OLD | NEW |
1 /* ssl/ssl_locl.h */ | 1 /* ssl/ssl_locl.h */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 310 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
321 #define SSL_IDEA 0x00000010L | 321 #define SSL_IDEA 0x00000010L |
322 #define SSL_eNULL 0x00000020L | 322 #define SSL_eNULL 0x00000020L |
323 #define SSL_AES128 0x00000040L | 323 #define SSL_AES128 0x00000040L |
324 #define SSL_AES256 0x00000080L | 324 #define SSL_AES256 0x00000080L |
325 #define SSL_CAMELLIA128 0x00000100L | 325 #define SSL_CAMELLIA128 0x00000100L |
326 #define SSL_CAMELLIA256 0x00000200L | 326 #define SSL_CAMELLIA256 0x00000200L |
327 #define SSL_eGOST2814789CNT 0x00000400L | 327 #define SSL_eGOST2814789CNT 0x00000400L |
328 #define SSL_SEED 0x00000800L | 328 #define SSL_SEED 0x00000800L |
329 #define SSL_AES128GCM 0x00001000L | 329 #define SSL_AES128GCM 0x00001000L |
330 #define SSL_AES256GCM 0x00002000L | 330 #define SSL_AES256GCM 0x00002000L |
| 331 #define SSL_CHACHA20POLY1305 0x00004000L |
331 | 332 |
332 #define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256G
CM) | 333 #define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256G
CM) |
333 #define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) | 334 #define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) |
334 | 335 |
335 | 336 |
336 /* Bits for algorithm_mac (symmetric authentication) */ | 337 /* Bits for algorithm_mac (symmetric authentication) */ |
337 | 338 |
338 #define SSL_MD5 0x00000001L | 339 #define SSL_MD5 0x00000001L |
339 #define SSL_SHA1 0x00000002L | 340 #define SSL_SHA1 0x00000002L |
340 #define SSL_GOST94 0x00000004L | 341 #define SSL_GOST94 0x00000004L |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
373 #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) | 374 #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) |
374 #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) | 375 #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) |
375 #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) | 376 #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) |
376 | 377 |
377 /* Stream MAC for GOST ciphersuites from cryptopro draft | 378 /* Stream MAC for GOST ciphersuites from cryptopro draft |
378 * (currently this also goes into algorithm2) */ | 379 * (currently this also goes into algorithm2) */ |
379 #define TLS1_STREAM_MAC 0x04 | 380 #define TLS1_STREAM_MAC 0x04 |
380 | 381 |
381 #define TLSEXT_CHANNEL_ID_SIZE 128 | 382 #define TLSEXT_CHANNEL_ID_SIZE 128 |
382 | 383 |
| 384 /* SSL_CIPHER_ALGORITHM2_AEAD is a flag in SSL_CIPHER.algorithm2 which |
| 385 * indicates that the cipher is implemented via an EVP_AEAD. */ |
| 386 #define SSL_CIPHER_ALGORITHM2_AEAD (1<<23) |
| 387 |
| 388 /* SSL_CIPHER_AEAD_FIXED_NONCE_LEN returns the number of bytes of fixed nonce |
| 389 * for an SSL_CIPHER* with the SSL_CIPHER_ALGORITHM2_AEAD flag. */ |
| 390 #define SSL_CIPHER_AEAD_FIXED_NONCE_LEN(ssl_cipher) \ |
| 391 (((ssl_cipher->algorithm2 >> 24) & 0xf)*2) |
| 392 |
| 393 /* SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD is a flag in |
| 394 * SSL_CIPHER.algorithm2 which indicates that the variable part of the nonce is |
| 395 * included as a prefix of the record. (AES-GCM, for example, does with with an |
| 396 * 8-byte variable nonce.) */ |
| 397 #define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD (1<<22) |
383 | 398 |
384 /* | 399 /* |
385 * Export and cipher strength information. For each cipher we have to decide | 400 * Export and cipher strength information. For each cipher we have to decide |
386 * whether it is exportable or not. This information is likely to change | 401 * whether it is exportable or not. This information is likely to change |
387 * over time, since the export control rules are no static technical issue. | 402 * over time, since the export control rules are no static technical issue. |
388 * | 403 * |
389 * Independent of the export flag the cipher strength is sorted into classes. | 404 * Independent of the export flag the cipher strength is sorted into classes. |
390 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now | 405 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now |
391 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change | 406 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change |
392 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, | 407 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, |
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
581 int client_finished_label_len; | 596 int client_finished_label_len; |
582 const char *server_finished_label; | 597 const char *server_finished_label; |
583 int server_finished_label_len; | 598 int server_finished_label_len; |
584 int (*alert_value)(int); | 599 int (*alert_value)(int); |
585 int (*export_keying_material)(SSL *, unsigned char *, size_t, | 600 int (*export_keying_material)(SSL *, unsigned char *, size_t, |
586 const char *, size_t, | 601 const char *, size_t, |
587 const unsigned char *, size_t, | 602 const unsigned char *, size_t, |
588 int use_context); | 603 int use_context); |
589 } SSL3_ENC_METHOD; | 604 } SSL3_ENC_METHOD; |
590 | 605 |
| 606 /* ssl_aead_ctx_st contains information about an AEAD that is being used to |
| 607 * encrypt an SSL connection. */ |
| 608 struct ssl_aead_ctx_st |
| 609 { |
| 610 EVP_AEAD_CTX ctx; |
| 611 /* fixed_nonce contains any bytes of the nonce that are fixed for all |
| 612 * records. */ |
| 613 unsigned char fixed_nonce[8]; |
| 614 unsigned char fixed_nonce_len, variable_nonce_len, tag_len; |
| 615 /* variable_nonce_included_in_record is non-zero if the variable nonce |
| 616 * for a record is included as a prefix before the ciphertext. */ |
| 617 char variable_nonce_included_in_record; |
| 618 }; |
| 619 |
591 #ifndef OPENSSL_NO_COMP | 620 #ifndef OPENSSL_NO_COMP |
592 /* Used for holding the relevant compression methods loaded into SSL_CTX */ | 621 /* Used for holding the relevant compression methods loaded into SSL_CTX */ |
593 typedef struct ssl3_comp_st | 622 typedef struct ssl3_comp_st |
594 { | 623 { |
595 int comp_id; /* The identifier byte for this compression type */ | 624 int comp_id; /* The identifier byte for this compression type */ |
596 char *name; /* Text name used for the compression type */ | 625 char *name; /* Text name used for the compression type */ |
597 COMP_METHOD *method; /* The method :-) */ | 626 COMP_METHOD *method; /* The method :-) */ |
598 } SSL3_COMP; | 627 } SSL3_COMP; |
599 #endif | 628 #endif |
600 | 629 |
(...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
827 const SSL_CIPHER * const *bp); | 856 const SSL_CIPHER * const *bp); |
828 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, | 857 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, |
829 STACK_OF(SSL_CIPHER) **skp); | 858 STACK_OF(SSL_CIPHER) **skp); |
830 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, | 859 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, |
831 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
; | 860 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
; |
832 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, | 861 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, |
833 STACK_OF(SSL_CIPHER) **pref, | 862 STACK_OF(SSL_CIPHER) **pref, |
834 STACK_OF(SSL_CIPHER) **sorted, | 863 STACK_OF(SSL_CIPHER) **sorted, |
835 const char *rule_str); | 864 const char *rule_str); |
836 void ssl_update_cache(SSL *s, int mode); | 865 void ssl_update_cache(SSL *s, int mode); |
| 866 int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp); |
| 867 int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead); |
837 int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, | 868 int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, |
838 » » const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size
, SSL_COMP **comp); | 869 » » const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size
); |
839 int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
| 870 int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
|
840 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); | 871 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); |
841 int ssl_undefined_function(SSL *s); | 872 int ssl_undefined_function(SSL *s); |
842 int ssl_undefined_void_function(void); | 873 int ssl_undefined_void_function(void); |
843 int ssl_undefined_const_function(const SSL *s); | 874 int ssl_undefined_const_function(const SSL *s); |
844 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); | 875 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); |
845 X509 *ssl_get_server_send_cert(const SSL *); | 876 X509 *ssl_get_server_send_cert(const SSL *); |
846 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); | 877 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); |
847 int ssl_cert_type(X509 *x,EVP_PKEY *pkey); | 878 int ssl_cert_type(X509 *x,EVP_PKEY *pkey); |
848 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); | 879 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); |
(...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1171 size_t data_plus_mac_plus_padding_size, | 1202 size_t data_plus_mac_plus_padding_size, |
1172 const unsigned char *mac_secret, | 1203 const unsigned char *mac_secret, |
1173 unsigned mac_secret_length, | 1204 unsigned mac_secret_length, |
1174 char is_sslv3); | 1205 char is_sslv3); |
1175 | 1206 |
1176 void tls_fips_digest_extra( | 1207 void tls_fips_digest_extra( |
1177 const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, | 1208 const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, |
1178 const unsigned char *data, size_t data_len, size_t orig_len); | 1209 const unsigned char *data, size_t data_len, size_t orig_len); |
1179 | 1210 |
1180 #endif | 1211 #endif |
OLD | NEW |