1 ! Copyright (C) 2007 Elie CHAFTARI
2 ! Portions copyright (C) 2008 Slava Pestov
3 ! See http://factorcode.org/license.txt for BSD license.
4 USING: alien alien.c-types alien.libraries alien.parser
5 alien.syntax assocs classes.struct combinators kernel lexer
6 literals namespaces openssl.libcrypto parser quotations
7 sequences system words ;
12 { [ os windows? ] [ "ssleay32.dll" ] }
13 { [ os macosx? ] [ "libssl.dylib" ] }
14 { [ os unix? ] [ "libssl.so" ] }
15 } cond cdecl add-library >>
17 CONSTANT: X509_FILETYPE_PEM 1
18 CONSTANT: X509_FILETYPE_ASN1 2
19 CONSTANT: X509_FILETYPE_DEFAULT 3
21 ALIAS: SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
22 ALIAS: SSL_FILETYPE_PEM X509_FILETYPE_PEM
24 CONSTANT: SSL_CTRL_NEED_TMP_RSA 1
25 CONSTANT: SSL_CTRL_SET_TMP_RSA 2
26 CONSTANT: SSL_CTRL_SET_TMP_DH 3
27 CONSTANT: SSL_CTRL_SET_TMP_RSA_CB 4
28 CONSTANT: SSL_CTRL_SET_TMP_DH_CB 5
30 CONSTANT: SSL_CTRL_GET_SESSION_REUSED 6
31 CONSTANT: SSL_CTRL_GET_CLIENT_CERT_REQUEST 7
32 CONSTANT: SSL_CTRL_GET_NUM_RENEGOTIATIONS 8
33 CONSTANT: SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9
34 CONSTANT: SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10
35 CONSTANT: SSL_CTRL_GET_FLAGS 11
36 CONSTANT: SSL_CTRL_EXTRA_CHAIN_CERT 12
38 CONSTANT: SSL_CTRL_SET_MSG_CALLBACK 13
39 CONSTANT: SSL_CTRL_SET_MSG_CALLBACK_ARG 14
41 CONSTANT: SSL_CTRL_SESS_NUMBER 20
42 CONSTANT: SSL_CTRL_SESS_CONNECT 21
43 CONSTANT: SSL_CTRL_SESS_CONNECT_GOOD 22
44 CONSTANT: SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
45 CONSTANT: SSL_CTRL_SESS_ACCEPT 24
46 CONSTANT: SSL_CTRL_SESS_ACCEPT_GOOD 25
47 CONSTANT: SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
48 CONSTANT: SSL_CTRL_SESS_HIT 27
49 CONSTANT: SSL_CTRL_SESS_CB_HIT 28
50 CONSTANT: SSL_CTRL_SESS_MISSES 29
51 CONSTANT: SSL_CTRL_SESS_TIMEOUTS 30
52 CONSTANT: SSL_CTRL_SESS_CACHE_FULL 31
53 CONSTANT: SSL_CTRL_OPTIONS 32
54 CONSTANT: SSL_CTRL_MODE 33
56 CONSTANT: SSL_CTRL_GET_READ_AHEAD 40
57 CONSTANT: SSL_CTRL_SET_READ_AHEAD 41
58 CONSTANT: SSL_CTRL_SET_SESS_CACHE_SIZE 42
59 CONSTANT: SSL_CTRL_GET_SESS_CACHE_SIZE 43
60 CONSTANT: SSL_CTRL_SET_SESS_CACHE_MODE 44
61 CONSTANT: SSL_CTRL_GET_SESS_CACHE_MODE 45
63 CONSTANT: SSL_CTRL_GET_MAX_CERT_LIST 50
64 CONSTANT: SSL_CTRL_SET_MAX_CERT_LIST 51
66 CONSTANT: SSL_OP_NO_SSLv2 0x01000000
67 CONSTANT: SSL_OP_NO_SSLv3 0x02000000
68 CONSTANT: SSL_OP_NO_TLSv1 0x04000000
69 CONSTANT: SSL_OP_NO_TLSv1_2 0x08000000
70 CONSTANT: SSL_OP_NO_TLSv1_1 0x10000000
72 CONSTANT: SSL_ERROR_NONE 0
73 CONSTANT: SSL_ERROR_SSL 1
74 CONSTANT: SSL_ERROR_WANT_READ 2
75 CONSTANT: SSL_ERROR_WANT_WRITE 3
76 CONSTANT: SSL_ERROR_WANT_X509_LOOKUP 4
77 CONSTANT: SSL_ERROR_SYSCALL 5 ! consult errno for details
78 CONSTANT: SSL_ERROR_ZERO_RETURN 6
79 CONSTANT: SSL_ERROR_WANT_CONNECT 7
80 CONSTANT: SSL_ERROR_WANT_ACCEPT 8
82 ! Error messages table
83 : error-messages ( -- hash )
85 { 0 "SSL_ERROR_NONE" }
87 { 2 "SSL_ERROR_WANT_READ" }
88 { 3 "SSL_ERROR_WANT_WRITE" }
89 { 4 "SSL_ERROR_WANT_X509_LOOKUP" }
90 { 5 "SSL_ERROR_SYSCALL" }
91 { 6 "SSL_ERROR_ZERO_RETURN" }
92 { 7 "SSL_ERROR_WANT_CONNECT" }
93 { 8 "SSL_ERROR_WANT_ACCEPT" }
101 ! ===============================================
103 ! ===============================================
111 TYPEDEF: stack_st _STACK
113 ! ===============================================
115 ! ===============================================
119 ! ===============================================
121 ! ===============================================
123 TYPEDEF: ASN1_ITEM ASN1_ITEM_EXP
131 FUNCTION: int ASN1_STRING_cmp ( ASN1_STRING *a, ASN1_STRING *b ) ;
133 FUNCTION: ASN1_VALUE* ASN1_item_d2i ( ASN1_VALUE** val, uchar **in, long len, ASN1_ITEM *it ) ;
135 ! ===============================================
137 ! ===============================================
138 TYPEDEF: ASN1_STRING ASN1_OCTET_STRING
140 ! ===============================================
142 ! ===============================================
144 STRUCT: X509_EXTENSION
147 { value ASN1_OCTET_STRING* } ;
152 ! ===============================================
154 ! ===============================================
155 STRUCT: X509V3_EXT_METHOD
160 FUNCTION: X509V3_EXT_METHOD* X509V3_EXT_get ( X509_EXTENSION* ext ) ;
162 UNION-STRUCT: GENERAL_NAME_st_d
166 { dNSName ASN1_STRING* } ;
168 STRUCT: GENERAL_NAME_st
170 { d GENERAL_NAME_st_d } ;
172 CONSTANT: GEN_OTHERNAME 0
173 CONSTANT: GEN_EMAIL 1
176 CONSTANT: GEN_DIRNAME 4
177 CONSTANT: GEN_EDIPARTY 5
179 CONSTANT: GEN_IPADD 7
182 ! ===============================================
184 ! ===============================================
186 STRUCT: ssl_method_st
192 { ssl_connect void* }
196 { ssl_shutdown void* }
197 { ssl_renegotiate void* }
198 { ssl_renegotiate_check void* }
199 { ssl_get_message void* }
200 { ssl_read_bytes void* }
201 { ssl_write_bytes void* }
202 { ssl_dispatch_alert void* }
204 { ssl_ctx_ctrl void* }
205 { get_cipher_by_char void* }
206 { put_cipher_by_char void* }
207 { ssl_pending void* }
208 { num_ciphers void* }
210 { get_ssl_method void* }
211 { get_timeout void* }
213 { ssl_version void* }
214 { ssl_callback_ctrl void* }
215 { ssl_ctx_callback_ctrl void* } ;
216 TYPEDEF: ssl_method_st* ssl-method
221 { method ssl_method_st* }
227 { handshake_func void* }
230 { quiet_shutdown int }
239 { packet_length int }
244 { msg_callback void* }
245 { msg_callback_arg void* }
248 { cipher_list void* }
249 { cipher_list_by_id void* }
251 { enc_read_ctx void* }
254 { enc_write_ctx void* }
258 { sid_ctx_length uint }
260 { session SSL_SESSION* }
261 { generate_session_id void* }
263 { verify_callback void* }
264 { info_callback void* }
268 { psk_client_callback void* }
269 { psk_server_callback void* }
273 FUNCTION: c-string SSL_get_version ( SSL* ssl ) ;
275 ! Maps OpenSSL errors to strings
276 FUNCTION: void SSL_load_error_strings ( ) ;
277 FUNCTION: c-string SSL_state_string ( SSL* ssl ) ;
278 FUNCTION: c-string SSL_rstate_string ( SSL* ssl ) ;
279 FUNCTION: c-string SSL_state_string_long ( SSL* ssl ) ;
280 FUNCTION: c-string SSL_rstate_string_long ( SSL* ssl ) ;
282 ! Must be called before any other action takes place
283 FUNCTION: int SSL_library_init ( ) ;
285 ! Sets the default SSL version
286 FUNCTION: ssl-method SSLv2_client_method ( ) ;
288 FUNCTION: ssl-method SSLv23_client_method ( ) ;
290 FUNCTION: ssl-method SSLv23_server_method ( ) ;
292 FUNCTION: ssl-method SSLv23_method ( ) ; ! SSLv3 but can rollback to v2
294 FUNCTION: ssl-method SSLv3_client_method ( ) ;
296 FUNCTION: ssl-method SSLv3_server_method ( ) ;
298 FUNCTION: ssl-method SSLv3_method ( ) ;
300 FUNCTION: ssl-method TLSv1_client_method ( ) ;
302 FUNCTION: ssl-method TLSv1_server_method ( ) ;
304 FUNCTION: ssl-method TLSv1_method ( ) ;
306 ! Creates the context
307 FUNCTION: SSL_CTX* SSL_CTX_new ( ssl-method method ) ;
309 ! Load the certificates and private keys into the SSL_CTX
310 FUNCTION: int SSL_CTX_use_certificate_chain_file ( SSL_CTX* ctx,
311 c-string file ) ; ! PEM type
313 FUNCTION: SSL* SSL_new ( SSL_CTX* ctx ) ;
315 FUNCTION: int SSL_set_fd ( SSL* ssl, int fd ) ;
317 FUNCTION: void SSL_set_bio ( SSL* ssl, void* rbio, void* wbio ) ;
319 FUNCTION: int SSL_set_session ( SSL* to, SSL_SESSION* session ) ;
320 FUNCTION: SSL_SESSION* SSL_get_session ( SSL* to ) ;
321 FUNCTION: SSL_SESSION* SSL_get1_session ( SSL* ssl ) ;
323 FUNCTION: int SSL_get_error ( SSL* ssl, int ret ) ;
325 FUNCTION: void SSL_set_connect_state ( SSL* ssl ) ;
327 FUNCTION: void SSL_set_accept_state ( SSL* ssl ) ;
329 FUNCTION: int SSL_connect ( SSL* ssl ) ;
331 FUNCTION: int SSL_accept ( SSL* ssl ) ;
333 FUNCTION: int SSL_write ( SSL* ssl, void* buf, int num ) ;
335 FUNCTION: int SSL_read ( SSL* ssl, void* buf, int num ) ;
337 FUNCTION: int SSL_shutdown ( SSL* ssl ) ;
339 CONSTANT: SSL_SENT_SHUTDOWN 1
340 CONSTANT: SSL_RECEIVED_SHUTDOWN 2
342 FUNCTION: int SSL_get_shutdown ( SSL* ssl ) ;
344 FUNCTION: int SSL_CTX_set_session_id_context ( SSL_CTX* ctx, c-string sid_ctx, uint len ) ;
346 FUNCTION: void SSL_free ( SSL* ssl ) ;
348 FUNCTION: void SSL_SESSION_free ( SSL_SESSION* ses ) ;
350 FUNCTION: int SSL_want ( SSL* ssl ) ;
352 CONSTANT: SSL_NOTHING 1
353 CONSTANT: SSL_WRITING 2
354 CONSTANT: SSL_READING 3
355 CONSTANT: SSL_X509_LOOKUP 4
357 FUNCTION: long SSL_get_verify_result ( SSL* ssl ) ;
359 FUNCTION: X509* SSL_get_peer_certificate ( SSL* s ) ;
361 FUNCTION: void SSL_CTX_free ( SSL_CTX* ctx ) ;
363 FUNCTION: void RAND_seed ( void* buf, int num ) ;
365 FUNCTION: int SSL_set_cipher_list ( SSL* ssl, c-string str ) ;
367 FUNCTION: int SSL_use_RSAPrivateKey_file ( SSL* ssl, c-string str ) ;
369 FUNCTION: int SSL_CTX_use_RSAPrivateKey_file ( SSL_CTX* ctx, int type ) ;
371 FUNCTION: int SSL_use_certificate_file ( SSL* ssl,
372 c-string str, int type ) ;
374 FUNCTION: int SSL_CTX_load_verify_locations ( SSL_CTX* ctx, c-string CAfile,
377 FUNCTION: int SSL_CTX_set_default_verify_paths ( SSL_CTX* ctx ) ;
379 CONSTANT: SSL_VERIFY_NONE 0
380 CONSTANT: SSL_VERIFY_PEER 1
381 CONSTANT: SSL_VERIFY_FAIL_IF_NO_PEER_CERT 2
382 CONSTANT: SSL_VERIFY_CLIENT_ONCE 4
384 FUNCTION: void SSL_CTX_set_verify ( SSL_CTX* ctx, int mode, void* callback ) ;
386 FUNCTION: void SSL_CTX_set_client_CA_list ( SSL_CTX* ctx, SSL* list ) ;
388 FUNCTION: SSL* SSL_load_client_CA_file ( c-string file ) ;
390 ! Used to manipulate settings of the SSL_CTX and SSL objects.
391 ! This function should never be called directly
392 FUNCTION: long SSL_CTX_ctrl ( SSL_CTX* ctx, int cmd, long larg, void* parg ) ;
394 FUNCTION: void SSL_CTX_set_default_passwd_cb ( SSL_CTX* ctx, void* cb ) ;
396 FUNCTION: void SSL_CTX_set_default_passwd_cb_userdata ( SSL_CTX* ctx,
399 FUNCTION: int SSL_CTX_use_PrivateKey_file ( SSL_CTX* ctx, c-string file,
402 ! Sets the maximum depth for the allowed ctx certificate chain verification
403 FUNCTION: void SSL_CTX_set_verify_depth ( SSL_CTX* ctx, int depth ) ;
405 ! Sets DH parameters to be used to be dh.
406 ! The key is inherited by all ssl objects created from ctx
407 FUNCTION: void SSL_CTX_set_tmp_dh_callback ( SSL_CTX* ctx, void* dh ) ;
409 FUNCTION: void SSL_CTX_set_tmp_rsa_callback ( SSL_CTX* ctx, void* rsa ) ;
411 FUNCTION: void* BIO_f_ssl ( ) ;
413 : SSL_CTX_set_tmp_rsa ( ctx rsa -- n )
414 [ SSL_CTRL_SET_TMP_RSA 0 ] dip SSL_CTX_ctrl ;
416 : SSL_CTX_set_tmp_dh ( ctx dh -- n )
417 [ SSL_CTRL_SET_TMP_DH 0 ] dip SSL_CTX_ctrl ;
419 : SSL_CTX_set_session_cache_mode ( ctx mode -- n )
420 [ SSL_CTRL_SET_SESS_CACHE_MODE ] dip f SSL_CTX_ctrl ;
422 CONSTANT: SSL_SESS_CACHE_OFF 0x0000
423 CONSTANT: SSL_SESS_CACHE_CLIENT 0x0001
424 CONSTANT: SSL_SESS_CACHE_SERVER 0x0002
426 CONSTANT: SSL_SESS_CACHE_BOTH flags{ SSL_SESS_CACHE_CLIENT SSL_SESS_CACHE_SERVER }
428 CONSTANT: SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
429 CONSTANT: SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
430 CONSTANT: SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
432 CONSTANT: SSL_SESS_CACHE_NO_INTERNAL
433 flags{ SSL_SESS_CACHE_NO_INTERNAL_LOOKUP SSL_SESS_CACHE_NO_INTERNAL_STORE }
435 ! ===============================================
437 ! ===============================================
441 SYMBOL: verify-messages
443 H{ } clone verify-messages set-global
445 : verify-message ( n -- word ) verify-messages get-global at ;
448 scan-token "X509_V_" prepend create-word-in
450 [ 1quotation ( -- value ) define-inline ]
451 [ verify-messages get set-at ]
457 X509_V_: ERR_UNABLE_TO_GET_ISSUER_CERT 2
458 X509_V_: ERR_UNABLE_TO_GET_CRL 3
459 X509_V_: ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
460 X509_V_: ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
461 X509_V_: ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
462 X509_V_: ERR_CERT_SIGNATURE_FAILURE 7
463 X509_V_: ERR_CRL_SIGNATURE_FAILURE 8
464 X509_V_: ERR_CERT_NOT_YET_VALID 9
465 X509_V_: ERR_CERT_HAS_EXPIRED 10
466 X509_V_: ERR_CRL_NOT_YET_VALID 11
467 X509_V_: ERR_CRL_HAS_EXPIRED 12
468 X509_V_: ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
469 X509_V_: ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
470 X509_V_: ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
471 X509_V_: ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
472 X509_V_: ERR_OUT_OF_MEM 17
473 X509_V_: ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
474 X509_V_: ERR_SELF_SIGNED_CERT_IN_CHAIN 19
475 X509_V_: ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
476 X509_V_: ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
477 X509_V_: ERR_CERT_CHAIN_TOO_LONG 22
478 X509_V_: ERR_CERT_REVOKED 23
479 X509_V_: ERR_INVALID_CA 24
480 X509_V_: ERR_PATH_LENGTH_EXCEEDED 25
481 X509_V_: ERR_INVALID_PURPOSE 26
482 X509_V_: ERR_CERT_UNTRUSTED 27
483 X509_V_: ERR_CERT_REJECTED 28
484 X509_V_: ERR_SUBJECT_ISSUER_MISMATCH 29
485 X509_V_: ERR_AKID_SKID_MISMATCH 30
486 X509_V_: ERR_AKID_ISSUER_SERIAL_MISMATCH 31
487 X509_V_: ERR_KEYUSAGE_NO_CERTSIGN 32
488 X509_V_: ERR_UNABLE_TO_GET_CRL_ISSUER 33
489 X509_V_: ERR_UNHANDLED_CRITICAL_EXTENSION 34
490 X509_V_: ERR_KEYUSAGE_NO_CRL_SIGN 35
491 X509_V_: ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
492 X509_V_: ERR_INVALID_NON_CA 37
493 X509_V_: ERR_PROXY_PATH_LENGTH_EXCEEDED 38
494 X509_V_: ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
495 X509_V_: ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
496 X509_V_: ERR_APPLICATION_VERIFICATION 50
498 ! ===============================================
500 ! ===============================================
502 CONSTANT: NID_commonName 13
503 CONSTANT: NID_subject_alt_name 85
504 CONSTANT: NID_issuer_alt_name 86
506 ! ===============================================
507 ! On Windows, some of the functions making up libssl are placed in the
508 ! libeay32.dll and not in the similarily named ssleay32.dll file.
509 ! ===============================================
513 [ "libeay32.dll" cdecl add-library ] [ current-library set ] bi
517 FUNCTION: int X509_NAME_get_text_by_NID ( X509_NAME* name, int nid, void* buf, int len ) ;
518 FUNCTION: int X509_get_ext_by_NID ( X509* a, int nid, int lastpos ) ;
519 FUNCTION: void* X509_get_ext_d2i ( X509 *a, int nid, int* crit, int* idx ) ;
520 FUNCTION: X509_NAME* X509_get_issuer_name ( X509* a ) ;
521 FUNCTION: X509_NAME* X509_get_subject_name ( X509* a ) ;
522 FUNCTION: int X509_check_trust ( X509* a, int id, int flags ) ;
523 FUNCTION: X509_EXTENSION* X509_get_ext ( X509* a, int loc ) ;
526 FUNCTION: int sk_num ( _STACK *s ) ;
527 FUNCTION: void* sk_value ( _STACK *s, int ) ;