/* we have used 0000003f - 26 bits left to go */
+/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */
+# define SSL3_CK_CIPHERSUITE_FLAG 0x03000000
+
/* Check if an SSL structure is using DTLS */
# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
* algorithms extension for server or as part of a certificate
* request for client.
*/
- unsigned int *peer_sigalgs;
+ uint16_t *peer_sigalgs;
/* Size of above array */
size_t peer_sigalgslen;
/* Digest peer uses for signing */
* the client hello as the supported signature algorithms extension. For
* servers it represents the signature algorithms we are willing to use.
*/
- unsigned int *conf_sigalgs;
+ uint16_t *conf_sigalgs;
/* Size of above array */
size_t conf_sigalgslen;
/*
* represents the signature algorithms we are willing to use for client
* authentication.
*/
- unsigned int *client_sigalgs;
+ uint16_t *client_sigalgs;
/* Size of above array */
size_t client_sigalgslen;
/*
/* Combined hash and signature NID */
int signandhash_nid;
/* Raw value used in extension */
- unsigned int rsigalg;
+ uint16_t rsigalg;
};
# define FP_ICC (int (*)(const void *,const void *))
/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */
typedef enum ticket_en {
+ /* fatal error, malloc failure */
TICKET_FATAL_ERR_MALLOC,
+ /* fatal error, either from parsing or decrypting the ticket */
TICKET_FATAL_ERR_OTHER,
+ /* No ticket present */
TICKET_NONE,
+ /* Empty ticket present */
TICKET_EMPTY,
+ /* the ticket couldn't be decrypted */
TICKET_NO_DECRYPT,
+ /* a ticket was successfully decrypted */
TICKET_SUCCESS,
+ /* same as above but the ticket needs to be reneewed */
TICKET_SUCCESS_RENEW
} TICKET_RETURN;
void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
__owur long ssl_get_algorithm2(SSL *s);
__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
- const unsigned int *psig, size_t psiglen);
+ const uint16_t *psig, size_t psiglen);
__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt);
__owur int tls1_process_sigalgs(SSL *s);
-__owur size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned int **psigs);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
__owur int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, unsigned int sig,
EVP_PKEY *pkey);
void ssl_set_client_disabled(SSL *s);