Source code cleanups: Use void * rather than char * in lhash,

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 424b195f5ce31ac30d0872b92e3390f6d74ca80f..79033329f0bd09150b57eae4ad6aa2a675f7c7dd 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -123,8 +123,9 @@ extern "C" {
 #define SSL_TXT_MD5            "MD5"
 #define SSL_TXT_SHA1           "SHA1"
 #define SSL_TXT_SHA            "SHA"
-#define SSL_TXT_EXP40          "EXP"
+#define SSL_TXT_EXP            "EXP"
 #define SSL_TXT_EXPORT         "EXPORT"
+#define SSL_TXT_EXP40          "EXPORT40"
 #define SSL_TXT_EXP56          "EXPORT56"
 #define SSL_TXT_SSLV2          "SSLv2"
 #define SSL_TXT_SSLV3          "SSLv3"
@@ -134,10 +135,10 @@ extern "C" {
 /* 'DEFAULT' at the start of the cipher list insert the following string
  * in addition to this being the default cipher string */
 #ifndef NO_RSA
-#define SSL_DEFAULT_CIPHER_LIST        "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
+#define SSL_DEFAULT_CIPHER_LIST        "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
 #else
 #define SSL_ALLOW_ADH
-#define SSL_DEFAULT_CIPHER_LIST        "HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP"
+#define SSL_DEFAULT_CIPHER_LIST        "ALL:ADH+3DES:ADH+RC4:ADH+DES:@STRENGTH"
 #endif
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
@@ -151,6 +152,10 @@ extern "C" {
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 
+#if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2)
+#define NO_SSL2
+#endif
+
 #define SSL_FILETYPE_ASN1      X509_FILETYPE_ASN1
 #define SSL_FILETYPE_PEM       X509_FILETYPE_PEM
 
@@ -166,8 +171,12 @@ typedef struct ssl_cipher_st
        const char *name;               /* text name */
        unsigned long id;               /* id, 4 bytes, first is version */
        unsigned long algorithms;       /* what ciphers are used */
+       unsigned long algo_strength;    /* strength and export flags */
        unsigned long algorithm2;       /* Extra flags */
+       int strength_bits;              /* Number of bits really used */
+       int alg_bits;                   /* Number of bits for algorithm */
        unsigned long mask;             /* used for matching */
+       unsigned long mask_strength;    /* also used for matching */
        } SSL_CIPHER;
 
 DECLARE_STACK_OF(SSL_CIPHER)
@@ -215,7 +224,8 @@ typedef struct ssl_method_st
  *     Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
  *     Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
  *     Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
- *     Compression [5] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
+ *     Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'
+ *     Compression [6] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
  *     }
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -249,6 +259,9 @@ typedef struct ssl_session_st
         * (the latter is not enough as sess_cert is not retained
         * in the external representation of sessions, see ssl_asn1.c). */
        X509 *peer;
+       /* when app_verify_callback accepts a session where the peer's certificate
+        * is not ok, we must remember the error for session reuse: */
+       long verify_result; /* only for servers */
 
        int references;
        long timeout;
@@ -358,7 +371,7 @@ struct ssl_ctx_st
        struct x509_store_st /* X509_STORE */ *cert_store;
        struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSION's */
        /* Most session-ids that will be cached, default is
-        * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */
+        * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
        unsigned long session_cache_size;
        struct ssl_session_st *session_cache_head;
        struct ssl_session_st *session_cache_tail;
@@ -425,6 +438,9 @@ struct ssl_ctx_st
 /**/   unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 /**/   int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
 
+       int purpose;            /* Purpose setting */
+       int trust;              /* Trust setting */
+
        /* Default password callback. */
 /**/   pem_password_cb *default_passwd_callback;
 
@@ -434,7 +450,7 @@ struct ssl_ctx_st
        /* get client cert callback */
 /**/   int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
 
-       /* what we put in client requests */
+       /* what we put in client cert requests */
        STACK_OF(X509_NAME) *client_CA;
 
 /**/   int quiet_shutdown;
@@ -568,14 +584,18 @@ struct ssl_st
        struct ssl2_ctx_st *s2; /* SSLv2 variables */
        struct ssl3_ctx_st *s3; /* SSLv3 variables */
 
-       int read_ahead;         /* Read as many input bytes as possible */
+       int read_ahead;         /* Read as many input bytes as possible
+                                * (for non-blocking reads) */
        int hit;                /* reusing a previous session */
 
+       int purpose;            /* Purpose setting */
+       int trust;              /* Trust setting */
+
        /* crypto */
        STACK_OF(SSL_CIPHER) *cipher_list;
        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
 
-       /* These are the ones being used, the ones is SSL_SESSION are
+       /* These are the ones being used, the ones in SSL_SESSION are
         * the ones to be 'copied' into these ones */
 
        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
@@ -694,6 +714,13 @@ struct ssl_st
 #define SSL_ST_READ_BODY                       0xF1
 #define SSL_ST_READ_DONE                       0xF2
 
+/* Obtain latest Finished message
+ *   -- that we sent (SSL_get_finished)
+ *   -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+size_t SSL_get_finished(SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
+
 /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
  * are 'ored' with SSL_VERIFY_PEER if they are desired */
 #define SSL_VERIFY_NONE                        0x00
@@ -868,7 +895,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
 
 #endif
 
-int    SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
+int    SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
 SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
 void   SSL_CTX_free(SSL_CTX *);
 long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
@@ -900,7 +927,7 @@ void        SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
 BIO *  SSL_get_rbio(SSL *s);
 BIO *  SSL_get_wbio(SSL *s);
 #endif
-int    SSL_set_cipher_list(SSL *s, char *str);
+int    SSL_set_cipher_list(SSL *s, const char *str);
 void   SSL_set_read_ahead(SSL *s, int yes);
 int    SSL_get_verify_mode(SSL *s);
 int    SSL_get_verify_depth(SSL *s);
@@ -999,6 +1026,12 @@ int       SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
 SSL *  SSL_new(SSL_CTX *ctx);
 int    SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
                                   unsigned int sid_ctx_len);
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
+int SSL_set_purpose(SSL *s, int purpose);
+int SSL_CTX_set_trust(SSL_CTX *s, int trust);
+int SSL_set_trust(SSL *s, int trust);
+
 void   SSL_free(SSL *ssl);
 int    SSL_accept(SSL *ssl);
 int    SSL_connect(SSL *ssl);
@@ -1009,7 +1042,7 @@ long      SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
 long   SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
 
 int    SSL_get_error(SSL *s,int ret_code);
-char * SSL_get_version(SSL *s);
+const char *SSL_get_version(SSL *s);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
@@ -1075,7 +1108,9 @@ int SSL_version(SSL *ssl);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
        const char *CApath);
+#define SSL_get0_session SSL_get_session /* just peek at pointer */
 SSL_SESSION *SSL_get_session(SSL *ssl);
+SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
 SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
 void SSL_set_info_callback(SSL *ssl,void (*cb)());
 void (*SSL_get_info_callback(SSL *ssl))();
@@ -1086,18 +1121,18 @@ long SSL_get_verify_result(SSL *ssl);
 
 int SSL_set_ex_data(SSL *ssl,int idx,void *data);
 void *SSL_get_ex_data(SSL *ssl,int idx);
-int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-       int (*dup_func)(), void (*free_func)());
+int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+       CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
 int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
 void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-       int (*dup_func)(), void (*free_func)());
+int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+       CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
 int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
 void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
-int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-       int (*dup_func)(), void (*free_func)());
+int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+       CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
 int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 
@@ -1220,13 +1255,17 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_CERT_INSTANTIATE                      214
 #define SSL_F_SSL_CERT_NEW                              162
 #define SSL_F_SSL_CHECK_PRIVATE_KEY                     163
+#define SSL_F_SSL_CIPHER_PROCESS_RULESTR                230
+#define SSL_F_SSL_CIPHER_STRENGTH_SORT                  231
 #define SSL_F_SSL_CLEAR                                         164
 #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD           165
 #define SSL_F_SSL_CREATE_CIPHER_LIST                    166
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
 #define SSL_F_SSL_CTX_NEW                               169
+#define SSL_F_SSL_CTX_SET_PURPOSE                       226
 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT            219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION                   170
+#define SSL_F_SSL_CTX_SET_TRUST                                 229
 #define SSL_F_SSL_CTX_USE_CERTIFICATE                   171
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1              172
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE        220
@@ -1254,9 +1293,11 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_SET_CERT                              191
 #define SSL_F_SSL_SET_FD                                192
 #define SSL_F_SSL_SET_PKEY                              193
+#define SSL_F_SSL_SET_PURPOSE                           227
 #define SSL_F_SSL_SET_RFD                               194
 #define SSL_F_SSL_SET_SESSION                           195
 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT                218
+#define SSL_F_SSL_SET_TRUST                             228
 #define SSL_F_SSL_SET_WFD                               196
 #define SSL_F_SSL_SHUTDOWN                              224
 #define SSL_F_SSL_UNDEFINED_FUNCTION                    197
@@ -1283,7 +1324,6 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_BAD_AUTHENTICATION_TYPE                   102
 #define SSL_R_BAD_CHANGE_CIPHER_SPEC                    103
 #define SSL_R_BAD_CHECKSUM                              104
-#define SSL_R_BAD_CLIENT_REQUEST                        105
 #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK             106
 #define SSL_R_BAD_DECOMPRESSION                                 107
 #define SSL_R_BAD_DH_G_LENGTH                           108
@@ -1291,6 +1331,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_BAD_DH_P_LENGTH                           110
 #define SSL_R_BAD_DIGEST_LENGTH                                 111
 #define SSL_R_BAD_DSA_SIGNATURE                                 112
+#define SSL_R_BAD_HELLO_REQUEST                                 105
 #define SSL_R_BAD_LENGTH                                271
 #define SSL_R_BAD_MAC_DECODE                            113
 #define SSL_R_BAD_MESSAGE_TYPE                          114
@@ -1338,6 +1379,9 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_HTTP_REQUEST                              156
 #define SSL_R_INTERNAL_ERROR                            157
 #define SSL_R_INVALID_CHALLENGE_LENGTH                  158
+#define SSL_R_INVALID_COMMAND                           280
+#define SSL_R_INVALID_PURPOSE                           278
+#define SSL_R_INVALID_TRUST                             279
 #define SSL_R_LENGTH_MISMATCH                           159
 #define SSL_R_LENGTH_TOO_SHORT                          160
 #define SSL_R_LIBRARY_BUG                               274