X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fssl.h;h=2b9a2e1471019299666388a3ffcb7a97ae69d102;hb=902d1051b140d6677e05a0e6eb8a429d2f81ee46;hp=712ec3a6dc4334221bc1f9902d0972625ddfd614;hpb=657e60fa00ddde3618600d6306be913214d30457;p=openssl.git diff --git a/ssl/ssl.h b/ssl/ssl.h index 712ec3a6dc..2b9a2e1471 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -59,12 +59,24 @@ #ifndef HEADER_SSL_H #define HEADER_SSL_H +#ifndef NO_COMP +#include +#endif +#ifndef NO_BIO +#include +#endif +#ifndef NO_X509 +#include +#endif +#ifndef NO_KRB5 +#include +#endif +#include + #ifdef __cplusplus extern "C" { #endif -#include - /* SSLeay version number for ASN.1 encoding of the session information */ /* Version 0 - initial version * Version 1 - added the optional peer certificate @@ -83,6 +95,15 @@ extern "C" { #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA +/* VRS Additional Kerberos5 entries + */ +#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 + #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 #define SSL_MAX_SID_CTX_LENGTH 32 @@ -103,6 +124,10 @@ extern "C" { #define SSL_TXT_eNULL "eNULL" #define SSL_TXT_NULL "NULL" +#define SSL_TXT_kKRB5 "kKRB5" +#define SSL_TXT_aKRB5 "aKRB5" +#define SSL_TXT_KRB5 "KRB5" + #define SSL_TXT_kRSA "kRSA" #define SSL_TXT_kDHr "kDHr" #define SSL_TXT_kDHd "kDHd" @@ -134,17 +159,16 @@ extern "C" { /* 'DEFAULT' at the start of the cipher list insert the following string * in addition to this being the default cipher string */ -#ifndef NO_RSA #define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" -#else -#define SSL_ALLOW_ADH -#define SSL_DEFAULT_CIPHER_LIST "ALL:ADH+3DES:ADH+RC4:ADH+DES:@STRENGTH" -#endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 #define SSL_RECEIVED_SHUTDOWN 2 +#ifdef __cplusplus +} +#endif + #include #include #include @@ -152,6 +176,10 @@ extern "C" { #include #include +#ifdef __cplusplus +extern "C" { +#endif + #if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2) #define NO_SSL2 #endif @@ -210,6 +238,8 @@ typedef struct ssl_method_st long (*get_timeout)(void); struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ int (*ssl_version)(); + long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)()); + long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)()); } SSL_METHOD; /* Lets make this into an ASN.1 type structure as follows @@ -321,6 +351,9 @@ typedef struct ssl_session_st * the misconception that non-blocking SSL_write() behaves like * non-blocking write(): */ #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +/* Never bother the application with retries if the transport + * is blocking: */ +#define SSL_MODE_AUTO_RETRY 0x00000004L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ @@ -346,15 +379,15 @@ typedef struct ssl_session_st #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) typedef struct ssl_comp_st -{ - int id; - char *name; -#ifdef HEADER_COMP_H - COMP_METHOD *method; + { + int id; + char *name; +#ifndef NO_COMP + COMP_METHOD *method; #else - char *method; + char *method; #endif -} SSL_COMP; + } SSL_COMP; DECLARE_STACK_OF(SSL_COMP) @@ -394,9 +427,8 @@ struct ssl_ctx_st * SSL_SESSION_free() when it has finished using it. Otherwise, * on 0, it means the callback has finished with it. * If remove_session_cb is not null, it will be called when - * a session-id is removed from the cache. Again, a return - * of 0 mens that SSLeay should not SSL_SESSION_free() since - * the application is doing something with it. */ + * a session-id is removed from the cache. After the call, + * OpenSSL will SSL_SESSION_free() it. */ int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, @@ -475,6 +507,7 @@ struct ssl_ctx_st * defined, this will still get called. */ #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 + struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); #define SSL_CTX_sess_number(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) #define SSL_CTX_sess_connect(ctx) \ @@ -536,10 +569,10 @@ struct ssl_st * same. This is so data can be read and written to different * handlers */ -#ifdef HEADER_BIO_H +#ifndef NO_BIO BIO *rbio; /* used by SSL_read */ BIO *wbio; /* used by SSL_write */ - BIO *bbio; /* used during session-id reuse to concatinate + BIO *bbio; /* used during session-id reuse to concatenate * messages */ #else char *rbio; /* used by SSL_read */ @@ -581,8 +614,8 @@ struct ssl_st unsigned char *packet; unsigned int packet_length; - struct ssl2_ctx_st *s2; /* SSLv2 variables */ - struct ssl3_ctx_st *s3; /* SSLv3 variables */ + struct ssl2_state_st *s2; /* SSLv2 variables */ + struct ssl3_state_st *s3; /* SSLv3 variables */ int read_ahead; /* Read as many input bytes as possible * (for non-blocking reads) */ @@ -600,7 +633,7 @@ struct ssl_st EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ const EVP_MD *read_hash; /* used for mac generation */ -#ifdef HEADER_COMP_H +#ifndef NO_COMP COMP_CTX *expand; /* uncompress */ #else char *expand; @@ -608,7 +641,7 @@ struct ssl_st EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ const EVP_MD *write_hash; /* used for mac generation */ -#ifdef HEADER_COMP_H +#ifndef NO_COMP COMP_CTX *compress; /* compression */ #else char *compress; @@ -638,6 +671,10 @@ struct ssl_st int error; /* error bytes to be written */ int error_code; /* actual code */ +#ifndef NO_KRB5 + KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ +#endif /* NO_KRB5 */ + SSL_CTX *ctx; /* set this flag to 1 and a sleep(1) is put into all SSL_read() * and SSL_write() calls, good for nbio debuging :-) */ @@ -658,11 +695,19 @@ struct ssl_st * SSLv3/TLS rollback check */ }; +#ifdef __cplusplus +} +#endif + #include #include #include /* This is mostly sslv3 with a few tweaks */ #include +#ifdef __cplusplus +extern "C" { +#endif + /* compatibility */ #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) #define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) @@ -728,6 +773,7 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 #define SSL_VERIFY_CLIENT_ONCE 0x04 +#define OpenSSL_add_ssl_algorithms() SSL_library_init() #define SSLeay_add_ssl_algorithms() SSL_library_init() /* this is for backward compatibility */ @@ -805,6 +851,7 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); #define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ #define SSL_ERROR_ZERO_RETURN 6 #define SSL_ERROR_WANT_CONNECT 7 +#define SSL_ERROR_WANT_ACCEPT 8 #define SSL_CTRL_NEED_TMP_RSA 1 #define SSL_CTRL_SET_TMP_RSA 2 @@ -885,7 +932,7 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); #define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack #endif -#ifdef HEADER_BIO_H +#ifndef NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client); BIO *BIO_new_ssl_connect(SSL_CTX *ctx); @@ -922,7 +969,7 @@ int SSL_set_fd(SSL *s, int fd); int SSL_set_rfd(SSL *s, int fd); int SSL_set_wfd(SSL *s, int fd); #endif -#ifdef HEADER_BIO_H +#ifndef NO_BIO void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); BIO * SSL_get_rbio(SSL *s); BIO * SSL_get_wbio(SSL *s); @@ -977,7 +1024,7 @@ int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b); #ifndef NO_FP_API int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses); #endif -#ifdef HEADER_BIO_H +#ifndef NO_BIO int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses); #endif void SSL_SESSION_free(SSL_SESSION *ses); @@ -1039,7 +1086,9 @@ int SSL_read(SSL *ssl,char *buf,int num); int SSL_peek(SSL *ssl,char *buf,int num); int SSL_write(SSL *ssl,const char *buf,int num); long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); +long SSL_callback_ctrl(SSL *, int, void (*)()); long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)()); int SSL_get_error(SSL *s,int ret_code); const char *SSL_get_version(SSL *s); @@ -1150,7 +1199,7 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); #define SSL_CTX_get_read_ahead(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) #define SSL_CTX_set_read_ahead(ctx,m) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) /* NB: the keylength is only applicable when is_export is true */ #ifndef NO_RSA @@ -1171,7 +1220,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, int keylength)); #endif -#ifdef HEADER_COMP_H +#ifndef NO_COMP int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else int SSL_COMP_add_compression_method(int id,char *cm); @@ -1210,10 +1259,12 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_F_SSL2_ACCEPT 122 #define SSL_F_SSL2_CONNECT 123 #define SSL_F_SSL2_ENC_INIT 124 +#define SSL_F_SSL2_PEEK 234 #define SSL_F_SSL2_READ 125 #define SSL_F_SSL2_SET_CERTIFICATE 126 #define SSL_F_SSL2_WRITE 127 #define SSL_F_SSL3_ACCEPT 128 +#define SSL_F_SSL3_CALLBACK_CTRL 233 #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 #define SSL_F_SSL3_CLIENT_HELLO 131 @@ -1234,6 +1285,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_F_SSL3_GET_SERVER_DONE 145 #define SSL_F_SSL3_GET_SERVER_HELLO 146 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +#define SSL_F_SSL3_PEEK 235 #define SSL_F_SSL3_READ_BYTES 148 #define SSL_F_SSL3_READ_N 149 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 @@ -1260,6 +1312,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_F_SSL_CLEAR 164 #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 #define SSL_F_SSL_CREATE_CIPHER_LIST 166 +#define SSL_F_SSL_CTRL 232 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 #define SSL_F_SSL_CTX_NEW 169 #define SSL_F_SSL_CTX_SET_PURPOSE 226 @@ -1371,9 +1424,11 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +#define SSL_R_FIXME 1101 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 @@ -1382,6 +1437,13 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_TRUST 279 +#define SSL_R_KRB5_C_CC_PRINC 1094 +#define SSL_R_KRB5_C_GET_CRED 1095 +#define SSL_R_KRB5_C_INIT 1096 +#define SSL_R_KRB5_C_MK_REQ 1097 +#define SSL_R_KRB5_S_BAD_TICKET 1098 +#define SSL_R_KRB5_S_INIT 1099 +#define SSL_R_KRB5_S_RD_REQ 1100 #define SSL_R_LENGTH_MISMATCH 159 #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 @@ -1440,6 +1502,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_READ_WRONG_PACKET_TYPE 212 #define SSL_R_RECORD_LENGTH_MISMATCH 213 #define SSL_R_RECORD_TOO_LARGE 214 +#define SSL_R_RECORD_TOO_SMALL 1093 #define SSL_R_REQUIRED_CIPHER_MISSING 215 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 @@ -1509,6 +1572,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_UNKNOWN_STATE 255 #define SSL_R_UNSUPPORTED_CIPHER 256 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +#define SSL_R_UNSUPPORTED_OPTION 1091 #define SSL_R_UNSUPPORTED_PROTOCOL 258 #define SSL_R_UNSUPPORTED_SSL_VERSION 259 #define SSL_R_WRITE_BIO_NOT_SET 260