xref: /openbsd-src/usr.sbin/smtpd/ssl.h (revision 50b7afb2c2c0993b0894d4e34bf857cb13ed9c80) 
1 /*	$OpenBSD: ssl.h,v 1.9 2014/05/20 17:33:36 reyk Exp $	*/
2 /*
3  * Copyright (c) 2013 Gilles Chehade <gilles@poolp.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #define SSL_CIPHERS		"HIGH:!aNULL:!MD5"
19 #define	SSL_ECDH_CURVE		"prime256v1"
20 #define	SSL_SESSION_TIMEOUT	300
21 
22 struct pki {
23 	char			 pki_name[PATH_MAX];
24 
25 	char			*pki_ca_file;
26 	char			*pki_ca;
27 	off_t			 pki_ca_len;
28 
29 	char			*pki_cert_file;
30 	char			*pki_cert;
31 	off_t			 pki_cert_len;
32 
33 	char			*pki_key_file;
34 	char			*pki_key;
35 	off_t			 pki_key_len;
36 
37 	EVP_PKEY		*pki_pkey;
38 
39 	char			*pki_dhparams_file;
40 	char			*pki_dhparams;
41 	off_t			 pki_dhparams_len;
42 };
43 
44 /* ssl.c */
45 void		ssl_init(void);
46 int		ssl_setup(SSL_CTX **, struct pki *);
47 SSL_CTX	       *ssl_ctx_create(const char *, char *, off_t);
48 int	        ssl_cmp(struct pki *, struct pki *);
49 DH	       *get_dh1024(void);
50 DH	       *get_dh_from_memory(char *, size_t);
51 void		ssl_set_ephemeral_key_exchange(SSL_CTX *, DH *);
52 void		ssl_set_ecdh_curve(SSL_CTX *, const char *);
53 extern int	ssl_ctx_load_verify_memory(SSL_CTX *, char *, off_t);
54 char	       *ssl_load_file(const char *, off_t *, mode_t);
55 char	       *ssl_load_key(const char *, off_t *, char *, mode_t, const char *);
56 
57 const char     *ssl_to_text(const SSL *);
58 void		ssl_error(const char *);
59 
60 int		ssl_load_certificate(struct pki *, const char *);
61 int		ssl_load_keyfile(struct pki *, const char *, const char *);
62 int		ssl_load_cafile(struct pki *, const char *);
63 int		ssl_load_dhparams(struct pki *, const char *);
64 int		ssl_load_pkey(const void *, size_t, char *, off_t,
65 		    X509 **, EVP_PKEY **);
66 int		ssl_ctx_fake_private_key(SSL_CTX *, const void *, size_t,
67 		    char *, off_t, X509 **, EVP_PKEY **);
68 
69 /* ssl_privsep.c */
70 int		ssl_ctx_use_certificate_chain(SSL_CTX *, char *, off_t);
71 int		ssl_ctx_load_verify_memory(SSL_CTX *, char *, off_t);
72 int		ssl_by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **);
73