Make SSL_CTX opaque.
This frees us up to make SSL_CTX a C++ type and avoids a lot of
protrusions of otherwise private types into the global namespace.
Bug: 6
Change-Id: I8a0624a53a4d26ac4a483fa270c39ecdd07459ee
Reviewed-on: https://boringssl-review.googlesource.com/21584
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 032ec7e..0ac3ebf 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -4042,13 +4042,10 @@
// This structures are exposed for historical reasons, but access to them is
// deprecated.
-// TODO(davidben): Opaquify most or all of |SSL_CTX| and |SSL_SESSION| so these
-// forward declarations are not needed.
-typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD;
+// TODO(davidben): Remove this forward declaration when is |SSL_SESSION| is
+// opaque.
typedef struct ssl_x509_method_st SSL_X509_METHOD;
-DECLARE_STACK_OF(SSL_CUSTOM_EXTENSION)
-
#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
#define SSL_MAX_SID_CTX_LENGTH 32
#define SSL_MAX_MASTER_KEY_LENGTH 48
@@ -4177,319 +4174,6 @@
unsigned is_server:1;
};
-// ssl_cipher_preference_list_st contains a list of SSL_CIPHERs with
-// equal-preference groups. For TLS clients, the groups are moot because the
-// server picks the cipher and groups cannot be expressed on the wire. However,
-// for servers, the equal-preference groups allow the client's preferences to
-// be partially respected. (This only has an effect with
-// SSL_OP_CIPHER_SERVER_PREFERENCE).
-//
-// The equal-preference groups are expressed by grouping SSL_CIPHERs together.
-// All elements of a group have the same priority: no ordering is expressed
-// within a group.
-//
-// The values in |ciphers| are in one-to-one correspondence with
-// |in_group_flags|. (That is, sk_SSL_CIPHER_num(ciphers) is the number of
-// bytes in |in_group_flags|.) The bytes in |in_group_flags| are either 1, to
-// indicate that the corresponding SSL_CIPHER is not the last element of a
-// group, or 0 to indicate that it is.
-//
-// For example, if |in_group_flags| contains all zeros then that indicates a
-// traditional, fully-ordered preference. Every SSL_CIPHER is the last element
-// of the group (i.e. they are all in a one-element group).
-//
-// For a more complex example, consider:
-// ciphers: A B C D E F
-// in_group_flags: 1 1 0 0 1 0
-//
-// That would express the following, order:
-//
-// A E
-// B -> D -> F
-// C
-struct ssl_cipher_preference_list_st {
- STACK_OF(SSL_CIPHER) *ciphers;
- uint8_t *in_group_flags;
-};
-
-struct tlsext_ticket_key {
- uint8_t name[SSL_TICKET_KEY_NAME_LEN];
- uint8_t hmac_key[16];
- uint8_t aes_key[16];
- // next_rotation_tv_sec is the time (in seconds from the epoch) when the
- // current key should be superseded by a new key, or the time when a previous
- // key should be dropped. If zero, then the key should not be automatically
- // rotated.
- uint64_t next_rotation_tv_sec;
-};
-
-// ssl_ctx_st (aka |SSL_CTX|) contains configuration common to several SSL
-// connections.
-struct ssl_ctx_st {
- const SSL_PROTOCOL_METHOD *method;
- const SSL_X509_METHOD *x509_method;
-
- // lock is used to protect various operations on this object.
- CRYPTO_MUTEX lock;
-
- // conf_max_version is the maximum acceptable protocol version configured by
- // |SSL_CTX_set_max_proto_version|. Note this version is normalized in DTLS
- // and is further constrainted by |SSL_OP_NO_*|.
- uint16_t conf_max_version;
-
- // conf_min_version is the minimum acceptable protocol version configured by
- // |SSL_CTX_set_min_proto_version|. Note this version is normalized in DTLS
- // and is further constrainted by |SSL_OP_NO_*|.
- uint16_t conf_min_version;
-
- // tls13_variant is the variant of TLS 1.3 we are using for this
- // configuration.
- enum tls13_variant_t tls13_variant;
-
- struct ssl_cipher_preference_list_st *cipher_list;
-
- X509_STORE *cert_store;
- LHASH_OF(SSL_SESSION) *sessions;
- // Most session-ids that will be cached, default is
- // SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
- unsigned long session_cache_size;
- SSL_SESSION *session_cache_head;
- SSL_SESSION *session_cache_tail;
-
- // handshakes_since_cache_flush is the number of successful handshakes since
- // the last cache flush.
- int handshakes_since_cache_flush;
-
- // This can have one of 2 values, ored together,
- // SSL_SESS_CACHE_CLIENT,
- // SSL_SESS_CACHE_SERVER,
- // Default is SSL_SESSION_CACHE_SERVER, which means only
- // SSL_accept which cache SSL_SESSIONS.
- int session_cache_mode;
-
- // session_timeout is the default lifetime for new sessions in TLS 1.2 and
- // earlier, in seconds.
- uint32_t session_timeout;
-
- // session_psk_dhe_timeout is the default lifetime for new sessions in TLS
- // 1.3, in seconds.
- uint32_t session_psk_dhe_timeout;
-
- // If this callback is not null, it will be called each time a session id is
- // added to the cache. If this function returns 1, it means that the
- // callback will do a SSL_SESSION_free() when it has finished using it.
- // Otherwise, on 0, it means the callback has finished with it. If
- // remove_session_cb is not null, it will be called when a session-id is
- // removed from the cache. After the call, OpenSSL will SSL_SESSION_free()
- // it.
- int (*new_session_cb)(SSL *ssl, SSL_SESSION *sess);
- void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *sess);
- SSL_SESSION *(*get_session_cb)(SSL *ssl, const uint8_t *data, int len,
- int *copy);
- SSL_SESSION *(*get_session_cb_legacy)(SSL *ssl, uint8_t *data, int len,
- int *copy);
-
- CRYPTO_refcount_t references;
-
- // if defined, these override the X509_verify_cert() calls
- int (*app_verify_callback)(X509_STORE_CTX *store_ctx, void *arg);
- void *app_verify_arg;
-
- enum ssl_verify_result_t (*custom_verify_callback)(SSL *ssl,
- uint8_t *out_alert);
-
- // Default password callback.
- pem_password_cb *default_passwd_callback;
-
- // Default password callback user data.
- void *default_passwd_callback_userdata;
-
- // get client cert callback
- int (*client_cert_cb)(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey);
-
- // get channel id callback
- void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey);
-
- CRYPTO_EX_DATA ex_data;
-
- // custom_*_extensions stores any callback sets for custom extensions. Note
- // that these pointers will be NULL if the stack would otherwise be empty.
- STACK_OF(SSL_CUSTOM_EXTENSION) *client_custom_extensions;
- STACK_OF(SSL_CUSTOM_EXTENSION) *server_custom_extensions;
-
- // Default values used when no per-SSL value is defined follow
-
- void (*info_callback)(const SSL *ssl, int type, int value);
-
- // what we put in client cert requests
- STACK_OF(CRYPTO_BUFFER) *client_CA;
-
- // cached_x509_client_CA is a cache of parsed versions of the elements of
- // |client_CA|.
- STACK_OF(X509_NAME) *cached_x509_client_CA;
-
-
- // Default values to use in SSL structures follow (these are copied by
- // SSL_new)
-
- uint32_t options;
- uint32_t mode;
- uint32_t max_cert_list;
-
- struct cert_st *cert;
-
- // callback that allows applications to peek at protocol messages
- void (*msg_callback)(int write_p, int version, int content_type,
- const void *buf, size_t len, SSL *ssl, void *arg);
- void *msg_callback_arg;
-
- int verify_mode;
- int (*default_verify_callback)(
- int ok, X509_STORE_CTX *ctx); // called 'verify_callback' in the SSL
-
- X509_VERIFY_PARAM *param;
-
- // select_certificate_cb is called before most ClientHello processing and
- // before the decision whether to resume a session is made. See
- // |ssl_select_cert_result_t| for details of the return values.
- enum ssl_select_cert_result_t (*select_certificate_cb)(
- const SSL_CLIENT_HELLO *);
-
- // dos_protection_cb is called once the resumption decision for a ClientHello
- // has been made. It returns one to continue the handshake or zero to
- // abort.
- int (*dos_protection_cb) (const SSL_CLIENT_HELLO *);
-
- // Maximum amount of data to send in one fragment. actual record size can be
- // more than this due to padding and MAC overheads.
- uint16_t max_send_fragment;
-
- // TLS extensions servername callback
- int (*tlsext_servername_callback)(SSL *, int *, void *);
- void *tlsext_servername_arg;
-
- // RFC 4507 session ticket keys. |tlsext_ticket_key_current| may be NULL
- // before the first handshake and |tlsext_ticket_key_prev| may be NULL at any
- // time. Automatically generated ticket keys are rotated as needed at
- // handshake time. Hence, all access must be synchronized through |lock|.
- struct tlsext_ticket_key *tlsext_ticket_key_current;
- struct tlsext_ticket_key *tlsext_ticket_key_prev;
-
- // Callback to support customisation of ticket key setting
- int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv,
- EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
-
- // Server-only: psk_identity_hint is the default identity hint to send in
- // PSK-based key exchanges.
- char *psk_identity_hint;
-
- unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
- char *identity,
- unsigned int max_identity_len,
- uint8_t *psk, unsigned int max_psk_len);
- unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
- uint8_t *psk, unsigned int max_psk_len);
-
-
- // retain_only_sha256_of_client_certs is true if we should compute the SHA256
- // hash of the peer's certificate and then discard it to save memory and
- // session space. Only effective on the server side.
- char retain_only_sha256_of_client_certs;
-
- // Next protocol negotiation information
- // (for experimental NPN extension).
-
- // For a server, this contains a callback function by which the set of
- // advertised protocols can be provided.
- int (*next_protos_advertised_cb)(SSL *ssl, const uint8_t **out,
- unsigned *out_len, void *arg);
- void *next_protos_advertised_cb_arg;
- // For a client, this contains a callback function that selects the
- // next protocol from the list provided by the server.
- int (*next_proto_select_cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
- const uint8_t *in, unsigned in_len, void *arg);
- void *next_proto_select_cb_arg;
-
- // ALPN information
- // (we are in the process of transitioning from NPN to ALPN.)
-
- // For a server, this contains a callback function that allows the
- // server to select the protocol for the connection.
- // out: on successful return, this must point to the raw protocol
- // name (without the length prefix).
- // outlen: on successful return, this contains the length of |*out|.
- // in: points to the client's list of supported protocols in
- // wire-format.
- // inlen: the length of |in|.
- int (*alpn_select_cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len,
- const uint8_t *in, unsigned in_len, void *arg);
- void *alpn_select_cb_arg;
-
- // For a client, this contains the list of supported protocols in wire
- // format.
- uint8_t *alpn_client_proto_list;
- unsigned alpn_client_proto_list_len;
-
- // SRTP profiles we are willing to do from RFC 5764
- STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
-
- // Supported group values inherited by SSL structure
- size_t supported_group_list_len;
- uint16_t *supported_group_list;
-
- // The client's Channel ID private key.
- EVP_PKEY *tlsext_channel_id_private;
-
- // keylog_callback, if not NULL, is the key logging callback. See
- // |SSL_CTX_set_keylog_callback|.
- void (*keylog_callback)(const SSL *ssl, const char *line);
-
- // current_time_cb, if not NULL, is the function to use to get the current
- // time. It sets |*out_clock| to the current time. The |ssl| argument is
- // always NULL. See |SSL_CTX_set_current_time_cb|.
- void (*current_time_cb)(const SSL *ssl, struct timeval *out_clock);
-
- // pool is used for all |CRYPTO_BUFFER|s in case we wish to share certificate
- // memory.
- CRYPTO_BUFFER_POOL *pool;
-
- // ticket_aead_method contains function pointers for opening and sealing
- // session tickets.
- const SSL_TICKET_AEAD_METHOD *ticket_aead_method;
-
- // verify_sigalgs, if not empty, is the set of signature algorithms
- // accepted from the peer in decreasing order of preference.
- uint16_t *verify_sigalgs;
- size_t num_verify_sigalgs;
-
- // quiet_shutdown is true if the connection should not send a close_notify on
- // shutdown.
- unsigned quiet_shutdown:1;
-
- // ocsp_stapling_enabled is only used by client connections and indicates
- // whether OCSP stapling will be requested.
- unsigned ocsp_stapling_enabled:1;
-
- // If true, a client will request certificate timestamps.
- unsigned signed_cert_timestamps_enabled:1;
-
- // tlsext_channel_id_enabled is one if Channel ID is enabled and zero
- // otherwise. For a server, means that we'll accept Channel IDs from clients.
- // For a client, means that we'll advertise support.
- unsigned tlsext_channel_id_enabled:1;
-
- // grease_enabled is one if draft-davidben-tls-grease-01 is enabled and zero
- // otherwise.
- unsigned grease_enabled:1;
-
- // allow_unknown_alpn_protos is one if the client allows unsolicited ALPN
- // protocols from the peer.
- unsigned allow_unknown_alpn_protos:1;
-
- // ed25519_enabled is one if Ed25519 is advertised in the handshake.
- unsigned ed25519_enabled:1;
-};
-
// Nodejs compatibility section (hidden).
//
@@ -4644,7 +4328,6 @@
BORINGSSL_MAKE_DELETER(SSL, SSL_free)
BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
-BORINGSSL_MAKE_DELETER(tlsext_ticket_key, OPENSSL_free);
enum class OpenRecordResult {
kOK,
diff --git a/ssl/internal.h b/ssl/internal.h
index 9efd79c..9efc292 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -172,11 +172,10 @@
#endif
-typedef struct cert_st CERT;
-
namespace bssl {
struct SSL_HANDSHAKE;
+struct SSL_PROTOCOL_METHOD;
// C++ utilities.
@@ -1638,7 +1637,7 @@
// From RFC4492, used in encoding the curve type in ECParameters
#define NAMED_CURVE_TYPE 3
-struct SSLCertConfig {
+struct CERT {
EVP_PKEY *privatekey;
// chain contains the certificate chain, with the leaf at the beginning. The
@@ -1705,6 +1704,66 @@
bool enable_early_data:1;
};
+// |SSL_PROTOCOL_METHOD| abstracts between TLS and DTLS.
+struct SSL_PROTOCOL_METHOD {
+ // is_dtls is one if the protocol is DTLS and zero otherwise.
+ char is_dtls;
+ int (*ssl_new)(SSL *ssl);
+ void (*ssl_free)(SSL *ssl);
+ // get_message sets |*out| to the current handshake message and returns true
+ // if one has been received. It returns false if more input is needed.
+ bool (*get_message)(SSL *ssl, SSLMessage *out);
+ // read_message reads additional handshake data for |get_message|. On success,
+ // it returns one. Otherwise, it returns <= 0.
+ int (*read_message)(SSL *ssl);
+ // next_message is called to release the current handshake message.
+ void (*next_message)(SSL *ssl);
+ // read_app_data reads up to |len| bytes of application data into |buf|. On
+ // success, it returns the number of bytes read. Otherwise, it returns <= 0
+ // and sets |*out_got_handshake| to whether the failure was due to a
+ // post-handshake handshake message. If so, any handshake messages consumed
+ // may be read with |get_message|.
+ int (*read_app_data)(SSL *ssl, bool *out_got_handshake, uint8_t *buf, int len,
+ int peek);
+ int (*read_change_cipher_spec)(SSL *ssl);
+ void (*read_close_notify)(SSL *ssl);
+ int (*write_app_data)(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
+ int len);
+ int (*dispatch_alert)(SSL *ssl);
+ // supports_cipher returns one if |cipher| is supported by this protocol and
+ // zero otherwise.
+ int (*supports_cipher)(const SSL_CIPHER *cipher);
+ // init_message begins a new handshake message of type |type|. |cbb| is the
+ // root CBB to be passed into |finish_message|. |*body| is set to a child CBB
+ // the caller should write to. It returns one on success and zero on error.
+ int (*init_message)(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
+ // finish_message finishes a handshake message. It sets |*out_msg| to the
+ // serialized message. It returns one on success and zero on error.
+ int (*finish_message)(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
+ // add_message adds a handshake message to the pending flight. It returns one
+ // on success and zero on error.
+ int (*add_message)(SSL *ssl, Array<uint8_t> msg);
+ // add_change_cipher_spec adds a ChangeCipherSpec record to the pending
+ // flight. It returns one on success and zero on error.
+ int (*add_change_cipher_spec)(SSL *ssl);
+ // add_alert adds an alert to the pending flight. It returns one on success
+ // and zero on error.
+ int (*add_alert)(SSL *ssl, uint8_t level, uint8_t desc);
+ // flush_flight flushes the pending flight to the transport. It returns one on
+ // success and <= 0 on error.
+ int (*flush_flight)(SSL *ssl);
+ // on_handshake_complete is called when the handshake is complete.
+ void (*on_handshake_complete)(SSL *ssl);
+ // set_read_state sets |ssl|'s read cipher state to |aead_ctx|. It returns
+ // one on success and zero if changing the read state is forbidden at this
+ // point.
+ int (*set_read_state)(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx);
+ // set_write_state sets |ssl|'s write cipher state to |aead_ctx|. It returns
+ // one on success and zero if changing the write state is forbidden at this
+ // point.
+ int (*set_write_state)(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx);
+};
+
// ssl_crypto_x509_method provides the |SSL_X509_METHOD| functions using
// crypto/x509.
extern const SSL_X509_METHOD ssl_crypto_x509_method;
@@ -1713,6 +1772,321 @@
// crypto/x509.
extern const SSL_X509_METHOD ssl_noop_x509_method;
+// ssl_cipher_preference_list_st contains a list of SSL_CIPHERs with
+// equal-preference groups. For TLS clients, the groups are moot because the
+// server picks the cipher and groups cannot be expressed on the wire. However,
+// for servers, the equal-preference groups allow the client's preferences to
+// be partially respected. (This only has an effect with
+// SSL_OP_CIPHER_SERVER_PREFERENCE).
+//
+// The equal-preference groups are expressed by grouping SSL_CIPHERs together.
+// All elements of a group have the same priority: no ordering is expressed
+// within a group.
+//
+// The values in |ciphers| are in one-to-one correspondence with
+// |in_group_flags|. (That is, sk_SSL_CIPHER_num(ciphers) is the number of
+// bytes in |in_group_flags|.) The bytes in |in_group_flags| are either 1, to
+// indicate that the corresponding SSL_CIPHER is not the last element of a
+// group, or 0 to indicate that it is.
+//
+// For example, if |in_group_flags| contains all zeros then that indicates a
+// traditional, fully-ordered preference. Every SSL_CIPHER is the last element
+// of the group (i.e. they are all in a one-element group).
+//
+// For a more complex example, consider:
+// ciphers: A B C D E F
+// in_group_flags: 1 1 0 0 1 0
+//
+// That would express the following, order:
+//
+// A E
+// B -> D -> F
+// C
+struct ssl_cipher_preference_list_st {
+ STACK_OF(SSL_CIPHER) *ciphers;
+ uint8_t *in_group_flags;
+};
+
+struct tlsext_ticket_key {
+ static constexpr bool kAllowUniquePtr = true;
+
+ uint8_t name[SSL_TICKET_KEY_NAME_LEN];
+ uint8_t hmac_key[16];
+ uint8_t aes_key[16];
+ // next_rotation_tv_sec is the time (in seconds from the epoch) when the
+ // current key should be superseded by a new key, or the time when a previous
+ // key should be dropped. If zero, then the key should not be automatically
+ // rotated.
+ uint64_t next_rotation_tv_sec;
+};
+
+// SSLContext backs the public |SSL_CTX| type. Due to compatibility constraints,
+// it is a base class for |ssl_ctx_st|.
+struct SSLContext {
+ const SSL_PROTOCOL_METHOD *method;
+ const SSL_X509_METHOD *x509_method;
+
+ // lock is used to protect various operations on this object.
+ CRYPTO_MUTEX lock;
+
+ // conf_max_version is the maximum acceptable protocol version configured by
+ // |SSL_CTX_set_max_proto_version|. Note this version is normalized in DTLS
+ // and is further constrainted by |SSL_OP_NO_*|.
+ uint16_t conf_max_version;
+
+ // conf_min_version is the minimum acceptable protocol version configured by
+ // |SSL_CTX_set_min_proto_version|. Note this version is normalized in DTLS
+ // and is further constrainted by |SSL_OP_NO_*|.
+ uint16_t conf_min_version;
+
+ // tls13_variant is the variant of TLS 1.3 we are using for this
+ // configuration.
+ enum tls13_variant_t tls13_variant;
+
+ struct ssl_cipher_preference_list_st *cipher_list;
+
+ X509_STORE *cert_store;
+ LHASH_OF(SSL_SESSION) *sessions;
+ // Most session-ids that will be cached, default is
+ // SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
+ unsigned long session_cache_size;
+ SSL_SESSION *session_cache_head;
+ SSL_SESSION *session_cache_tail;
+
+ // handshakes_since_cache_flush is the number of successful handshakes since
+ // the last cache flush.
+ int handshakes_since_cache_flush;
+
+ // This can have one of 2 values, ored together,
+ // SSL_SESS_CACHE_CLIENT,
+ // SSL_SESS_CACHE_SERVER,
+ // Default is SSL_SESSION_CACHE_SERVER, which means only
+ // SSL_accept which cache SSL_SESSIONS.
+ int session_cache_mode;
+
+ // session_timeout is the default lifetime for new sessions in TLS 1.2 and
+ // earlier, in seconds.
+ uint32_t session_timeout;
+
+ // session_psk_dhe_timeout is the default lifetime for new sessions in TLS
+ // 1.3, in seconds.
+ uint32_t session_psk_dhe_timeout;
+
+ // If this callback is not null, it will be called each time a session id is
+ // added to the cache. If this function returns 1, it means that the
+ // callback will do a SSL_SESSION_free() when it has finished using it.
+ // Otherwise, on 0, it means the callback has finished with it. If
+ // remove_session_cb is not null, it will be called when a session-id is
+ // removed from the cache. After the call, OpenSSL will SSL_SESSION_free()
+ // it.
+ int (*new_session_cb)(SSL *ssl, SSL_SESSION *sess);
+ void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *sess);
+ SSL_SESSION *(*get_session_cb)(SSL *ssl, const uint8_t *data, int len,
+ int *copy);
+ SSL_SESSION *(*get_session_cb_legacy)(SSL *ssl, uint8_t *data, int len,
+ int *copy);
+
+ CRYPTO_refcount_t references;
+
+ // if defined, these override the X509_verify_cert() calls
+ int (*app_verify_callback)(X509_STORE_CTX *store_ctx, void *arg);
+ void *app_verify_arg;
+
+ enum ssl_verify_result_t (*custom_verify_callback)(SSL *ssl,
+ uint8_t *out_alert);
+
+ // Default password callback.
+ pem_password_cb *default_passwd_callback;
+
+ // Default password callback user data.
+ void *default_passwd_callback_userdata;
+
+ // get client cert callback
+ int (*client_cert_cb)(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey);
+
+ // get channel id callback
+ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey);
+
+ CRYPTO_EX_DATA ex_data;
+
+ // custom_*_extensions stores any callback sets for custom extensions. Note
+ // that these pointers will be NULL if the stack would otherwise be empty.
+ STACK_OF(SSL_CUSTOM_EXTENSION) *client_custom_extensions;
+ STACK_OF(SSL_CUSTOM_EXTENSION) *server_custom_extensions;
+
+ // Default values used when no per-SSL value is defined follow
+
+ void (*info_callback)(const SSL *ssl, int type, int value);
+
+ // what we put in client cert requests
+ STACK_OF(CRYPTO_BUFFER) *client_CA;
+
+ // cached_x509_client_CA is a cache of parsed versions of the elements of
+ // |client_CA|.
+ STACK_OF(X509_NAME) *cached_x509_client_CA;
+
+
+ // Default values to use in SSL structures follow (these are copied by
+ // SSL_new)
+
+ uint32_t options;
+ uint32_t mode;
+ uint32_t max_cert_list;
+
+ CERT *cert;
+
+ // callback that allows applications to peek at protocol messages
+ void (*msg_callback)(int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg);
+ void *msg_callback_arg;
+
+ int verify_mode;
+ int (*default_verify_callback)(
+ int ok, X509_STORE_CTX *ctx); // called 'verify_callback' in the SSL
+
+ X509_VERIFY_PARAM *param;
+
+ // select_certificate_cb is called before most ClientHello processing and
+ // before the decision whether to resume a session is made. See
+ // |ssl_select_cert_result_t| for details of the return values.
+ enum ssl_select_cert_result_t (*select_certificate_cb)(
+ const SSL_CLIENT_HELLO *);
+
+ // dos_protection_cb is called once the resumption decision for a ClientHello
+ // has been made. It returns one to continue the handshake or zero to
+ // abort.
+ int (*dos_protection_cb) (const SSL_CLIENT_HELLO *);
+
+ // Maximum amount of data to send in one fragment. actual record size can be
+ // more than this due to padding and MAC overheads.
+ uint16_t max_send_fragment;
+
+ // TLS extensions servername callback
+ int (*tlsext_servername_callback)(SSL *, int *, void *);
+ void *tlsext_servername_arg;
+
+ // RFC 4507 session ticket keys. |tlsext_ticket_key_current| may be NULL
+ // before the first handshake and |tlsext_ticket_key_prev| may be NULL at any
+ // time. Automatically generated ticket keys are rotated as needed at
+ // handshake time. Hence, all access must be synchronized through |lock|.
+ struct tlsext_ticket_key *tlsext_ticket_key_current;
+ struct tlsext_ticket_key *tlsext_ticket_key_prev;
+
+ // Callback to support customisation of ticket key setting
+ int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv,
+ EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
+
+ // Server-only: psk_identity_hint is the default identity hint to send in
+ // PSK-based key exchanges.
+ char *psk_identity_hint;
+
+ unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
+ char *identity,
+ unsigned int max_identity_len,
+ uint8_t *psk, unsigned int max_psk_len);
+ unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+ uint8_t *psk, unsigned int max_psk_len);
+
+
+ // retain_only_sha256_of_client_certs is true if we should compute the SHA256
+ // hash of the peer's certificate and then discard it to save memory and
+ // session space. Only effective on the server side.
+ char retain_only_sha256_of_client_certs;
+
+ // Next protocol negotiation information
+ // (for experimental NPN extension).
+
+ // For a server, this contains a callback function by which the set of
+ // advertised protocols can be provided.
+ int (*next_protos_advertised_cb)(SSL *ssl, const uint8_t **out,
+ unsigned *out_len, void *arg);
+ void *next_protos_advertised_cb_arg;
+ // For a client, this contains a callback function that selects the
+ // next protocol from the list provided by the server.
+ int (*next_proto_select_cb)(SSL *ssl, uint8_t **out, uint8_t *out_len,
+ const uint8_t *in, unsigned in_len, void *arg);
+ void *next_proto_select_cb_arg;
+
+ // ALPN information
+ // (we are in the process of transitioning from NPN to ALPN.)
+
+ // For a server, this contains a callback function that allows the
+ // server to select the protocol for the connection.
+ // out: on successful return, this must point to the raw protocol
+ // name (without the length prefix).
+ // outlen: on successful return, this contains the length of |*out|.
+ // in: points to the client's list of supported protocols in
+ // wire-format.
+ // inlen: the length of |in|.
+ int (*alpn_select_cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len,
+ const uint8_t *in, unsigned in_len, void *arg);
+ void *alpn_select_cb_arg;
+
+ // For a client, this contains the list of supported protocols in wire
+ // format.
+ uint8_t *alpn_client_proto_list;
+ unsigned alpn_client_proto_list_len;
+
+ // SRTP profiles we are willing to do from RFC 5764
+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+
+ // Supported group values inherited by SSL structure
+ size_t supported_group_list_len;
+ uint16_t *supported_group_list;
+
+ // The client's Channel ID private key.
+ EVP_PKEY *tlsext_channel_id_private;
+
+ // keylog_callback, if not NULL, is the key logging callback. See
+ // |SSL_CTX_set_keylog_callback|.
+ void (*keylog_callback)(const SSL *ssl, const char *line);
+
+ // current_time_cb, if not NULL, is the function to use to get the current
+ // time. It sets |*out_clock| to the current time. The |ssl| argument is
+ // always NULL. See |SSL_CTX_set_current_time_cb|.
+ void (*current_time_cb)(const SSL *ssl, struct timeval *out_clock);
+
+ // pool is used for all |CRYPTO_BUFFER|s in case we wish to share certificate
+ // memory.
+ CRYPTO_BUFFER_POOL *pool;
+
+ // ticket_aead_method contains function pointers for opening and sealing
+ // session tickets.
+ const SSL_TICKET_AEAD_METHOD *ticket_aead_method;
+
+ // verify_sigalgs, if not empty, is the set of signature algorithms
+ // accepted from the peer in decreasing order of preference.
+ uint16_t *verify_sigalgs;
+ size_t num_verify_sigalgs;
+
+ // quiet_shutdown is true if the connection should not send a close_notify on
+ // shutdown.
+ unsigned quiet_shutdown:1;
+
+ // ocsp_stapling_enabled is only used by client connections and indicates
+ // whether OCSP stapling will be requested.
+ unsigned ocsp_stapling_enabled:1;
+
+ // If true, a client will request certificate timestamps.
+ unsigned signed_cert_timestamps_enabled:1;
+
+ // tlsext_channel_id_enabled is one if Channel ID is enabled and zero
+ // otherwise. For a server, means that we'll accept Channel IDs from clients.
+ // For a client, means that we'll advertise support.
+ unsigned tlsext_channel_id_enabled:1;
+
+ // grease_enabled is one if draft-davidben-tls-grease-01 is enabled and zero
+ // otherwise.
+ unsigned grease_enabled:1;
+
+ // allow_unknown_alpn_protos is one if the client allows unsolicited ALPN
+ // protocols from the peer.
+ unsigned allow_unknown_alpn_protos:1;
+
+ // ed25519_enabled is one if Ed25519 is advertised in the handshake.
+ unsigned ed25519_enabled:1;
+};
+
struct SSL3_RECORD {
// type is the record type.
uint8_t type;
@@ -2486,75 +2860,12 @@
uint16_t version;
// method is the underlying SSL_PROTOCOL_METHOD that initializes the
// SSL_CTX.
- const SSL_PROTOCOL_METHOD *method;
+ const bssl::SSL_PROTOCOL_METHOD *method;
// x509_method contains pointers to functions that might deal with |X509|
// compatibility, or might be a no-op, depending on the application.
const SSL_X509_METHOD *x509_method;
};
-// ssl_protocol_method_st, aka |SSL_PROTOCOL_METHOD| abstracts between TLS and
-// DTLS.
-struct ssl_protocol_method_st {
- // is_dtls is one if the protocol is DTLS and zero otherwise.
- char is_dtls;
- int (*ssl_new)(SSL *ssl);
- void (*ssl_free)(SSL *ssl);
- // get_message sets |*out| to the current handshake message and returns true
- // if one has been received. It returns false if more input is needed.
- bool (*get_message)(SSL *ssl, bssl::SSLMessage *out);
- // read_message reads additional handshake data for |get_message|. On success,
- // it returns one. Otherwise, it returns <= 0.
- int (*read_message)(SSL *ssl);
- // next_message is called to release the current handshake message.
- void (*next_message)(SSL *ssl);
- // read_app_data reads up to |len| bytes of application data into |buf|. On
- // success, it returns the number of bytes read. Otherwise, it returns <= 0
- // and sets |*out_got_handshake| to whether the failure was due to a
- // post-handshake handshake message. If so, any handshake messages consumed
- // may be read with |get_message|.
- int (*read_app_data)(SSL *ssl, bool *out_got_handshake, uint8_t *buf, int len,
- int peek);
- int (*read_change_cipher_spec)(SSL *ssl);
- void (*read_close_notify)(SSL *ssl);
- int (*write_app_data)(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
- int len);
- int (*dispatch_alert)(SSL *ssl);
- // supports_cipher returns one if |cipher| is supported by this protocol and
- // zero otherwise.
- int (*supports_cipher)(const SSL_CIPHER *cipher);
- // init_message begins a new handshake message of type |type|. |cbb| is the
- // root CBB to be passed into |finish_message|. |*body| is set to a child CBB
- // the caller should write to. It returns one on success and zero on error.
- int (*init_message)(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
- // finish_message finishes a handshake message. It sets |*out_msg| to the
- // serialized message. It returns one on success and zero on error.
- int (*finish_message)(SSL *ssl, CBB *cbb, bssl::Array<uint8_t> *out_msg);
- // add_message adds a handshake message to the pending flight. It returns one
- // on success and zero on error.
- int (*add_message)(SSL *ssl, bssl::Array<uint8_t> msg);
- // add_change_cipher_spec adds a ChangeCipherSpec record to the pending
- // flight. It returns one on success and zero on error.
- int (*add_change_cipher_spec)(SSL *ssl);
- // add_alert adds an alert to the pending flight. It returns one on success
- // and zero on error.
- int (*add_alert)(SSL *ssl, uint8_t level, uint8_t desc);
- // flush_flight flushes the pending flight to the transport. It returns one on
- // success and <= 0 on error.
- int (*flush_flight)(SSL *ssl);
- // on_handshake_complete is called when the handshake is complete.
- void (*on_handshake_complete)(SSL *ssl);
- // set_read_state sets |ssl|'s read cipher state to |aead_ctx|. It returns
- // one on success and zero if changing the read state is forbidden at this
- // point.
- int (*set_read_state)(SSL *ssl,
- bssl::UniquePtr<bssl::SSLAEADContext> aead_ctx);
- // set_write_state sets |ssl|'s write cipher state to |aead_ctx|. It returns
- // one on success and zero if changing the write state is forbidden at this
- // point.
- int (*set_write_state)(SSL *ssl,
- bssl::UniquePtr<bssl::SSLAEADContext> aead_ctx);
-};
-
struct ssl_x509_method_st {
// check_client_CA_list returns one if |names| is a good list of X.509
// distinguished names and zero otherwise. This is used to ensure that we can
@@ -2562,17 +2873,17 @@
int (*check_client_CA_list)(STACK_OF(CRYPTO_BUFFER) *names);
// cert_clear frees and NULLs all X509 certificate-related state.
- void (*cert_clear)(CERT *cert);
+ void (*cert_clear)(bssl::CERT *cert);
// cert_free frees all X509-related state.
- void (*cert_free)(CERT *cert);
+ void (*cert_free)(bssl::CERT *cert);
// cert_flush_cached_chain drops any cached |X509|-based certificate chain
// from |cert|.
// cert_dup duplicates any needed fields from |cert| to |new_cert|.
- void (*cert_dup)(CERT *new_cert, const CERT *cert);
- void (*cert_flush_cached_chain)(CERT *cert);
+ void (*cert_dup)(bssl::CERT *new_cert, const bssl::CERT *cert);
+ void (*cert_flush_cached_chain)(bssl::CERT *cert);
// cert_flush_cached_chain drops any cached |X509|-based leaf certificate
// from |cert|.
- void (*cert_flush_cached_leaf)(CERT *cert);
+ void (*cert_flush_cached_leaf)(bssl::CERT *cert);
// session_cache_objects fills out |sess->x509_peer| and |sess->x509_chain|
// from |sess->certs| and erases |sess->x509_chain_without_leaf|. It returns
@@ -2611,12 +2922,11 @@
void (*ssl_ctx_flush_cached_client_CA)(SSL_CTX *ssl);
};
-// ssl_st backs the public |SSL| type. It subclasses the true type so that
-// SSLConnection may be a C++ type with methods and destructor without
-// polluting the global namespace.
+// The following types back public C-exposed types which must live in the global
+// namespace. We use subclassing so the implementations may be C++ types with
+// methods and destructor without polluting the global namespace.
+struct ssl_ctx_st : public bssl::SSLContext {};
struct ssl_st : public bssl::SSLConnection {};
-struct cert_st : public bssl::SSLCertConfig {};
-
#endif // OPENSSL_HEADER_SSL_INTERNAL_H
