size_t max_size);
size_t ssl_hmac_size(const SSL_HMAC *ctx);
+int ssl_get_EC_curve_nid(const EVP_PKEY *pkey);
+
typedef struct tls_group_info_st {
char *tlsname; /* Curve Name as in TLS specs */
char *realname; /* Curve Name according to provider */
TLS_GROUP_INFO *group_list;
size_t group_list_len;
size_t group_list_max_len;
+
+ /* masks of disabled algorithms */
+ uint32_t disabled_enc_mask;
+ uint32_t disabled_mac_mask;
+ uint32_t disabled_mkey_mask;
+ uint32_t disabled_auth_mask;
};
typedef struct cert_pkey_st CERT_PKEY;
int message_type;
/* used to hold the new cipher we are going to use */
const SSL_CIPHER *new_cipher;
-# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- EVP_PKEY *pkey; /* holds short lived DH/ECDH key */
-# endif
+ EVP_PKEY *pkey; /* holds short lived key exchange key */
/* used for certificate requests */
int cert_req;
/* Certificate types in certificate request message. */
# endif /* !OPENSSL_NO_EC */
/* For clients: peer temporary key */
-# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
- /* The group_id for the DH/ECDH key */
+ /* The group_id for the key exchange key */
uint16_t group_id;
EVP_PKEY *peer_tmp;
-# endif
} s3;
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
-__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
size_t *int_overhead, size_t *blocksize,
size_t *ext_overhead);
-__owur int ssl_cert_is_disabled(size_t idx);
+__owur int ssl_cert_is_disabled(SSL_CTX *ctx, size_t idx);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
const unsigned char *ptr,
int all);