X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl.h;h=e8d74413446fa195119e47aa7dcc47b016eb7b5f;hp=9605e343dd2ff35efdc5fafab46efa22e33e0997;hb=ff71222024503178ecc38bdc4b53ef420614a948;hpb=61f5b6f33807306d09bccbc2dcad474d1d04ca40 diff --git a/ssl/ssl.h b/ssl/ssl.h index 9605e343dd..e8d7441344 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -63,7 +63,7 @@ extern "C" { #endif -#include "safestack.h" +#include /* SSLeay version number for ASN.1 encoding of the session information */ /* Version 0 - initial version @@ -144,11 +144,11 @@ extern "C" { #define SSL_SENT_SHUTDOWN 1 #define SSL_RECEIVED_SHUTDOWN 2 -#include "crypto.h" -#include "lhash.h" -#include "buffer.h" -#include "bio.h" -#include "x509.h" +#include +#include +#include +#include +#include #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 #define SSL_FILETYPE_PEM X509_FILETYPE_PEM @@ -241,10 +241,13 @@ typedef struct ssl_session_st int not_resumable; /* The cert is the certificate used to establish this connection */ - struct cert_st /* CERT */ *cert; + struct cert_st /* CERT */ *sess_cert; + /* XXX should be struct sess_cert_st *sess_cert */ - /* This is the cert for the other end. On servers, it will be - * the same as cert->x509 */ + /* This is the cert for the other end. + * On clients, it will be the same as sess_cert->key->x509 + * (the latter is not enough as sess_cert is not retained + * in the external representation of sessions, see ssl_asn1.c). */ X509 *peer; int references; @@ -358,17 +361,10 @@ struct ssl_ctx_st * a session-id is removed from the cache. Again, a return * of 0 mens that SSLeay should not SSL_SESSION_free() since * the application is doing something with it. */ -#ifndef NOPROTO int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy); -#else - int (*new_session_cb)(); - void (*remove_session_cb)(); - SSL_SESSION *(*get_session_cb)(); -#endif - struct { int sess_connect; /* SSL new conn - started */ @@ -398,9 +394,12 @@ struct ssl_ctx_st /**/ char *app_verify_arg; /* default values to use in SSL structures */ -/**/ struct cert_st /* CERT */ *default_cert; +/**/ struct cert_st /* CERT */ *cert; /**/ int read_ahead; /**/ int verify_mode; +/**/ int verify_depth; +/**/ unsigned int sid_ctx_length; +/**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* Default password callback. */ @@ -515,6 +514,12 @@ struct ssl_st int in_handshake; int (*handshake_func)(); + /* Imagine that here's a boolean member "init" + * that is switched as soon as handshake_func becomes + * != 0 for the first time (which is why we don't actually + * need it). + */ + int server; /* are we the server side? - mostly used by SSL_clear*/ int new_session;/* 1 if we are to use a new session */ @@ -578,6 +583,7 @@ struct ssl_st /* Used in SSL2 and SSL3 */ int verify_mode; /* 0 don't care about verify failure. * 1 fail if verify fails */ + int verify_depth; int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ void (*info_callback)(); /* optional informational callback */ @@ -603,10 +609,10 @@ struct ssl_st * SSLv3/TLS rolback check */ }; -#include "ssl2.h" -#include "ssl3.h" -#include "tls1.h" /* This is mostly sslv3 with a few tweaks */ -#include "ssl23.h" +#include +#include +#include /* This is mostly sslv3 with a few tweaks */ +#include /* compatablity */ #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) @@ -810,7 +816,6 @@ struct ssl_st #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) -#ifndef NOPROTO #ifdef HEADER_BIO_H BIO_METHOD *BIO_f_ssl(void); @@ -857,10 +862,14 @@ BIO * SSL_get_wbio(SSL *s); int SSL_set_cipher_list(SSL *s, char *str); void SSL_set_read_ahead(SSL *s, int yes); int SSL_get_verify_mode(SSL *s); +int SSL_get_verify_depth(SSL *s); int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok,X509_STORE_CTX *ctx)); +void SSL_set_verify_depth(SSL *s, int depth); +#ifndef NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +#endif int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); @@ -868,16 +877,17 @@ int SSL_use_certificate(SSL *ssl, X509 *x); int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); #ifndef NO_STDIO -int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type); -int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type); -int SSL_use_certificate_file(SSL *ssl, char *file, int type); -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type); -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type); -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type); +int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); -int SSL_add_file_cert_subjects_to_stack(STACK *stackCAs, +int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); -int SSL_add_dir_cert_subjects_to_stack(STACK *stackCAs, +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif @@ -916,11 +926,15 @@ X509 * SSL_get_peer_certificate(SSL *s); STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s); int SSL_CTX_get_verify_mode(SSL_CTX *ctx); +int SSL_CTX_get_verify_depth(SSL_CTX *ctx); int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *); void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *)); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg); +#ifndef NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +#endif int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, @@ -933,6 +947,9 @@ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)()); int SSL_CTX_check_private_key(SSL_CTX *ctx); int SSL_check_private_key(SSL *ctx); +int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + SSL * SSL_new(SSL_CTX *ctx); int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, unsigned int sid_ctx_len); @@ -1010,7 +1027,8 @@ void SSL_set_shutdown(SSL *ssl,int mode); int SSL_get_shutdown(SSL *ssl); int SSL_version(SSL *ssl); int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); -int SSL_CTX_load_verify_locations(SSL_CTX *ctx,char *CAfile,char *CApath); +int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); SSL_SESSION *SSL_get_session(SSL *ssl); SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); void SSL_set_info_callback(SSL *ssl,void (*cb)()); @@ -1054,17 +1072,21 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL) /* NB: the keylength is only applicable when export is true */ +#ifndef NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int export, int keylength)); -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh)(SSL *ssl,int export,int keylength)); void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl,int export, int keylength)); +#endif +#ifndef NO_DH +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh)(SSL *ssl,int export,int keylength)); void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl,int export,int keylength)); +#endif #ifdef HEADER_COMP_H int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); @@ -1072,240 +1094,11 @@ int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); int SSL_COMP_add_compression_method(int id,char *cm); #endif -#else - -BIO_METHOD *BIO_f_ssl(); -BIO *BIO_new_ssl(); -BIO *BIO_new_ssl_connect(); -BIO *BIO_new_buffer_ssl_connect(); -int BIO_ssl_copy_session_id(); -void BIO_ssl_shutdown(); - -long SSL_CTX_set_timeout(); -long SSL_CTX_get_timeout(); -X509_STORE *SSL_CTX_get_cert_store(); -void SSL_CTX_set_cert_store(); -int SSL_want(); - -int SSL_CTX_set_cipher_list(); -SSL_CTX *SSL_CTX_new(); -void SSL_CTX_free(); -void SSL_clear(); -void SSL_CTX_flush_sessions(); - -SSL_CIPHER *SSL_get_current_cipher(); -int SSL_CIPHER_get_bits(); -char * SSL_CIPHER_get_version(); -char * SSL_CIPHER_get_name(); - -int SSL_get_fd(); -char * SSL_get_cipher_list(); -char * SSL_get_shared_ciphers(); -int SSL_get_read_ahead(); -int SSL_pending(); -#ifndef NO_SOCK -int SSL_set_fd(); -int SSL_set_rfd(); -int SSL_set_wfd(); -#endif -#ifdef HEADER_BIO_H -void SSL_set_bio(); -BIO * SSL_get_rbio(); -BIO * SSL_get_wbio(); -#endif -int SSL_set_cipher_list(); -void SSL_set_read_ahead(); -int SSL_get_verify_mode(); - -void SSL_set_verify(); -int SSL_use_RSAPrivateKey(); -int SSL_use_RSAPrivateKey_ASN1(); -int SSL_use_PrivateKey(); -int SSL_use_PrivateKey_ASN1(); -int SSL_use_certificate(); -int SSL_use_certificate_ASN1(); - -#ifndef NO_STDIO -int SSL_use_RSAPrivateKey_file(); -int SSL_use_PrivateKey_file(); -int SSL_use_certificate_file(); -int SSL_CTX_use_RSAPrivateKey_file(); -int SSL_CTX_use_PrivateKey_file(); -int SSL_CTX_use_certificate_file(); -STACK * SSL_load_client_CA_file(); -int SSL_add_file_cert_subjects_to_stack(); -int SSL_add_dir_cert_subjects_to_stack(); -#endif - -void ERR_load_SSL_strings(); -void SSL_load_error_strings(); -char * SSL_state_string(); -char * SSL_rstate_string(); -char * SSL_state_string_long(); -char * SSL_rstate_string_long(); -long SSL_SESSION_get_time(); -long SSL_SESSION_set_time(); -long SSL_SESSION_get_timeout(); -long SSL_SESSION_set_timeout(); -void SSL_copy_session_id(); - -SSL_SESSION *SSL_SESSION_new(); -unsigned long SSL_SESSION_hash(); -int SSL_SESSION_cmp(); -#ifndef NO_FP_API -int SSL_SESSION_print_fp(); -#endif -#ifdef HEADER_BIO_H -int SSL_SESSION_print(); -#endif -void SSL_SESSION_free(); -int i2d_SSL_SESSION(); -int SSL_set_session(); -int SSL_CTX_add_session(); -int SSL_CTX_remove_session(); -SSL_SESSION *d2i_SSL_SESSION(); - -#ifdef HEADER_X509_H -X509 * SSL_get_peer_certificate(); -#endif - -STACK * SSL_get_peer_cert_chain(); - -int SSL_CTX_get_verify_mode(); -int (*SSL_CTX_get_verify_callback())(); -void SSL_CTX_set_verify(); -void SSL_CTX_set_cert_verify_cb(); -int SSL_CTX_use_RSAPrivateKey(); -int SSL_CTX_use_RSAPrivateKey_ASN1(); -int SSL_CTX_use_PrivateKey(); -int SSL_CTX_use_PrivateKey_ASN1(); -int SSL_CTX_use_certificate(); -int SSL_CTX_use_certificate_ASN1(); - -void SSL_CTX_set_default_passwd_cb(); - -int SSL_CTX_check_private_key(); -int SSL_check_private_key(); - -SSL * SSL_new(); -int SSL_set_session_id_context(); -void SSL_clear(); -void SSL_free(); -int SSL_accept(); -int SSL_connect(); -int SSL_read(); -int SSL_peek(); -int SSL_write(); -long SSL_ctrl(); -long SSL_CTX_ctrl(); - -int SSL_get_error(); -char * SSL_get_version(); - -int SSL_CTX_set_ssl_version(); - -SSL_METHOD *SSLv2_method(); -SSL_METHOD *SSLv2_server_method(); -SSL_METHOD *SSLv2_client_method(); - -SSL_METHOD *SSLv3_method(); -SSL_METHOD *SSLv3_server_method(); -SSL_METHOD *SSLv3_client_method(); - -SSL_METHOD *SSLv23_method(); -SSL_METHOD *SSLv23_server_method(); -SSL_METHOD *SSLv23_client_method(); - -SSL_METHOD *TLSv1_method(); -SSL_METHOD *TLSv1_server_method(); -SSL_METHOD *TLSv1_client_method(); - -STACK *SSL_get_ciphers(); - -int SSL_do_handshake(); -int SSL_renegotiate(); -int SSL_shutdown(); - -SSL_METHOD *SSL_get_ssl_method(); -int SSL_set_ssl_method(); -char *SSL_alert_type_string_long(); -char *SSL_alert_type_string(); -char *SSL_alert_desc_string_long(); -char *SSL_alert_desc_string(); - -void SSL_set_client_CA_list(); -void SSL_CTX_set_client_CA_list(); -STACK *SSL_get_client_CA_list(); -STACK *SSL_CTX_get_client_CA_list(); -int SSL_add_client_CA(); -int SSL_CTX_add_client_CA(); - -void SSL_set_connect_state(); -void SSL_set_accept_state(); - -long SSL_get_default_timeout(); - -int SSL_library_init(); - -char *SSL_CIPHER_description(); -STACK *SSL_dup_CA_list(); - -SSL *SSL_dup(); - -X509 *SSL_get_certificate(); -/* EVP * */ struct evp_pkey_st *SSL_get_privatekey(); - -#ifdef this_is_for_mk1mf_pl -EVP *SSL_get_privatekey(); -#endif - -void SSL_CTX_set_quiet_shutdown(); -int SSL_CTX_get_quiet_shutdown(); -void SSL_set_quiet_shutdown(); -int SSL_get_quiet_shutdown(); -void SSL_set_shutdown(); -int SSL_get_shutdown(); -int SSL_version(); -int SSL_CTX_set_default_verify_paths(); -int SSL_CTX_load_verify_locations(); -SSL_SESSION *SSL_get_session(); -SSL_CTX *SSL_get_SSL_CTX(); -void SSL_set_info_callback(); -void (*SSL_get_info_callback())(); -int SSL_state(); -void SSL_set_verify_result(); -long SSL_get_verify_result(); - -int SSL_set_ex_data(); -char *SSL_get_ex_data(); -int SSL_get_ex_new_index(); - -int SSL_SESSION_set_ex_data(); -char *SSL_SESSION_get_ex_data(); -int SSL_SESSION_get_ex_new_index(); - -int SSL_CTX_set_ex_data(); -char *SSL_CTX_get_ex_data(); -int SSL_CTX_get_ex_new_index(); - -int SSL_get_ex_data_X509_STORE_CTX_idx(); -int SSL_COMP_add_compression_method(); - -/* For the next 2, the callbacks are - * RSA *tmp_rsa_cb(SSL *ssl,int export) - * DH *tmp_dh_cb(SSL *ssl,int export) +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. */ -void SSL_CTX_set_tmp_rsa_callback(); -void SSL_CTX_set_tmp_dh_callback(); - -void SSL_set_tmp_rsa_callback(); -void SSL_set_tmp_dh_callback(); - -/* #endif */ -#endif - -/* BEGIN ERROR CODES */ /* Error codes for the SSL functions. */ /* Function codes. */ @@ -1374,6 +1167,8 @@ void SSL_set_tmp_dh_callback(); #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 #define SSL_F_SSL_BAD_METHOD 160 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +#define SSL_F_SSL_CERT_DUP 221 +#define SSL_F_SSL_CERT_INST 222 #define SSL_F_SSL_CERT_INSTANTIATE 214 #define SSL_F_SSL_CERT_NEW 162 #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 @@ -1382,9 +1177,11 @@ void SSL_set_tmp_dh_callback(); #define SSL_F_SSL_CREATE_CIPHER_LIST 166 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 #define SSL_F_SSL_CTX_NEW 169 +#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 #define SSL_F_SSL_CTX_USE_CERTIFICATE 171 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 #define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 @@ -1400,6 +1197,7 @@ void SSL_set_tmp_dh_callback(); #define SSL_F_SSL_INIT_WBIO_BUFFER 184 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 #define SSL_F_SSL_NEW 186 +#define SSL_F_SSL_READ 223 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 #define SSL_F_SSL_SESSION_NEW 189 @@ -1411,6 +1209,7 @@ void SSL_set_tmp_dh_callback(); #define SSL_F_SSL_SET_SESSION 195 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 #define SSL_F_SSL_SET_WFD 196 +#define SSL_F_SSL_SHUTDOWN 224 #define SSL_F_SSL_UNDEFINED_FUNCTION 197 #define SSL_F_SSL_USE_CERTIFICATE 198 #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 @@ -1492,6 +1291,7 @@ void SSL_set_tmp_dh_callback(); #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_LENGTH_MISMATCH 159 #define SSL_R_LENGTH_TOO_SHORT 160 +#define SSL_R_LIBRARY_BUG 274 #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 #define SSL_R_MISSING_DH_DSA_CERT 162 #define SSL_R_MISSING_DH_KEY 163 @@ -1602,6 +1402,7 @@ void SSL_set_tmp_dh_callback(); #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 #define SSL_R_UNEXPECTED_MESSAGE 244 #define SSL_R_UNEXPECTED_RECORD 245 +#define SSL_R_UNINITIALIZED 276 #define SSL_R_UNKNOWN_ALERT_TYPE 246 #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 #define SSL_R_UNKNOWN_CIPHER_RETURNED 248 @@ -1626,7 +1427,7 @@ void SSL_set_tmp_dh_callback(); #define SSL_R_WRONG_VERSION_NUMBER 267 #define SSL_R_X509_LIB 268 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 - + #ifdef __cplusplus } #endif