ssl_st.h Source File

00001 /* $Id: ssl_st.h,v 1.89 2005/07/19 03:56:13 gsingh Exp $ */
00002 /*
00003  * Copyright (C) 1999-2003 RSA Security Inc. All rights reserved.
00004  *
00005  * This work contains proprietary information of RSA Security.
00006  * Distribution is limited to authorized licensees of RSA
00007  * Security. Any unauthorized reproduction, distribution or
00008  * modification of this work is strictly prohibited.
00009  */
00010 
00015 #ifndef HEADER_SSL_ST_H
00016 #define HEADER_SSL_ST_H
00017 
00018 #if !defined(SSLC_SMALL_CODE) && !defined(SSLCME)
00019 #include "hmac.h"
00020 #include "ex_data.h"
00021 #include "buffer.h"
00022 #include "evp.h"
00023 #endif /* !SSLC_SMALL_CODE && !SSLCME  */
00024 
00025 #include "cert.h"
00026 
00027 /*
00028  * ssl.h is included here so that the structure definitions are visible
00029  * as typedefs to doxygen so it will format the output in a clearer manner.
00030  *
00031  */
00032 #include "ssl.h"
00033 
00034 #if !defined(NO_COMP)
00035 #define NO_COMP
00036 #endif /* NO_COMP */
00037 
00038 #ifndef HEADER_COMMON_HMAC_H
00039 #define HEADER_COMMON_HMAC_H
00040 typedef struct hmac_ctx_st HMAC_CTX;
00041 #endif /* HEADER_COMMON_HMAC_H */
00042 
00043 #ifndef HEADER_COMMON_BUFFER_H
00044 # ifndef INCLUDE_COMMON_BUFFER_H
00045 #  define HEADER_COMMON_BUFFER_H
00046 typedef struct buf_mem_st BUF_MEM;
00047 # else
00048 #  include "buffer.h"
00049 # endif /* INCLUDE_COMMON_BUFFER_H */
00050 #endif /* HEADER_COMMON_BUFFER_H */
00051 
00052 typedef union ssl_mac_ctx_un
00053 {
00054     char *ptr;
00055     HMAC_CTX *hmac;
00056     EVP_MD_CTX *md;
00057 } SSL_MAC_CTX;
00058 
00059 typedef struct ssl_enc_st
00060 {
00067     int mac_size;
00068     SSL_MAC_CTX mac_ctx;
00069     EVP_CIPHER_CTX *enc_ctx;
00070 #ifndef NO_COMP
00071     COMP_CTX *comp;                        /* compression */
00072 #endif
00073 } SSL_ENC;
00074 
00102 struct ssl_st
00103 {
00107     int version;
00108 
00112     int type;
00113 
00117     SSL_METHOD *method;
00118 
00119     /*
00120      * There are two BIOs so data can be read and written to different
00121      * handlers. Typically these are both the same.
00122      */
00123 
00125     BIO *rbio;
00126 
00128     BIO *wbio;
00129 
00131     BIO *bbio;
00132 
00139     int rwstate;
00140 
00146     int in_handshake;
00147 
00155     int (*handshake_func)(SSL *ssl);
00156 
00158     int server;
00159 
00161     int new_session;
00162 
00167     int shutdown;
00168 
00170     int state;
00171 
00174     int cstate;
00175 
00177     int rstate;
00178 
00180     BUF_MEM *init_buf;
00181 
00183     int init_num;
00184 
00186     int init_off;
00187 
00189     unsigned char *packet;
00190 
00192     unsigned int packet_length;
00193 
00195     struct ssl2_ctx_st *s2;
00196 
00198     struct ssl3_ctx_st *s3;
00199 
00201     int read_ahead;
00202 
00204     int hit;
00205 
00207     STACK *cipher_list;
00208 
00210     STACK *cipher_list_by_id;
00211 
00214     SSL_ENC read;
00215     SSL_ENC write;
00216 
00218     void (*mac_cleanup)(SSL_MAC_CTX *ptr);
00219 
00221     struct cert_st *cert;
00222 
00224     STACK *cert_chain;
00225 
00227     unsigned int sid_ctx_length;
00229     unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
00230 
00232     SSL_SESSION *session; /* also in the session once established */
00233 
00234     /* Used in SSL2 and SSL3 */
00235 
00236     /* 0 indicates to ignore the verification failure. Otherwise, fail. */
00237     int verify_mode;
00238 
00240     int verify_depth;
00241 
00242 
00243 #ifndef SSLC_SMALL_CODE
00244 
00246     SSL_VERIFY_CB_T *verify_cb;
00247 #endif
00248 
00250     SSL_INFO_CB_T *info_cb;
00251 
00252 #if (!defined(SSLC_SMALL_CODE) && !defined(SSL_INFO_CB_ONLY))
00253     SSL_ALERT_INFO_CB_T *alert_info_cb;
00254 
00256     char *alert_info_arg;
00257 #endif
00258 
00259 #ifndef SSLC_SMALL_CODE
00260     SSL_APP_DATA_CB_T *app_data_cb;
00261     char *app_data_arg;
00262 #endif /* SSLC_SMALL_CODE */
00263 
00265     int error;
00266 
00268     int error_code;
00269 
00274     SSL_CTX *ctx;
00275 
00281     int debug;
00282 
00284     long verify_result;
00285 #ifndef NO_EX_DATA
00286 
00288     CRYPTO_EX_DATA ex_data;
00289 #endif /* NO_EX_DATA */
00290 
00291 #ifndef NO_CA_LIST
00292     /* For the server side, keep the list of CA_dn available for use */
00293 
00298     STACK *client_CA;
00299 #endif /* NO_CA_LIST */
00300 
00302     int references;
00303 
00305     unsigned long options;
00306     unsigned long user_options;
00307 
00312     int first_packet;
00313 
00315     int client_version;
00316 
00318     int write_buf_size;
00319     int read_buf_size;
00320 
00327     long client_cert_sz;
00328     long server_cert_sz;
00329 
00331     int blinding;
00332 
00337     EVP_MD_CTX *tmp_md;
00339     R_LIB_CTX *lib_ctx;
00346     void *r_cr_switch;
00347 
00354     unsigned long max_rsa_n;
00355     unsigned long max_rsa_e;
00356 };
00357 
00358 #ifndef NO_SSL2
00359 typedef struct ssl2_ctx_st
00360 {
00361     int three_byte_header;
00362     int clear_text; 
00363     int escape; 
00364     int ssl2_rollback; 
00370     unsigned int wnum;        
00371     int wpend_tot;
00372     char *wpend_buf;
00373 
00374     int wpend_off; 
00375     int wpend_len; 
00376     int wpend_ret; 
00379     int rbuf_left;
00380     int rbuf_offs;
00381     unsigned char *rbuf;
00382     unsigned char *wbuf;
00384     unsigned char *write_ptr;
00385 
00390     int alert_dispatch;
00391 
00392     unsigned int padding;
00393     unsigned int rlength; 
00394     int ract_data_length; 
00395     unsigned int wlength; 
00396     int wact_data_length; 
00397     unsigned char *ract_data;
00398     unsigned char *wact_data;
00399     unsigned char *mac_data;
00400     unsigned char *pad_data;
00401 
00402     unsigned char *read_key;
00403     unsigned char *write_key;
00404 
00406     unsigned int challenge_length;
00407     unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
00408     unsigned int conn_id_length;
00409     unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
00410     unsigned int key_material_length;
00411     unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
00412 
00413     unsigned long read_sequence;
00414     unsigned long write_sequence;
00415 
00416     struct
00417     {
00418         unsigned int conn_id_length;
00419         unsigned int cert_type;
00420         unsigned int cert_length;
00421         int csl;
00422         int clear;
00423         unsigned int enc;
00424         unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
00425         int cipher_spec_length;
00426         unsigned int session_id_length;
00427         unsigned int clen;
00428         unsigned int rlen;
00429     } tmp;
00430 } SSL2_CTX;
00431 #endif /* NO_SSL2 */
00432 
00433 typedef struct ssl3_record_st
00434 {
00435     int type;             
00436     /*int state;*/        /* any data in it? */
00437     unsigned int length;  
00438     unsigned int off;     
00439     unsigned char *data;  
00440     unsigned char *input; 
00441     unsigned char *comp;  
00442 } SSL3_RECORD;
00443 
00444 typedef struct ssl3_buffer_st
00445 {
00446     int total;           
00447     int wanted;          
00448     int left;            
00449     int offset;          
00450     unsigned char *buf;  
00451     int buf_size;
00452 } SSL3_BUFFER;
00453 
00454 typedef struct ssl3_ctx_st
00455 {
00456     long flags;
00457     int delay_buf_pop_ret;
00458 
00459     unsigned char read_sequence[8];
00460     unsigned char read_mac_secret[SSL_MAX_MD_SIZE];
00461     unsigned char write_sequence[8];
00462     unsigned char write_mac_secret[SSL_MAX_MD_SIZE];
00463 
00464     unsigned char server_random[SSL3_RANDOM_SIZE];
00465     unsigned char client_random[SSL3_RANDOM_SIZE];
00466 
00467     SSL3_BUFFER rbuf;        
00468     SSL3_BUFFER wbuf;        
00469     SSL3_RECORD rrec;        
00470     SSL3_RECORD wrec;        
00474     unsigned int wnum;  
00475     int wpend_tot;      
00476     int wpend_type;
00477     int wpend_ret;      
00478     char *wpend_buf;
00479 
00481     EVP_MD_CTX *finish_dgst1; 
00482     EVP_MD_CTX *finish_dgst2; 
00488     int change_cipher_spec; 
00490     int warn_alert;
00491     int fatal_alert;
00496     int alert_dispatch;
00497     char send_alert[2];
00498 
00503     int renegotiate; 
00504     int total_renegotiations;
00505     int num_renegotiations;
00506 
00507     int in_read_app_data;
00508 
00509     struct
00510     {
00512         unsigned char finish_md[SSL_MAX_MD_SIZE*2];
00513 
00514         unsigned long message_size;
00515         int message_type;
00516 
00517         SSL_CIPHER *new_cipher; 
00518 #ifndef NO_DH
00519         DH *dh;
00520 #endif /* !NO_DH */
00521 
00522         int next_state; 
00524         int reuse_message; 
00526         int cert_req; 
00527         int ctype_num;
00528         char ctype[SSL3_CT_NUMBER];
00529         STACK *ca_names;
00530 
00531         int use_rsa_tmp;
00532 
00533         int key_block_length;
00534         unsigned char *key_block;
00535 
00536         EVP_CIPHER *new_sym_enc;
00537         EVP_MD *new_hash;
00538 #ifndef NO_COMP
00539         COMP_METHOD *new_compression;
00540 #endif
00541         int cert_request;
00542     } tmp;
00543 
00544 } SSL3_CTX;
00545 
00546 #endif /* HEADER_SSL_ST_H */
	RSA BSAFE Micro Edition Suite	Streamlined security for mobile and embedded devices