_1_client_method(void*);
3979	OPENSSL_EXPORT const SSL_METHOD TLSv1_2_server_method(void*);
3980	OPENSSL_EXPORT const SSL_METHOD TLSv1_2_client_method(void*);
3981	OPENSSL_EXPORT const SSL_METHOD DTLS_server_method(void*);
3982	OPENSSL_EXPORT const SSL_METHOD DTLS_client_method(void*);
3983	OPENSSL_EXPORT const SSL_METHOD DTLSv1_server_method(void*);
3984	OPENSSL_EXPORT const SSL_METHOD DTLSv1_client_method(void*);
3985	OPENSSL_EXPORT const SSL_METHOD DTLSv1_2_server_method(void*);
3986	OPENSSL_EXPORT const SSL_METHOD DTLSv1_2_client_method(void*);
3987
3988	// SSL_clear resets \|ssl\| to allow another connection and returns one on success
3989	// or zero on failure. It returns most configuration state but releases memory
3990	// associated with the current connection.
3991	//
3992	// Free \|ssl\| and create a new one instead.
3993	OPENSSL_EXPORT int SSL_clear(SSL *ssl);
3994
3995	// SSL_CTX_set_tmp_rsa_callback does nothing.
3996	OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback(
3997	SSL_CTX ctx, RSA (cb)(SSL ssl, int is_export, int keylength));
3998
3999	// SSL_set_tmp_rsa_callback does nothing.
4000	OPENSSL_EXPORT void SSL_set_tmp_rsa_callback(SSL *ssl,
4001	RSA (cb)(SSL ssl, int* is_export,
4002	int keylength));
4003
4004	// SSL_CTX_sess_connect returns zero.
4005	OPENSSL_EXPORT int SSL_CTX_sess_connect(const SSL_CTX *ctx);
4006
4007	// SSL_CTX_sess_connect_good returns zero.
4008	OPENSSL_EXPORT int SSL_CTX_sess_connect_good(const SSL_CTX *ctx);
4009
4010	// SSL_CTX_sess_connect_renegotiate returns zero.
4011	OPENSSL_EXPORT int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx);
4012
4013	// SSL_CTX_sess_accept returns zero.
4014	OPENSSL_EXPORT int SSL_CTX_sess_accept(const SSL_CTX *ctx);
4015
4016	// SSL_CTX_sess_accept_renegotiate returns zero.
4017	OPENSSL_EXPORT int SSL_CTX_sess_accept_renegotiate(const SSL_CTX *ctx);
4018
4019	// SSL_CTX_sess_accept_good returns zero.
4020	OPENSSL_EXPORT int SSL_CTX_sess_accept_good(const SSL_CTX *ctx);
4021
4022	// SSL_CTX_sess_hits returns zero.
4023	OPENSSL_EXPORT int SSL_CTX_sess_hits(const SSL_CTX *ctx);
4024
4025	// SSL_CTX_sess_cb_hits returns zero.
4026	OPENSSL_EXPORT int SSL_CTX_sess_cb_hits(const SSL_CTX *ctx);
4027
4028	// SSL_CTX_sess_misses returns zero.
4029	OPENSSL_EXPORT int SSL_CTX_sess_misses(const SSL_CTX *ctx);
4030
4031	// SSL_CTX_sess_timeouts returns zero.
4032	OPENSSL_EXPORT int SSL_CTX_sess_timeouts(const SSL_CTX *ctx);
4033
4034	// SSL_CTX_sess_cache_full returns zero.
4035	OPENSSL_EXPORT int SSL_CTX_sess_cache_full(const SSL_CTX *ctx);
4036
4037	// SSL_cutthrough_complete calls \|SSL_in_false_start\|.
4038	OPENSSL_EXPORT int SSL_cutthrough_complete(const SSL *ssl);
4039
4040	// SSL_num_renegotiations calls \|SSL_total_renegotiations\|.
4041	OPENSSL_EXPORT int SSL_num_renegotiations(const SSL *ssl);
4042
4043	// SSL_CTX_need_tmp_RSA returns zero.
4044	OPENSSL_EXPORT int SSL_CTX_need_tmp_RSA(const SSL_CTX *ctx);
4045
4046	// SSL_need_tmp_RSA returns zero.
4047	OPENSSL_EXPORT int SSL_need_tmp_RSA(const SSL *ssl);
4048
4049	// SSL_CTX_set_tmp_rsa returns one.
4050	OPENSSL_EXPORT int SSL_CTX_set_tmp_rsa(SSL_CTX ctx, const* RSA *rsa);
4051
4052	// SSL_set_tmp_rsa returns one.
4053	OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL ssl, const* RSA *rsa);
4054
4055	// SSL_CTX_get_read_ahead returns zero.
4056	OPENSSL_EXPORT int SSL_CTX_get_read_ahead(const SSL_CTX *ctx);
4057
4058	// SSL_CTX_set_read_ahead returns one.
4059	OPENSSL_EXPORT int SSL_CTX_set_read_ahead(SSL_CTX ctx, int* yes);
4060
4061	// SSL_get_read_ahead returns zero.
4062	OPENSSL_EXPORT int SSL_get_read_ahead(const SSL *ssl);
4063
4064	// SSL_set_read_ahead returns one.
4065	OPENSSL_EXPORT int SSL_set_read_ahead(SSL ssl, int* yes);
4066
4067	// SSL_renegotiate put an error on the error queue and returns zero.
4068	OPENSSL_EXPORT int SSL_renegotiate(SSL *ssl);
4069
4070	// SSL_set_state does nothing.
4071	OPENSSL_EXPORT void SSL_set_state(SSL ssl, int* state);
4072
4073	// SSL_get_shared_ciphers writes an empty string to \|buf\| and returns a
4074	// pointer to \|buf\|, or NULL if \|len\| is less than or equal to zero.
4075	OPENSSL_EXPORT char SSL_get_shared_ciphers(const* SSL ssl, char* buf, int* len);
4076
4077	// SSL_MODE_HANDSHAKE_CUTTHROUGH is the same as SSL_MODE_ENABLE_FALSE_START.
4078	#define SSL_MODE_HANDSHAKE_CUTTHROUGH SSL_MODE_ENABLE_FALSE_START
4079
4080	// i2d_SSL_SESSION serializes \|in\| to the bytes pointed to by \|pp\|. On success,*
4081	// it returns the number of bytes written and advances \|pp\| by that many bytes.*
4082	// On failure, it returns -1. If \|pp\| is NULL, no bytes are written and only the
4083	// length is returned.
4084	//
4085	// Use \|SSL_SESSION_to_bytes\| instead.
4086	OPENSSL_EXPORT int i2d_SSL_SESSION(SSL_SESSION in, uint8_t *pp);
4087
4088	// d2i_SSL_SESSION parses a serialized session from the \|length\| bytes pointed
4089	// to by \|pp\|. It returns the new \|SSL_SESSION\| and advances \|pp\| by the
4090	// number of bytes consumed on success and NULL on failure. The caller takes
4091	// ownership of the new session and must call \|SSL_SESSION_free\| when done.
4092	//
4093	// If \|a\| is non-NULL, \|a\| is released and set the new \|SSL_SESSION\|.*
4094	//
4095	// Use \|SSL_SESSION_from_bytes\| instead.
4096	OPENSSL_EXPORT SSL_SESSION d2i_SSL_SESSION(SSL_SESSION a, const* uint8_t **pp,
4097	long length);
4098
4099	// i2d_SSL_SESSION_bio serializes \|session\| and writes the result to \|bio\|. It
4100	// returns the number of bytes written on success and <= 0 on error.
4101	OPENSSL_EXPORT int i2d_SSL_SESSION_bio(BIO bio, const* SSL_SESSION *session);
4102
4103	// d2i_SSL_SESSION_bio reads a serialized \|SSL_SESSION\| from \|bio\| and returns a
4104	// newly-allocated \|SSL_SESSION\| or NULL on error. If \|out\| is not NULL, it also
4105	// frees \|out\| and sets \|out\| to the new \|SSL_SESSION\|.
4106	OPENSSL_EXPORT SSL_SESSION d2i_SSL_SESSION_bio(BIO bio, SSL_SESSION **out);
4107
4108	// ERR_load_SSL_strings does nothing.
4109	OPENSSL_EXPORT void ERR_load_SSL_strings(void);
4110
4111	// SSL_load_error_strings does nothing.
4112	OPENSSL_EXPORT void SSL_load_error_strings(void);
4113
4114	// SSL_CTX_set_tlsext_use_srtp calls \|SSL_CTX_set_srtp_profiles\|. It returns
4115	// zero on success and one on failure.
4116	//
4117	// WARNING: this function is dangerous because it breaks the usual return value
4118	// convention. Use \|SSL_CTX_set_srtp_profiles\| instead.
4119	OPENSSL_EXPORT int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,
4120	const char *profiles);
4121
4122	// SSL_set_tlsext_use_srtp calls \|SSL_set_srtp_profiles\|. It returns zero on
4123	// success and one on failure.
4124	//
4125	// WARNING: this function is dangerous because it breaks the usual return value
4126	// convention. Use \|SSL_set_srtp_profiles\| instead.
4127	OPENSSL_EXPORT int SSL_set_tlsext_use_srtp(SSL ssl, const* char *profiles);
4128
4129	// SSL_get_current_compression returns NULL.
4130	OPENSSL_EXPORT const COMP_METHOD SSL_get_current_compression(SSL ssl);
4131
4132	// SSL_get_current_expansion returns NULL.
4133	OPENSSL_EXPORT const COMP_METHOD SSL_get_current_expansion(SSL ssl);
4134
4135	// SSL_get_server_tmp_key returns zero.
4136	OPENSSL_EXPORT int SSL_get_server_tmp_key(SSL ssl, EVP_PKEY *out_key);
4137
4138	// SSL_CTX_set_tmp_dh returns 1.
4139	OPENSSL_EXPORT int SSL_CTX_set_tmp_dh(SSL_CTX ctx, const* DH *dh);
4140
4141	// SSL_set_tmp_dh returns 1.
4142	OPENSSL_EXPORT int SSL_set_tmp_dh(SSL ssl, const* DH *dh);
4143
4144	// SSL_CTX_set_tmp_dh_callback does nothing.
4145	OPENSSL_EXPORT void SSL_CTX_set_tmp_dh_callback(
4146	SSL_CTX ctx, DH (cb)(SSL ssl, int is_export, int keylength));
4147
4148	// SSL_set_tmp_dh_callback does nothing.
4149	OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl,
4150	DH (cb)(SSL ssl, int* is_export,
4151	int keylength));
4152
4153	// SSL_CTX_set1_sigalgs takes \|num_values\| ints and interprets them as pairs
4154	// where the first is the nid of a hash function and the second is an
4155	// \|EVP_PKEY_\| value. It configures the signature algorithm preferences for*
4156	// \|ctx\| based on them and returns one on success or zero on error.
4157	//
4158	// This API is compatible with OpenSSL. However, BoringSSL-specific code should
4159	// prefer \|SSL_CTX_set_signing_algorithm_prefs\| because it's clearer and it's
4160	// more convenient to codesearch for specific algorithm values.
4161	OPENSSL_EXPORT int SSL_CTX_set1_sigalgs(SSL_CTX ctx, const* int *values,
4162	size_t num_values);
4163
4164	// SSL_set1_sigalgs takes \|num_values\| ints and interprets them as pairs where
4165	// the first is the nid of a hash function and the second is an \|EVP_PKEY_\|*
4166	// value. It configures the signature algorithm preferences for \|ssl\| based on
4167	// them and returns one on success or zero on error.
4168	//
4169	// This API is compatible with OpenSSL. However, BoringSSL-specific code should
4170	// prefer \|SSL_CTX_set_signing_algorithm_prefs\| because it's clearer and it's
4171	// more convenient to codesearch for specific algorithm values.
4172	OPENSSL_EXPORT int SSL_set1_sigalgs(SSL ssl, const* int *values,
4173	size_t num_values);
4174
4175	// SSL_CTX_set1_sigalgs_list takes a textual specification of a set of signature
4176	// algorithms and configures them on \|ctx\|. It returns one on success and zero
4177	// on error. See
4178	// https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set1_sigalgs_list.html for
4179	// a description of the text format. Also note that TLS 1.3 names (e.g.
4180	// "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL
4181	// doesn't document that).
4182	//
4183	// This API is compatible with OpenSSL. However, BoringSSL-specific code should
4184	// prefer \|SSL_CTX_set_signing_algorithm_prefs\| because it's clearer and it's
4185	// more convenient to codesearch for specific algorithm values.
4186	OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX ctx, const* char *str);
4187
4188	// SSL_set1_sigalgs_list takes a textual specification of a set of signature
4189	// algorithms and configures them on \|ssl\|. It returns one on success and zero
4190	// on error. See
4191	// https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set1_sigalgs_list.html for
4192	// a description of the text format. Also note that TLS 1.3 names (e.g.
4193	// "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL
4194	// doesn't document that).
4195	//
4196	// This API is compatible with OpenSSL. However, BoringSSL-specific code should
4197	// prefer \|SSL_CTX_set_signing_algorithm_prefs\| because it's clearer and it's
4198	// more convenient to codesearch for specific algorithm values.
4199	OPENSSL_EXPORT int SSL_set1_sigalgs_list(SSL ssl, const* char *str);
4200
4201	#define SSL_set_app_data(s, arg) (SSL_set_ex_data(s, 0, (char *)(arg)))
4202	#define SSL_get_app_data(s) (SSL_get_ex_data(s, 0))
4203	#define SSL_SESSION_set_app_data(s, a) \
4204	(SSL_SESSION_set_ex_data(s, 0, (char *)(a)))
4205	#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s, 0))
4206	#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx, 0))
4207	#define SSL_CTX_set_app_data(ctx, arg) \
4208	(SSL_CTX_set_ex_data(ctx, 0, (char *)(arg)))
4209
4210	#define OpenSSL_add_ssl_algorithms() SSL_library_init()
4211	#define SSLeay_add_ssl_algorithms() SSL_library_init()
4212
4213	#define SSL_get_cipher(ssl) SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))
4214	#define SSL_get_cipher_bits(ssl, out_alg_bits) \
4215	SSL_CIPHER_get_bits(SSL_get_current_cipher(ssl), out_alg_bits)
4216	#define SSL_get_cipher_version(ssl) \
4217	SSL_CIPHER_get_version(SSL_get_current_cipher(ssl))
4218	#define SSL_get_cipher_name(ssl) \
4219	SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))
4220	#define SSL_get_time(session) SSL_SESSION_get_time(session)
4221	#define SSL_set_time(session, time) SSL_SESSION_set_time((session), (time))
4222	#define SSL_get_timeout(session) SSL_SESSION_get_timeout(session)
4223	#define SSL_set_timeout(session, timeout) \
4224	SSL_SESSION_set_timeout((session), (timeout))
4225
4226	struct ssl_comp_st {
4227	int id;
4228	const char *name;
4229	char *method;
4230	};
4231
4232	DEFINE_STACK_OF(SSL_COMP)
4233
4234	// The following flags do nothing and are included only to make it easier to
4235	// compile code with BoringSSL.
4236	#define SSL_MODE_AUTO_RETRY 0
4237	#define SSL_MODE_RELEASE_BUFFERS 0
4238	#define SSL_MODE_SEND_CLIENTHELLO_TIME 0
4239	#define SSL_MODE_SEND_SERVERHELLO_TIME 0
4240	#define SSL_OP_ALL 0
4241	#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
4242	#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0
4243	#define SSL_OP_EPHEMERAL_RSA 0
4244	#define SSL_OP_LEGACY_SERVER_CONNECT 0
4245	#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0
4246	#define SSL_OP_MICROSOFT_SESS_ID_BUG 0
4247	#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0
4248	#define SSL_OP_NETSCAPE_CA_DN_BUG 0
4249	#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0
4250	#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0
4251	#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0
4252	#define SSL_OP_NO_COMPRESSION 0
4253	#define SSL_OP_NO_RENEGOTIATION 0 // ssl_renegotiate_never is the default
4254	#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
4255	#define SSL_OP_NO_SSLv2 0
4256	#define SSL_OP_NO_SSLv3 0
4257	#define SSL_OP_PKCS1_CHECK_1 0
4258	#define SSL_OP_PKCS1_CHECK_2 0
4259	#define SSL_OP_SINGLE_DH_USE 0
4260	#define SSL_OP_SINGLE_ECDH_USE 0
4261	#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0
4262	#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0
4263	#define SSL_OP_TLS_BLOCK_PADDING_BUG 0
4264	#define SSL_OP_TLS_D5_BUG 0
4265	#define SSL_OP_TLS_ROLLBACK_BUG 0
4266	#define SSL_VERIFY_CLIENT_ONCE 0
4267
4268	// SSL_cache_hit calls \|SSL_session_reused\|.
4269	OPENSSL_EXPORT int SSL_cache_hit(SSL *ssl);
4270
4271	// SSL_get_default_timeout returns \|SSL_DEFAULT_SESSION_TIMEOUT\|.
4272	OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *ssl);
4273
4274	// SSL_get_version returns a string describing the TLS version used by \|ssl\|.
4275	// For example, "TLSv1.2" or "DTLSv1".
4276	OPENSSL_EXPORT const char SSL_get_version(const* SSL *ssl);
4277
4278	// SSL_get_cipher_list returns the name of the \|n\|th cipher in the output of
4279	// \|SSL_get_ciphers\| or NULL if out of range. Use \|SSL_get_ciphers\| instead.
4280	OPENSSL_EXPORT const char SSL_get_cipher_list(const* SSL ssl, int* n);
4281
4282	// SSL_CTX_set_client_cert_cb sets a callback which is called on the client if
4283	// the server requests a client certificate and none is configured. On success,
4284	// the callback should return one and set \|out_x509\| to \|out_pkey\| to a leaf
4285	// certificate and private key, respectively, passing ownership. It should
4286	// return zero to send no certificate and -1 to fail or pause the handshake. If
4287	// the handshake is paused, \|SSL_get_error\| will return
4288	// \|SSL_ERROR_WANT_X509_LOOKUP\|.
4289	//
4290	// The callback may call \|SSL_get0_certificate_types\| and
4291	// \|SSL_get_client_CA_list\| for information on the server's certificate request.
4292	//
4293	// Use \|SSL_CTX_set_cert_cb\| instead. Configuring intermediate certificates with
4294	// this function is confusing. This callback may not be registered concurrently
4295	// with \|SSL_CTX_set_cert_cb\| or \|SSL_set_cert_cb\|.
4296	OPENSSL_EXPORT void SSL_CTX_set_client_cert_cb(
4297	SSL_CTX ctx, int* (cb)(SSL ssl, X509 out_x509, EVP_PKEY out_pkey));
4298
4299	#define SSL_NOTHING 1
4300	#define SSL_WRITING 2
4301	#define SSL_READING 3
4302	#define SSL_X509_LOOKUP 4
4303	#define SSL_CHANNEL_ID_LOOKUP 5
4304	#define SSL_PENDING_SESSION 7
4305	#define SSL_CERTIFICATE_SELECTION_PENDING 8
4306	#define SSL_PRIVATE_KEY_OPERATION 9
4307	#define SSL_PENDING_TICKET 10
4308	#define SSL_EARLY_DATA_REJECTED 11
4309	#define SSL_CERTIFICATE_VERIFY 12
4310	#define SSL_HANDOFF 13
4311	#define SSL_HANDBACK 14
4312
4313	// SSL_want returns one of the above values to determine what the most recent
4314	// operation on \|ssl\| was blocked on. Use \|SSL_get_error\| instead.
4315	OPENSSL_EXPORT int SSL_want(const SSL *ssl);
4316
4317	#define SSL_want_read(ssl) (SSL_want(ssl) == SSL_READING)
4318	#define SSL_want_write(ssl) (SSL_want(ssl) == SSL_WRITING)
4319
4320	// SSL_get_finished writes up to \|count\| bytes of the Finished message sent by
4321	// \|ssl\| to \|buf\|. It returns the total untruncated length or zero if none has
4322	// been sent yet. At TLS 1.3 and later, it returns zero.
4323	//
4324	// Use \|SSL_get_tls_unique\| instead.
4325	OPENSSL_EXPORT size_t SSL_get_finished(const SSL ssl, void* *buf, size_t count);
4326
4327	// SSL_get_peer_finished writes up to \|count\| bytes of the Finished message
4328	// received from \|ssl\|'s peer to \|buf\|. It returns the total untruncated length
4329	// or zero if none has been received yet. At TLS 1.3 and later, it returns
4330	// zero.
4331	//
4332	// Use \|SSL_get_tls_unique\| instead.
4333	OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL ssl, void* *buf,
4334	size_t count);
4335
4336	// SSL_alert_type_string returns "!". Use \|SSL_alert_type_string_long\|
4337	// instead.
4338	OPENSSL_EXPORT const char SSL_alert_type_string(int* value);
4339
4340	// SSL_alert_desc_string returns "!!". Use \|SSL_alert_desc_string_long\|
4341	// instead.
4342	OPENSSL_EXPORT const char SSL_alert_desc_string(int* value);
4343
4344	// SSL_state_string returns "!!!!!!". Use \|SSL_state_string_long\| for a more
4345	// intelligible string.
4346	OPENSSL_EXPORT const char SSL_state_string(const* SSL *ssl);
4347
4348	// SSL_TXT_ expand to strings.*
4349	#define SSL_TXT_MEDIUM "MEDIUM"
4350	#define SSL_TXT_HIGH "HIGH"
4351	#define SSL_TXT_FIPS "FIPS"
4352	#define SSL_TXT_kRSA "kRSA"
4353	#define SSL_TXT_kDHE "kDHE"
4354	#define SSL_TXT_kEDH "kEDH"
4355	#define SSL_TXT_kECDHE "kECDHE"
4356	#define SSL_TXT_kEECDH "kEECDH"
4357	#define SSL_TXT_kPSK "kPSK"
4358	#define SSL_TXT_aRSA "aRSA"
4359	#define SSL_TXT_aECDSA "aECDSA"
4360	#define SSL_TXT_aPSK "aPSK"
4361	#define SSL_TXT_DH "DH"
4362	#define SSL_TXT_DHE "DHE"
4363	#define SSL_TXT_EDH "EDH"
4364	#define SSL_TXT_RSA "RSA"
4365	#define SSL_TXT_ECDH "ECDH"
4366	#define SSL_TXT_ECDHE "ECDHE"
4367	#define SSL_TXT_EECDH "EECDH"
4368	#define SSL_TXT_ECDSA "ECDSA"
4369	#define SSL_TXT_PSK "PSK"
4370	#define SSL_TXT_3DES "3DES"
4371	#define SSL_TXT_RC4 "RC4"
4372	#define SSL_TXT_AES128 "AES128"
4373	#define SSL_TXT_AES256 "AES256"
4374	#define SSL_TXT_AES "AES"
4375	#define SSL_TXT_AES_GCM "AESGCM"
4376	#define SSL_TXT_CHACHA20 "CHACHA20"
4377	#define SSL_TXT_MD5 "MD5"
4378	#define SSL_TXT_SHA1 "SHA1"
4379	#define SSL_TXT_SHA "SHA"
4380	#define SSL_TXT_SHA256 "SHA256"
4381	#define SSL_TXT_SHA384 "SHA384"
4382	#define SSL_TXT_SSLV3 "SSLv3"
4383	#define SSL_TXT_TLSV1 "TLSv1"
4384	#define SSL_TXT_TLSV1_1 "TLSv1.1"
4385	#define SSL_TXT_TLSV1_2 "TLSv1.2"
4386	#define SSL_TXT_TLSV1_3 "TLSv1.3"
4387	#define SSL_TXT_ALL "ALL"
4388	#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
4389
4390	typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
4391
4392	// SSL_state returns \|SSL_ST_INIT\| if a handshake is in progress and \|SSL_ST_OK\|
4393	// otherwise.
4394	//
4395	// Use \|SSL_is_init\| instead.
4396	OPENSSL_EXPORT int SSL_state(const SSL *ssl);
4397
4398	#define SSL_get_state(ssl) SSL_state(ssl)
4399
4400	// SSL_set_shutdown causes \|ssl\| to behave as if the shutdown bitmask (see
4401	// \|SSL_get_shutdown\|) were \|mode\|. This may be used to skip sending or
4402	// receiving close_notify in \|SSL_shutdown\| by causing the implementation to
4403	// believe the events already happened.
4404	//
4405	// It is an error to use \|SSL_set_shutdown\| to unset a bit that has already been
4406	// set. Doing so will trigger an \|assert\| in debug builds and otherwise be
4407	// ignored.
4408	//
4409	// Use \|SSL_CTX_set_quiet_shutdown\| instead.
4410	OPENSSL_EXPORT void SSL_set_shutdown(SSL ssl, int* mode);
4411
4412	// SSL_CTX_set_tmp_ecdh calls \|SSL_CTX_set1_curves\| with a one-element list
4413	// containing \|ec_key\|'s curve.
4414	OPENSSL_EXPORT int SSL_CTX_set_tmp_ecdh(SSL_CTX ctx, const* EC_KEY *ec_key);
4415
4416	// SSL_set_tmp_ecdh calls \|SSL_set1_curves\| with a one-element list containing
4417	// \|ec_key\|'s curve.
4418	OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL ssl, const* EC_KEY *ec_key);
4419
4420	// SSL_add_dir_cert_subjects_to_stack lists files in directory \|dir\|. It calls
4421	// \|SSL_add_file_cert_subjects_to_stack\| on each file and returns one on success
4422	// or zero on error. This function is only available from the libdecrepit
4423	// library.
4424	OPENSSL_EXPORT int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *out,
4425	const char *dir);
4426
4427	// SSL_set_verify_result calls \|abort\| unless \|result\| is \|X509_V_OK\|.
4428	//
4429	// TODO(davidben): Remove this function once it has been removed from
4430	// netty-tcnative.
4431	OPENSSL_EXPORT void SSL_set_verify_result(SSL ssl, long* result);
4432
4433	// SSL_CTX_enable_tls_channel_id calls \|SSL_CTX_set_tls_channel_id_enabled\|.
4434	OPENSSL_EXPORT int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx);
4435
4436	// SSL_enable_tls_channel_id calls \|SSL_set_tls_channel_id_enabled\|.
4437	OPENSSL_EXPORT int SSL_enable_tls_channel_id(SSL *ssl);
4438
4439	// BIO_f_ssl returns a \|BIO_METHOD\| that can wrap an \|SSL\| in a \|BIO\|. Note
4440	// that this has quite different behaviour from the version in OpenSSL (notably
4441	// that it doesn't try to auto renegotiate).
4442	//
4443	// IMPORTANT: if you are not curl, don't use this.
4444	OPENSSL_EXPORT const BIO_METHOD BIO_f_ssl(void*);
4445
4446	// BIO_set_ssl sets \|ssl\| as the underlying connection for \|bio\|, which must
4447	// have been created using \|BIO_f_ssl\|. If \|take_owership\| is true, \|bio\| will
4448	// call \|SSL_free\| on \|ssl\| when closed. It returns one on success or something
4449	// other than one on error.
4450	OPENSSL_EXPORT long BIO_set_ssl(BIO bio, SSL ssl, int take_owership);
4451
4452	// SSL_CTX_set_ecdh_auto returns one.
4453	#define SSL_CTX_set_ecdh_auto(ctx, onoff) 1
4454
4455	// SSL_set_ecdh_auto returns one.
4456	#define SSL_set_ecdh_auto(ssl, onoff) 1
4457
4458	// SSL_get_session returns a non-owning pointer to \|ssl\|'s session. For
4459	// historical reasons, which session it returns depends on \|ssl\|'s state.
4460	//
4461	// Prior to the start of the initial handshake, it returns the session the
4462	// caller set with \|SSL_set_session\|. After the initial handshake has finished
4463	// and if no additional handshakes are in progress, it returns the currently
4464	// active session. Its behavior is undefined while a handshake is in progress.
4465	//
4466	// If trying to add new sessions to an external session cache, use
4467	// \|SSL_CTX_sess_set_new_cb\| instead. In particular, using the callback is
4468	// required as of TLS 1.3. For compatibility, this function will return an
4469	// unresumable session which may be cached, but will never be resumed.
4470	//
4471	// If querying properties of the connection, use APIs on the \|SSL\| object.
4472	OPENSSL_EXPORT SSL_SESSION SSL_get_session(const* SSL *ssl);
4473
4474	// SSL_get0_session is an alias for \|SSL_get_session\|.
4475	#define SSL_get0_session SSL_get_session
4476
4477	// SSL_get1_session acts like \|SSL_get_session\| but returns a new reference to
4478	// the session.
4479	OPENSSL_EXPORT SSL_SESSION SSL_get1_session(SSL ssl);
4480
4481	#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0
4482	#define OPENSSL_INIT_LOAD_SSL_STRINGS 0
4483	#define OPENSSL_INIT_SSL_DEFAULT 0
4484
4485	// OPENSSL_init_ssl calls \|CRYPTO_library_init\| and returns one.
4486	OPENSSL_EXPORT int OPENSSL_init_ssl(uint64_t opts,
4487	const OPENSSL_INIT_SETTINGS *settings);
4488
4489	// The following constants are legacy aliases for RSA-PSS with rsaEncryption
4490	// keys. Use the new names instead.
4491	#define SSL_SIGN_RSA_PSS_SHA256 SSL_SIGN_RSA_PSS_RSAE_SHA256
4492	#define SSL_SIGN_RSA_PSS_SHA384 SSL_SIGN_RSA_PSS_RSAE_SHA384
4493	#define SSL_SIGN_RSA_PSS_SHA512 SSL_SIGN_RSA_PSS_RSAE_SHA512
4494
4495	// SSL_set_tlsext_status_type configures a client to request OCSP stapling if
4496	// \|type\| is \|TLSEXT_STATUSTYPE_ocsp\| and disables it otherwise. It returns one
4497	// on success and zero if handshake configuration has already been shed.
4498	//
4499	// Use \|SSL_enable_ocsp_stapling\| instead.
4500	OPENSSL_EXPORT int SSL_set_tlsext_status_type(SSL ssl, int* type);
4501
4502	// SSL_get_tlsext_status_type returns \|TLSEXT_STATUSTYPE_ocsp\| if the client
4503	// requested OCSP stapling and \|TLSEXT_STATUSTYPE_nothing\| otherwise. On the
4504	// client, this reflects whether OCSP stapling was enabled via, e.g.,
4505	// \|SSL_set_tlsext_status_type\|. On the server, this is determined during the
4506	// handshake. It may be queried in callbacks set by \|SSL_CTX_set_cert_cb\|. The
4507	// result is undefined after the handshake completes.
4508	OPENSSL_EXPORT int SSL_get_tlsext_status_type(const SSL *ssl);
4509
4510	// SSL_set_tlsext_status_ocsp_resp sets the OCSP response. It returns one on
4511	// success and zero on error. On success, \|ssl\| takes ownership of \|resp\|, which
4512	// must have been allocated by \|OPENSSL_malloc\|.
4513	//
4514	// Use \|SSL_set_ocsp_response\| instead.
4515	OPENSSL_EXPORT int SSL_set_tlsext_status_ocsp_resp(SSL ssl, uint8_t resp,
4516	size_t resp_len);
4517
4518	// SSL_get_tlsext_status_ocsp_resp sets \|out\| to point to the OCSP response*
4519	// from the server. It returns the length of the response. If there was no
4520	// response, it sets \|out\| to NULL and returns zero.*
4521	//
4522	// Use \|SSL_get0_ocsp_response\| instead.
4523	//
4524	// WARNING: the returned data is not guaranteed to be well formed.
4525	OPENSSL_EXPORT size_t SSL_get_tlsext_status_ocsp_resp(const SSL *ssl,
4526	const uint8_t **out);
4527
4528	// SSL_CTX_set_tlsext_status_cb configures the legacy OpenSSL OCSP callback and
4529	// returns one. Though the type signature is the same, this callback has
4530	// different behavior for client and server connections:
4531	//
4532	// For clients, the callback is called after certificate verification. It should
4533	// return one for success, zero for a bad OCSP response, and a negative number
4534	// for internal error. Instead, handle this as part of certificate verification.
4535	// (Historically, OpenSSL verified certificates just before parsing stapled OCSP
4536	// responses, but BoringSSL fixes this ordering. All server credentials are
4537	// available during verification.)
4538	//
4539	// Do not use this callback as a server. It is provided for compatibility
4540	// purposes only. For servers, it is called to configure server credentials. It
4541	// should return \|SSL_TLSEXT_ERR_OK\| on success, \|SSL_TLSEXT_ERR_NOACK\| to
4542	// ignore OCSP requests, or \|SSL_TLSEXT_ERR_ALERT_FATAL\| on error. It is usually
4543	// used to fetch OCSP responses on demand, which is not ideal. Instead, treat
4544	// OCSP responses like other server credentials, such as certificates or SCT
4545	// lists. Configure, store, and refresh them eagerly. This avoids downtime if
4546	// the CA's OCSP responder is briefly offline.
4547	OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx,
4548	int (callback)(SSL ssl,
4549	void *arg));
4550
4551	// SSL_CTX_set_tlsext_status_arg sets additional data for
4552	// \|SSL_CTX_set_tlsext_status_cb\|'s callback and returns one.
4553	OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX ctx, void* *arg);
4554
4555
4556	// Nodejs compatibility section (hidden).
4557	//
4558	// These defines exist for node.js, with the hope that we can eliminate the
4559	// need for them over time.
4560
4561	#define SSLerr(function, reason) \
4562	ERR_put_error(ERR_LIB_SSL, 0, reason, __FILE__, __LINE__)
4563
4564
4565	// Preprocessor compatibility section (hidden).
4566	//
4567	// Historically, a number of APIs were implemented in OpenSSL as macros and
4568	// constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this
4569	// section defines a number of legacy macros.
4570	//
4571	// Although using either the CTRL values or their wrapper macros in #ifdefs is
4572	// still supported, the CTRL values may not be passed to \|SSL_ctrl\| and
4573	// \|SSL_CTX_ctrl\|. Call the functions (previously wrapper macros) instead.
4574	//
4575	// See PORTING.md in the BoringSSL source tree for a table of corresponding
4576	// functions.
4577	// https://boringssl.googlesource.com/boringssl/+/master/PORTING.md#Replacements-for-values
4578
4579	#define DTLS_CTRL_GET_TIMEOUT doesnt_exist
4580	#define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist
4581	#define SSL_CTRL_CHAIN doesnt_exist
4582	#define SSL_CTRL_CHAIN_CERT doesnt_exist
4583	#define SSL_CTRL_CHANNEL_ID doesnt_exist
4584	#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS doesnt_exist
4585	#define SSL_CTRL_CLEAR_MODE doesnt_exist
4586	#define SSL_CTRL_CLEAR_OPTIONS doesnt_exist
4587	#define SSL_CTRL_EXTRA_CHAIN_CERT doesnt_exist
4588	#define SSL_CTRL_GET_CHAIN_CERTS doesnt_exist
4589	#define SSL_CTRL_GET_CHANNEL_ID doesnt_exist
4590	#define SSL_CTRL_GET_CLIENT_CERT_TYPES doesnt_exist
4591	#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS doesnt_exist
4592	#define SSL_CTRL_GET_MAX_CERT_LIST doesnt_exist
4593	#define SSL_CTRL_GET_NUM_RENEGOTIATIONS doesnt_exist
4594	#define SSL_CTRL_GET_READ_AHEAD doesnt_exist
4595	#define SSL_CTRL_GET_RI_SUPPORT doesnt_exist
4596	#define SSL_CTRL_GET_SERVER_TMP_KEY doesnt_exist
4597	#define SSL_CTRL_GET_SESSION_REUSED doesnt_exist
4598	#define SSL_CTRL_GET_SESS_CACHE_MODE doesnt_exist
4599	#define SSL_CTRL_GET_SESS_CACHE_SIZE doesnt_exist
4600	#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS doesnt_exist
4601	#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS doesnt_exist
4602	#define SSL_CTRL_MODE doesnt_exist
4603	#define SSL_CTRL_NEED_TMP_RSA doesnt_exist
4604	#define SSL_CTRL_OPTIONS doesnt_exist
4605	#define SSL_CTRL_SESS_NUMBER doesnt_exist
4606	#define SSL_CTRL_SET_CURVES doesnt_exist
4607	#define SSL_CTRL_SET_CURVES_LIST doesnt_exist
4608	#define SSL_CTRL_SET_ECDH_AUTO doesnt_exist
4609	#define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist
4610	#define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist
4611	#define SSL_CTRL_SET_MSG_CALLBACK doesnt_exist
4612	#define SSL_CTRL_SET_MSG_CALLBACK_ARG doesnt_exist
4613	#define SSL_CTRL_SET_MTU doesnt_exist
4614	#define SSL_CTRL_SET_READ_AHEAD doesnt_exist
4615	#define SSL_CTRL_SET_SESS_CACHE_MODE doesnt_exist
4616	#define SSL_CTRL_SET_SESS_CACHE_SIZE doesnt_exist
4617	#define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist
4618	#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG doesnt_exist
4619	#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist
4620	#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS doesnt_exist
4621	#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist
4622	#define SSL_CTRL_SET_TMP_DH doesnt_exist
4623	#define SSL_CTRL_SET_TMP_DH_CB doesnt_exist
4624	#define SSL_CTRL_SET_TMP_ECDH doesnt_exist
4625	#define SSL_CTRL_SET_TMP_ECDH_CB doesnt_exist
4626	#define SSL_CTRL_SET_TMP_RSA doesnt_exist
4627	#define SSL_CTRL_SET_TMP_RSA_CB doesnt_exist
4628
4629	// \|BORINGSSL_PREFIX\| already makes each of these symbols into macros, so there
4630	// is no need to define conflicting macros.
4631	#if !defined(BORINGSSL_PREFIX)
4632
4633	#define DTLSv1_get_timeout DTLSv1_get_timeout
4634	#define DTLSv1_handle_timeout DTLSv1_handle_timeout
4635	#define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert
4636	#define SSL_CTX_add1_chain_cert SSL_CTX_add1_chain_cert
4637	#define SSL_CTX_add_extra_chain_cert SSL_CTX_add_extra_chain_cert
4638	#define SSL_CTX_clear_extra_chain_certs SSL_CTX_clear_extra_chain_certs
4639	#define SSL_CTX_clear_chain_certs SSL_CTX_clear_chain_certs
4640	#define SSL_CTX_clear_mode SSL_CTX_clear_mode
4641	#define SSL_CTX_clear_options SSL_CTX_clear_options
4642	#define SSL_CTX_get0_chain_certs SSL_CTX_get0_chain_certs
4643	#define SSL_CTX_get_extra_chain_certs SSL_CTX_get_extra_chain_certs
4644	#define SSL_CTX_get_max_cert_list SSL_CTX_get_max_cert_list
4645	#define SSL_CTX_get_mode SSL_CTX_get_mode
4646	#define SSL_CTX_get_options SSL_CTX_get_options
4647	#define SSL_CTX_get_read_ahead SSL_CTX_get_read_ahead
4648	#define SSL_CTX_get_session_cache_mode SSL_CTX_get_session_cache_mode
4649	#define SSL_CTX_get_tlsext_ticket_keys SSL_CTX_get_tlsext_ticket_keys
4650	#define SSL_CTX_need_tmp_RSA SSL_CTX_need_tmp_RSA
4651	#define SSL_CTX_sess_get_cache_size SSL_CTX_sess_get_cache_size
4652	#define SSL_CTX_sess_number SSL_CTX_sess_number
4653	#define SSL_CTX_sess_set_cache_size SSL_CTX_sess_set_cache_size
4654	#define SSL_CTX_set0_chain SSL_CTX_set0_chain
4655	#define SSL_CTX_set1_chain SSL_CTX_set1_chain
4656	#define SSL_CTX_set1_curves SSL_CTX_set1_curves
4657	#define SSL_CTX_set_max_cert_list SSL_CTX_set_max_cert_list
4658	#define SSL_CTX_set_max_send_fragment SSL_CTX_set_max_send_fragment
4659	#define SSL_CTX_set_mode SSL_CTX_set_mode
4660	#define SSL_CTX_set_msg_callback_arg SSL_CTX_set_msg_callback_arg
4661	#define SSL_CTX_set_options SSL_CTX_set_options
4662	#define SSL_CTX_set_read_ahead SSL_CTX_set_read_ahead
4663	#define SSL_CTX_set_session_cache_mode SSL_CTX_set_session_cache_mode
4664	#define SSL_CTX_set_tlsext_servername_arg SSL_CTX_set_tlsext_servername_arg
4665	#define SSL_CTX_set_tlsext_servername_callback \
4666	SSL_CTX_set_tlsext_servername_callback
4667	#define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb
4668	#define SSL_CTX_set_tlsext_ticket_keys SSL_CTX_set_tlsext_ticket_keys
4669	#define SSL_CTX_set_tmp_dh SSL_CTX_set_tmp_dh
4670	#define SSL_CTX_set_tmp_ecdh SSL_CTX_set_tmp_ecdh
4671	#define SSL_CTX_set_tmp_rsa SSL_CTX_set_tmp_rsa
4672	#define SSL_add0_chain_cert SSL_add0_chain_cert
4673	#define SSL_add1_chain_cert SSL_add1_chain_cert
4674	#define SSL_clear_chain_certs SSL_clear_chain_certs
4675	#define SSL_clear_mode SSL_clear_mode
4676	#define SSL_clear_options SSL_clear_options
4677	#define SSL_get0_certificate_types SSL_get0_certificate_types
4678	#define SSL_get0_chain_certs SSL_get0_chain_certs
4679	#define SSL_get_max_cert_list SSL_get_max_cert_list
4680	#define SSL_get_mode SSL_get_mode
4681	#define SSL_get_options SSL_get_options
4682	#define SSL_get_secure_renegotiation_support \
4683	SSL_get_secure_renegotiation_support
4684	#define SSL_need_tmp_RSA SSL_need_tmp_RSA
4685	#define SSL_num_renegotiations SSL_num_renegotiations
4686	#define SSL_session_reused SSL_session_reused
4687	#define SSL_set0_chain SSL_set0_chain
4688	#define SSL_set1_chain SSL_set1_chain
4689	#define SSL_set1_curves SSL_set1_curves
4690	#define SSL_set_max_cert_list SSL_set_max_cert_list
4691	#define SSL_set_max_send_fragment SSL_set_max_send_fragment
4692	#define SSL_set_mode SSL_set_mode
4693	#define SSL_set_msg_callback_arg SSL_set_msg_callback_arg
4694	#define SSL_set_mtu SSL_set_mtu
4695	#define SSL_set_options SSL_set_options
4696	#define SSL_set_tlsext_host_name SSL_set_tlsext_host_name
4697	#define SSL_set_tmp_dh SSL_set_tmp_dh
4698	#define SSL_set_tmp_ecdh SSL_set_tmp_ecdh
4699	#define SSL_set_tmp_rsa SSL_set_tmp_rsa
4700	#define SSL_total_renegotiations SSL_total_renegotiations
4701
4702	#endif // !defined(BORINGSSL_PREFIX)
4703
4704
4705	#if defined(__cplusplus)
4706	} // extern C
4707
4708	#if !defined(BORINGSSL_NO_CXX)
4709
4710	extern "C++" {
4711
4712	BSSL_NAMESPACE_BEGIN
4713
4714	BORINGSSL_MAKE_DELETER(SSL, SSL_free)
4715	BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
4716	BORINGSSL_MAKE_UP_REF(SSL_CTX, SSL_CTX_up_ref)
4717	BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
4718	BORINGSSL_MAKE_UP_REF(SSL_SESSION, SSL_SESSION_up_ref)
4719
4720	enum class OpenRecordResult {
4721	kOK,
4722	kDiscard,
4723	kIncompleteRecord,
4724	kAlertCloseNotify,
4725	kError,
4726	};
4727
4728	// * EXPERIMENTAL -- DO NOT USE *
4729	//
4730	// OpenRecord decrypts the first complete SSL record from \|in\| in-place, sets
4731	// \|out\| to the decrypted application data, and \|out_record_len\| to the length
4732	// of the encrypted record. Returns:
4733	// - kOK if an application-data record was successfully decrypted and verified.
4734	// - kDiscard if a record was sucessfully processed, but should be discarded.
4735	// - kIncompleteRecord if \|in\| did not contain a complete record.
4736	// - kAlertCloseNotify if a record was successfully processed but is a
4737	// close_notify alert.
4738	// - kError if an error occurred or the record is invalid. \|out_alert\| will be*
4739	// set to an alert to emit, or zero if no alert should be emitted.
4740	OPENSSL_EXPORT OpenRecordResult OpenRecord(SSL ssl, Span<uint8_t> out,
4741	size_t *out_record_len,
4742	uint8_t *out_alert,
4743	Span<uint8_t> in);
4744
4745	OPENSSL_EXPORT size_t SealRecordPrefixLen(const SSL *ssl, size_t plaintext_len);
4746
4747	// SealRecordSuffixLen returns the length of the suffix written by \|SealRecord\|.
4748	//
4749	// \|plaintext_len\| must be equal to the size of the plaintext passed to
4750	// \|SealRecord\|.
4751	//
4752	// \|plaintext_len\| must not exceed \|SSL3_RT_MAX_PLAINTEXT_LENGTH\|. The returned
4753	// suffix length will not exceed \|SSL3_RT_MAX_ENCRYPTED_OVERHEAD\|.
4754	OPENSSL_EXPORT size_t SealRecordSuffixLen(const SSL *ssl, size_t plaintext_len);
4755
4756	// * EXPERIMENTAL -- DO NOT USE *
4757	//
4758	// SealRecord encrypts the cleartext of \|in\| and scatters the resulting TLS
4759	// application data record between \|out_prefix\|, \|out\|, and \|out_suffix\|. It
4760	// returns true on success or false if an error occurred.
4761	//
4762	// The length of \|out_prefix\| must equal \|SealRecordPrefixLen\|. The length of
4763	// \|out\| must equal the length of \|in\|, which must not exceed
4764	// \|SSL3_RT_MAX_PLAINTEXT_LENGTH\|. The length of \|out_suffix\| must equal
4765	// \|SealRecordSuffixLen\|.
4766	//
4767	// If enabled, \|SealRecord\| may perform TLS 1.0 CBC 1/n-1 record splitting.
4768	// \|SealRecordPrefixLen\| accounts for the required overhead if that is the case.
4769	//
4770	// \|out\| may equal \|in\| to encrypt in-place but may not otherwise alias.
4771	// \|out_prefix\| and \|out_suffix\| may not alias anything.
4772	OPENSSL_EXPORT bool SealRecord(SSL *ssl, Span<uint8_t> out_prefix,
4773	Span<uint8_t> out, Span<uint8_t> out_suffix,
4774	Span<const uint8_t> in);
4775
4776
4777	// * EXPERIMENTAL — DO NOT USE WITHOUT CHECKING *
4778	//
4779	// Split handshakes.
4780	//
4781	// Split handshakes allows the handshake part of a TLS connection to be
4782	// performed in a different process (or on a different machine) than the data
4783	// exchange. This only applies to servers.
4784	//
4785	// In the first part of a split handshake, an \|SSL\| (where the \|SSL_CTX\| has
4786	// been configured with \|SSL_CTX_set_handoff_mode\|) is used normally. Once the
4787	// ClientHello message has been received, the handshake will stop and
4788	// \|SSL_get_error\| will indicate \|SSL_ERROR_HANDOFF\|. At this point (and only
4789	// at this point), \|SSL_serialize_handoff\| can be called to write the “handoff”
4790	// state of the connection.
4791	//
4792	// Elsewhere, a fresh \|SSL\| can be used with \|SSL_apply_handoff\| to continue
4793	// the connection. The connection from the client is fed into this \|SSL\|, and
4794	// the handshake resumed. When the handshake stops again and \|SSL_get_error\|
4795	// indicates \|SSL_ERROR_HANDBACK\|, \|SSL_serialize_handback\| should be called to
4796	// serialize the state of the handshake again.
4797	//
4798	// Back at the first location, a fresh \|SSL\| can be used with
4799	// \|SSL_apply_handback\|. Then the client's connection can be processed mostly
4800	// as normal.
4801	//
4802	// Lastly, when a connection is in the handoff state, whether or not
4803	// \|SSL_serialize_handoff\| is called, \|SSL_decline_handoff\| will move it back
4804	// into a normal state where the connection can proceed without impact.
4805	//
4806	// WARNING: Currently only works with TLS 1.0–1.2.
4807	// WARNING: The serialisation formats are not yet stable: version skew may be
4808	// fatal.
4809	// WARNING: The handback data contains sensitive key material and must be
4810	// protected.
4811	// WARNING: Some calls on the final \|SSL\| will not work. Just as an example,
4812	// calls like \|SSL_get0_session_id_context\| and \|SSL_get_privatekey\| won't
4813	// work because the certificate used for handshaking isn't available.
4814	// WARNING: \|SSL_apply_handoff\| may trigger “msg” callback calls.
4815
4816	OPENSSL_EXPORT void SSL_CTX_set_handoff_mode(SSL_CTX ctx, bool* on);
4817	OPENSSL_EXPORT void SSL_set_handoff_mode(SSL SSL, bool* on);
4818	OPENSSL_EXPORT bool SSL_serialize_handoff(const SSL ssl, CBB out,
4819	SSL_CLIENT_HELLO *out_hello);
4820	OPENSSL_EXPORT bool SSL_decline_handoff(SSL *ssl);
4821	OPENSSL_EXPORT bool SSL_apply_handoff(SSL ssl, Span<const* uint8_t> handoff);
4822	OPENSSL_EXPORT bool SSL_serialize_handback(const SSL ssl, CBB out);
4823	OPENSSL_EXPORT bool SSL_apply_handback(SSL ssl, Span<const* uint8_t> handback);
4824
4825	// SSL_get_traffic_secrets sets \|out_read_traffic_secret\| and*
4826	// \|out_write_traffic_secret\| to reference the TLS 1.3 traffic secrets for*
4827	// \|ssl\|. This function is only valid on TLS 1.3 connections that have
4828	// completed the handshake. It returns true on success and false on error.
4829	OPENSSL_EXPORT bool SSL_get_traffic_secrets(
4830	const SSL ssl, Span<const* uint8_t> *out_read_traffic_secret,
4831	Span<const uint8_t> *out_write_traffic_secret);
4832
4833	BSSL_NAMESPACE_END
4834
4835	} // extern C++
4836
4837	#endif // !defined(BORINGSSL_NO_CXX)
4838
4839	#endif
4840
4841	#define SSL_R_APP_DATA_IN_HANDSHAKE 100
4842	#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101
4843	#define SSL_R_BAD_ALERT 102
4844	#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
4845	#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 104
4846	#define SSL_R_BAD_DH_P_LENGTH 105
4847	#define SSL_R_BAD_DIGEST_LENGTH 106
4848	#define SSL_R_BAD_ECC_CERT 107
4849	#define SSL_R_BAD_ECPOINT 108
4850	#define SSL_R_BAD_HANDSHAKE_RECORD 109
4851	#define SSL_R_BAD_HELLO_REQUEST 110
4852	#define SSL_R_BAD_LENGTH 111
4853	#define SSL_R_BAD_PACKET_LENGTH 112
4854	#define SSL_R_BAD_RSA_ENCRYPT 113
4855	#define SSL_R_BAD_SIGNATURE 114
4856	#define SSL_R_BAD_SRTP_MKI_VALUE 115
4857	#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 116
4858	#define SSL_R_BAD_SSL_FILETYPE 117
4859	#define SSL_R_BAD_WRITE_RETRY 118
4860	#define SSL_R_BIO_NOT_SET 119
4861	#define SSL_R_BN_LIB 120
4862	#define SSL_R_BUFFER_TOO_SMALL 121
4863	#define SSL_R_CA_DN_LENGTH_MISMATCH 122
4864	#define SSL_R_CA_DN_TOO_LONG 123
4865	#define SSL_R_CCS_RECEIVED_EARLY 124
4866	#define SSL_R_CERTIFICATE_VERIFY_FAILED 125
4867	#define SSL_R_CERT_CB_ERROR 126
4868	#define SSL_R_CERT_LENGTH_MISMATCH 127
4869	#define SSL_R_CHANNEL_ID_NOT_P256 128
4870	#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 129
4871	#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 130
4872	#define SSL_R_CLIENTHELLO_PARSE_FAILED 131
4873	#define SSL_R_CLIENTHELLO_TLSEXT 132
4874	#define SSL_R_CONNECTION_REJECTED 133
4875	#define SSL_R_CONNECTION_TYPE_NOT_SET 134
4876	#define SSL_R_CUSTOM_EXTENSION_ERROR 135
4877	#define SSL_R_DATA_LENGTH_TOO_LONG 136
4878	#define SSL_R_DECODE_ERROR 137
4879	#define SSL_R_DECRYPTION_FAILED 138
4880	#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 139
4881	#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 140
4882	#define SSL_R_DH_P_TOO_LONG 141
4883	#define SSL_R_DIGEST_CHECK_FAILED 142
4884	#define SSL_R_DTLS_MESSAGE_TOO_BIG 143
4885	#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 144
4886	#define SSL_R_EMS_STATE_INCONSISTENT 145
4887	#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 146
4888	#define SSL_R_ERROR_ADDING_EXTENSION 147
4889	#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 148
4890	#define SSL_R_ERROR_PARSING_EXTENSION 149
4891	#define SSL_R_EXCESSIVE_MESSAGE_SIZE 150
4892	#define SSL_R_EXTRA_DATA_IN_MESSAGE 151
4893	#define SSL_R_FRAGMENT_MISMATCH 152
4894	#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 153
4895	#define SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO 154
4896	#define SSL_R_HTTPS_PROXY_REQUEST 155
4897	#define SSL_R_HTTP_REQUEST 156
4898	#define SSL_R_INAPPROPRIATE_FALLBACK 157
4899	#define SSL_R_INVALID_COMMAND 158
4900	#define SSL_R_INVALID_MESSAGE 159
4901	#define SSL_R_INVALID_SSL_SESSION 160
4902	#define SSL_R_INVALID_TICKET_KEYS_LENGTH 161
4903	#define SSL_R_LENGTH_MISMATCH 162
4904	#define SSL_R_MISSING_EXTENSION 164
4905	#define SSL_R_MISSING_RSA_CERTIFICATE 165
4906	#define SSL_R_MISSING_TMP_DH_KEY 166
4907	#define SSL_R_MISSING_TMP_ECDH_KEY 167
4908	#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 168
4909	#define SSL_R_MTU_TOO_SMALL 169
4910	#define SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN 170
4911	#define SSL_R_NESTED_GROUP 171
4912	#define SSL_R_NO_CERTIFICATES_RETURNED 172
4913	#define SSL_R_NO_CERTIFICATE_ASSIGNED 173
4914	#define SSL_R_NO_CERTIFICATE_SET 174
4915	#define SSL_R_NO_CIPHERS_AVAILABLE 175
4916	#define SSL_R_NO_CIPHERS_PASSED 176
4917	#define SSL_R_NO_CIPHER_MATCH 177
4918	#define SSL_R_NO_COMPRESSION_SPECIFIED 178
4919	#define SSL_R_NO_METHOD_SPECIFIED 179
4920	#define SSL_R_NO_P256_SUPPORT 180
4921	#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 181
4922	#define SSL_R_NO_RENEGOTIATION 182
4923	#define SSL_R_NO_REQUIRED_DIGEST 183
4924	#define SSL_R_NO_SHARED_CIPHER 184
4925	#define SSL_R_NULL_SSL_CTX 185
4926	#define SSL_R_NULL_SSL_METHOD_PASSED 186
4927	#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 187
4928	#define SSL_R_OLD_SESSION_VERSION_NOT_RETURNED 188
4929	#define SSL_R_OUTPUT_ALIASES_INPUT 189
4930	#define SSL_R_PARSE_TLSEXT 190
4931	#define SSL_R_PATH_TOO_LONG 191
4932	#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 192
4933	#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 193
4934	#define SSL_R_PROTOCOL_IS_SHUTDOWN 194
4935	#define SSL_R_PSK_IDENTITY_NOT_FOUND 195
4936	#define SSL_R_PSK_NO_CLIENT_CB 196
4937	#define SSL_R_PSK_NO_SERVER_CB 197
4938	#define SSL_R_READ_TIMEOUT_EXPIRED 198
4939	#define SSL_R_RECORD_LENGTH_MISMATCH 199
4940	#define SSL_R_RECORD_TOO_LARGE 200
4941	#define SSL_R_RENEGOTIATION_ENCODING_ERR 201
4942	#define SSL_R_RENEGOTIATION_MISMATCH 202
4943	#define SSL_R_REQUIRED_CIPHER_MISSING 203
4944	#define SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION 204
4945	#define SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION 205
4946	#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 206
4947	#define SSL_R_SERVERHELLO_TLSEXT 207
4948	#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 208
4949	#define SSL_R_SESSION_MAY_NOT_BE_CREATED 209
4950	#define SSL_R_SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER 210
4951	#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 211
4952	#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 212
4953	#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 213
4954	#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 214
4955	#define SSL_R_SSL_HANDSHAKE_FAILURE 215
4956	#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 216
4957	#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 217
4958	#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 218
4959	#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 219
4960	#define SSL_R_TOO_MANY_WARNING_ALERTS 220
4961	#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 221
4962	#define SSL_R_UNEXPECTED_EXTENSION 222
4963	#define SSL_R_UNEXPECTED_MESSAGE 223
4964	#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 224
4965	#define SSL_R_UNEXPECTED_RECORD 225
4966	#define SSL_R_UNINITIALIZED 226
4967	#define SSL_R_UNKNOWN_ALERT_TYPE 227
4968	#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 228
4969	#define SSL_R_UNKNOWN_CIPHER_RETURNED 229
4970	#define SSL_R_UNKNOWN_CIPHER_TYPE 230
4971	#define SSL_R_UNKNOWN_DIGEST 231
4972	#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 232
4973	#define SSL_R_UNKNOWN_PROTOCOL 233
4974	#define SSL_R_UNKNOWN_SSL_VERSION 234
4975	#define SSL_R_UNKNOWN_STATE 235
4976	#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 236
4977	#define SSL_R_UNSUPPORTED_CIPHER 237
4978	#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 238
4979	#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 239
4980	#define SSL_R_UNSUPPORTED_PROTOCOL 240
4981	#define SSL_R_WRONG_CERTIFICATE_TYPE 241
4982	#define SSL_R_WRONG_CIPHER_RETURNED 242
4983	#define SSL_R_WRONG_CURVE 243
4984	#define SSL_R_WRONG_MESSAGE_TYPE 244
4985	#define SSL_R_WRONG_SIGNATURE_TYPE 245
4986	#define SSL_R_WRONG_SSL_VERSION 246
4987	#define SSL_R_WRONG_VERSION_NUMBER 247
4988	#define SSL_R_X509_LIB 248
4989	#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 249
4990	#define SSL_R_SHUTDOWN_WHILE_IN_INIT 250
4991	#define SSL_R_INVALID_OUTER_RECORD_TYPE 251
4992	#define SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY 252
4993	#define SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS 253
4994	#define SSL_R_DOWNGRADE_DETECTED 254
4995	#define SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE 255
4996	#define SSL_R_INVALID_COMPRESSION_LIST 256
4997	#define SSL_R_DUPLICATE_EXTENSION 257
4998	#define SSL_R_MISSING_KEY_SHARE 258
4999	#define SSL_R_INVALID_ALPN_PROTOCOL 259
5000	#define SSL_R_TOO_MANY_KEY_UPDATES 260
5001	#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 261
5002	#define SSL_R_NO_CIPHERS_SPECIFIED 262
5003	#define SSL_R_RENEGOTIATION_EMS_MISMATCH 263
5004	#define SSL_R_DUPLICATE_KEY_SHARE 264
5005	#define SSL_R_NO_GROUPS_SPECIFIED 265
5006	#define SSL_R_NO_SHARED_GROUP 266
5007	#define SSL_R_PRE_SHARED_KEY_MUST_BE_LAST 267
5008	#define SSL_R_OLD_SESSION_PRF_HASH_MISMATCH 268
5009	#define SSL_R_INVALID_SCT_LIST 269
5010	#define SSL_R_TOO_MUCH_SKIPPED_EARLY_DATA 270
5011	#define SSL_R_PSK_IDENTITY_BINDER_COUNT_MISMATCH 271
5012	#define SSL_R_CANNOT_PARSE_LEAF_CERT 272
5013	#define SSL_R_SERVER_CERT_CHANGED 273
5014	#define SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH 274
5015	#define SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD 275
5016	#define SSL_R_TICKET_ENCRYPTION_FAILED 276
5017	#define SSL_R_ALPN_MISMATCH_ON_EARLY_DATA 277
5018	#define SSL_R_WRONG_VERSION_ON_EARLY_DATA 278
5019	#define SSL_R_UNEXPECTED_EXTENSION_ON_EARLY_DATA 279
5020	#define SSL_R_NO_SUPPORTED_VERSIONS_ENABLED 280
5021	#define SSL_R_APPLICATION_DATA_INSTEAD_OF_HANDSHAKE 281
5022	#define SSL_R_EMPTY_HELLO_RETRY_REQUEST 282
5023	#define SSL_R_EARLY_DATA_NOT_IN_USE 283
5024	#define SSL_R_HANDSHAKE_NOT_COMPLETE 284
5025	#define SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI 285
5026	#define SSL_R_SERVER_ECHOED_INVALID_SESSION_ID 286
5027	#define SSL_R_PRIVATE_KEY_OPERATION_FAILED 287
5028	#define SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH 288
5029	#define SSL_R_OCSP_CB_ERROR 289
5030	#define SSL_R_SSL_SESSION_ID_TOO_LONG 290
5031	#define SSL_R_APPLICATION_DATA_ON_SHUTDOWN 291
5032	#define SSL_R_CERT_DECOMPRESSION_FAILED 292
5033	#define SSL_R_UNCOMPRESSED_CERT_TOO_LARGE 293
5034	#define SSL_R_UNKNOWN_CERT_COMPRESSION_ALG 294
5035	#define SSL_R_INVALID_SIGNATURE_ALGORITHM 295
5036	#define SSL_R_DUPLICATE_SIGNATURE_ALGORITHM 296
5037	#define SSL_R_TLS13_DOWNGRADE 297
5038	#define SSL_R_QUIC_INTERNAL_ERROR 298
5039	#define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 299
5040	#define SSL_R_TOO_MUCH_READ_EARLY_DATA 300
5041	#define SSL_R_INVALID_DELEGATED_CREDENTIAL 301
5042	#define SSL_R_KEY_USAGE_BIT_INCORRECT 302
5043	#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
5044	#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
5045	#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
5046	#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
5047	#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
5048	#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
5049	#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
5050	#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
5051	#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
5052	#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
5053	#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
5054	#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
5055	#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
5056	#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
5057	#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
5058	#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
5059	#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
5060	#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
5061	#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
5062	#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
5063	#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
5064	#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
5065	#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
5066	#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
5067	#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
5068	#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
5069	#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
5070	#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
5071	#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
5072	#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
5073	#define SSL_R_TLSV1_UNKNOWN_PSK_IDENTITY 1115
5074	#define SSL_R_TLSV1_CERTIFICATE_REQUIRED 1116
5075
5076	#endif // OPENSSL_HEADER_SSL_H
5077

Browse the source code of engine/third_party/boringssl/src/include/openssl/ssl.h