X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fssl.h;h=9de9e611abd733161480f00bd69836fffdcd17d4;hb=9a22ce66c94294ee56d99870a47022ae0e067203;hp=457e7efcb77cc858e100690be45fceac44134326;hpb=e34cfcf7e19b5e5d39c8ba97e6e5f65f23b99ad6;p=oweals%2Fopenssl.git diff --git a/ssl/ssl.h b/ssl/ssl.h index 457e7efcb7..9de9e611ab 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -59,22 +59,16 @@ #ifndef HEADER_SSL_H #define HEADER_SSL_H -#include - -#ifndef OPENSSL_NO_COMP +#ifndef NO_COMP #include #endif -#ifndef OPENSSL_NO_BIO +#ifndef NO_BIO #include #endif -#ifndef OPENSSL_NO_X509 +#ifndef NO_X509 #include #endif -#ifndef OPENSSL_NO_KRB5 -#include -#endif #include -#include #ifdef __cplusplus extern "C" { @@ -98,15 +92,6 @@ extern "C" { #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA -/* VRS Additional Kerberos5 entries - */ -#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 - #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 #define SSL_MAX_SID_CTX_LENGTH 32 @@ -127,10 +112,6 @@ extern "C" { #define SSL_TXT_eNULL "eNULL" #define SSL_TXT_NULL "NULL" -#define SSL_TXT_kKRB5 "kKRB5" -#define SSL_TXT_aKRB5 "aKRB5" -#define SSL_TXT_KRB5 "KRB5" - #define SSL_TXT_kRSA "kRSA" #define SSL_TXT_kDHr "kDHr" #define SSL_TXT_kDHd "kDHd" @@ -148,7 +129,6 @@ extern "C" { #define SSL_TXT_RC4 "RC4" #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" -#define SSL_TXT_AES "AES" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" @@ -184,8 +164,8 @@ extern "C" { extern "C" { #endif -#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) -#define OPENSSL_NO_SSL2 +#if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2) +#define NO_SSL2 #endif #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 @@ -332,9 +312,6 @@ typedef struct ssl_session_st #define SSL_OP_SINGLE_DH_USE 0x00100000L /* Set to also use the tmp_rsa key when doing RSA operations. */ #define SSL_OP_EPHEMERAL_RSA 0x00200000L -/* Set on servers to choose the cipher according to the server's - * preferences */ -#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L /* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */ @@ -385,27 +362,11 @@ typedef struct ssl_session_st #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) -/* This callback type is used inside SSL_CTX, SSL, and in the functions that set - * them. It is used to override the generation of SSL/TLS session IDs in a - * server. Return value should be zero on an error, non-zero to proceed. Also, - * callbacks should themselves check if the id they generate is unique otherwise - * the SSL handshake will fail with an error - callbacks can do this using the - * 'ssl' value they're passed by; - * SSL_has_matching_session_id(ssl, id, *id_len) - * The length value passed in is set at the maximum size the session ID can be. - * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback - * can alter this length to be less if desired, but under SSLv2 session IDs are - * supposed to be fixed at 16 bytes so the id will be padded after the callback - * returns in this case. It is also an error for the callback to set the size to - * zero. */ -typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, - unsigned int *id_len); - typedef struct ssl_comp_st { int id; char *name; -#ifndef OPENSSL_NO_COMP +#ifndef NO_COMP COMP_METHOD *method; #else char *method; @@ -496,9 +457,6 @@ struct ssl_ctx_st int purpose; /* Purpose setting */ int trust; /* Trust setting */ - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - /* Default password callback. */ /**/ pem_password_cb *default_passwd_callback; @@ -595,7 +553,7 @@ struct ssl_st * same. This is so data can be read and written to different * handlers */ -#ifndef OPENSSL_NO_BIO +#ifndef NO_BIO BIO *rbio; /* used by SSL_read */ BIO *wbio; /* used by SSL_write */ BIO *bbio; /* used during session-id reuse to concatenate @@ -659,7 +617,7 @@ struct ssl_st EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ const EVP_MD *read_hash; /* used for mac generation */ -#ifndef OPENSSL_NO_COMP +#ifndef NO_COMP COMP_CTX *expand; /* uncompress */ #else char *expand; @@ -667,7 +625,7 @@ struct ssl_st EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ const EVP_MD *write_hash; /* used for mac generation */ -#ifndef OPENSSL_NO_COMP +#ifndef NO_COMP COMP_CTX *compress; /* compression */ #else char *compress; @@ -687,9 +645,6 @@ struct ssl_st /* This can also be in the session once a session is established */ SSL_SESSION *session; - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - /* Used in SSL2 and SSL3 */ int verify_mode; /* 0 don't care about verify failure. * 1 fail if verify fails */ @@ -700,10 +655,6 @@ struct ssl_st int error; /* error bytes to be written */ int error_code; /* actual code */ -#ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ -#endif /* OPENSSL_NO_KRB5 */ - SSL_CTX *ctx; /* set this flag to 1 and a sleep(1) is put into all SSL_read() * and SSL_write() calls, good for nbio debuging :-) */ @@ -880,7 +831,6 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); #define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ #define SSL_ERROR_ZERO_RETURN 6 #define SSL_ERROR_WANT_CONNECT 7 -#define SSL_ERROR_WANT_ACCEPT 8 #define SSL_CTRL_NEED_TMP_RSA 1 #define SSL_CTRL_SET_TMP_RSA 2 @@ -945,7 +895,23 @@ size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) -#ifndef OPENSSL_NO_BIO +/* VMS uses only 31 characters for symbols. */ +#ifdef VMS +#undef SSL_CTX_set_cert_verify_callback +#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb +#undef SSL_CTX_use_certificate_chain_file +#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file +#undef SSL_CTX_set_default_verify_paths +#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths +#undef SSL_get_ex_data_X509_STORE_CTX_idx +#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_data_X509_STOR_CTX_i +#undef SSL_add_file_cert_subjects_to_stack +#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_sub_to_stack +#undef SSL_add_dir_cert_subjects_to_stack +#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack +#endif + +#ifndef NO_BIO BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx,int client); BIO *BIO_new_ssl_connect(SSL_CTX *ctx); @@ -977,12 +943,12 @@ const char * SSL_get_cipher_list(SSL *s,int n); char * SSL_get_shared_ciphers(SSL *s, char *buf, int len); int SSL_get_read_ahead(SSL * s); int SSL_pending(SSL *s); -#ifndef OPENSSL_NO_SOCK +#ifndef NO_SOCK int SSL_set_fd(SSL *s, int fd); int SSL_set_rfd(SSL *s, int fd); int SSL_set_wfd(SSL *s, int fd); #endif -#ifndef OPENSSL_NO_BIO +#ifndef NO_BIO void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); BIO * SSL_get_rbio(SSL *s); BIO * SSL_get_wbio(SSL *s); @@ -995,7 +961,7 @@ int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *); void SSL_set_verify(SSL *s, int mode, int (*callback)(int ok,X509_STORE_CTX *ctx)); void SSL_set_verify_depth(SSL *s, int depth); -#ifndef OPENSSL_NO_RSA +#ifndef NO_RSA int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); #endif int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); @@ -1004,7 +970,7 @@ int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); int SSL_use_certificate(SSL *ssl, X509 *x); int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); -#ifndef OPENSSL_NO_STDIO +#ifndef NO_STDIO int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); int SSL_use_certificate_file(SSL *ssl, const char *file, int type); @@ -1015,16 +981,9 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM t STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); -#ifndef OPENSSL_SYS_WIN32 -#ifndef OPENSSL_SYS_VMS -#ifndef MAC_OX_pre_X int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif -#endif -#endif - -#endif void ERR_load_SSL_strings(void ); void SSL_load_error_strings(void ); @@ -1041,10 +1000,10 @@ void SSL_copy_session_id(SSL *to,SSL *from); SSL_SESSION *SSL_SESSION_new(void); unsigned long SSL_SESSION_hash(SSL_SESSION *a); int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b); -#ifndef OPENSSL_NO_FP_API +#ifndef NO_FP_API int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses); #endif -#ifndef OPENSSL_NO_BIO +#ifndef NO_BIO int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses); #endif void SSL_SESSION_free(SSL_SESSION *ses); @@ -1052,10 +1011,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); int SSL_set_session(SSL *to, SSL_SESSION *session); int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); -int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); -int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); -int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, - unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); #ifdef HEADER_X509_H @@ -1064,6 +1019,10 @@ X509 * SSL_get_peer_certificate(SSL *s); STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s); +#ifdef VMS +#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud +#endif + int SSL_CTX_get_verify_mode(SSL_CTX *ctx); int SSL_CTX_get_verify_depth(SSL_CTX *ctx); int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *); @@ -1071,7 +1030,7 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, int (*callback)(int, X509_STORE_CTX *)); void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(),char *arg); -#ifndef OPENSSL_NO_RSA +#ifndef NO_RSA int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); #endif int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); @@ -1222,7 +1181,7 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) /* NB: the keylength is only applicable when is_export is true */ -#ifndef OPENSSL_NO_RSA +#ifndef NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl,int is_export, int keylength)); @@ -1231,7 +1190,7 @@ void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl,int is_export, int keylength)); #endif -#ifndef OPENSSL_NO_DH +#ifndef NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl,int is_export, int keylength)); @@ -1240,7 +1199,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, int keylength)); #endif -#ifndef OPENSSL_NO_COMP +#ifndef NO_COMP int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else int SSL_COMP_add_compression_method(int id,char *cm); @@ -1454,17 +1413,11 @@ void ERR_load_SSL_strings(void); #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 +#define SSL_R_INTERNAL_ERROR 157 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_TRUST 279 -#define SSL_R_KRB5_C_CC_PRINC 1094 -#define SSL_R_KRB5_C_GET_CRED 1095 -#define SSL_R_KRB5_C_INIT 1096 -#define SSL_R_KRB5_C_MK_REQ 1097 -#define SSL_R_KRB5_S_BAD_TICKET 1098 -#define SSL_R_KRB5_S_INIT 1099 -#define SSL_R_KRB5_S_RD_REQ 1100 #define SSL_R_LENGTH_MISMATCH 159 #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 @@ -1552,10 +1505,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 #define SSL_R_SSL_HANDSHAKE_FAILURE 229 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 -#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102 -#define SSL_R_SSL_SESSION_ID_CONFLICT 1103 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 -#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050