OLD | NEW |
1 /* ssl/ssl_locl.h */ | 1 /* ssl/ssl_locl.h */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 /* ==================================================================== | 58 /* ==================================================================== |
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. |
60 * | 60 * |
61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
63 * are met: | 63 * are met: |
64 * | 64 * |
65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
67 * | 67 * |
68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 * This product includes cryptographic software written by Eric Young | 106 * This product includes cryptographic software written by Eric Young |
107 * (eay@cryptsoft.com). This product includes software written by Tim | 107 * (eay@cryptsoft.com). This product includes software written by Tim |
108 * Hudson (tjh@cryptsoft.com). | 108 * Hudson (tjh@cryptsoft.com). |
109 * | 109 * |
110 */ | 110 */ |
111 /* ==================================================================== | 111 /* ==================================================================== |
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
113 * ECC cipher suite support in OpenSSL originally developed by | 113 * ECC cipher suite support in OpenSSL originally developed by |
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. |
115 */ | 115 */ |
| 116 /* ==================================================================== |
| 117 * Copyright 2005 Nokia. All rights reserved. |
| 118 * |
| 119 * The portions of the attached software ("Contribution") is developed by |
| 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 121 * license. |
| 122 * |
| 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 125 * support (see RFC 4279) to OpenSSL. |
| 126 * |
| 127 * No patent licenses or other rights except those expressly stated in |
| 128 * the OpenSSL open source license shall be deemed granted or received |
| 129 * expressly, by implication, estoppel, or otherwise. |
| 130 * |
| 131 * No assurances are provided by Nokia that the Contribution does not |
| 132 * infringe the patent or other intellectual property rights of any third |
| 133 * party or that the license provides you with all the necessary rights |
| 134 * to make use of the Contribution. |
| 135 * |
| 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 140 * OTHERWISE. |
| 141 */ |
116 | 142 |
117 #ifndef HEADER_SSL_LOCL_H | 143 #ifndef HEADER_SSL_LOCL_H |
118 #define HEADER_SSL_LOCL_H | 144 #define HEADER_SSL_LOCL_H |
119 #include <stdlib.h> | 145 #include <stdlib.h> |
120 #include <time.h> | 146 #include <time.h> |
121 #include <string.h> | 147 #include <string.h> |
122 #include <errno.h> | 148 #include <errno.h> |
123 | 149 |
124 #include "e_os.h" | 150 #include "e_os.h" |
125 | 151 |
(...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
244 * etc will be added, the bits a likely to change, so this information | 270 * etc will be added, the bits a likely to change, so this information |
245 * is for internal library use only, even though SSL_CIPHER.algorithms | 271 * is for internal library use only, even though SSL_CIPHER.algorithms |
246 * can be publicly accessed. | 272 * can be publicly accessed. |
247 * Use the according functions for cipher management instead. | 273 * Use the according functions for cipher management instead. |
248 * | 274 * |
249 * The bit mask handling in the selection and sorting scheme in | 275 * The bit mask handling in the selection and sorting scheme in |
250 * ssl_create_cipher_list() has only limited capabilities, reflecting | 276 * ssl_create_cipher_list() has only limited capabilities, reflecting |
251 * that the different entities within are mutually exclusive: | 277 * that the different entities within are mutually exclusive: |
252 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. | 278 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. |
253 */ | 279 */ |
254 #define SSL_MKEY_MASK» » 0x000000FFL | 280 |
| 281 /* Bits for algorithm_mkey (key exchange algorithm) */ |
255 #define SSL_kRSA 0x00000001L /* RSA key exchange */ | 282 #define SSL_kRSA 0x00000001L /* RSA key exchange */ |
256 #define SSL_kDHr» » 0x00000002L /* DH cert RSA CA cert */ | 283 #define SSL_kDHr» » 0x00000002L /* DH cert, RSA CA cert */ /* no suc
h ciphersuites supported! */ |
257 #define SSL_kDHd» » 0x00000004L /* DH cert DSA CA cert */ | 284 #define SSL_kDHd» » 0x00000004L /* DH cert, DSA CA cert */ /* no suc
h ciphersuite supported! */ |
258 #define SSL_kFZA» » 0x00000008L | 285 #define SSL_kEDH» » 0x00000008L /* tmp DH key no DH cert */ |
259 #define SSL_kEDH» » 0x00000010L /* tmp DH key no DH cert */ | 286 #define SSL_kKRB5» » 0x00000010L /* Kerberos5 key exchange */ |
260 #define SSL_kKRB5» » 0x00000020L /* Kerberos5 key exchange */ | 287 #define SSL_kECDHr» » 0x00000020L /* ECDH cert, RSA CA cert */ |
261 #define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */ | 288 #define SSL_kECDHe» » 0x00000040L /* ECDH cert, ECDSA CA cert */ |
262 #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ | 289 #define SSL_kEECDH» » 0x00000080L /* ephemeral ECDH */ |
263 #define SSL_EDH»» » (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) | 290 #define SSL_kPSK» » 0x00000100L /* PSK */ |
| 291 #define SSL_kGOST 0x00000200L /* GOST key exchange */ |
264 | 292 |
265 #define SSL_AUTH_MASK» » 0x00007F00L | 293 /* Bits for algorithm_auth (server authentication) */ |
266 #define SSL_aRSA» » 0x00000100L /* Authenticate with RSA */ | 294 #define SSL_aRSA» » 0x00000001L /* RSA auth */ |
267 #define SSL_aDSS » » 0x00000200L /* Authenticate with DSS */ | 295 #define SSL_aDSS » » 0x00000002L /* DSS auth */ |
268 #define SSL_DSS » » SSL_aDSS | 296 #define SSL_aNULL » » 0x00000004L /* no auth (i.e. use ADH or AECDH) *
/ |
269 #define SSL_aFZA » » 0x00000400L | 297 #define SSL_aDH » » 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /
* no such ciphersuites supported! */ |
270 #define SSL_aNULL » » 0x00000800L /* no Authenticate, ADH */ | 298 #define SSL_aECDH » » 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr
) */ |
271 #define SSL_aDH » » 0x00001000L /* no Authenticate, ADH */ | 299 #define SSL_aKRB5 0x00000020L /* KRB5 auth */ |
272 #define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */ | 300 #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ |
273 #define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */ | 301 #define SSL_aPSK 0x00000080L /* PSK auth */ |
| 302 #define SSL_aGOST94» » » » 0x00000100L /* GOST R 34.10-94 s
ignature auth */ |
| 303 #define SSL_aGOST01 » » » 0x00000200L /* GOST R 34.10-2001 signatu
re auth */ |
274 | 304 |
275 #define SSL_NULL (SSL_eNULL) | |
276 #define SSL_ADH (SSL_kEDH|SSL_aNULL) | |
277 #define SSL_RSA (SSL_kRSA|SSL_aRSA) | |
278 #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) | |
279 #define SSL_ECDH (SSL_kECDH|SSL_kECDHE) | |
280 #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) | |
281 #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) | |
282 | 305 |
283 #define SSL_ENC_MASK» » 0x1C3F8000L | 306 /* Bits for algorithm_enc (symmetric encryption) */ |
284 #define SSL_DES»» » 0x00008000L | 307 #define SSL_DES»» » 0x00000001L |
285 #define SSL_3DES» » 0x00010000L | 308 #define SSL_3DES» » 0x00000002L |
286 #define SSL_RC4»» » 0x00020000L | 309 #define SSL_RC4»» » 0x00000004L |
287 #define SSL_RC2»» » 0x00040000L | 310 #define SSL_RC2»» » 0x00000008L |
288 #define SSL_IDEA» » 0x00080000L | 311 #define SSL_IDEA» » 0x00000010L |
289 #define SSL_eFZA» » 0x00100000L | 312 #define SSL_eNULL» » 0x00000020L |
290 #define SSL_eNULL» » 0x00200000L | 313 #define SSL_AES128» » 0x00000040L |
291 #define SSL_AES»» » 0x04000000L | 314 #define SSL_AES256» » 0x00000080L |
292 #define SSL_CAMELLIA» » 0x08000000L | 315 #define SSL_CAMELLIA128»» 0x00000100L |
293 #define SSL_SEED » 0x10000000L | 316 #define SSL_CAMELLIA256»» 0x00000200L |
| 317 #define SSL_eGOST2814789CNT» 0x00000400L |
| 318 #define SSL_SEED» » 0x00000800L |
294 | 319 |
295 #define SSL_MAC_MASK» » 0x00c00000L | 320 #define SSL_AES »» (SSL_AES128|SSL_AES256) |
296 #define SSL_MD5»» » 0x00400000L | 321 #define SSL_CAMELLIA» » (SSL_CAMELLIA128|SSL_CAMELLIA256) |
297 #define SSL_SHA1» » 0x00800000L | |
298 #define SSL_SHA»» » (SSL_SHA1) | |
299 | 322 |
300 #define SSL_SSL_MASK» » 0x03000000L | 323 |
301 #define SSL_SSLV2» » 0x01000000L | 324 /* Bits for algorithm_mac (symmetric authentication) */ |
302 #define SSL_SSLV3» » 0x02000000L | 325 #define SSL_MD5»» » 0x00000001L |
| 326 #define SSL_SHA1» » 0x00000002L |
| 327 #define SSL_GOST94 0x00000004L |
| 328 #define SSL_GOST89MAC 0x00000008L |
| 329 |
| 330 /* Bits for algorithm_ssl (protocol version) */ |
| 331 #define SSL_SSLV2» » 0x00000001L |
| 332 #define SSL_SSLV3» » 0x00000002L |
303 #define SSL_TLSV1 SSL_SSLV3 /* for now */ | 333 #define SSL_TLSV1 SSL_SSLV3 /* for now */ |
304 | 334 |
305 /* we have used 1fffffff - 3 bits left to go. */ | 335 |
| 336 /* Bits for algorithm2 (handshake digests and other extra flags) */ |
| 337 |
| 338 #define SSL_HANDSHAKE_MAC_MD5 0x10 |
| 339 #define SSL_HANDSHAKE_MAC_SHA 0x20 |
| 340 #define SSL_HANDSHAKE_MAC_GOST94 0x40 |
| 341 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA
) |
| 342 |
| 343 /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX |
| 344 * make sure to update this constant too */ |
| 345 #define SSL_MAX_DIGEST 4 |
| 346 |
| 347 #define TLS1_PRF_DGST_SHIFT 8 |
| 348 #define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) |
| 349 #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) |
| 350 #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) |
| 351 #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) |
| 352 |
| 353 /* Stream MAC for GOST ciphersuites from cryptopro draft |
| 354 * (currently this also goes into algorithm2) */ |
| 355 #define TLS1_STREAM_MAC 0x04 |
| 356 |
| 357 |
306 | 358 |
307 /* | 359 /* |
308 * Export and cipher strength information. For each cipher we have to decide | 360 * Export and cipher strength information. For each cipher we have to decide |
309 * whether it is exportable or not. This information is likely to change | 361 * whether it is exportable or not. This information is likely to change |
310 * over time, since the export control rules are no static technical issue. | 362 * over time, since the export control rules are no static technical issue. |
311 * | 363 * |
312 * Independent of the export flag the cipher strength is sorted into classes. | 364 * Independent of the export flag the cipher strength is sorted into classes. |
313 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now | 365 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now |
314 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change | 366 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change |
315 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, | 367 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, |
316 * since SSL_EXP64 could be similar to SSL_LOW. | 368 * since SSL_EXP64 could be similar to SSL_LOW. |
317 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the | 369 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the |
318 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed | 370 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed |
319 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would | 371 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would |
320 * be possible. | 372 * be possible. |
321 */ | 373 */ |
322 #define SSL_EXP_MASK 0x00000003L | 374 #define SSL_EXP_MASK 0x00000003L |
| 375 #define SSL_STRONG_MASK 0x000001fcL |
| 376 |
323 #define SSL_NOT_EXP 0x00000001L | 377 #define SSL_NOT_EXP 0x00000001L |
324 #define SSL_EXPORT 0x00000002L | 378 #define SSL_EXPORT 0x00000002L |
325 | 379 |
326 #define SSL_STRONG_MASK 0x000000fcL | |
327 #define SSL_STRONG_NONE 0x00000004L | 380 #define SSL_STRONG_NONE 0x00000004L |
328 #define SSL_EXP40 0x00000008L | 381 #define SSL_EXP40 0x00000008L |
329 #define SSL_MICRO (SSL_EXP40) | 382 #define SSL_MICRO (SSL_EXP40) |
330 #define SSL_EXP56 0x00000010L | 383 #define SSL_EXP56 0x00000010L |
331 #define SSL_MINI (SSL_EXP56) | 384 #define SSL_MINI (SSL_EXP56) |
332 #define SSL_LOW 0x00000020L | 385 #define SSL_LOW 0x00000020L |
333 #define SSL_MEDIUM 0x00000040L | 386 #define SSL_MEDIUM 0x00000040L |
334 #define SSL_HIGH 0x00000080L | 387 #define SSL_HIGH 0x00000080L |
335 #define SSL_FIPS 0x00000100L | 388 #define SSL_FIPS 0x00000100L |
336 | 389 |
(...skipping 13 matching lines...) Expand all Loading... |
350 * Use the SSL_C_* macros instead. | 403 * Use the SSL_C_* macros instead. |
351 */ | 404 */ |
352 #define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) | 405 #define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) |
353 #define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) | 406 #define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) |
354 #define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) | 407 #define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) |
355 #define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) | 408 #define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) |
356 #define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) | 409 #define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) |
357 #define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) | 410 #define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) |
358 | 411 |
359 #define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ | 412 #define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ |
360 » » » » ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7) | 413 » » » » (a) == SSL_DES ? 8 : 7) |
361 #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) | 414 #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) |
362 #define SSL_C_EXPORT_KEYLENGTH(c)» SSL_EXPORT_KEYLENGTH((c)->algorithms, \ | 415 #define SSL_C_EXPORT_KEYLENGTH(c)» SSL_EXPORT_KEYLENGTH((c)->algorithm_enc,
\ |
363 (c)->algo_strength) | 416 (c)->algo_strength) |
364 #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength
) | 417 #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength
) |
365 | 418 |
366 | 419 |
367 #define SSL_ALL»» » 0xffffffffL | 420 |
368 #define SSL_ALL_CIPHERS»» (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\ | |
369 » » » » SSL_MAC_MASK) | |
370 #define SSL_ALL_STRENGTHS» (SSL_EXP_MASK|SSL_STRONG_MASK) | |
371 | 421 |
372 /* Mostly for SSLv3 */ | 422 /* Mostly for SSLv3 */ |
373 #define SSL_PKEY_RSA_ENC 0 | 423 #define SSL_PKEY_RSA_ENC 0 |
374 #define SSL_PKEY_RSA_SIGN 1 | 424 #define SSL_PKEY_RSA_SIGN 1 |
375 #define SSL_PKEY_DSA_SIGN 2 | 425 #define SSL_PKEY_DSA_SIGN 2 |
376 #define SSL_PKEY_DH_RSA 3 | 426 #define SSL_PKEY_DH_RSA 3 |
377 #define SSL_PKEY_DH_DSA 4 | 427 #define SSL_PKEY_DH_DSA 4 |
378 #define SSL_PKEY_ECC 5 | 428 #define SSL_PKEY_ECC 5 |
379 #define SSL_PKEY_NUM» » 6 | 429 #define SSL_PKEY_GOST94»» 6 |
| 430 #define SSL_PKEY_GOST01»» 7 |
| 431 #define SSL_PKEY_NUM» » 8 |
380 | 432 |
381 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | | 433 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | |
382 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) | 434 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) |
383 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) | 435 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) |
384 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN | 436 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN |
385 * SSL_aRSA <- RSA_ENC | RSA_SIGN | 437 * SSL_aRSA <- RSA_ENC | RSA_SIGN |
386 * SSL_aDSS <- DSA_SIGN | 438 * SSL_aDSS <- DSA_SIGN |
387 */ | 439 */ |
388 | 440 |
389 /* | 441 /* |
390 #define CERT_INVALID 0 | 442 #define CERT_INVALID 0 |
391 #define CERT_PUBLIC_KEY 1 | 443 #define CERT_PUBLIC_KEY 1 |
392 #define CERT_PRIVATE_KEY 2 | 444 #define CERT_PRIVATE_KEY 2 |
393 */ | 445 */ |
394 | 446 |
395 /* This can be returned from ssl3_send_server_hello to indicate that an | |
396 * offline validation of a client-suggested server_random needs to be | |
397 * performed. */ | |
398 #define SERVER_RANDOM_VALIDATION_PENDING -(TLSEXT_TYPE_snap_start) | |
399 | |
400 #ifndef OPENSSL_NO_EC | 447 #ifndef OPENSSL_NO_EC |
401 /* From ECC-TLS draft, used in encoding the curve type in | 448 /* From ECC-TLS draft, used in encoding the curve type in |
402 * ECParameters | 449 * ECParameters |
403 */ | 450 */ |
404 #define EXPLICIT_PRIME_CURVE_TYPE 1 | 451 #define EXPLICIT_PRIME_CURVE_TYPE 1 |
405 #define EXPLICIT_CHAR2_CURVE_TYPE 2 | 452 #define EXPLICIT_CHAR2_CURVE_TYPE 2 |
406 #define NAMED_CURVE_TYPE 3 | 453 #define NAMED_CURVE_TYPE 3 |
407 #endif /* OPENSSL_NO_EC */ | 454 #endif /* OPENSSL_NO_EC */ |
408 | 455 |
409 typedef struct cert_pkey_st | 456 typedef struct cert_pkey_st |
410 { | 457 { |
411 X509 *x509; | 458 X509 *x509; |
| 459 STACK_OF(X509) *cert_chain; |
412 EVP_PKEY *privatekey; | 460 EVP_PKEY *privatekey; |
413 } CERT_PKEY; | 461 } CERT_PKEY; |
414 | 462 |
415 typedef struct cert_st | 463 typedef struct cert_st |
416 { | 464 { |
417 /* Current active set */ | 465 /* Current active set */ |
418 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array | 466 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array |
419 * Probably it would make more sense to store | 467 * Probably it would make more sense to store |
420 * an index, not a pointer. */ | 468 * an index, not a pointer. */ |
421 | 469 |
422 /* The following masks are for the key and auth | 470 /* The following masks are for the key and auth |
423 * algorithms that are supported by the certs below */ | 471 * algorithms that are supported by the certs below */ |
424 int valid; | 472 int valid; |
425 » unsigned long mask; | 473 » unsigned long mask_k; |
426 » unsigned long export_mask; | 474 » unsigned long mask_a; |
| 475 » unsigned long export_mask_k; |
| 476 » unsigned long export_mask_a; |
427 #ifndef OPENSSL_NO_RSA | 477 #ifndef OPENSSL_NO_RSA |
428 RSA *rsa_tmp; | 478 RSA *rsa_tmp; |
429 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize); | 479 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize); |
430 #endif | 480 #endif |
431 #ifndef OPENSSL_NO_DH | 481 #ifndef OPENSSL_NO_DH |
432 DH *dh_tmp; | 482 DH *dh_tmp; |
433 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); | 483 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); |
434 #endif | 484 #endif |
435 #ifndef OPENSSL_NO_ECDH | 485 #ifndef OPENSSL_NO_ECDH |
436 EC_KEY *ecdh_tmp; | 486 EC_KEY *ecdh_tmp; |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
490 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff | 540 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff |
491 * It is a bit of a mess of functions, but hell, think of it as | 541 * It is a bit of a mess of functions, but hell, think of it as |
492 * an opaque structure :-) */ | 542 * an opaque structure :-) */ |
493 typedef struct ssl3_enc_method | 543 typedef struct ssl3_enc_method |
494 { | 544 { |
495 int (*enc)(SSL *, int); | 545 int (*enc)(SSL *, int); |
496 int (*mac)(SSL *, unsigned char *, int); | 546 int (*mac)(SSL *, unsigned char *, int); |
497 int (*setup_key_block)(SSL *); | 547 int (*setup_key_block)(SSL *); |
498 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, i
nt); | 548 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, i
nt); |
499 int (*change_cipher_state)(SSL *, int); | 549 int (*change_cipher_state)(SSL *, int); |
500 » int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *,
int, unsigned char *); | 550 » int (*final_finish_mac)(SSL *, const char *, int, unsigned char *); |
501 int finish_mac_length; | 551 int finish_mac_length; |
502 » int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *); | 552 » int (*cert_verify_mac)(SSL *, int, unsigned char *); |
503 const char *client_finished_label; | 553 const char *client_finished_label; |
504 int client_finished_label_len; | 554 int client_finished_label_len; |
505 const char *server_finished_label; | 555 const char *server_finished_label; |
506 int server_finished_label_len; | 556 int server_finished_label_len; |
507 int (*alert_value)(int); | 557 int (*alert_value)(int); |
508 } SSL3_ENC_METHOD; | 558 } SSL3_ENC_METHOD; |
509 | 559 |
510 #ifndef OPENSSL_NO_COMP | 560 #ifndef OPENSSL_NO_COMP |
511 /* Used for holding the relevant compression methods loaded into SSL_CTX */ | 561 /* Used for holding the relevant compression methods loaded into SSL_CTX */ |
512 typedef struct ssl3_comp_st | 562 typedef struct ssl3_comp_st |
513 { | 563 { |
514 int comp_id; /* The identifier byte for this compression type */ | 564 int comp_id; /* The identifier byte for this compression type */ |
515 char *name; /* Text name used for the compression type */ | 565 char *name; /* Text name used for the compression type */ |
516 COMP_METHOD *method; /* The method :-) */ | 566 COMP_METHOD *method; /* The method :-) */ |
517 } SSL3_COMP; | 567 } SSL3_COMP; |
518 #endif | 568 #endif |
519 | 569 |
| 570 #ifndef OPENSSL_NO_BUF_FREELISTS |
| 571 typedef struct ssl3_buf_freelist_st |
| 572 { |
| 573 size_t chunklen; |
| 574 unsigned int len; |
| 575 struct ssl3_buf_freelist_entry_st *head; |
| 576 } SSL3_BUF_FREELIST; |
| 577 |
| 578 typedef struct ssl3_buf_freelist_entry_st |
| 579 { |
| 580 struct ssl3_buf_freelist_entry_st *next; |
| 581 } SSL3_BUF_FREELIST_ENTRY; |
| 582 #endif |
| 583 |
520 extern SSL3_ENC_METHOD ssl3_undef_enc_method; | 584 extern SSL3_ENC_METHOD ssl3_undef_enc_method; |
521 OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; | 585 OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; |
522 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; | 586 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; |
523 | 587 |
524 | 588 |
525 SSL_METHOD *ssl_bad_method(int ver); | 589 SSL_METHOD *ssl_bad_method(int ver); |
526 SSL_METHOD *sslv2_base_method(void); | |
527 SSL_METHOD *sslv23_base_method(void); | |
528 SSL_METHOD *sslv3_base_method(void); | |
529 | 590 |
530 extern SSL3_ENC_METHOD TLSv1_enc_data; | 591 extern SSL3_ENC_METHOD TLSv1_enc_data; |
531 extern SSL3_ENC_METHOD SSLv3_enc_data; | 592 extern SSL3_ENC_METHOD SSLv3_enc_data; |
532 extern SSL3_ENC_METHOD DTLSv1_enc_data; | 593 extern SSL3_ENC_METHOD DTLSv1_enc_data; |
533 | 594 |
534 #define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | 595 #define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
535 SSL_METHOD *func_name(void) \ | 596 const SSL_METHOD *func_name(void) \ |
536 { \ | 597 { \ |
537 » static SSL_METHOD func_name##_data= { \ | 598 » static const SSL_METHOD func_name##_data= { \ |
538 TLS1_VERSION, \ | 599 TLS1_VERSION, \ |
539 tls1_new, \ | 600 tls1_new, \ |
540 tls1_clear, \ | 601 tls1_clear, \ |
541 tls1_free, \ | 602 tls1_free, \ |
542 s_accept, \ | 603 s_accept, \ |
543 s_connect, \ | 604 s_connect, \ |
544 ssl3_read, \ | 605 ssl3_read, \ |
545 ssl3_peek, \ | 606 ssl3_peek, \ |
546 ssl3_write, \ | 607 ssl3_write, \ |
547 ssl3_shutdown, \ | 608 ssl3_shutdown, \ |
(...skipping 14 matching lines...) Expand all Loading... |
562 tls1_default_timeout, \ | 623 tls1_default_timeout, \ |
563 &TLSv1_enc_data, \ | 624 &TLSv1_enc_data, \ |
564 ssl_undefined_void_function, \ | 625 ssl_undefined_void_function, \ |
565 ssl3_callback_ctrl, \ | 626 ssl3_callback_ctrl, \ |
566 ssl3_ctx_callback_ctrl, \ | 627 ssl3_ctx_callback_ctrl, \ |
567 }; \ | 628 }; \ |
568 return &func_name##_data; \ | 629 return &func_name##_data; \ |
569 } | 630 } |
570 | 631 |
571 #define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | 632 #define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
572 SSL_METHOD *func_name(void) \ | 633 const SSL_METHOD *func_name(void) \ |
573 { \ | 634 { \ |
574 » static SSL_METHOD func_name##_data= { \ | 635 » static const SSL_METHOD func_name##_data= { \ |
575 SSL3_VERSION, \ | 636 SSL3_VERSION, \ |
576 ssl3_new, \ | 637 ssl3_new, \ |
577 ssl3_clear, \ | 638 ssl3_clear, \ |
578 ssl3_free, \ | 639 ssl3_free, \ |
579 s_accept, \ | 640 s_accept, \ |
580 s_connect, \ | 641 s_connect, \ |
581 ssl3_read, \ | 642 ssl3_read, \ |
582 ssl3_peek, \ | 643 ssl3_peek, \ |
583 ssl3_write, \ | 644 ssl3_write, \ |
584 ssl3_shutdown, \ | 645 ssl3_shutdown, \ |
(...skipping 14 matching lines...) Expand all Loading... |
599 ssl3_default_timeout, \ | 660 ssl3_default_timeout, \ |
600 &SSLv3_enc_data, \ | 661 &SSLv3_enc_data, \ |
601 ssl_undefined_void_function, \ | 662 ssl_undefined_void_function, \ |
602 ssl3_callback_ctrl, \ | 663 ssl3_callback_ctrl, \ |
603 ssl3_ctx_callback_ctrl, \ | 664 ssl3_ctx_callback_ctrl, \ |
604 }; \ | 665 }; \ |
605 return &func_name##_data; \ | 666 return &func_name##_data; \ |
606 } | 667 } |
607 | 668 |
608 #define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | 669 #define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
609 SSL_METHOD *func_name(void) \ | 670 const SSL_METHOD *func_name(void) \ |
610 { \ | 671 { \ |
611 » static SSL_METHOD func_name##_data= { \ | 672 » static const SSL_METHOD func_name##_data= { \ |
612 TLS1_VERSION, \ | 673 TLS1_VERSION, \ |
613 tls1_new, \ | 674 tls1_new, \ |
614 tls1_clear, \ | 675 tls1_clear, \ |
615 tls1_free, \ | 676 tls1_free, \ |
616 s_accept, \ | 677 s_accept, \ |
617 s_connect, \ | 678 s_connect, \ |
618 ssl23_read, \ | 679 ssl23_read, \ |
619 ssl23_peek, \ | 680 ssl23_peek, \ |
620 ssl23_write, \ | 681 ssl23_write, \ |
621 ssl_undefined_function, \ | 682 ssl_undefined_function, \ |
(...skipping 14 matching lines...) Expand all Loading... |
636 ssl23_default_timeout, \ | 697 ssl23_default_timeout, \ |
637 &ssl3_undef_enc_method, \ | 698 &ssl3_undef_enc_method, \ |
638 ssl_undefined_void_function, \ | 699 ssl_undefined_void_function, \ |
639 ssl3_callback_ctrl, \ | 700 ssl3_callback_ctrl, \ |
640 ssl3_ctx_callback_ctrl, \ | 701 ssl3_ctx_callback_ctrl, \ |
641 }; \ | 702 }; \ |
642 return &func_name##_data; \ | 703 return &func_name##_data; \ |
643 } | 704 } |
644 | 705 |
645 #define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | 706 #define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
646 SSL_METHOD *func_name(void) \ | 707 const SSL_METHOD *func_name(void) \ |
647 { \ | 708 { \ |
648 » static SSL_METHOD func_name##_data= { \ | 709 » static const SSL_METHOD func_name##_data= { \ |
649 SSL2_VERSION, \ | 710 SSL2_VERSION, \ |
650 ssl2_new, /* local */ \ | 711 ssl2_new, /* local */ \ |
651 ssl2_clear, /* local */ \ | 712 ssl2_clear, /* local */ \ |
652 ssl2_free, /* local */ \ | 713 ssl2_free, /* local */ \ |
653 s_accept, \ | 714 s_accept, \ |
654 s_connect, \ | 715 s_connect, \ |
655 ssl2_read, \ | 716 ssl2_read, \ |
656 ssl2_peek, \ | 717 ssl2_peek, \ |
657 ssl2_write, \ | 718 ssl2_write, \ |
658 ssl2_shutdown, \ | 719 ssl2_shutdown, \ |
(...skipping 14 matching lines...) Expand all Loading... |
673 ssl2_default_timeout, \ | 734 ssl2_default_timeout, \ |
674 &ssl3_undef_enc_method, \ | 735 &ssl3_undef_enc_method, \ |
675 ssl_undefined_void_function, \ | 736 ssl_undefined_void_function, \ |
676 ssl2_callback_ctrl, /* local */ \ | 737 ssl2_callback_ctrl, /* local */ \ |
677 ssl2_ctx_callback_ctrl, /* local */ \ | 738 ssl2_ctx_callback_ctrl, /* local */ \ |
678 }; \ | 739 }; \ |
679 return &func_name##_data; \ | 740 return &func_name##_data; \ |
680 } | 741 } |
681 | 742 |
682 #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ | 743 #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ |
683 SSL_METHOD *func_name(void) \ | 744 const SSL_METHOD *func_name(void) \ |
684 { \ | 745 { \ |
685 » static SSL_METHOD func_name##_data= { \ | 746 » static const SSL_METHOD func_name##_data= { \ |
686 DTLS1_VERSION, \ | 747 DTLS1_VERSION, \ |
687 dtls1_new, \ | 748 dtls1_new, \ |
688 dtls1_clear, \ | 749 dtls1_clear, \ |
689 dtls1_free, \ | 750 dtls1_free, \ |
690 s_accept, \ | 751 s_accept, \ |
691 s_connect, \ | 752 s_connect, \ |
692 ssl3_read, \ | 753 ssl3_read, \ |
693 ssl3_peek, \ | 754 ssl3_peek, \ |
694 ssl3_write, \ | 755 ssl3_write, \ |
695 ssl3_shutdown, \ | 756 ssl3_shutdown, \ |
(...skipping 25 matching lines...) Expand all Loading... |
721 CERT *ssl_cert_new(void); | 782 CERT *ssl_cert_new(void); |
722 CERT *ssl_cert_dup(CERT *cert); | 783 CERT *ssl_cert_dup(CERT *cert); |
723 int ssl_cert_inst(CERT **o); | 784 int ssl_cert_inst(CERT **o); |
724 void ssl_cert_free(CERT *c); | 785 void ssl_cert_free(CERT *c); |
725 SESS_CERT *ssl_sess_cert_new(void); | 786 SESS_CERT *ssl_sess_cert_new(void); |
726 void ssl_sess_cert_free(SESS_CERT *sc); | 787 void ssl_sess_cert_free(SESS_CERT *sc); |
727 int ssl_set_peer_cert_type(SESS_CERT *c, int type); | 788 int ssl_set_peer_cert_type(SESS_CERT *c, int type); |
728 int ssl_get_new_session(SSL *s, int session); | 789 int ssl_get_new_session(SSL *s, int session); |
729 int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned
char *limit); | 790 int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned
char *limit); |
730 int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); | 791 int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); |
| 792 DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, |
| 793 ssl_cipher_id); |
731 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 794 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
732 const SSL_CIPHER * const *bp); | 795 const SSL_CIPHER * const *bp); |
733 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, | 796 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, |
734 STACK_OF(SSL_CIPHER) **skp); | 797 STACK_OF(SSL_CIPHER) **skp); |
735 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, | 798 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, |
736 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
; | 799 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
; |
737 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, | 800 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, |
738 STACK_OF(SSL_CIPHER) **pref, | 801 STACK_OF(SSL_CIPHER) **pref, |
739 STACK_OF(SSL_CIPHER) **sorted, | 802 STACK_OF(SSL_CIPHER) **sorted, |
740 const char *rule_str); | 803 const char *rule_str); |
741 void ssl_update_cache(SSL *s, int mode); | 804 void ssl_update_cache(SSL *s, int mode); |
742 int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, | 805 int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, |
743 » » const EVP_MD **md,SSL_COMP **comp); | 806 » » const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size
, SSL_COMP **comp); |
| 807 int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);» »
» |
744 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); | 808 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); |
745 int ssl_undefined_function(SSL *s); | 809 int ssl_undefined_function(SSL *s); |
746 int ssl_undefined_void_function(void); | 810 int ssl_undefined_void_function(void); |
747 int ssl_undefined_const_function(const SSL *s); | 811 int ssl_undefined_const_function(const SSL *s); |
748 X509 *ssl_get_server_send_cert(SSL *); | 812 X509 *ssl_get_server_send_cert(SSL *); |
749 EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); | 813 EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *); |
750 int ssl_cert_type(X509 *x,EVP_PKEY *pkey); | 814 int ssl_cert_type(X509 *x,EVP_PKEY *pkey); |
751 void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); | 815 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); |
752 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | 816 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); |
753 int ssl_verify_alarm_type(long type); | 817 int ssl_verify_alarm_type(long type); |
754 void ssl_load_ciphers(void); | 818 void ssl_load_ciphers(void); |
755 | 819 |
756 int ssl2_enc_init(SSL *s, int client); | 820 int ssl2_enc_init(SSL *s, int client); |
757 int ssl2_generate_key_material(SSL *s); | 821 int ssl2_generate_key_material(SSL *s); |
758 void ssl2_enc(SSL *s,int send_data); | 822 void ssl2_enc(SSL *s,int send_data); |
759 void ssl2_mac(SSL *s,unsigned char *mac,int send_data); | 823 void ssl2_mac(SSL *s,unsigned char *mac,int send_data); |
760 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); | 824 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); |
761 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | 825 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
762 int ssl2_part_read(SSL *s, unsigned long f, int i); | 826 int ssl2_part_read(SSL *s, unsigned long f, int i); |
763 int ssl2_do_write(SSL *s); | 827 int ssl2_do_write(SSL *s); |
764 int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data); | 828 int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data); |
765 void ssl2_return_error(SSL *s,int reason); | 829 void ssl2_return_error(SSL *s,int reason); |
766 void ssl2_write_error(SSL *s); | 830 void ssl2_write_error(SSL *s); |
767 int ssl2_num_ciphers(void); | 831 int ssl2_num_ciphers(void); |
768 SSL_CIPHER *ssl2_get_cipher(unsigned int u); | 832 const SSL_CIPHER *ssl2_get_cipher(unsigned int u); |
769 int ssl2_new(SSL *s); | 833 int ssl2_new(SSL *s); |
770 void ssl2_free(SSL *s); | 834 void ssl2_free(SSL *s); |
771 int ssl2_accept(SSL *s); | 835 int ssl2_accept(SSL *s); |
772 int ssl2_connect(SSL *s); | 836 int ssl2_connect(SSL *s); |
773 int ssl2_read(SSL *s, void *buf, int len); | 837 int ssl2_read(SSL *s, void *buf, int len); |
774 int ssl2_peek(SSL *s, void *buf, int len); | 838 int ssl2_peek(SSL *s, void *buf, int len); |
775 int ssl2_write(SSL *s, const void *buf, int len); | 839 int ssl2_write(SSL *s, const void *buf, int len); |
776 int ssl2_shutdown(SSL *s); | 840 int ssl2_shutdown(SSL *s); |
777 void ssl2_clear(SSL *s); | 841 void ssl2_clear(SSL *s); |
778 long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); | 842 long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); |
779 long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); | 843 long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
780 long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); | 844 long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
781 long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); | 845 long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); |
782 int ssl2_pending(const SSL *s); | 846 int ssl2_pending(const SSL *s); |
783 long ssl2_default_timeout(void ); | 847 long ssl2_default_timeout(void ); |
784 | 848 |
785 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); | 849 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); |
786 int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); | 850 int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
787 void ssl3_init_finished_mac(SSL *s); | 851 void ssl3_init_finished_mac(SSL *s); |
788 int ssl3_send_server_certificate(SSL *s); | 852 int ssl3_send_server_certificate(SSL *s); |
789 int ssl3_send_newsession_ticket(SSL *s); | 853 int ssl3_send_newsession_ticket(SSL *s); |
790 int ssl3_send_cert_status(SSL *s); | 854 int ssl3_send_cert_status(SSL *s); |
791 int ssl3_get_finished(SSL *s,int state_a,int state_b); | 855 int ssl3_get_finished(SSL *s,int state_a,int state_b); |
792 int ssl3_setup_key_block(SSL *s); | 856 int ssl3_setup_key_block(SSL *s); |
793 int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); | 857 int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); |
794 int ssl3_change_cipher_state(SSL *s,int which); | 858 int ssl3_change_cipher_state(SSL *s,int which); |
795 void ssl3_cleanup_key_block(SSL *s); | 859 void ssl3_cleanup_key_block(SSL *s); |
796 int ssl3_do_write(SSL *s,int type); | 860 int ssl3_do_write(SSL *s,int type); |
797 int ssl3_send_alert(SSL *s,int level, int desc); | 861 int ssl3_send_alert(SSL *s,int level, int desc); |
798 int ssl3_generate_master_secret(SSL *s, unsigned char *out, | 862 int ssl3_generate_master_secret(SSL *s, unsigned char *out, |
799 unsigned char *p, int len); | 863 unsigned char *p, int len); |
800 int ssl3_get_req_cert_type(SSL *s,unsigned char *p); | 864 int ssl3_get_req_cert_type(SSL *s,unsigned char *p); |
801 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); | 865 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); |
802 int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); | 866 int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); |
803 int ssl3_num_ciphers(void); | 867 int ssl3_num_ciphers(void); |
804 SSL_CIPHER *ssl3_get_cipher(unsigned int u); | 868 const SSL_CIPHER *ssl3_get_cipher(unsigned int u); |
805 int ssl3_renegotiate(SSL *ssl); | 869 int ssl3_renegotiate(SSL *ssl); |
806 int ssl3_renegotiate_check(SSL *ssl); | 870 int ssl3_renegotiate_check(SSL *ssl); |
807 int ssl3_dispatch_alert(SSL *s); | 871 int ssl3_dispatch_alert(SSL *s); |
808 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); | 872 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); |
809 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); | 873 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); |
810 int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, | 874 int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p)
; |
811 » const char *sender, int slen,unsigned char *p); | 875 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); |
812 int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); | |
813 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); | 876 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); |
814 int ssl3_enc(SSL *s, int send_data); | 877 int ssl3_enc(SSL *s, int send_data); |
815 int ssl3_mac(SSL *ssl, unsigned char *md, int send_data); | 878 int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); |
| 879 void ssl3_free_digest_list(SSL *s); |
816 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); | 880 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); |
817 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt, | 881 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt, |
818 STACK_OF(SSL_CIPHER) *srvr); | 882 STACK_OF(SSL_CIPHER) *srvr); |
819 int ssl3_setup_buffers(SSL *s); | 883 int ssl3_setup_buffers(SSL *s); |
| 884 int ssl3_setup_read_buffer(SSL *s); |
| 885 int ssl3_setup_write_buffer(SSL *s); |
| 886 int ssl3_release_read_buffer(SSL *s); |
| 887 int ssl3_release_write_buffer(SSL *s); |
| 888 int ssl3_digest_cached_records(SSL *s); |
820 int ssl3_new(SSL *s); | 889 int ssl3_new(SSL *s); |
821 void ssl3_free(SSL *s); | 890 void ssl3_free(SSL *s); |
822 int ssl3_accept(SSL *s); | 891 int ssl3_accept(SSL *s); |
823 int ssl3_connect(SSL *s); | 892 int ssl3_connect(SSL *s); |
824 int ssl3_read(SSL *s, void *buf, int len); | 893 int ssl3_read(SSL *s, void *buf, int len); |
825 int ssl3_peek(SSL *s, void *buf, int len); | 894 int ssl3_peek(SSL *s, void *buf, int len); |
826 int ssl3_write(SSL *s, const void *buf, int len); | 895 int ssl3_write(SSL *s, const void *buf, int len); |
827 int ssl3_shutdown(SSL *s); | 896 int ssl3_shutdown(SSL *s); |
828 void ssl3_clear(SSL *s); | 897 void ssl3_clear(SSL *s); |
829 long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); | 898 long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); |
830 long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); | 899 long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
831 long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); | 900 long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
832 long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); | 901 long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void)); |
833 int ssl3_pending(const SSL *s); | 902 int ssl3_pending(const SSL *s); |
834 | 903 |
835 void ssl3_record_sequence_update(unsigned char *seq); | 904 void ssl3_record_sequence_update(unsigned char *seq); |
836 int ssl3_do_change_cipher_spec(SSL *ssl); | 905 int ssl3_do_change_cipher_spec(SSL *ssl); |
837 long ssl3_default_timeout(void ); | 906 long ssl3_default_timeout(void ); |
838 | 907 |
839 int ssl23_num_ciphers(void ); | 908 int ssl23_num_ciphers(void ); |
840 SSL_CIPHER *ssl23_get_cipher(unsigned int u); | 909 const SSL_CIPHER *ssl23_get_cipher(unsigned int u); |
841 int ssl23_read(SSL *s, void *buf, int len); | 910 int ssl23_read(SSL *s, void *buf, int len); |
842 int ssl23_peek(SSL *s, void *buf, int len); | 911 int ssl23_peek(SSL *s, void *buf, int len); |
843 int ssl23_write(SSL *s, const void *buf, int len); | 912 int ssl23_write(SSL *s, const void *buf, int len); |
844 int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); | 913 int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); |
845 SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); | 914 const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); |
846 long ssl23_default_timeout(void ); | 915 long ssl23_default_timeout(void ); |
847 | 916 |
848 long tls1_default_timeout(void); | 917 long tls1_default_timeout(void); |
849 int dtls1_do_write(SSL *s,int type); | 918 int dtls1_do_write(SSL *s,int type); |
850 int ssl3_read_n(SSL *s, int n, int max, int extend); | 919 int ssl3_read_n(SSL *s, int n, int max, int extend); |
851 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); | 920 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); |
852 int ssl3_do_compress(SSL *ssl); | 921 int ssl3_do_compress(SSL *ssl); |
853 int ssl3_do_uncompress(SSL *ssl); | 922 int ssl3_do_uncompress(SSL *ssl); |
854 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | 923 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
855 unsigned int len); | 924 unsigned int len); |
(...skipping 13 matching lines...) Expand all Loading... |
869 unsigned long frag_off, int *found); | 938 unsigned long frag_off, int *found); |
870 int dtls1_get_queue_priority(unsigned short seq, int is_ccs); | 939 int dtls1_get_queue_priority(unsigned short seq, int is_ccs); |
871 int dtls1_retransmit_buffered_messages(SSL *s); | 940 int dtls1_retransmit_buffered_messages(SSL *s); |
872 void dtls1_clear_record_buffer(SSL *s); | 941 void dtls1_clear_record_buffer(SSL *s); |
873 void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
; | 942 void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
; |
874 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); | 943 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); |
875 void dtls1_reset_seq_numbers(SSL *s, int rw); | 944 void dtls1_reset_seq_numbers(SSL *s, int rw); |
876 long dtls1_default_timeout(void); | 945 long dtls1_default_timeout(void); |
877 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); | 946 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); |
878 int dtls1_handle_timeout(SSL *s); | 947 int dtls1_handle_timeout(SSL *s); |
879 SSL_CIPHER *dtls1_get_cipher(unsigned int u); | 948 const SSL_CIPHER *dtls1_get_cipher(unsigned int u); |
880 void dtls1_start_timer(SSL *s); | 949 void dtls1_start_timer(SSL *s); |
881 void dtls1_stop_timer(SSL *s); | 950 void dtls1_stop_timer(SSL *s); |
882 int dtls1_is_timer_expired(SSL *s); | 951 int dtls1_is_timer_expired(SSL *s); |
883 void dtls1_double_timeout(SSL *s); | 952 void dtls1_double_timeout(SSL *s); |
884 int dtls1_send_newsession_ticket(SSL *s); | 953 int dtls1_send_newsession_ticket(SSL *s); |
885 | 954 unsigned int dtls1_min_mtu(void); |
886 | 955 |
887 /* some client-only functions */ | 956 /* some client-only functions */ |
888 int ssl3_client_hello(SSL *s); | 957 int ssl3_client_hello(SSL *s); |
889 int ssl3_get_server_hello(SSL *s); | 958 int ssl3_get_server_hello(SSL *s); |
890 int ssl3_get_certificate_request(SSL *s); | 959 int ssl3_get_certificate_request(SSL *s); |
891 int ssl3_get_new_session_ticket(SSL *s); | 960 int ssl3_get_new_session_ticket(SSL *s); |
892 int ssl3_get_cert_status(SSL *s); | 961 int ssl3_get_cert_status(SSL *s); |
893 int ssl3_get_server_done(SSL *s); | 962 int ssl3_get_server_done(SSL *s); |
894 int ssl3_send_client_verify(SSL *s); | 963 int ssl3_send_client_verify(SSL *s); |
| 964 int ssl3_send_client_certificate(SSL *s); |
895 int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); | 965 int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); |
896 int ssl3_send_client_certificate(SSL *s); | |
897 int ssl3_send_client_key_exchange(SSL *s); | 966 int ssl3_send_client_key_exchange(SSL *s); |
898 int ssl3_get_key_exchange(SSL *s); | 967 int ssl3_get_key_exchange(SSL *s); |
899 int ssl3_get_server_certificate(SSL *s); | 968 int ssl3_get_server_certificate(SSL *s); |
900 int ssl3_check_cert_and_algorithm(SSL *s); | 969 int ssl3_check_cert_and_algorithm(SSL *s); |
901 #ifndef OPENSSL_NO_TLSEXT | 970 #ifndef OPENSSL_NO_TLSEXT |
902 int ssl3_check_finished(SSL *s); | 971 int ssl3_check_finished(SSL *s); |
| 972 # ifndef OPENSSL_NO_NEXTPROTONEG |
903 int ssl3_send_next_proto(SSL *s); | 973 int ssl3_send_next_proto(SSL *s); |
| 974 # endif |
904 #endif | 975 #endif |
905 | 976 |
906 int dtls1_client_hello(SSL *s); | 977 int dtls1_client_hello(SSL *s); |
907 int dtls1_send_client_certificate(SSL *s); | 978 int dtls1_send_client_certificate(SSL *s); |
908 int dtls1_send_client_key_exchange(SSL *s); | 979 int dtls1_send_client_key_exchange(SSL *s); |
909 int dtls1_send_client_verify(SSL *s); | 980 int dtls1_send_client_verify(SSL *s); |
910 | 981 |
911 /* some server-only functions */ | 982 /* some server-only functions */ |
912 int ssl3_get_client_hello(SSL *s); | 983 int ssl3_get_client_hello(SSL *s); |
913 int ssl3_send_server_hello(SSL *s); | 984 int ssl3_send_server_hello(SSL *s); |
914 int ssl3_send_hello_request(SSL *s); | 985 int ssl3_send_hello_request(SSL *s); |
915 int ssl3_send_server_key_exchange(SSL *s); | 986 int ssl3_send_server_key_exchange(SSL *s); |
916 int ssl3_send_certificate_request(SSL *s); | 987 int ssl3_send_certificate_request(SSL *s); |
917 int ssl3_send_server_done(SSL *s); | 988 int ssl3_send_server_done(SSL *s); |
918 int ssl3_check_client_hello(SSL *s); | 989 int ssl3_check_client_hello(SSL *s); |
919 int ssl3_get_client_certificate(SSL *s); | 990 int ssl3_get_client_certificate(SSL *s); |
920 int ssl3_get_client_key_exchange(SSL *s); | 991 int ssl3_get_client_key_exchange(SSL *s); |
921 int ssl3_get_cert_verify(SSL *s); | 992 int ssl3_get_cert_verify(SSL *s); |
| 993 #ifndef OPENSSL_NO_NEXTPROTONEG |
922 int ssl3_get_next_proto(SSL *s); | 994 int ssl3_get_next_proto(SSL *s); |
923 int ssl3_snap_start_reset_for_recovery(SSL* s); | 995 #endif |
924 | 996 |
925 int dtls1_send_hello_request(SSL *s); | 997 int dtls1_send_hello_request(SSL *s); |
926 int dtls1_send_server_hello(SSL *s); | 998 int dtls1_send_server_hello(SSL *s); |
927 int dtls1_send_server_certificate(SSL *s); | 999 int dtls1_send_server_certificate(SSL *s); |
928 int dtls1_send_server_key_exchange(SSL *s); | 1000 int dtls1_send_server_key_exchange(SSL *s); |
929 int dtls1_send_certificate_request(SSL *s); | 1001 int dtls1_send_certificate_request(SSL *s); |
930 int dtls1_send_server_done(SSL *s); | 1002 int dtls1_send_server_done(SSL *s); |
931 | 1003 |
932 | 1004 |
933 | 1005 |
934 int ssl23_accept(SSL *s); | 1006 int ssl23_accept(SSL *s); |
935 int ssl23_connect(SSL *s); | 1007 int ssl23_connect(SSL *s); |
936 int ssl23_read_bytes(SSL *s, int n); | 1008 int ssl23_read_bytes(SSL *s, int n); |
937 int ssl23_write_bytes(SSL *s); | 1009 int ssl23_write_bytes(SSL *s); |
938 | 1010 |
939 int tls1_new(SSL *s); | 1011 int tls1_new(SSL *s); |
940 void tls1_free(SSL *s); | 1012 void tls1_free(SSL *s); |
941 void tls1_clear(SSL *s); | 1013 void tls1_clear(SSL *s); |
942 long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); | 1014 long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); |
943 long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); | 1015 long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); |
944 SSL_METHOD *tlsv1_base_method(void ); | |
945 | 1016 |
946 int dtls1_new(SSL *s); | 1017 int dtls1_new(SSL *s); |
947 int dtls1_accept(SSL *s); | 1018 int dtls1_accept(SSL *s); |
948 int dtls1_connect(SSL *s); | 1019 int dtls1_connect(SSL *s); |
949 void dtls1_free(SSL *s); | 1020 void dtls1_free(SSL *s); |
950 void dtls1_clear(SSL *s); | 1021 void dtls1_clear(SSL *s); |
951 long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); | 1022 long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); |
952 SSL_METHOD *dtlsv1_base_method(void ); | |
953 | 1023 |
954 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); | 1024 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); |
955 int dtls1_get_record(SSL *s); | 1025 int dtls1_get_record(SSL *s); |
956 int do_dtls1_write(SSL *s, int type, const unsigned char *buf, | 1026 int do_dtls1_write(SSL *s, int type, const unsigned char *buf, |
957 unsigned int len, int create_empty_fragement); | 1027 unsigned int len, int create_empty_fragement); |
958 int dtls1_dispatch_alert(SSL *s); | 1028 int dtls1_dispatch_alert(SSL *s); |
959 int dtls1_enc(SSL *s, int snd); | 1029 int dtls1_enc(SSL *s, int snd); |
960 | 1030 |
961 int ssl_init_wbio_buffer(SSL *s, int push); | 1031 int ssl_init_wbio_buffer(SSL *s, int push); |
962 void ssl_free_wbio_buffer(SSL *s); | 1032 void ssl_free_wbio_buffer(SSL *s); |
963 | 1033 |
964 int tls1_change_cipher_state(SSL *s, int which); | 1034 int tls1_change_cipher_state(SSL *s, int which); |
965 int tls1_setup_key_block(SSL *s); | 1035 int tls1_setup_key_block(SSL *s); |
966 int tls1_enc(SSL *s, int snd); | 1036 int tls1_enc(SSL *s, int snd); |
967 int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, | 1037 int tls1_final_finish_mac(SSL *s, |
968 const char *str, int slen, unsigned char *p); | 1038 const char *str, int slen, unsigned char *p); |
969 int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); | 1039 int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); |
970 int tls1_mac(SSL *ssl, unsigned char *md, int snd); | 1040 int tls1_mac(SSL *ssl, unsigned char *md, int snd); |
971 int tls1_generate_master_secret(SSL *s, unsigned char *out, | 1041 int tls1_generate_master_secret(SSL *s, unsigned char *out, |
972 unsigned char *p, int len); | 1042 unsigned char *p, int len); |
973 int tls1_alert_code(int code); | 1043 int tls1_alert_code(int code); |
974 int ssl3_alert_code(int code); | 1044 int ssl3_alert_code(int code); |
975 int ssl_ok(SSL *s); | 1045 int ssl_ok(SSL *s); |
976 | 1046 |
977 int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); | 1047 #ifndef OPENSSL_NO_ECDH |
| 1048 int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs); |
| 1049 #endif |
978 | 1050 |
979 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); | 1051 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); |
980 | 1052 |
| 1053 #ifndef OPENSSL_NO_EC |
| 1054 int tls1_ec_curve_id2nid(int curve_id); |
| 1055 int tls1_ec_nid2curve_id(int nid); |
| 1056 #endif /* OPENSSL_NO_EC */ |
| 1057 |
981 #ifndef OPENSSL_NO_TLSEXT | 1058 #ifndef OPENSSL_NO_TLSEXT |
982 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
r *limit); | 1059 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
r *limit); |
983 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
r *limit); | 1060 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
r *limit); |
984 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
int n, int *al); | 1061 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
int n, int *al); |
985 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
int n, int *al); | 1062 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
int n, int *al); |
986 int ssl_prepare_clienthello_tlsext(SSL *s); | 1063 int ssl_prepare_clienthello_tlsext(SSL *s); |
987 int ssl_prepare_serverhello_tlsext(SSL *s); | 1064 int ssl_prepare_serverhello_tlsext(SSL *s); |
988 int ssl_check_clienthello_tlsext(SSL *s); | 1065 int ssl_check_clienthello_tlsext(SSL *s); |
989 int ssl_check_serverhello_tlsext(SSL *s); | 1066 int ssl_check_serverhello_tlsext(SSL *s); |
990 | 1067 |
991 #ifdef OPENSSL_NO_SHA256 | 1068 #ifdef OPENSSL_NO_SHA256 |
992 #define tlsext_tick_md EVP_sha1 | 1069 #define tlsext_tick_md EVP_sha1 |
993 #else | 1070 #else |
994 #define tlsext_tick_md EVP_sha256 | 1071 #define tlsext_tick_md EVP_sha256 |
995 #endif | 1072 #endif |
996 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | 1073 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, |
997 const unsigned char *limit, SSL_SESSION **ret); | 1074 const unsigned char *limit, SSL_SESSION **ret); |
| 1075 #endif |
998 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; | 1076 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; |
999 void ssl_clear_hash_ctx(EVP_MD_CTX **hash); | 1077 void ssl_clear_hash_ctx(EVP_MD_CTX **hash); |
1000 | |
1001 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | 1078 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, |
1002 int maxlen); | 1079 int maxlen); |
1003 int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | 1080 int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, |
1004 int *al); | 1081 int *al); |
1005 int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | 1082 int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, |
1006 int maxlen); | 1083 int maxlen); |
1007 int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | 1084 int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, |
1008 int *al); | 1085 int *al); |
1009 #endif | 1086 #endif |
1010 | |
1011 #endif | |
OLD | NEW |