1 /* 2 Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. 3 Use is subject to license terms. 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License as published by 7 the Free Software Foundation; version 2 of the License. 8 9 This program is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 GNU General Public License for more details. 13 14 You should have received a copy of the GNU General Public License 15 along with this program; see the file COPYING. If not, write to the 16 Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, 17 MA 02110-1335 USA. 18 */ 19 20 /* ssl.h defines openssl compatibility layer 21 * 22 */ 23 24 25 26 #ifndef yaSSL_openssl_h__ 27 #define yaSSL_openssl_h__ 28 29 #ifdef YASSL_PREFIX 30 #include "prefix_ssl.h" 31 #endif 32 33 #include <stdio.h> /* ERR_print fp */ 34 #include "opensslv.h" /* for version number */ 35 #include "rsa.h" 36 37 38 #define YASSL_VERSION "2.4.4" 39 40 41 #if defined(__cplusplus) 42 extern "C" { 43 #endif 44 45 void yaSSL_CleanUp(); /* call once at end of application use to 46 free static singleton memory holders, 47 not a leak per se, but helpful when 48 looking for them */ 49 50 #if defined(__cplusplus) 51 } // extern 52 #endif 53 54 #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) 55 namespace yaSSL { 56 extern "C" { 57 #endif 58 59 #undef X509_NAME /* wincrypt.h clash */ 60 61 #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) 62 class SSL; 63 class SSL_SESSION; 64 class SSL_METHOD; 65 class SSL_CTX; 66 class SSL_CIPHER; 67 68 class RSA; 69 70 class X509; 71 class X509_NAME; 72 #else 73 typedef struct SSL SSL; 74 typedef struct SSL_SESSION SSL_SESSION; 75 typedef struct SSL_METHOD SSL_METHOD; 76 typedef struct SSL_CTX SSL_CTX; 77 typedef struct SSL_CIPHER SSL_CIPHER; 78 79 typedef struct RSA RSA; 80 81 typedef struct X509 X509; 82 typedef struct X509_NAME X509_NAME; 83 #endif 84 85 86 /* Big Number stuff, different file? */ 87 typedef struct BIGNUM BIGNUM; 88 89 BIGNUM *BN_bin2bn(const unsigned char*, int, BIGNUM*); 90 91 92 /* Diffie-Hellman stuff, different file? */ 93 /* mySQL deferences to set group parameters */ 94 typedef struct DH { 95 BIGNUM* p; 96 BIGNUM* g; 97 } DH; 98 99 DH* DH_new(void); 100 void DH_free(DH*); 101 102 /* RSA stuff */ 103 104 void RSA_free(RSA*); 105 RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); 106 107 108 /* X509 stuff, different file? */ 109 110 /* because mySQL dereferences to use error and current_cert, even after calling 111 * get functions for local references */ 112 typedef struct X509_STORE_CTX { 113 int error; 114 int error_depth; 115 X509* current_cert; 116 } X509_STORE_CTX; 117 118 119 typedef struct X509_STORE X509_STORE; 120 typedef struct X509_LOOKUP X509_LOOKUP; 121 typedef struct X509_OBJECT { char c; } X509_OBJECT; 122 typedef struct X509_CRL X509_CRL; 123 typedef struct X509_REVOKED X509_REVOKED; 124 typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD; 125 126 127 void X509_free(X509*); 128 129 130 /* bio stuff */ 131 typedef struct BIO BIO; 132 133 /* ASN stuff */ 134 135 136 137 X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*); 138 int X509_STORE_CTX_get_error(X509_STORE_CTX*); 139 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*); 140 141 char* X509_NAME_oneline(X509_NAME*, char*, int); 142 X509_NAME* X509_get_issuer_name(X509*); 143 X509_NAME* X509_get_subject_name(X509*); 144 const char* X509_verify_cert_error_string(long); 145 146 int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long); 147 int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long); 148 X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void); 149 X509_LOOKUP_METHOD* X509_LOOKUP_file(void); 150 151 X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*); 152 X509_STORE* X509_STORE_new(void); 153 int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*, 154 X509_OBJECT*); 155 156 157 158 159 enum { /* X509 Constants */ 160 X509_V_OK = 0, 161 X509_V_ERR_CERT_CHAIN_TOO_LONG = 1, 162 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2, 163 X509_V_ERR_CERT_NOT_YET_VALID = 3, 164 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 4, 165 X509_V_ERR_CERT_HAS_EXPIRED = 5, 166 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 6, 167 X509_FILETYPE_PEM = 7, 168 X509_LU_X509 = 8, 169 X509_LU_CRL = 9, 170 X509_V_ERR_CRL_SIGNATURE_FAILURE = 10, 171 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 11, 172 X509_V_ERR_CRL_HAS_EXPIRED = 12, 173 X509_V_ERR_CERT_REVOKED = 13, 174 X509_V_FLAG_CRL_CHECK = 14, 175 X509_V_FLAG_CRL_CHECK_ALL = 15 176 }; 177 178 179 /* Error stuff, could move to yassl_error */ 180 unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *); 181 void ERR_print_errors_fp(FILE*); 182 char* ERR_error_string(unsigned long,char*); 183 void ERR_remove_state(unsigned long); 184 unsigned long ERR_get_error(void); 185 unsigned long ERR_peek_error(void); 186 int ERR_GET_REASON(int); 187 188 189 enum { /* ERR Constants */ 190 ERR_TXT_STRING = 1, 191 EVP_R_BAD_DECRYPT = 2 192 }; 193 194 /* 195 Allow type used by SSL_set_fd to be changed, default to int 196 in order to be compatible with OpenSSL 197 */ 198 #ifndef YASSL_SOCKET_T_DEFINED 199 typedef int YASSL_SOCKET_T; 200 #endif 201 202 SSL_CTX* SSL_CTX_new(SSL_METHOD*); 203 SSL* SSL_new(SSL_CTX*); 204 int SSL_set_fd (SSL*, YASSL_SOCKET_T); 205 YASSL_SOCKET_T SSL_get_fd(const SSL*); 206 int SSL_connect(SSL*); /* if you get an error from connect 207 see note at top of README */ 208 int SSL_write(SSL*, const void*, int); 209 int SSL_read(SSL*, void*, int); 210 int SSL_accept(SSL*); 211 void SSL_CTX_free(SSL_CTX*); 212 void SSL_free(SSL*); 213 int SSL_clear(SSL*); 214 int SSL_shutdown(SSL*); 215 216 void SSL_set_connect_state(SSL*); 217 void SSL_set_accept_state(SSL*); 218 int SSL_do_handshake(SSL*); 219 220 const char* SSL_get_cipher(SSL*); 221 const char* SSL_get_cipher_name(SSL*); /* uses SSL_get_cipher */ 222 char* SSL_get_shared_ciphers(SSL*, char*, int); 223 const char* SSL_get_cipher_list(SSL*, int); 224 const char* SSL_get_version(SSL*); 225 const char* SSLeay_version(int); 226 227 int SSL_get_error(SSL*, int); 228 void SSL_load_error_strings(void); 229 230 int SSL_set_session(SSL *ssl, SSL_SESSION *session); 231 SSL_SESSION* SSL_get_session(SSL* ssl); 232 void SSL_flush_sessions(SSL_CTX *ctx, long tm); 233 long SSL_SESSION_set_timeout(SSL_SESSION*, long); 234 long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode); 235 X509* SSL_get_peer_certificate(SSL*); 236 long SSL_get_verify_result(SSL*); 237 238 239 typedef int (*VerifyCallback)(int, X509_STORE_CTX*); 240 typedef int (*pem_password_cb)(char*, int, int, void*); 241 242 void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback); 243 int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*); 244 int SSL_CTX_set_default_verify_paths(SSL_CTX*); 245 int SSL_CTX_check_private_key(SSL_CTX*); 246 int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*, 247 unsigned int); 248 249 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int)); 250 long SSL_CTX_set_options(SSL_CTX*, long); 251 long SSL_CTX_set_session_cache_mode(SSL_CTX*, long); 252 long SSL_CTX_set_timeout(SSL_CTX*, long); 253 int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*); 254 void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb); 255 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int); 256 void SSL_CTX_set_info_callback(SSL_CTX*, void (*)()); 257 258 long SSL_CTX_sess_accept(SSL_CTX*); 259 long SSL_CTX_sess_connect(SSL_CTX*); 260 long SSL_CTX_sess_accept_good(SSL_CTX*); 261 long SSL_CTX_sess_connect_good(SSL_CTX*); 262 long SSL_CTX_sess_accept_renegotiate(SSL_CTX*); 263 long SSL_CTX_sess_connect_renegotiate(SSL_CTX*); 264 long SSL_CTX_sess_hits(SSL_CTX*); 265 long SSL_CTX_sess_cb_hits(SSL_CTX*); 266 long SSL_CTX_sess_cache_full(SSL_CTX*); 267 long SSL_CTX_sess_misses(SSL_CTX*); 268 long SSL_CTX_sess_timeouts(SSL_CTX*); 269 long SSL_CTX_sess_number(SSL_CTX*); 270 long SSL_CTX_sess_get_cache_size(SSL_CTX*); 271 272 int SSL_CTX_get_verify_mode(SSL_CTX*); 273 int SSL_get_verify_mode(SSL*); 274 int SSL_CTX_get_verify_depth(SSL_CTX*); 275 int SSL_get_verify_depth(SSL*); 276 277 long SSL_get_default_timeout(SSL*); 278 long SSL_CTX_get_session_cache_mode(SSL_CTX*); 279 int SSL_session_reused(SSL*); 280 281 int SSL_set_rfd(SSL*, int); 282 int SSL_set_wfd(SSL*, int); 283 void SSL_set_shutdown(SSL*, int); 284 void SSL_set_quiet_shutdown(SSL *ssl,int mode); 285 int SSL_get_quiet_shutdown(SSL *ssl); 286 287 int SSL_want_read(SSL*); 288 int SSL_want_write(SSL*); 289 290 int SSL_pending(SSL*); 291 292 293 enum { /* ssl Constants */ 294 SSL_WOULD_BLOCK = -8, 295 SSL_BAD_STAT = -7, 296 SSL_BAD_PATH = -6, 297 SSL_BAD_FILETYPE = -5, 298 SSL_BAD_FILE = -4, 299 SSL_NOT_IMPLEMENTED = -3, 300 SSL_UNKNOWN = -2, 301 SSL_FATAL_ERROR = -1, 302 SSL_NORMAL_SHUTDOWN = 0, 303 SSL_ERROR_NONE = 0, /* for most functions */ 304 SSL_FAILURE = 0, /* for some functions */ 305 SSL_SUCCESS = 1, 306 307 SSL_FILETYPE_ASN1 = 10, 308 SSL_FILETYPE_PEM = 11, 309 SSL_FILETYPE_DEFAULT = 10, /* ASN1 */ 310 311 SSL_VERIFY_NONE = 0, 312 SSL_VERIFY_PEER = 1, 313 SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2, 314 SSL_VERIFY_CLIENT_ONCE = 4, 315 316 SSL_SESS_CACHE_OFF = 30, 317 SSL_SESS_CACHE_CLIENT = 31, 318 SSL_SESS_CACHE_SERVER = 32, 319 SSL_SESS_CACHE_BOTH = 33, 320 SSL_SESS_CACHE_NO_AUTO_CLEAR = 34, 321 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35, 322 323 SSL_OP_MICROSOFT_SESS_ID_BUG = 50, 324 SSL_OP_NETSCAPE_CHALLENGE_BUG = 51, 325 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 52, 326 SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 53, 327 SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 54, 328 SSL_OP_MSIE_SSLV2_RSA_PADDING = 55, 329 SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 56, 330 SSL_OP_TLS_D5_BUG = 57, 331 SSL_OP_TLS_BLOCK_PADDING_BUG = 58, 332 SSL_OP_TLS_ROLLBACK_BUG = 59, 333 SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 60, 334 SSL_OP_ALL = 61, 335 SSL_OP_SINGLE_DH_USE = 62, 336 SSL_OP_EPHEMERAL_RSA = 63, 337 SSL_OP_NO_SSLv2 = 64, 338 SSL_OP_NO_SSLv3 = 65, 339 SSL_OP_NO_TLSv1 = 66, 340 SSL_OP_PKCS1_CHECK_1 = 67, 341 SSL_OP_PKCS1_CHECK_2 = 68, 342 SSL_OP_NETSCAPE_CA_DN_BUG = 69, 343 SSL_OP_NON_EXPORT_FIRST = 70, 344 SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 71, 345 346 SSL_ERROR_WANT_READ = 80, 347 SSL_ERROR_WANT_WRITE = 81, 348 SSL_ERROR_SYSCALL = 82, 349 SSL_ERROR_WANT_X509_LOOKUP = 83, 350 SSL_ERROR_ZERO_RETURN = 84, 351 SSL_ERROR_SSL = 85, 352 353 SSL_ST_CONNECT = 90, 354 SSL_ST_ACCEPT = 91, 355 SSL_CB_LOOP = 92, 356 SSL_SENT_SHUTDOWN = 93, 357 SSL_RECEIVED_SHUTDOWN = 94, 358 SSL_CB_ALERT = 95, 359 SSL_CB_READ = 96, 360 SSL_CB_HANDSHAKE_DONE = 97 361 362 }; 363 364 365 SSL_METHOD *SSLv3_method(void); 366 SSL_METHOD *SSLv3_server_method(void); 367 SSL_METHOD *SSLv3_client_method(void); 368 SSL_METHOD *TLSv1_server_method(void); 369 SSL_METHOD *TLSv1_client_method(void); 370 SSL_METHOD *TLSv1_1_server_method(void); 371 SSL_METHOD *TLSv1_1_client_method(void); 372 SSL_METHOD *SSLv23_server_method(void); 373 374 int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int); 375 int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int); 376 int SSL_CTX_set_cipher_list(SSL_CTX*, const char*); 377 378 long SSL_CTX_sess_set_cache_size(SSL_CTX*, long); 379 long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*); 380 381 void OpenSSL_add_all_algorithms(void); 382 int SSL_library_init(); 383 int SSLeay_add_ssl_algorithms(void); 384 385 386 SSL_CIPHER* SSL_get_current_cipher(SSL*); 387 char* SSL_CIPHER_description(SSL_CIPHER*, char*, int); 388 389 390 char* SSL_alert_type_string_long(int); 391 char* SSL_alert_desc_string_long(int); 392 char* SSL_state_string_long(SSL*); 393 394 395 /* EVP stuff, des and md5, different file? */ 396 typedef char EVP_MD; 397 398 typedef char EVP_CIPHER; 399 400 typedef struct EVP_PKEY EVP_PKEY; 401 402 typedef unsigned char DES_cblock[8]; 403 typedef const DES_cblock const_DES_cblock; 404 typedef DES_cblock DES_key_schedule; 405 406 enum { 407 DES_ENCRYPT = 1, 408 DES_DECRYPT = 0 409 }; 410 411 const EVP_MD* EVP_md5(void); 412 const EVP_CIPHER* EVP_des_ede3_cbc(void); 413 414 typedef unsigned char opaque; 415 416 int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*, const opaque*, 417 const opaque*, int, int, opaque*, opaque*); 418 419 void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*); 420 void DES_ede3_cbc_encrypt(const opaque*, opaque*, long, DES_key_schedule*, 421 DES_key_schedule*, DES_key_schedule*, DES_cblock*, int); 422 423 424 /* RAND stuff */ 425 void RAND_screen(void); 426 const char* RAND_file_name(char*, size_t); 427 int RAND_write_file(const char*); 428 int RAND_load_file(const char*, long); 429 430 431 /* for libcurl */ 432 int RAND_status(void); 433 int RAND_bytes(unsigned char* buf, int num); 434 435 int DES_set_key(const_DES_cblock*, DES_key_schedule*); 436 void DES_set_odd_parity(DES_cblock*); 437 void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int); 438 439 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata); 440 void SSL_SESSION_free(SSL_SESSION* session); 441 int SSL_peek(SSL* ssl, void* buf, int num); 442 443 X509* SSL_get_certificate(SSL* ssl); 444 EVP_PKEY* SSL_get_privatekey(SSL* ssl); 445 EVP_PKEY* X509_get_pubkey(X509* x); 446 447 int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from); 448 void EVP_PKEY_free(EVP_PKEY* pkey); 449 void ERR_error_string_n(unsigned long e, char *buf, size_t len); 450 void ERR_free_strings(void); 451 void EVP_cleanup(void); 452 453 void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx); 454 455 #define GEN_IPADD 7 456 #define NID_subject_alt_name 85 457 #define STACK_OF(x) x 458 459 460 /* defined here because libcurl dereferences */ 461 typedef struct ASN1_STRING { 462 int type; 463 int length; 464 unsigned char* data; 465 } ASN1_STRING; 466 467 468 typedef struct GENERAL_NAME { 469 int type; 470 union { 471 ASN1_STRING* ia5; 472 } d; 473 } GENERAL_NAME; 474 475 void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x); 476 477 int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x); 478 GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i); 479 480 481 unsigned char* ASN1_STRING_data(ASN1_STRING* x); 482 int ASN1_STRING_length(ASN1_STRING* x); 483 int ASN1_STRING_type(ASN1_STRING *x); 484 485 typedef ASN1_STRING X509_NAME_ENTRY; 486 487 int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos); 488 489 ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne); 490 X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc); 491 492 #define OPENSSL_malloc(x) malloc(x) 493 #define OPENSSL_free(x) free(x) 494 495 int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in); 496 497 SSL_METHOD* SSLv23_client_method(void); /* doesn't actually roll back */ 498 SSL_METHOD* SSLv2_client_method(void); /* will never work, no v 2 */ 499 500 501 SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */ 502 503 504 #define CRYPTO_free(x) free(x) 505 #define ASN1_TIME ASN1_STRING 506 507 ASN1_TIME* X509_get_notBefore(X509* x); 508 ASN1_TIME* X509_get_notAfter(X509* x); 509 510 511 #define ASN1_UTCTIME ASN1_STRING 512 #define NID_commonName 13 513 #define V_ASN1_UTF8STRING 12 514 #define GEN_DNS 2 515 516 #define CERTFICATE_ERROR 0x14090086 /* SSLv3 error */ 517 518 519 typedef struct MD4_CTX { 520 int buffer[32]; /* big enough to hold, check size in Init */ 521 } MD4_CTX; 522 523 void MD4_Init(MD4_CTX*); 524 void MD4_Update(MD4_CTX*, const void*, unsigned long); 525 void MD4_Final(unsigned char*, MD4_CTX*); 526 527 528 typedef struct MD5_CTX { 529 int buffer[32]; /* big enough to hold, check size in Init */ 530 } MD5_CTX; 531 532 void MD5_Init(MD5_CTX*); 533 void MD5_Update(MD5_CTX*, const void*, unsigned long); 534 void MD5_Final(unsigned char*, MD5_CTX*); 535 536 #define MD5_DIGEST_LENGTH 16 537 538 539 #define SSL_DEFAULT_CIPHER_LIST "" /* default all */ 540 541 542 /* yaSSL extensions */ 543 int SSL_set_compression(SSL*); /* turn on yaSSL zlib compression */ 544 char *yaSSL_ASN1_TIME_to_string(const ASN1_TIME *time, char *buf, size_t len); 545 546 #include "transport_types.h" 547 548 /* 549 Set functions for yaSSL to use in order to send and receive data. 550 551 These hooks are offered in order to enable non-blocking I/O. If 552 not set, yaSSL defaults to using send() and recv(). 553 554 @todo Remove hooks and accompanying code when yaSSL is fixed. 555 */ 556 void yaSSL_transport_set_ptr(SSL *, void *); 557 void yaSSL_transport_set_recv_function(SSL *, yaSSL_recv_func_t); 558 void yaSSL_transport_set_send_function(SSL *, yaSSL_send_func_t); 559 560 #if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE) 561 } /* namespace */ 562 } /* extern "C" */ 563 #endif 564 565 566 #endif /* yaSSL_openssl_h__ */ 567