summaryrefslogtreecommitdiffstats
path: root/ssl
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2011-04-29 22:37:12 +0000
committerDr. Stephen Henson <steve@openssl.org>2011-04-29 22:37:12 +0000
commit08557cf22cd7c337d7430c32fb21ed29a77a8131 (patch)
treead9cc2e9adf7a39b99ddbe69434a3d79c7cc482b /ssl
parentc4d162873f832cae400b8fee81fc826cb06d55a8 (diff)
Initial "opaque SSL" framework. If an application defines
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change.
Diffstat (limited to 'ssl')
-rw-r--r--ssl/dtls1.h3
-rw-r--r--ssl/ssl.h57
-rw-r--r--ssl/ssl2.h4
-rw-r--r--ssl/ssl3.h7
-rw-r--r--ssl/ssl_ciph.c5
-rw-r--r--ssl/ssl_err.c1
-rw-r--r--ssl/ssl_lib.c15
-rw-r--r--ssl/ssl_sess.c29
8 files changed, 109 insertions, 12 deletions
diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index 14a755c1e2..6317da958f 100644
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -105,6 +105,8 @@ extern "C" {
#define DTLS1_AL_HEADER_LENGTH 2
#endif
+#ifndef OPENSSL_NO_SSL_INTERN
+
typedef struct dtls1_bitmap_st
{
@@ -253,6 +255,7 @@ typedef struct dtls1_record_data_st
SSL3_RECORD rrec;
} DTLS1_RECORD_DATA;
+#endif
/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
#define DTLS1_TMO_READ_COUNT 2
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 49faba7a7a..c3c0a1bb34 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -359,9 +359,20 @@ extern "C" {
* in SSL_CTX. */
typedef struct ssl_st *ssl_crock_st;
typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_cipher_st SSL_CIPHER;
+typedef struct ssl_session_st SSL_SESSION;
+
+DECLARE_STACK_OF(SSL_CIPHER)
+
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
+
+
+#ifndef OPENSSL_NO_SSL_INTERN
/* used to hold info on the particular ciphers used */
-typedef struct ssl_cipher_st
+struct ssl_cipher_st
{
int valid;
const char *name; /* text name */
@@ -378,15 +389,11 @@ typedef struct ssl_cipher_st
unsigned long algorithm2; /* Extra flags */
int strength_bits; /* Number of bits really used */
int alg_bits; /* Number of bits for algorithm */
- } SSL_CIPHER;
-
-DECLARE_STACK_OF(SSL_CIPHER)
+ };
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-typedef struct ssl_method_st
+struct ssl_method_st
{
int version;
int (*ssl_new)(SSL *s);
@@ -419,7 +426,7 @@ typedef struct ssl_method_st
int (*ssl_version)(void);
long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
- } SSL_METHOD;
+ };
/* Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
@@ -444,7 +451,7 @@ typedef struct ssl_method_st
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/
-typedef struct ssl_session_st
+struct ssl_session_st
{
int ssl_version; /* what ssl version session info is
* being kept in here? */
@@ -522,8 +529,9 @@ typedef struct ssl_session_st
#ifndef OPENSSL_NO_SRP
char *srp_username;
#endif
- } SSL_SESSION;
+ };
+#endif
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
@@ -655,6 +663,8 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
#ifndef OPENSSL_NO_SRP
+#ifndef OPENSSL_NO_SSL_INTERN
+
typedef struct srp_ctx_st
{
/* param for all the callbacks */
@@ -677,6 +687,8 @@ typedef struct srp_ctx_st
unsigned long srp_Mask;
} SRP_CTX;
+#endif
+
/* see tls_srp.c */
int SSL_SRP_CTX_init(SSL *s);
int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
@@ -714,7 +726,11 @@ int SRP_have_to_put_srp_username(SSL *s);
typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
unsigned int *id_len);
-typedef struct ssl_comp_st
+typedef struct ssl_comp_st SSL_COMP;
+
+#ifndef OPENSSL_NO_SSL_INTERN
+
+struct ssl_comp_st
{
int id;
const char *name;
@@ -723,7 +739,7 @@ typedef struct ssl_comp_st
#else
char *method;
#endif
- } SSL_COMP;
+ };
DECLARE_STACK_OF(SSL_COMP)
DECLARE_LHASH_OF(SSL_SESSION);
@@ -941,6 +957,8 @@ struct ssl_ctx_st
#endif
};
+#endif
+
#define SSL_SESS_CACHE_OFF 0x0000
#define SSL_SESS_CACHE_CLIENT 0x0001
#define SSL_SESS_CACHE_SERVER 0x0002
@@ -1057,6 +1075,8 @@ const char *SSL_get_psk_identity(const SSL *s);
#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
+#ifndef OPENSSL_NO_SSL_INTERN
+
struct ssl_st
{
/* protocol version
@@ -1301,6 +1321,8 @@ struct ssl_st
#endif /* OPENSSL_NO_TLSEXT */
};
+#endif
+
#ifdef __cplusplus
}
#endif
@@ -1611,6 +1633,7 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
int SSL_get_fd(const SSL *s);
int SSL_get_rfd(const SSL *s);
@@ -1676,6 +1699,11 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t);
long SSL_SESSION_get_timeout(const SSL_SESSION *s);
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
void SSL_copy_session_id(SSL *to,const SSL *from);
+unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s);
+const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s);
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len);
SSL_SESSION *SSL_SESSION_new(void);
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
@@ -1867,6 +1895,7 @@ void SSL_set_info_callback(SSL *ssl,
void (*cb)(const SSL *ssl,int type,int val));
void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
int SSL_state(const SSL *ssl);
+void SSL_set_state(SSL *ssl, int state);
void SSL_set_verify_result(SSL *ssl,long v);
long SSL_get_verify_result(const SSL *ssl);
@@ -1977,6 +2006,9 @@ void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
void SSL_set_not_resumable_session_callback(SSL *ssl,
int (*cb)(SSL *ssl, int is_forward_secure));
+void SSL_set_debug(SSL *s, int debug);
+int SSL_cache_hit(SSL *s);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@@ -2154,6 +2186,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
#define SSL_F_SSL_SESSION_NEW 189
#define SSL_F_SSL_SESSION_PRINT_FP 190
+#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 306
#define SSL_F_SSL_SESS_CERT_NEW 225
#define SSL_F_SSL_SET_CERT 191
#define SSL_F_SSL_SET_CIPHER_LIST 271
diff --git a/ssl/ssl2.h b/ssl/ssl2.h
index 99a52ea0dd..eb25dcb0bf 100644
--- a/ssl/ssl2.h
+++ b/ssl/ssl2.h
@@ -155,6 +155,8 @@ extern "C" {
#define CERT char
#endif
+#ifndef OPENSSL_NO_SSL_INTERN
+
typedef struct ssl2_state_st
{
int three_byte_header;
@@ -219,6 +221,8 @@ typedef struct ssl2_state_st
} tmp;
} SSL2_STATE;
+#endif
+
/* SSLv2 */
/* client */
#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 4ff7c80c6c..ab63140ad2 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -339,6 +339,8 @@ extern "C" {
#define SSL3_AD_CERTIFICATE_UNKNOWN 46
#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
+#ifndef OPENSSL_NO_SSL_INTERN
+
typedef struct ssl3_record_st
{
/*r */ int type; /* type of record */
@@ -360,6 +362,8 @@ typedef struct ssl3_buffer_st
int left; /* how many bytes left */
} SSL3_BUFFER;
+#endif
+
#define SSL3_CT_RSA_SIGN 1
#define SSL3_CT_DSS_SIGN 2
#define SSL3_CT_RSA_FIXED_DH 3
@@ -380,6 +384,8 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
+#ifndef OPENSSL_NO_SSL_INTERN
+
typedef struct ssl3_state_st
{
long flags;
@@ -520,6 +526,7 @@ typedef struct ssl3_state_st
int send_connection_binding; /* TODOEKR */
} SSL3_STATE;
+#endif
/* SSLv3 */
/*client */
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index bbab6a9ec7..84829e5e9a 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1660,6 +1660,11 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
return(ret);
}
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
+ {
+ return c->id;
+ }
+
SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
{
SSL_COMP *ctmp;
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index f9475db280..af52856a68 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -238,6 +238,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
+{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"},
{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 7fb4bdf159..6f70bdfff2 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2934,6 +2934,11 @@ int SSL_state(const SSL *ssl)
return(ssl->state);
}
+void SSL_set_state(SSL *ssl, int state)
+ {
+ ssl->state = state;
+ }
+
void SSL_set_verify_result(SSL *ssl,long arg)
{
ssl->verify_result=arg;
@@ -3205,6 +3210,16 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
*hash=NULL;
}
+void SSL_set_debug(SSL *s, int debug)
+ {
+ s->debug = debug;
+ }
+
+int SSL_cache_hit(SSL *s)
+ {
+ return s->hit;
+ }
+
#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
#include "../crypto/bio/bss_file.c"
#endif
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index a3ce6525ee..3f0b19558d 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -836,6 +836,35 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
return(t);
}
+unsigned int SSL_SESSION_get_id_len(SSL_SESSION *s)
+ {
+ return s->session_id_length;
+ }
+
+const unsigned char *SSL_SESSION_get0_id(SSL_SESSION *s)
+ {
+ return s->session_id;
+ }
+
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
+ {
+ return s->peer;
+ }
+
+int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len)
+ {
+ if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+ {
+ SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return 0;
+ }
+ s->sid_ctx_length=sid_ctx_len;
+ memcpy(s->sid_ctx,sid_ctx,sid_ctx_len);
+
+ return 1;
+ }
+
long SSL_CTX_set_timeout(SSL_CTX *s, long t)
{
long l;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 16:41:59 +0000