17#ifndef GSSAPI_OPENSSL_H
18#define GSSAPI_OPENSSL_H
28#include "globus_config.h"
29#include "globus_common.h"
34#include "globus_gsi_callback.h"
35#include "globus_gsi_proxy.h"
36#include "globus_gsi_credential.h"
39#include "openssl/ssl.h"
40#include "openssl/err.h"
41#include "openssl/bio.h"
42#include "openssl/pem.h"
43#include "openssl/x509.h"
44#include "openssl/x509v3.h"
45#include "openssl/stack.h"
47#define GLOBUS_I_GSI_GSSAPI_IMPL_VERSION 1
49#define GSS_I_CTX_INITIALIZED 1
50#define GSS_I_DISALLOW_ENCRYPTION 2
51#define GSS_I_PROTECTION_FAIL_ON_CONTEXT_EXPIRATION 4
52#define GSS_I_APPLICATION_WILL_HANDLE_EXTENSIONS 8
54#define GSS_C_QOP_GLOBUS_GSSAPI_OPENSSL_BIG 1
77#define SSL3_RT_GSSAPI_OPENSSL 26
81#define L2N(LONG_VAL, CHAR_ARRAY) \
83 unsigned char * _char_array_ = CHAR_ARRAY; \
84 *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 24) & 0xff); \
85 *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 16) & 0xff); \
86 *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 8) & 0xff); \
87 *(_char_array_++) = (unsigned char) (((LONG_VAL)) & 0xff); \
90#define N2L(CHAR_ARRAY, LONG_VAL) \
92 const unsigned char * _char_array_ = CHAR_ARRAY; \
93 (LONG_VAL) = ((*(_char_array_++)) << 24) & 0xff000000; \
94 (LONG_VAL) |= ((*(_char_array_++)) << 16) & 0xff0000; \
95 (LONG_VAL) |= ((*(_char_array_++)) << 8) & 0xff00; \
96 (LONG_VAL) |= ((*(_char_array_++)) & 0xff); \
99#define N2S(CHAR_ARRAY, SHORT) \
101 char * _char_array_ = CHAR_ARRAY; \
102 (SHORT) = ((unsigned int) (*(_char_array_++))) << 8; \
103 (SHORT) |= ((unsigned int) (*(_char_array_++))); \
106#define S2N(SHORT, CHAR_ARRAY) \
108 char * _char_array_ = CHAR_ARRAY; \
109 *(_char_array_++) = (unsigned char) (((SHORT) >> 8) & 0xff); \
110 *(_char_array_++) = (unsigned char) ((SHORT) & 0xff); \
113#define U642N(U64VAL, CHAR_ARRAY) \
115 unsigned char * _char_array_ = CHAR_ARRAY; \
116 *(_char_array_++) = (unsigned char) (((U64VAL) >> 56) & 0xff); \
117 *(_char_array_++) = (unsigned char) (((U64VAL) >> 48) & 0xff); \
118 *(_char_array_++) = (unsigned char) (((U64VAL) >> 40) & 0xff); \
119 *(_char_array_++) = (unsigned char) (((U64VAL) >> 32) & 0xff); \
120 *(_char_array_++) = (unsigned char) (((U64VAL) >> 24) & 0xff); \
121 *(_char_array_++) = (unsigned char) (((U64VAL) >> 16) & 0xff); \
122 *(_char_array_++) = (unsigned char) (((U64VAL) >> 8) & 0xff); \
123 *(_char_array_++) = (unsigned char) (((U64VAL) ) & 0xff); \
126#define N2U64(CHAR_ARRAY, U64VAL) \
128 const unsigned char * _char_array_ = CHAR_ARRAY; \
129 uint64_t _u64val_ = 0; \
130 _u64val_ = (((uint64_t)(*(_char_array_++))) << 56) & 0xff00000000000000; \
131 _u64val_ = (((uint64_t)(*(_char_array_++))) << 48) & 0xff000000000000; \
132 _u64val_ = (((uint64_t)(*(_char_array_++))) << 40) & 0xff0000000000; \
133 _u64val_ = (((uint64_t)(*(_char_array_++))) << 32) & 0xff00000000; \
134 _u64val_ = (((uint64_t)(*(_char_array_++))) << 24) & 0xff000000; \
135 _u64val_ = (((uint64_t)(*(_char_array_++))) << 16) & 0xff0000; \
136 _u64val_ = (((uint64_t)(*(_char_array_++))) << 8) & 0xff00; \
137 _u64val_ = (((uint64_t)(*(_char_array_++))) ) & 0xff; \
138 (U64VAL) = _u64val_; \
142#define g_OID_equal(o1, o2) \
145 ((o1)->length == (o2)->length) && \
146 (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)))
148typedef struct gss_name_desc_struct {
153 char * x509n_oneline;
154 GENERAL_NAMES * subjectAltNames;
163typedef struct gss_cred_id_desc_struct {
164 globus_gsi_cred_handle_t cred_handle;
165 gss_name_desc * globusid;
166 gss_cred_usage_t cred_usage;
167 SSL_CTX * ssl_context;
171typedef struct gss_ctx_id_desc_struct{
172 globus_mutex_t mutex;
173 globus_gsi_callback_data_t callback_data;
174 gss_cred_id_desc * peer_cred_handle;
175 gss_cred_id_desc * cred_handle;
176 gss_cred_id_desc * deleg_cred_handle;
177 globus_gsi_proxy_handle_t proxy_handle;
183#if OPENSSL_VERSION_NUMBER >= 0x10000100L
185 uint64_t mac_read_sequence;
187 uint64_t mac_write_sequence;
189 unsigned char * mac_key;
194 unsigned char * mac_iv_fixed;
201 int locally_initiated;
203 gss_OID_set extension_oids;
204 gss_cred_id_t *sni_credentials;
205 bool sni_credentials_obtained;
206 size_t sni_credentials_count;
207 char *sni_servername;
213const gss_OID_desc *
const gss_mech_globus_gssapi_openssl;
216const gss_OID_desc *
const gss_mech_globus_gssapi_openssl_micv2;
219const gss_OID_desc *
const gss_proxycertinfo_extension;
222gss_OID_desc * gss_nt_host_ip;
225gss_OID_desc * gss_nt_x509;
228const gss_OID_desc *
const gss_ext_server_name_oid;
231const gss_OID_desc *
const gss_ext_alpn_oid;
234const gss_OID_desc *
const gss_ext_tls_version_oid;
237const gss_OID_desc *
const gss_ext_tls_cipher_oid;
240globus_bool_t globus_i_backward_compatible_mic;
242globus_bool_t globus_i_accept_backward_compatible_mic;
244#define GLOBUS_GSS_C_NT_HOST_IP gss_nt_host_ip
245#define GLOBUS_GSS_C_NT_X509 gss_nt_x509
251globus_l_gsi_gssapi_activate_once(
void);
255 OM_uint32 *minor_status,
256 const gss_ctx_id_t context_handle,
257 const EVP_MD ** hash,
258 const EVP_CIPHER ** cipher);
262globus_i_gssapi_gsi_gmac(
263 OM_uint32 * minor_status,
264 const EVP_CIPHER * evp_cipher,
265 const unsigned char * iv,
266 const unsigned char * key,
267 const gss_buffer_desc *message_buffer,
268 unsigned char tag[
static 16]);
Globus GSI GSS constants.
gss_con_st_t
Connection State Type.
Definition: globus_gsi_gss_constants.h:98
gss_delegation_state_t
Delegation State Type.
Definition: globus_gsi_gss_constants.h:111
OM_uint32 globus_i_gss_get_hash(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const EVP_MD **hash, const EVP_CIPHER **cipher)
Find the hash and cipher functions used by a context.
Definition: get_hash.c:24
globus_thread_once_t once_control
Definition: module.c:121