sslctx_st.h Source File

00001 /* $Id: sslctx_st.h,v 1.64 2005/06/23 03:15:19 itaylor Exp $ */
00002 /*
00003  * Copyright (C) 1999-2003 RSA Security Inc. All rights reserved.
00004  *
00005  * This work contains proprietary information of RSA Security.
00006  * Distribution is limited to authorized licensees of RSA
00007  * Security. Any unauthorized reproduction, distribution or
00008  * modification of this work is strictly prohibited.
00009  */
00010 
00017 #ifndef HEADER_SSLCTX_ST_H
00018 #define HEADER_SSLCTX_ST_H
00019 
00020 #include "hmac.h"
00021 #ifndef NO_EX_DATA
00022 #include "ex_data.h"
00023 #endif /* NO_EX_DATA */
00024 #include "cert.h"
00025 
00026 #ifndef NO_PEM
00027 #include "pem.h"
00028 #endif /* NO_PEM */
00029 
00030 /*
00031  * ssl.h is included here so that the structure definitions are visible
00032  * as typedefs to doxygen so it will format the output in a clearer manner.
00033  *
00034  */
00035 #include "ssl.h"
00036 
00045 struct ssl_cipher_st
00046 {
00047     int valid;
00048 
00050     char *name;
00051 
00053     unsigned long id;
00054 
00056     unsigned long algorithms;
00057 
00063     unsigned long algorithm2;
00064 
00066     unsigned long mask;
00067 };
00068 
00081 struct ssl_method_st
00082 {
00083     int version;
00084     int (*ssl_new)(SSL *ssl);
00085     void (*ssl_clear)(SSL *ssl);
00086     void (*ssl_free)(SSL *ssl);
00087     int (*ssl_accept)(SSL *ssl);
00088     int (*ssl_connect)(SSL *ssl);
00089     int (*ssl_read)(SSL *ssl, char *buf, int len);
00090     int (*ssl_peek)(SSL *ssl, char *buf, int len);
00091     int (*ssl_write)(SSL *ssl, char *buf, int len);
00092     int (*ssl_shutdown)(SSL *ssl);
00093     int (*ssl_renegotiate)(SSL *ssl);
00094     int (*ssl_renegotiate_check)(SSL *ssl);
00095     long (*ssl_ctrl)(SSL *ssl, int cmd, long larg, char *parg);
00096     long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, char *parg);
00097     SSL_CIPHER *(*get_cipher_by_char)(unsigned char *p);
00098     int (*put_cipher_by_char)(SSL_CIPHER *c, unsigned char *p);
00099     int (*ssl_pending)(SSL *s);
00100     int (*num_ciphers)(void);
00101     SSL_CIPHER *(*get_cipher)(unsigned int u);
00102     SSL_METHOD *(*get_ssl_method)(int ver);
00103     long (*get_timeout)(void);
00104     struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
00105 #if 0
00106     int (*ssl_version)();
00107 #endif
00108 };
00109 
00157 struct ssl_session_st
00158 {
00160     int ssl_version;
00161 
00163     unsigned int key_arg_length;
00164 
00166     unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
00167 
00169     int master_key_length;
00170 
00172     unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
00173 
00178     unsigned int session_id_length;
00179 
00185     unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
00186 
00188     unsigned int sid_ctx_length;
00189 
00195     unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
00196 
00203     int not_resumable;
00204 
00207     struct cert_st *cert;
00208 
00213     SSLCERT *peer;
00214 
00221     int references;
00222 
00226     long timeout;
00227 
00229     R_TIME_T *time;
00230 
00231 #ifndef NO_COMP
00232     COMP_CTX *compress_meth;
00233 #endif
00234 
00239     SSL_CIPHER *cipher;
00240 
00248     unsigned long cipher_id;
00249 
00250     STACK *ciphers; /* SSL_CIPHER shared ciphers? */
00251 
00252 #ifndef SSLC_SMALL_CODE
00253     /* Small code builds do not support ex_data */
00254 
00255     CRYPTO_EX_DATA ex_data; /* Application-specific data */
00256 #endif /* !SSLC_SMALL_CODE */
00257 
00258 #if (!defined(SSLC_SMALL_CODE) && !defined(NO_SESSION_CACHE))
00259     /* Small code builds do not support linked lists of sessions that
00260      * are used by the traditional session caching code only
00261      */
00262 
00263     /*
00264      * These are used to make removal of session ids more
00265      * efficient and to implement a maximum cache size.
00266      */
00267     struct ssl_session_st *prev,*next;
00268 #endif /* !SSLC_SMALL_CODE && !NO_SESSION_CACHE */
00269 };
00270 
00329 struct ssl_ctx_st
00330 {
00331     SSL_METHOD *method;
00332     unsigned long options;
00333     unsigned long user_options;
00334 
00335     STACK *cipher_list;       /* SSL_CIPHER */
00336     STACK *cipher_list_by_id; /* SSL_CIPHER same as <tt>cipher_list</tt>
00337                                * but sorted for lookup
00338                                */
00339 
00340     SSLCERT_STORE *cert_store; /* X509_STORE */
00341 
00342 #ifndef NO_SESSION_CACHE
00343 #ifdef SSLC_SMALL_CODE
00344     /* SSL-C small code builds support a modified session cache */
00345 
00347     int (*session_cache_cb)(SSL_CTX *ctx,int cmd,SSL_SESSION **sess,void *arg);
00348 
00353     void *session_cache_cb_arg;
00354 
00355 #else /* !SSLC_SMALL_CODE */
00356 
00357     struct lhash_st *sessions;        /* A set of SSL sessions */
00358     /*
00359      * Maximum number of session-ids that will be cached, default is
00360      * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited.
00361      */
00362     unsigned long session_cache_size;
00363     struct ssl_session_st *session_cache_head;
00364     struct ssl_session_st *session_cache_tail;
00365 
00366     /*
00367      * If this callback is not null, it will be called each
00368      * time a session id is added to the cache.  If this function
00369      * returns 1, it means that the callback will do a
00370      * SSL_SESSION_free() when it has finished using it.  Otherwise,
00371      * on 0, it means the callback has finished with it.
00372      * If remove_session_cb is not null, it will be called when
00373      * a session-id is removed from the cache.  Again, a return
00374      * of 0 means that we should not SSL_SESSION_free() since
00375      * the application is doing something with it.
00376      */
00377     SSL_SESS_NEW_CB_T *new_session_cb;
00378     SSL_SESS_REMOVE_CB_T *remove_session_cb;
00379     SSL_SESS_GET_CB_T *get_session_cb;
00380 
00381     struct
00382     {
00383         int sess_connect;              /* SSL new conn - started */
00384         int sess_connect_renegotiate;  /* SSL reneg - requested */
00385         int sess_connect_good;         /* SSL new conne/reneg - finished */
00386         int sess_accept;               /* SSL new accept - started */
00387         int sess_accept_renegotiate;   /* SSL reneg - requested */
00388         int sess_accept_good;          /* SSL accept/reneg - finished */
00389         int sess_miss;                 /* Session lookup misses  */
00390         int sess_timeout;              /* Reuse attempt on time outed session */
00391         int sess_cache_full;           /* Session removed due to full cache */
00392         int sess_hit;                  /* Session reuse actually done */
00393         /*
00394          * This
00395          * indicates that the application is supplying
00396          * session-ids from other processes
00397          */
00398         int sess_cb_hit;  /* session id not in the cache passed back via
00399                            * the callback
00400                            */
00401     } stats;
00402 
00403     /* Session id context is a grouping index for sessions */
00404     unsigned int sid_ctx_length;
00405     unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
00406 
00407 #endif /* !SSLC_SMALL_CODE */
00408 
00427     int session_cache_mode;
00428 #endif /* NO_SESSION_CACHE */
00429 
00434     long session_timeout;
00435 
00437     int references;
00438 
00440     SSL_INFO_CB_T *info_cb;
00441 
00442 #if (!defined(SSLC_SMALL_CODE) && !defined(SSL_INFO_CB_ONLY))
00443     SSL_ALERT_INFO_CB_T *alert_info_cb;
00444     char *alert_info_arg;
00445 
00446     SSL_APP_DATA_CB_T *app_data_cb;
00447     char *app_data_arg;
00448 #endif /* (!defined(SSLC_SMALL_CODE) && !defined(SSL_INFO_CB_ONLY)) */
00449 
00450     /*
00451      * There are two different mechanisms for application replacement
00452      * of certificate verification routines - one that the library does
00453      * most of the work for the user and one where the application gets
00454      * to handle everything.
00455      */
00460     SSL_CTX_CERT_VERIFY_CB_T *app_verify_cb;
00461     char *app_verify_arg;
00462 
00467     SSL_CTX_APP_VERIFY_CB_T *application_verify_cb;
00468     char *application_verify_arg;
00469 
00470 
00471     /* Default values to use in SSL structures when they are created */
00472 
00474     struct cert_st *default_cert;
00475     int read_ahead;
00476     int verify_depth; /* For mod_ssl */
00477     int verify_mode;
00478 #ifndef SSLC_SMALL_CODE
00479     SSL_VERIFY_CB_T *default_verify_cb;
00480 #endif /* SSLC_SMALL_CODE */
00481 
00482     /* Default password callback */
00483 #ifndef NO_PEM
00484     PEM_PASSWORD_CB_T *default_passwd_cb;
00485 #endif /* NO_PEM */
00486 
00487     /* Retrieve client cert callback */
00488     SSL_CTX_CLIENT_CERT_CB_T *client_cert_cb;
00489 
00490 #ifndef NO_CA_LIST
00491     STACK *client_CA; /* Used for client requests */
00492 #endif /* !NO_CA_LIST */
00493 
00500     long client_cert_sz;
00501     long server_cert_sz;
00502 
00503 #ifndef SSLC_SMALL_CODE
00504     CRYPTO_EX_DATA ex_data;
00505 #endif /* SSLC_SMALL_CODE */
00506 
00507     EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */
00508     EVP_MD *md5;     /* For SSLv3/TLSv1 'ssl3-md5' */
00509     EVP_MD *sha1;    /* For SSLv3/TLSv1 'ssl3->sha1' */
00510     EVP_MD *dss1;    /* Name is 'DSA-SHA1' */
00511 
00512     STACK *extra_certs;
00513 
00517     int write_buf_size;
00518 
00522     int read_buf_size;
00523     int blinding;
00527     int (*ocsi_server_callback)();
00528     char *ocsi_server_callback_arg;
00529 
00530     R_LIB_CTX *lib_ctx;
00531     void *r_cr_switch;
00532 
00539     unsigned long max_rsa_n;
00540     unsigned long max_rsa_e;
00541 };
00542 
00543 #endif /* HEADER_SSLCTX_ST_H */
00544
	RSA BSAFE Micro Edition Suite	Streamlined security for mobile and embedded devices