2 Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
3 Use is subject to license terms.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; see the file COPYING. If not, write to the
16 Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
20 /* ssl.h defines openssl compatibility layer
26 #ifndef yaSSL_openssl_h__
27 #define yaSSL_openssl_h__
30 #include "prefix_ssl.h"
33 #include <stdio.h> /* ERR_print fp */
34 #include "opensslv.h" /* for version number */
38 #define YASSL_VERSION "2.2.2"
41 #if defined(__cplusplus)
45 void yaSSL_CleanUp(); /* call once at end of application use to
46 free static singleton memory holders,
47 not a leak per se, but helpful when
50 #if defined(__cplusplus)
54 #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
59 #undef X509_NAME /* wincrypt.h clash */
61 #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
73 typedef struct SSL SSL
;
74 typedef struct SSL_SESSION SSL_SESSION
;
75 typedef struct SSL_METHOD SSL_METHOD
;
76 typedef struct SSL_CTX SSL_CTX
;
77 typedef struct SSL_CIPHER SSL_CIPHER
;
79 typedef struct RSA RSA
;
81 typedef struct X509 X509
;
82 typedef struct X509_NAME X509_NAME
;
86 /* Big Number stuff, different file? */
87 typedef struct BIGNUM BIGNUM
;
89 BIGNUM
*BN_bin2bn(const unsigned char*, int, BIGNUM
*);
92 /* Diffie-Hellman stuff, different file? */
93 /* mySQL deferences to set group parameters */
105 RSA
* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*);
108 /* X509 stuff, different file? */
110 /* because mySQL dereferences to use error and current_cert, even after calling
111 * get functions for local references */
112 typedef struct X509_STORE_CTX
{
119 typedef struct X509_STORE X509_STORE
;
120 typedef struct X509_LOOKUP X509_LOOKUP
;
121 typedef struct X509_OBJECT
{ char c
; } X509_OBJECT
;
122 typedef struct X509_CRL X509_CRL
;
123 typedef struct X509_REVOKED X509_REVOKED
;
124 typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD
;
127 void X509_free(X509
*);
131 typedef struct BIO BIO
;
137 X509
* X509_STORE_CTX_get_current_cert(X509_STORE_CTX
*);
138 int X509_STORE_CTX_get_error(X509_STORE_CTX
*);
139 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX
*);
141 char* X509_NAME_oneline(X509_NAME
*, char*, int);
142 X509_NAME
* X509_get_issuer_name(X509
*);
143 X509_NAME
* X509_get_subject_name(X509
*);
144 const char* X509_verify_cert_error_string(long);
146 int X509_LOOKUP_add_dir(X509_LOOKUP
*, const char*, long);
147 int X509_LOOKUP_load_file(X509_LOOKUP
*, const char*, long);
148 X509_LOOKUP_METHOD
* X509_LOOKUP_hash_dir(void);
149 X509_LOOKUP_METHOD
* X509_LOOKUP_file(void);
151 X509_LOOKUP
* X509_STORE_add_lookup(X509_STORE
*, X509_LOOKUP_METHOD
*);
152 X509_STORE
* X509_STORE_new(void);
153 int X509_STORE_get_by_subject(X509_STORE_CTX
*, int, X509_NAME
*,
159 enum { /* X509 Constants */
161 X509_V_ERR_CERT_CHAIN_TOO_LONG
= 1,
162 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
= 2,
163 X509_V_ERR_CERT_NOT_YET_VALID
= 3,
164 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
= 4,
165 X509_V_ERR_CERT_HAS_EXPIRED
= 5,
166 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
= 6,
167 X509_FILETYPE_PEM
= 7,
170 X509_V_ERR_CRL_SIGNATURE_FAILURE
= 10,
171 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
= 11,
172 X509_V_ERR_CRL_HAS_EXPIRED
= 12,
173 X509_V_ERR_CERT_REVOKED
= 13,
174 X509_V_FLAG_CRL_CHECK
= 14,
175 X509_V_FLAG_CRL_CHECK_ALL
= 15
179 /* Error stuff, could move to yassl_error */
180 unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *);
181 void ERR_print_errors_fp(FILE*);
182 char* ERR_error_string(unsigned long,char*);
183 void ERR_remove_state(unsigned long);
184 unsigned long ERR_get_error(void);
185 unsigned long ERR_peek_error(void);
186 int ERR_GET_REASON(int);
189 enum { /* ERR Constants */
191 EVP_R_BAD_DECRYPT
= 2
195 Allow type used by SSL_set_fd to be changed, default to int
196 in order to be compatible with OpenSSL
198 #ifndef YASSL_SOCKET_T_DEFINED
199 typedef int YASSL_SOCKET_T
;
202 SSL_CTX
* SSL_CTX_new(SSL_METHOD
*);
203 SSL
* SSL_new(SSL_CTX
*);
204 int SSL_set_fd (SSL
*, YASSL_SOCKET_T
);
205 YASSL_SOCKET_T
SSL_get_fd(const SSL
*);
206 int SSL_connect(SSL
*); /* if you get an error from connect
207 see note at top of README */
208 int SSL_write(SSL
*, const void*, int);
209 int SSL_read(SSL
*, void*, int);
210 int SSL_accept(SSL
*);
211 void SSL_CTX_free(SSL_CTX
*);
214 int SSL_shutdown(SSL
*);
216 void SSL_set_connect_state(SSL
*);
217 void SSL_set_accept_state(SSL
*);
218 int SSL_do_handshake(SSL
*);
220 const char* SSL_get_cipher(SSL
*);
221 const char* SSL_get_cipher_name(SSL
*); /* uses SSL_get_cipher */
222 char* SSL_get_shared_ciphers(SSL
*, char*, int);
223 const char* SSL_get_cipher_list(SSL
*, int);
224 const char* SSL_get_version(SSL
*);
225 const char* SSLeay_version(int);
227 int SSL_get_error(SSL
*, int);
228 void SSL_load_error_strings(void);
230 int SSL_set_session(SSL
*ssl
, SSL_SESSION
*session
);
231 SSL_SESSION
* SSL_get_session(SSL
* ssl
);
232 void SSL_flush_sessions(SSL_CTX
*ctx
, long tm
);
233 long SSL_SESSION_set_timeout(SSL_SESSION
*, long);
234 long SSL_CTX_set_session_cache_mode(SSL_CTX
* ctx
, long mode
);
235 X509
* SSL_get_peer_certificate(SSL
*);
236 long SSL_get_verify_result(SSL
*);
239 typedef int (*VerifyCallback
)(int, X509_STORE_CTX
*);
240 typedef int (*pem_password_cb
)(char*, int, int, void*);
242 void SSL_CTX_set_verify(SSL_CTX
*, int, VerifyCallback verify_callback
);
243 int SSL_CTX_load_verify_locations(SSL_CTX
*, const char*, const char*);
244 int SSL_CTX_set_default_verify_paths(SSL_CTX
*);
245 int SSL_CTX_check_private_key(SSL_CTX
*);
246 int SSL_CTX_set_session_id_context(SSL_CTX
*, const unsigned char*,
249 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX
*, RSA
*(*)(SSL
*, int, int));
250 long SSL_CTX_set_options(SSL_CTX
*, long);
251 long SSL_CTX_set_session_cache_mode(SSL_CTX
*, long);
252 long SSL_CTX_set_timeout(SSL_CTX
*, long);
253 int SSL_CTX_use_certificate_chain_file(SSL_CTX
*, const char*);
254 void SSL_CTX_set_default_passwd_cb(SSL_CTX
*, pem_password_cb
);
255 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX
*, const char*, int);
256 void SSL_CTX_set_info_callback(SSL_CTX
*, void (*)());
258 long SSL_CTX_sess_accept(SSL_CTX
*);
259 long SSL_CTX_sess_connect(SSL_CTX
*);
260 long SSL_CTX_sess_accept_good(SSL_CTX
*);
261 long SSL_CTX_sess_connect_good(SSL_CTX
*);
262 long SSL_CTX_sess_accept_renegotiate(SSL_CTX
*);
263 long SSL_CTX_sess_connect_renegotiate(SSL_CTX
*);
264 long SSL_CTX_sess_hits(SSL_CTX
*);
265 long SSL_CTX_sess_cb_hits(SSL_CTX
*);
266 long SSL_CTX_sess_cache_full(SSL_CTX
*);
267 long SSL_CTX_sess_misses(SSL_CTX
*);
268 long SSL_CTX_sess_timeouts(SSL_CTX
*);
269 long SSL_CTX_sess_number(SSL_CTX
*);
270 long SSL_CTX_sess_get_cache_size(SSL_CTX
*);
272 int SSL_CTX_get_verify_mode(SSL_CTX
*);
273 int SSL_get_verify_mode(SSL
*);
274 int SSL_CTX_get_verify_depth(SSL_CTX
*);
275 int SSL_get_verify_depth(SSL
*);
277 long SSL_get_default_timeout(SSL
*);
278 long SSL_CTX_get_session_cache_mode(SSL_CTX
*);
279 int SSL_session_reused(SSL
*);
281 int SSL_set_rfd(SSL
*, int);
282 int SSL_set_wfd(SSL
*, int);
283 void SSL_set_shutdown(SSL
*, int);
284 void SSL_set_quiet_shutdown(SSL
*ssl
,int mode
);
285 int SSL_get_quiet_shutdown(SSL
*ssl
);
287 int SSL_want_read(SSL
*);
288 int SSL_want_write(SSL
*);
290 int SSL_pending(SSL
*);
293 enum { /* ssl Constants */
294 SSL_WOULD_BLOCK
= -8,
297 SSL_BAD_FILETYPE
= -5,
299 SSL_NOT_IMPLEMENTED
= -3,
301 SSL_FATAL_ERROR
= -1,
302 SSL_NORMAL_SHUTDOWN
= 0,
303 SSL_ERROR_NONE
= 0, /* for most functions */
304 SSL_FAILURE
= 0, /* for some functions */
307 SSL_FILETYPE_ASN1
= 10,
308 SSL_FILETYPE_PEM
= 11,
309 SSL_FILETYPE_DEFAULT
= 10, /* ASN1 */
313 SSL_VERIFY_FAIL_IF_NO_PEER_CERT
= 2,
314 SSL_VERIFY_CLIENT_ONCE
= 4,
316 SSL_SESS_CACHE_OFF
= 30,
317 SSL_SESS_CACHE_CLIENT
= 31,
318 SSL_SESS_CACHE_SERVER
= 32,
319 SSL_SESS_CACHE_BOTH
= 33,
320 SSL_SESS_CACHE_NO_AUTO_CLEAR
= 34,
321 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
= 35,
323 SSL_OP_MICROSOFT_SESS_ID_BUG
= 50,
324 SSL_OP_NETSCAPE_CHALLENGE_BUG
= 51,
325 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
= 52,
326 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
= 53,
327 SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
= 54,
328 SSL_OP_MSIE_SSLV2_RSA_PADDING
= 55,
329 SSL_OP_SSLEAY_080_CLIENT_DH_BUG
= 56,
330 SSL_OP_TLS_D5_BUG
= 57,
331 SSL_OP_TLS_BLOCK_PADDING_BUG
= 58,
332 SSL_OP_TLS_ROLLBACK_BUG
= 59,
333 SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
= 60,
335 SSL_OP_SINGLE_DH_USE
= 62,
336 SSL_OP_EPHEMERAL_RSA
= 63,
337 SSL_OP_NO_SSLv2
= 64,
338 SSL_OP_NO_SSLv3
= 65,
339 SSL_OP_NO_TLSv1
= 66,
340 SSL_OP_PKCS1_CHECK_1
= 67,
341 SSL_OP_PKCS1_CHECK_2
= 68,
342 SSL_OP_NETSCAPE_CA_DN_BUG
= 69,
343 SSL_OP_NON_EXPORT_FIRST
= 70,
344 SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
= 71,
346 SSL_ERROR_WANT_READ
= 80,
347 SSL_ERROR_WANT_WRITE
= 81,
348 SSL_ERROR_SYSCALL
= 82,
349 SSL_ERROR_WANT_X509_LOOKUP
= 83,
350 SSL_ERROR_ZERO_RETURN
= 84,
356 SSL_SENT_SHUTDOWN
= 93,
357 SSL_RECEIVED_SHUTDOWN
= 94,
360 SSL_CB_HANDSHAKE_DONE
= 97
365 SSL_METHOD
*SSLv3_method(void);
366 SSL_METHOD
*SSLv3_server_method(void);
367 SSL_METHOD
*SSLv3_client_method(void);
368 SSL_METHOD
*TLSv1_server_method(void);
369 SSL_METHOD
*TLSv1_client_method(void);
370 SSL_METHOD
*TLSv1_1_server_method(void);
371 SSL_METHOD
*TLSv1_1_client_method(void);
372 SSL_METHOD
*SSLv23_server_method(void);
374 int SSL_CTX_use_certificate_file(SSL_CTX
*, const char*, int);
375 int SSL_CTX_use_PrivateKey_file(SSL_CTX
*, const char*, int);
376 int SSL_CTX_set_cipher_list(SSL_CTX
*, const char*);
378 long SSL_CTX_sess_set_cache_size(SSL_CTX
*, long);
379 long SSL_CTX_set_tmp_dh(SSL_CTX
*, DH
*);
381 void OpenSSL_add_all_algorithms(void);
382 int SSL_library_init();
383 int SSLeay_add_ssl_algorithms(void);
386 SSL_CIPHER
* SSL_get_current_cipher(SSL
*);
387 char* SSL_CIPHER_description(SSL_CIPHER
*, char*, int);
390 char* SSL_alert_type_string_long(int);
391 char* SSL_alert_desc_string_long(int);
392 char* SSL_state_string_long(SSL
*);
395 /* EVP stuff, des and md5, different file? */
398 typedef char EVP_CIPHER
;
400 typedef struct EVP_PKEY EVP_PKEY
;
402 typedef unsigned char DES_cblock
[8];
403 typedef const DES_cblock const_DES_cblock
;
404 typedef DES_cblock DES_key_schedule
;
411 const EVP_MD
* EVP_md5(void);
412 const EVP_CIPHER
* EVP_des_ede3_cbc(void);
414 typedef unsigned char opaque
;
416 int EVP_BytesToKey(const EVP_CIPHER
*, const EVP_MD
*, const opaque
*,
417 const opaque
*, int, int, opaque
*, opaque
*);
419 void DES_set_key_unchecked(const_DES_cblock
*, DES_key_schedule
*);
420 void DES_ede3_cbc_encrypt(const opaque
*, opaque
*, long, DES_key_schedule
*,
421 DES_key_schedule
*, DES_key_schedule
*, DES_cblock
*, int);
425 void RAND_screen(void);
426 const char* RAND_file_name(char*, size_t);
427 int RAND_write_file(const char*);
428 int RAND_load_file(const char*, long);
432 int RAND_status(void);
433 int RAND_bytes(unsigned char* buf
, int num
);
435 int DES_set_key(const_DES_cblock
*, DES_key_schedule
*);
436 void DES_set_odd_parity(DES_cblock
*);
437 void DES_ecb_encrypt(DES_cblock
*, DES_cblock
*, DES_key_schedule
*, int);
439 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX
*, void* userdata
);
440 void SSL_SESSION_free(SSL_SESSION
* session
);
441 int SSL_peek(SSL
* ssl
, void* buf
, int num
);
443 X509
* SSL_get_certificate(SSL
* ssl
);
444 EVP_PKEY
* SSL_get_privatekey(SSL
* ssl
);
445 EVP_PKEY
* X509_get_pubkey(X509
* x
);
447 int EVP_PKEY_copy_parameters(EVP_PKEY
* to
, const EVP_PKEY
* from
);
448 void EVP_PKEY_free(EVP_PKEY
* pkey
);
449 void ERR_error_string_n(unsigned long e
, char *buf
, size_t len
);
450 void ERR_free_strings(void);
451 void EVP_cleanup(void);
453 void* X509_get_ext_d2i(X509
* x
, int nid
, int* crit
, int* idx
);
456 #define NID_subject_alt_name 85
457 #define STACK_OF(x) x
460 /* defined here because libcurl dereferences */
461 typedef struct ASN1_STRING
{
468 typedef struct GENERAL_NAME
{
475 void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME
) *x
);
477 int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME
) *x
);
478 GENERAL_NAME
* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME
) *x
, int i
);
481 unsigned char* ASN1_STRING_data(ASN1_STRING
* x
);
482 int ASN1_STRING_length(ASN1_STRING
* x
);
483 int ASN1_STRING_type(ASN1_STRING
*x
);
485 typedef ASN1_STRING X509_NAME_ENTRY
;
487 int X509_NAME_get_index_by_NID(X509_NAME
* name
,int nid
, int lastpos
);
489 ASN1_STRING
* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY
* ne
);
490 X509_NAME_ENTRY
* X509_NAME_get_entry(X509_NAME
* name
, int loc
);
492 #define OPENSSL_malloc(x) malloc(x)
493 #define OPENSSL_free(x) free(x)
495 int ASN1_STRING_to_UTF8(unsigned char** out
, ASN1_STRING
* in
);
497 SSL_METHOD
* SSLv23_client_method(void); /* doesn't actually roll back */
498 SSL_METHOD
* SSLv2_client_method(void); /* will never work, no v 2 */
501 SSL_SESSION
* SSL_get1_session(SSL
* ssl
); /* what's ref count */
504 #define CRYPTO_free(x) free(x)
505 #define ASN1_TIME ASN1_STRING
507 ASN1_TIME
* X509_get_notBefore(X509
* x
);
508 ASN1_TIME
* X509_get_notAfter(X509
* x
);
511 #define ASN1_UTCTIME ASN1_STRING
512 #define NID_commonName 13
513 #define V_ASN1_UTF8STRING 12
516 #define CERTFICATE_ERROR 0x14090086 /* SSLv3 error */
519 typedef struct MD4_CTX
{
520 int buffer
[32]; /* big enough to hold, check size in Init */
523 void MD4_Init(MD4_CTX
*);
524 void MD4_Update(MD4_CTX
*, const void*, unsigned long);
525 void MD4_Final(unsigned char*, MD4_CTX
*);
528 typedef struct MD5_CTX
{
529 int buffer
[32]; /* big enough to hold, check size in Init */
532 void MD5_Init(MD5_CTX
*);
533 void MD5_Update(MD5_CTX
*, const void*, unsigned long);
534 void MD5_Final(unsigned char*, MD5_CTX
*);
536 #define MD5_DIGEST_LENGTH 16
539 #define SSL_DEFAULT_CIPHER_LIST "" /* default all */
543 int SSL_set_compression(SSL
*); /* turn on yaSSL zlib compression */
548 #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
554 #endif /* yaSSL_openssl_h__ */