cya_u

Fork of CyaSSL-forEncrypt by Mobius IoT

ssl.h

Committer:
vbahl2
Date:
2017-05-10
Revision:
2:d0516dc143b1
Parent:
0:5045d2638c29

File content as of revision 2:d0516dc143b1:

/* ssl.h
 *
 * Copyright (C) 2006-2009 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
 * CyaSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * CyaSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */


/*  ssl.h defines openssl compatibility layer 
 *
 */



#ifndef CYASSL_OPENSSL_H_
#define CYASSL_OPENSSL_H_

#include "os_settings.h"   /* for users not using preprocessor flags */

#ifndef NO_FILESYTEM
    #include <stdio.h>   /* ERR_print fp */
#endif

#ifdef YASSL_PREFIX
    #include "prefix_ssl.h"
#endif

#undef X509_NAME   /* wincrypt.h clash */

#ifdef __cplusplus
    extern "C" {
#endif



typedef struct SSL          SSL;          
typedef struct SSL_SESSION  SSL_SESSION;
typedef struct SSL_METHOD   SSL_METHOD;
typedef struct SSL_CTX      SSL_CTX;

typedef struct X509       X509;
typedef struct X509_NAME  X509_NAME;
typedef struct X509_CHAIN X509_CHAIN;


/* redeclare guard */
#define SSL_TYPES_DEFINED




typedef struct EVP_PKEY       EVP_PKEY;
typedef struct RSA            RSA;
typedef struct BIO            BIO;
typedef struct BIO_METHOD     BIO_METHOD;
typedef struct SSL_CIPHER     SSL_CIPHER;
typedef struct X509_LOOKUP    X509_LOOKUP;
typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
typedef struct X509_CRL       X509_CRL;
typedef struct X509_EXTENSION X509_EXTENSION;
typedef struct ASN1_TIME      ASN1_TIME;
typedef struct ASN1_INTEGER   ASN1_INTEGER;
typedef struct ASN1_OBJECT    ASN1_OBJECT;
typedef struct ASN1_STRING    ASN1_STRING;
typedef struct CRYPTO_dynlock_value CRYPTO_dynlock_value;

#define ASN1_UTCTIME ASN1_TIME

typedef struct MD4_CTX {
    int buffer[32];      /* big enough to hold, check size in Init */
} MD4_CTX;


typedef struct COMP_METHOD {
    int type;            /* stunnel dereference */
} COMP_METHOD;


typedef struct X509_STORE {
    int cache;          /* stunnel dereference */
} X509_STORE;


typedef struct X509_REVOKED {
    ASN1_INTEGER* serialNumber;          /* stunnel dereference */
} X509_REVOKED;


typedef struct X509_OBJECT {
    union {
        char* ptr;
        X509_CRL* crl;           /* stunnel dereference */
    } data;
} X509_OBJECT;


/* in cyassl_int.h too, change there !! */
typedef struct X509_STORE_CTX {
    int   error;
    int   error_depth;
    X509* current_cert;          /* stunnel dereference */
    char* domain;                /* subject CN domain name */
    /* in cyassl_int.h too, change there !! */
} X509_STORE_CTX;


SSL_METHOD *SSLv3_server_method(void);
SSL_METHOD *SSLv3_client_method(void);
SSL_METHOD *TLSv1_server_method(void);  
SSL_METHOD *TLSv1_client_method(void);
SSL_METHOD *TLSv1_1_server_method(void);  
SSL_METHOD *TLSv1_1_client_method(void);
SSL_METHOD *TLSv1_2_server_method(void);  
SSL_METHOD *TLSv1_2_client_method(void);

#ifdef CYASSL_DTLS
    SSL_METHOD *DTLSv1_client_method(void);
    SSL_METHOD *DTLSv1_server_method(void);
#endif

#ifndef NO_FILESYSTEM

int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int);
int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*);
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int);

#ifdef CYASSL_DER_LOAD
    int CyaSSL_CTX_load_verify_locations(SSL_CTX*, const char*, int);
#endif

#ifdef HAVE_NTRU
    int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*); /* load NTRU 
                                                             private key blob */
#endif

int CyaSSL_PemCertToDer(const char*, unsigned char*, int);

#endif /* NO_FILESYSTEM */

SSL_CTX* SSL_CTX_new(SSL_METHOD*);
SSL* SSL_new(SSL_CTX*);
int  SSL_set_fd (SSL*, int);
int  SSL_get_fd(const SSL*);
int  SSL_connect(SSL*);                   /* please see note at top of README
                                             if you get an error from connect */
int  SSL_write(SSL*, const void*, int);
int  SSL_read(SSL*, void*, int);
int  SSL_accept(SSL*);
void SSL_CTX_free(SSL_CTX*);
void SSL_free(SSL*);
int  SSL_shutdown(SSL*);

void SSL_CTX_set_quiet_shutdown(SSL_CTX*, int);

int  SSL_get_error(SSL*, int);

int          SSL_set_session(SSL *ssl, SSL_SESSION *session);
SSL_SESSION* SSL_get_session(SSL* ssl);
void         SSL_flush_sessions(SSL_CTX *ctx, long tm);


typedef int (*VerifyCallback)(int, X509_STORE_CTX*);
typedef int (*pem_password_cb)(char*, int, int, void*);

void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback);


int  SSL_pending(SSL*);


void SSL_load_error_strings(void);
int  SSL_library_init(void);
long SSL_CTX_set_session_cache_mode(SSL_CTX*, long);

/* only supports full name from cipher_name[] delimited by : */
int  SSL_CTX_set_cipher_list(SSL_CTX*, const char*);

char* ERR_error_string(unsigned long,char*);
void  ERR_error_string_n(unsigned long e, char *buf, size_t len);


/* extras */

#define STACK_OF(x) x

int  SSL_set_ex_data(SSL*, int, void*);
int  SSL_get_shutdown(const SSL*);
int  SSL_set_rfd(SSL*, int);
int  SSL_set_wfd(SSL*, int);
void SSL_set_shutdown(SSL*, int);
int  SSL_set_session_id_context(SSL*, const unsigned char*, unsigned int);
void SSL_set_connect_state(SSL*);
void SSL_set_accept_state(SSL*);
int  SSL_session_reused(SSL*);
void SSL_SESSION_free(SSL_SESSION* session);

const char*  SSL_get_version(SSL*);
SSL_CIPHER*  SSL_get_current_cipher(SSL*);
char*        SSL_CIPHER_description(SSL_CIPHER*, char*, int);
const char*  SSL_CIPHER_get_name(const SSL_CIPHER* cipher);
SSL_SESSION* SSL_get1_session(SSL* ssl);  /* what's ref count */

void X509_free(X509*);
void OPENSSL_free(void*);

int OCSP_parse_url(char* url, char** host, char** port, char** path, int* ssl);

SSL_METHOD* SSLv23_client_method(void);
SSL_METHOD* SSLv2_client_method(void);
SSL_METHOD* SSLv2_server_method(void);

void MD4_Init(MD4_CTX*);
void MD4_Update(MD4_CTX*, const void*, size_t);
void MD4_Final(unsigned char*, MD4_CTX*);

BIO* BIO_new(BIO_METHOD*);
int  BIO_free(BIO*);
int  BIO_free_all(BIO*);
int  BIO_read(BIO*, void*, int);
int  BIO_write(BIO*, const void*, int);
BIO* BIO_push(BIO*, BIO* append);
BIO* BIO_pop(BIO*);
int  BIO_flush(BIO*);
int  BIO_pending(BIO*);

BIO_METHOD* BIO_f_buffer(void);
long        BIO_set_write_buffer_size(BIO*, long size);
BIO_METHOD* BIO_f_ssl(void);
BIO*        BIO_new_socket(int sfd, int flag);
void        SSL_set_bio(SSL*, BIO* rd, BIO* wr);
int         BIO_eof(BIO*);
long        BIO_set_ssl(BIO*, SSL*, int flag);

BIO_METHOD* BIO_s_mem(void);
BIO_METHOD* BIO_f_base64(void);
void        BIO_set_flags(BIO*, int);

void OpenSSL_add_all_algorithms(void);
int  SSLeay_add_ssl_algorithms(void);
int  SSLeay_add_all_algorithms(void);

void        RAND_screen(void);
const char* RAND_file_name(char*, size_t);
int         RAND_write_file(const char*);
int         RAND_load_file(const char*, long);
int         RAND_egd(const char*);

COMP_METHOD* COMP_zlib(void);
COMP_METHOD* COMP_rle(void);
int SSL_COMP_add_compression_method(int, void*);

int SSL_get_ex_new_index(long, void*, void*, void*, void*);

void CRYPTO_set_id_callback(unsigned long (*f)(void));
void CRYPTO_set_locking_callback(void (*f)(int, int, const char*, int));
void CRYPTO_set_dynlock_create_callback(CRYPTO_dynlock_value* (*f)(const char*,
                                                                   int));
void CRYPTO_set_dynlock_lock_callback(void (*f)(int, CRYPTO_dynlock_value*,
                                                const char*, int));
void CRYPTO_set_dynlock_destroy_callback(void (*f)(CRYPTO_dynlock_value*,
                                                   const char*, int));

X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*);
int   X509_STORE_CTX_get_error(X509_STORE_CTX*);
int   X509_STORE_CTX_get_error_depth(X509_STORE_CTX*);

char*       X509_NAME_oneline(X509_NAME*, char*, int);
X509_NAME*  X509_get_issuer_name(X509*);
X509_NAME*  X509_get_subject_name(X509*);
const char* X509_verify_cert_error_string(long);

int                 X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long);
int                 X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long);
X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void);
X509_LOOKUP_METHOD* X509_LOOKUP_file(void);

X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*);
X509_STORE*  X509_STORE_new(void);
int          X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*,
                                       X509_OBJECT*);
int  X509_STORE_CTX_init(X509_STORE_CTX*, X509_STORE*, X509*, STACK_OF(X509)*);
void X509_STORE_CTX_cleanup(X509_STORE_CTX*);

ASN1_TIME* X509_CRL_get_lastUpdate(X509_CRL*);
ASN1_TIME* X509_CRL_get_nextUpdate(X509_CRL*);

EVP_PKEY* X509_get_pubkey(X509*);
int       X509_CRL_verify(X509_CRL*, EVP_PKEY*);
void      X509_STORE_CTX_set_error(X509_STORE_CTX*, int);
void      X509_OBJECT_free_contents(X509_OBJECT*);
void      EVP_PKEY_free(EVP_PKEY*);
int       X509_cmp_current_time(const ASN1_TIME*);
int       sk_X509_REVOKED_num(X509_REVOKED*);

X509_REVOKED* X509_CRL_get_REVOKED(X509_CRL*);
X509_REVOKED* sk_X509_REVOKED_value(X509_REVOKED*, int);

ASN1_INTEGER* X509_get_serialNumber(X509*);

int ASN1_TIME_print(BIO*, const ASN1_TIME*);

int  ASN1_INTEGER_cmp(const ASN1_INTEGER*, const ASN1_INTEGER*);
long ASN1_INTEGER_get(const ASN1_INTEGER*);

STACK_OF(X509_NAME)* SSL_load_client_CA_file(const char*);

void  SSL_CTX_set_client_CA_list(SSL_CTX*, STACK_OF(X509_NAME)*);
void* X509_STORE_CTX_get_ex_data(X509_STORE_CTX*, int);
int   SSL_get_ex_data_X509_STORE_CTX_idx(void);
void* SSL_get_ex_data(const SSL*, int);

void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata);
void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb);


long SSL_CTX_set_timeout(SSL_CTX*, long);
void SSL_CTX_set_info_callback(SSL_CTX*, void (*)());

unsigned long ERR_peek_error(void);
int           ERR_GET_REASON(int);

char* SSL_alert_type_string_long(int);
char* SSL_alert_desc_string_long(int);
char* SSL_state_string_long(SSL*);

void RSA_free(RSA*);
RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*);
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int));

int PEM_def_callback(char*, int num, int w, void* key);

long SSL_CTX_sess_accept(SSL_CTX*);
long SSL_CTX_sess_connect(SSL_CTX*);
long SSL_CTX_sess_accept_good(SSL_CTX*);
long SSL_CTX_sess_connect_good(SSL_CTX*);
long SSL_CTX_sess_accept_renegotiate(SSL_CTX*);
long SSL_CTX_sess_connect_renegotiate(SSL_CTX*);
long SSL_CTX_sess_hits(SSL_CTX*);
long SSL_CTX_sess_cb_hits(SSL_CTX*);
long SSL_CTX_sess_cache_full(SSL_CTX*);
long SSL_CTX_sess_misses(SSL_CTX*);
long SSL_CTX_sess_timeouts(SSL_CTX*);
long SSL_CTX_sess_number(SSL_CTX*);
long SSL_CTX_sess_get_cache_size(SSL_CTX*);


#define SSL_DEFAULT_CIPHER_LIST ""   /* default all */
#define RSA_F4 0x10001L

enum {
    OCSP_NOCERTS     = 1,
    OCSP_NOINTERN    = 2,
    OCSP_NOSIGS      = 4,
    OCSP_NOCHAIN     = 8,
    OCSP_NOVERIFY    = 16,
    OCSP_NOEXPLICIT  = 32,
    OCSP_NOCASIGN    = 64,
    OCSP_NODELEGATED = 128,
    OCSP_NOCHECKS    = 256,
    OCSP_TRUSTOTHER  = 512,
    OCSP_RESPID_KEY  = 1024,
    OCSP_NOTIME      = 2048,

    OCSP_CERTID   = 2,
    OCSP_REQUEST  = 4,
    OCSP_RESPONSE = 8,
    OCSP_BASICRESP = 16,

    ASN1_GENERALIZEDTIME = 4,

    SSL_OP_MICROSOFT_SESS_ID_BUG = 1,
    SSL_OP_NETSCAPE_CHALLENGE_BUG = 2,
    SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 3,
    SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 4,
    SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 5,
    SSL_OP_MSIE_SSLV2_RSA_PADDING = 6,
    SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 7,
    SSL_OP_TLS_D5_BUG = 8,
    SSL_OP_TLS_BLOCK_PADDING_BUG = 9,
    SSL_OP_TLS_ROLLBACK_BUG = 10,
    SSL_OP_ALL = 11,
    SSL_OP_EPHEMERAL_RSA = 12,
    SSL_OP_NO_SSLv3 = 13,
    SSL_OP_NO_TLSv1 = 14,
    SSL_OP_PKCS1_CHECK_1 = 15,
    SSL_OP_PKCS1_CHECK_2 = 16,
    SSL_OP_NETSCAPE_CA_DN_BUG = 17,
    SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 18,
    SSL_OP_SINGLE_DH_USE = 19,
    SSL_OP_NO_TICKET = 20,
    SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 21,
    SSL_OP_NO_QUERY_MTU = 22,
    SSL_OP_COOKIE_EXCHANGE = 23,
    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 24,
    SSL_OP_SINGLE_ECDH_USE = 25,
    SSL_OP_CIPHER_SERVER_PREFERENCE = 26,

    SSL_MAX_SSL_SESSION_ID_LENGTH = 32,

    EVP_R_BAD_DECRYPT = 2,

    SSL_CB_LOOP = 4,
    SSL_ST_CONNECT = 5,
    SSL_ST_ACCEPT  = 6,
    SSL_CB_ALERT   = 7,
    SSL_CB_READ    = 8,
    SSL_CB_HANDSHAKE_DONE = 9,

    SSL_MODE_ENABLE_PARTIAL_WRITE = 2,

    BIO_FLAGS_BASE64_NO_NL = 1,
    BIO_CLOSE   = 1,
    BIO_NOCLOSE = 0,

    NID_undef = 0,

    X509_FILETYPE_PEM = 8,
    X509_LU_X509      = 9,
    X509_LU_CRL       = 12,
    
    X509_V_ERR_CRL_SIGNATURE_FAILURE = 13,
    X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 14,
    X509_V_ERR_CRL_HAS_EXPIRED                = 15,
    X509_V_ERR_CERT_REVOKED                   = 16,
    X509_V_ERR_CERT_CHAIN_TOO_LONG            = 17,
    X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT      = 18,
    X509_V_ERR_CERT_NOT_YET_VALID             = 19,
    X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
    X509_V_ERR_CERT_HAS_EXPIRED               = 21,
    X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD  = 22,

    X509_V_OK = 0,

    CRYPTO_LOCK = 1,
    CRYPTO_NUM_LOCKS = 10,

};

/* extras end */

#ifndef NO_FILESYSTEM
/* CyaSSL extension, provide last error from SSL_get_error
   since not using thread storage error queue */
void  ERR_print_errors_fp(FILE*, int err);
#endif

enum { /* ssl Constants */
    SSL_ERROR_NONE      =  0,   /* for most functions */
    SSL_FAILURE         =  0,   /* for some functions */
    SSL_SUCCESS            =  1,

    SSL_BAD_CERTTYPE    = -8,
    SSL_BAD_STAT        = -7,
    SSL_BAD_PATH        = -6,
    SSL_BAD_FILETYPE    = -5,
    SSL_BAD_FILE        = -4,
    SSL_NOT_IMPLEMENTED = -3,
    SSL_UNKNOWN         = -2,
    SSL_FATAL_ERROR     = -1,

    SSL_FILETYPE_ASN1    = 2,
    SSL_FILETYPE_PEM     = 1,
    SSL_FILETYPE_DEFAULT = 2, /* ASN1 */
    SSL_FILETYPE_RAW     = 3, /* NTRU raw key blob */

    SSL_VERIFY_NONE                 = 0,
    SSL_VERIFY_PEER                 = 1,
    SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
    SSL_VERIFY_CLIENT_ONCE          = 4,

    SSL_SESS_CACHE_OFF                = 30,
    SSL_SESS_CACHE_CLIENT             = 31,
    SSL_SESS_CACHE_SERVER             = 32,
    SSL_SESS_CACHE_BOTH               = 33,
    SSL_SESS_CACHE_NO_AUTO_CLEAR      = 34,
    SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35,

    SSL_ERROR_WANT_READ        =  2,
    SSL_ERROR_WANT_WRITE       =  3,
    SSL_ERROR_WANT_CONNECT     =  7,
    SSL_ERROR_WANT_ACCEPT      =  8,
    SSL_ERROR_SYSCALL          =  5,
    SSL_ERROR_WANT_X509_LOOKUP = 83,
    SSL_ERROR_ZERO_RETURN      =  6,
    SSL_ERROR_SSL              = 85,

    SSL_SENT_SHUTDOWN     = 1,
    SSL_RECEIVED_SHUTDOWN = 2,
    SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
    SSL_OP_NO_SSLv2       = 8,

    SSL_R_SSL_HANDSHAKE_FAILURE           = 101,
    SSL_R_TLSV1_ALERT_UNKNOWN_CA          = 102,
    SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
    SSL_R_SSLV3_ALERT_BAD_CERTIFICATE     = 104,

    PEM_BUFSIZE = 1024,
};


#ifndef NO_PSK
    typedef unsigned int (*psk_client_callback)(SSL*, const char*, char*,
                          unsigned int, unsigned char*, unsigned int);
    void SSL_CTX_set_psk_client_callback(SSL_CTX*, psk_client_callback);
    void SSL_set_psk_client_callback(SSL*, psk_client_callback);

    const char* SSL_get_psk_identity_hint(const SSL*);
    const char* SSL_get_psk_identity(const SSL*);

    int SSL_CTX_use_psk_identity_hint(SSL_CTX*, const char*);
    int SSL_use_psk_identity_hint(SSL*, const char*);

    typedef unsigned int (*psk_server_callback)(SSL*, const char*,
                          unsigned char*, unsigned int);
    void SSL_CTX_set_psk_server_callback(SSL_CTX*, psk_server_callback);
    void SSL_set_psk_server_callback(SSL*, psk_server_callback);

    #define PSK_TYPES_DEFINED
#endif /* NO_PSK */


/* extra begins */

enum {  /* ERR Constants */
    ERR_TXT_STRING = 1,
};

unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *);

unsigned long ERR_get_error(void);
void          ERR_clear_error(void);


int  RAND_status(void);
int  RAND_bytes(unsigned char* buf, int num);
SSL_METHOD *SSLv23_server_method(void);
long SSL_CTX_set_options(SSL_CTX*, long);
int  SSL_CTX_check_private_key(SSL_CTX*);


void ERR_free_strings(void);
void ERR_remove_state(unsigned long);
void EVP_cleanup(void);

void CRYPTO_cleanup_all_ex_data(void);
long SSL_CTX_set_mode(SSL_CTX* ctx, long mode);
long SSL_CTX_get_mode(SSL_CTX* ctx);
void SSL_CTX_set_default_read_ahead(SSL_CTX* ctx, int m);

long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);

int  SSL_CTX_set_default_verify_paths(SSL_CTX*);
int  SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*,
                                    unsigned int);

X509*      SSL_get_peer_certificate(SSL* ssl);

int SSL_want_read(SSL*);
int SSL_want_write(SSL*);

int BIO_printf(BIO*, const char*, ...);
int ASN1_UTCTIME_print(BIO*, const ASN1_UTCTIME*);

int   sk_num(X509_REVOKED*);
void* sk_value(X509_REVOKED*, int);

/* stunnel 4.28 needs */
void* SSL_CTX_get_ex_data(const SSL_CTX*, int);
int   SSL_CTX_set_ex_data(SSL_CTX*, int, void*);
void  SSL_CTX_sess_set_get_cb(SSL_CTX*, SSL_SESSION*(*f)(SSL*, unsigned char*,
                                                         int, int*));
void  SSL_CTX_sess_set_new_cb(SSL_CTX*, int (*f)(SSL*, SSL_SESSION*));
void  SSL_CTX_sess_set_remove_cb(SSL_CTX*, void (*f)(SSL_CTX*, SSL_SESSION*));

int          i2d_SSL_SESSION(SSL_SESSION*, unsigned char**);
SSL_SESSION* d2i_SSL_SESSION(SSL_SESSION**,const unsigned char**, long);

long SSL_SESSION_get_timeout(const SSL_SESSION*);
long SSL_SESSION_get_time(const SSL_SESSION*);
int  SSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);

/* extra ends */


/* CyaSSL extensions */

/* call before SSL_connect, if verifying will add name check to
   date check and signature check */
int CyaSSL_check_domain_name(SSL* ssl, const char* dn);

int InitCyaSSL(void);   /* need to call once to load library (session cache) */
int FreeCyaSSL(void);   /* call when done to free session cache mutex        */

int  CyaSSL_Debugging_ON(void);   /* turn logging on, only if compiled in */
void CyaSSL_Debugging_OFF(void);  /* turn logging off */

int CyaSSL_set_compression(SSL* ssl);  /* turn on CyaSSL data compression */

int CyaSSL_CTX_use_NTRUPrivateKey_file(SSL_CTX*, const char*); /* load NTRU
                                                             private key blob */
X509_CHAIN* CyaSSL_get_peer_chain(SSL* ssl);   /* get CyaSSL peer X509_CHAIN */
int  CyaSSL_get_chain_count(X509_CHAIN* chain);   /* peer chain count */
int  CyaSSL_get_chain_length(X509_CHAIN*, int idx); /* index cert length */
unsigned char* CyaSSL_get_chain_cert(X509_CHAIN*, int idx);   /* index cert */
int  CyaSSL_get_chain_cert_pem(X509_CHAIN*, int idx, unsigned char* buffer,
                          int inLen, int* outLen); /* get index cert in PEM */
const unsigned char* CyaSSL_get_sessionID(const SSL_SESSION* session);

#ifndef _WIN32
    #ifndef NO_WRITEV
        #include <sys/uio.h>
        /* allow writev style writing */
        int CyaSSL_writev(SSL* ssl, const struct iovec* iov, int iovcnt);
    #endif
#endif

#if defined(NO_FILESYSTEM) || defined(MICRIUM)

int CyaSSL_CTX_load_verify_buffer(SSL_CTX*, const unsigned char*, long, int);
int CyaSSL_CTX_use_certificate_buffer(SSL_CTX*, const unsigned char*, long,int);
int CyaSSL_CTX_use_PrivateKey_buffer(SSL_CTX*, const unsigned char*, long, int);
int CyaSSL_CTX_use_certificate_chain_buffer(SSL_CTX*,const unsigned char*,long);

#endif /* NO_FILESYSTEM || MICRIUM */


/* I/O callbacks */
typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);

void CyaSSL_SetIORecv(SSL_CTX*, CallbackIORecv);
void CyaSSL_SetIOSend(SSL_CTX*, CallbackIOSend);

void CyaSSL_SetIOReadCtx(SSL* ssl, void *ctx);
void CyaSSL_SetIOWriteCtx(SSL* ssl, void *ctx);


#ifdef CYASSL_CALLBACKS

/* used internally by CyaSSL while OpenSSL types aren't */
#include "cyassl_callbacks.h"

typedef int (*HandShakeCallBack)(HandShakeInfo*);
typedef int (*TimeoutCallBack)(TimeoutInfo*);

/* CyaSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
   for diagnostics */
int CyaSSL_connect_ex(SSL*, HandShakeCallBack, TimeoutCallBack, Timeval);
int CyaSSL_accept_ex(SSL*, HandShakeCallBack, TimeoutCallBack, Timeval);

#endif /* CYASSL_CALLBACKS */


#ifdef __cplusplus
    } /* extern "C" */
#endif


#endif /* CyaSSL_openssl_h__ */