Use an appropriate Window for selection dialog.

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index a1e464e89f8df529c199671c944ca28b0e6e5697..da105e940c51eaa8c75b37564569f84f2d6bb43c 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -160,6 +160,7 @@
 #include <openssl/buffer.h>
 #endif
 #include <openssl/pem.h>
+#include <openssl/hmac.h>
 
 #include <openssl/kssl.h>
 #include <openssl/safestack.h>
@@ -376,9 +377,6 @@ typedef struct ssl_cipher_st
 
 DECLARE_STACK_OF(SSL_CIPHER)
 
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
-
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
 typedef struct ssl_method_st
        {
@@ -589,7 +587,10 @@ typedef struct ssl_session_st
 #define SSL_MODE_AUTO_RETRY 0x00000004L
 /* Don't attempt to automatically build certificate chain */
 #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-
+/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
+ * TLS only.)  "Released" buffers are put onto a free-list in the context
+ * or just freed (depending on the context's setting for freelist_max_len). */
+#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */
@@ -658,6 +659,7 @@ typedef struct ssl_comp_st
        } SSL_COMP;
 
 DECLARE_STACK_OF(SSL_COMP)
+DECLARE_LHASH_OF(SSL_SESSION);
 
 struct ssl_ctx_st
        {
@@ -668,7 +670,7 @@ struct ssl_ctx_st
        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
 
        struct x509_store_st /* X509_STORE */ *cert_store;
-       struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSIONs */
+       LHASH_OF(SSL_SESSION) *sessions;
        /* Most session-ids that will be cached, default is
         * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
        unsigned long session_cache_size;
@@ -799,6 +801,12 @@ struct ssl_ctx_st
         */
        unsigned int max_send_fragment;
 
+#ifndef OPENSSL_ENGINE
+       /* Engine to pass requests for client certs to
+        */
+       ENGINE *client_cert_engine;
+#endif
+
 #ifndef OPENSSL_NO_TLSEXT
        /* TLS extensions servername callback */
        int (*tlsext_servername_callback)(SSL*, int *, void *);
@@ -807,6 +815,11 @@ struct ssl_ctx_st
        unsigned char tlsext_tick_key_name[16];
        unsigned char tlsext_tick_hmac_key[16];
        unsigned char tlsext_tick_aes_key[16];
+       /* Callback to support customisation of ticket key setting */
+       int (*tlsext_ticket_key_cb)(SSL *ssl,
+                                       unsigned char *name, unsigned char *iv,
+                                       EVP_CIPHER_CTX *ectx,
+                                       HMAC_CTX *hctx, int enc);
 
        /* certificate status request info */
        /* Callback for status request */
@@ -826,6 +839,13 @@ struct ssl_ctx_st
        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
                unsigned char *psk, unsigned int max_psk_len);
 #endif
+
+#if !defined(OPENSSL_NO_BUF_FREELISTS) || !defined(OPENSSL_NO_RELEASE_BUFFERS)
+#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
+       unsigned int freelist_max_len;
+       struct ssl3_buf_freelist_st *wbuf_freelist;
+       struct ssl3_buf_freelist_st *rbuf_freelist;
+#endif
        };
 
 #define SSL_SESS_CACHE_OFF                     0x0000
@@ -839,7 +859,7 @@ struct ssl_ctx_st
 #define SSL_SESS_CACHE_NO_INTERNAL \
        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
 
-  struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
 #define SSL_CTX_sess_number(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
 #define SSL_CTX_sess_connect(ctx) \
@@ -875,6 +895,9 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,
 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+#endif
 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
 
@@ -1351,6 +1374,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS     69
 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP       70
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP       71
+
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB      72
 #endif
 
 #define SSL_session_reused(ssl) \
@@ -1476,9 +1501,8 @@ long      SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
 void   SSL_copy_session_id(SSL *to,const SSL *from);
 
 SSL_SESSION *SSL_SESSION_new(void);
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
-int    SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                       unsigned int *len);
 #ifndef OPENSSL_NO_FP_API
 int    SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
 #endif
@@ -1801,7 +1825,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_ENC                                  134
 #define SSL_F_SSL3_GENERATE_KEY_BLOCK                   238
 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST              135
-#define SSL_F_SSL3_GET_CERT_STATUS                      288
+#define SSL_F_SSL3_GET_CERT_STATUS                      289
 #define SSL_F_SSL3_GET_CERT_VERIFY                      136
 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE               137
 #define SSL_F_SSL3_GET_CLIENT_HELLO                     138
@@ -1853,6 +1877,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
 #define SSL_F_SSL_CTX_NEW                               169
 #define SSL_F_SSL_CTX_SET_CIPHER_LIST                   269
+#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE            290
 #define SSL_F_SSL_CTX_SET_PURPOSE                       226
 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT            219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION                   170
@@ -1920,10 +1945,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_TLS1_PRF                                  284
 #define SSL_F_TLS1_SETUP_KEY_BLOCK                      211
 #define SSL_F_WRITE_PENDING                             212
-#define SSL_F_TLS1_FINAL_FINISH_MAC            283
-#define SSL_F_TLS1_PRF                         284
-#define SSL_F_SSL3_HANDSHAKE_MAC    285
-#define SSL_F_TLS1_CERT_VERIFY_MAC  286
+
 /* Reason codes. */
 #define SSL_R_APP_DATA_IN_HANDSHAKE                     100
 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
@@ -2048,8 +2070,10 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_CIPHERS_SPECIFIED                      183
 #define SSL_R_NO_CIPHER_LIST                            184
 #define SSL_R_NO_CIPHER_MATCH                           185
+#define SSL_R_NO_CLIENT_CERT_METHOD                     331
 #define SSL_R_NO_CLIENT_CERT_RECEIVED                   186
 #define SSL_R_NO_COMPRESSION_SPECIFIED                  187
+#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER          330
 #define SSL_R_NO_METHOD_SPECIFIED                       188
 #define SSL_R_NO_PRIVATEKEY                             189
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                   190
@@ -2183,8 +2207,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_WRONG_VERSION_NUMBER                      267
 #define SSL_R_X509_LIB                                  268
 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS          269
-#define SSL_R_NO_REQUIRED_DIGEST 324
-#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
+
 #ifdef  __cplusplus
 }
 #endif