xref: /openbsd-src/usr.sbin/smtpd/ssl.h (revision f1dd7b858388b4a23f4f67a4957ec5ff656ebbe8) 
1 /*	$OpenBSD: ssl.h,v 1.23 2021/04/11 07:18:08 eric Exp $	*/
2 /*
3  * Copyright (c) 2013 Gilles Chehade <gilles@poolp.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <openssl/ssl.h>
19 
20 #define SSL_CIPHERS		"HIGH:!aNULL:!MD5"
21 #define	SSL_SESSION_TIMEOUT	300
22 
23 struct pki {
24 	char			 pki_name[HOST_NAME_MAX+1];
25 
26 	char			*pki_cert_file;
27 	char			*pki_cert;
28 	off_t			 pki_cert_len;
29 
30 	char			*pki_key_file;
31 	char			*pki_key;
32 	off_t			 pki_key_len;
33 
34 	EVP_PKEY		*pki_pkey;
35 
36 	int			 pki_dhe;
37 };
38 
39 struct ca {
40 	char			 ca_name[HOST_NAME_MAX+1];
41 
42 	char			*ca_cert_file;
43 	char			*ca_cert;
44 	off_t			 ca_cert_len;
45 };
46 
47 
48 /* ssl.c */
49 void		ssl_init(void);
50 int		ssl_setup(SSL_CTX **, struct pki *,
51     int (*)(SSL *, int *, void *), const char *);
52 SSL_CTX	       *ssl_ctx_create(const char *, char *, off_t, const char *);
53 int	        ssl_cmp(struct pki *, struct pki *);
54 char	       *ssl_load_file(const char *, off_t *, mode_t);
55 char	       *ssl_load_key(const char *, off_t *, char *, mode_t, const char *);
56 
57 const char     *ssl_to_text(const SSL *);
58 void		ssl_error(const char *);
59 
60 int		ssl_load_certificate(struct pki *, const char *);
61 int		ssl_load_keyfile(struct pki *, const char *, const char *);
62 int		ssl_load_cafile(struct ca *, const char *);
63 int		ssl_load_pkey(const void *, size_t, char *, off_t,
64 		    X509 **, EVP_PKEY **);
65 int		ssl_ctx_fake_private_key(SSL_CTX *, const void *, size_t,
66 		    char *, off_t, X509 **, EVP_PKEY **);
67 char *ssl_pubkey_hash(const char *, off_t);
68