Update libressl README.DRAGONFLY for v2.4.4
[dragonfly.git] / crypto / libressl / tls / tls_internal.h
CommitLineData
f5b1c8a1
JM
1/* $OpenBSD: tls_internal.h,v 1.31 2016/07/07 14:09:03 jsing Exp $ */
2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#ifndef HEADER_TLS_INTERNAL_H
20#define HEADER_TLS_INTERNAL_H
21
22#include <arpa/inet.h>
23#include <netinet/in.h>
24
25#include <openssl/ssl.h>
26
27#ifndef _PATH_SSL_CA_FILE
28#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
29#endif
30
31#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
32#define TLS_CIPHERS_COMPAT "HIGH:!aNULL"
33#define TLS_CIPHERS_LEGACY "HIGH:MEDIUM:!aNULL"
34#define TLS_CIPHERS_ALL "ALL:!aNULL:!eNULL"
35
36union tls_addr {
37 struct in_addr ip4;
38 struct in6_addr ip6;
39};
40
41struct tls_error {
42 char *msg;
43 int num;
44};
45
46struct tls_keypair {
47 struct tls_keypair *next;
48
49 const char *cert_file;
50 char *cert_mem;
51 size_t cert_len;
52 const char *key_file;
53 char *key_mem;
54 size_t key_len;
55};
56
57struct tls_config {
58 struct tls_error error;
59
60 const char *ca_file;
61 const char *ca_path;
62 char *ca_mem;
63 size_t ca_len;
64 const char *ciphers;
65 int ciphers_server;
66 int dheparams;
67 int ecdhecurve;
68 struct tls_keypair *keypair;
69 uint32_t protocols;
70 int verify_cert;
71 int verify_client;
72 int verify_depth;
73 int verify_name;
74 int verify_time;
75};
76
77struct tls_conninfo {
78 char *issuer;
79 char *subject;
80 char *hash;
81 char *serial;
82 char *fingerprint;
83 char *version;
84 char *cipher;
85 time_t notbefore;
86 time_t notafter;
87};
88
89#define TLS_CLIENT (1 << 0)
90#define TLS_SERVER (1 << 1)
91#define TLS_SERVER_CONN (1 << 2)
92
93#define TLS_EOF_NO_CLOSE_NOTIFY (1 << 0)
94#define TLS_HANDSHAKE_COMPLETE (1 << 1)
95
96struct tls {
97 struct tls_config *config;
98 struct tls_error error;
99
100 uint32_t flags;
101 uint32_t state;
102
103 char *servername;
104 int socket;
105
106 SSL *ssl_conn;
107 SSL_CTX *ssl_ctx;
108 X509 *ssl_peer_cert;
109 struct tls_conninfo *conninfo;
110};
111
112struct tls *tls_new(void);
113struct tls *tls_server_conn(struct tls *ctx);
114
115int tls_check_name(struct tls *ctx, X509 *cert, const char *servername);
116int tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
117 struct tls_keypair *keypair, int required);
118int tls_configure_server(struct tls *ctx);
119int tls_configure_ssl(struct tls *ctx);
120int tls_configure_ssl_verify(struct tls *ctx, int verify);
121int tls_handshake_client(struct tls *ctx);
122int tls_handshake_server(struct tls *ctx);
123int tls_host_port(const char *hostport, char **host, char **port);
124
125int tls_error_set(struct tls_error *error, const char *fmt, ...)
126 __attribute__((__format__ (printf, 2, 3)))
127 __attribute__((__nonnull__ (2)));
128int tls_error_setx(struct tls_error *error, const char *fmt, ...)
129 __attribute__((__format__ (printf, 2, 3)))
130 __attribute__((__nonnull__ (2)));
131int tls_config_set_error(struct tls_config *cfg, const char *fmt, ...)
132 __attribute__((__format__ (printf, 2, 3)))
133 __attribute__((__nonnull__ (2)));
134int tls_config_set_errorx(struct tls_config *cfg, const char *fmt, ...)
135 __attribute__((__format__ (printf, 2, 3)))
136 __attribute__((__nonnull__ (2)));
137int tls_set_error(struct tls *ctx, const char *fmt, ...)
138 __attribute__((__format__ (printf, 2, 3)))
139 __attribute__((__nonnull__ (2)));
140int tls_set_errorx(struct tls *ctx, const char *fmt, ...)
141 __attribute__((__format__ (printf, 2, 3)))
142 __attribute__((__nonnull__ (2)));
143
144int tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret,
145 const char *prefix);
146
147int tls_get_conninfo(struct tls *ctx);
148void tls_free_conninfo(struct tls_conninfo *conninfo);
149
150int asn1_time_parse(const char *, size_t, struct tm *, int);
151
152#endif /* HEADER_TLS_INTERNAL_H */