X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=052fa03af6361fb639bf3f14dbfa7dfa831e980a;hb=aae3233e1e08e9f11742f8f351af5c98cd8add16;hp=af08597474f6beeae814f2f6dfeb1ba66788ac09;hpb=9346c75cb8bea75d3410be65f5b625289f375b2d;p=openssl.git

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index af08597474..052fa03af6 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -288,30 +288,56 @@
  */
 
 /* Bits for algorithm_mkey (key exchange algorithm) */
-#define SSL_kRSA		0x00000001L /* RSA key exchange */
-#define SSL_kDHr		0x00000002L /* DH cert, RSA CA cert */
-#define SSL_kDHd		0x00000004L /* DH cert, DSA CA cert */
-#define SSL_kEDH		0x00000008L /* tmp DH key no DH cert */
-#define SSL_kKRB5		0x00000010L /* Kerberos5 key exchange */
-#define SSL_kECDHr		0x00000020L /* ECDH cert, RSA CA cert */
-#define SSL_kECDHe		0x00000040L /* ECDH cert, ECDSA CA cert */
-#define SSL_kEECDH		0x00000080L /* ephemeral ECDH */
-#define SSL_kPSK		0x00000100L /* PSK */
-#define SSL_kGOST       0x00000200L /* GOST key exchange */
-#define SSL_kSRP        0x00000400L /* SRP */
+/* RSA key exchange */
+#define SSL_kRSA		0x00000001L
+/* DH cert, RSA CA cert */
+#define SSL_kDHr		0x00000002L
+/* DH cert, DSA CA cert */
+#define SSL_kDHd		0x00000004L
+/* tmp DH key no DH cert */
+#define SSL_kEDH		0x00000008L
+/* forward-compatible synonym */
+#define SSL_kDHE		SSL_kEDH
+/* Kerberos5 key exchange */
+#define SSL_kKRB5		0x00000010L
+/* ECDH cert, RSA CA cert */
+#define SSL_kECDHr		0x00000020L
+/* ECDH cert, ECDSA CA cert */
+#define SSL_kECDHe		0x00000040L
+/* ephemeral ECDH */
+#define SSL_kEECDH		0x00000080L
+/* forward-compatible synonym */
+#define SSL_kECDHE		SSL_kEECDH
+/* PSK */
+#define SSL_kPSK		0x00000100L
+/* GOST key exchange */
+#define SSL_kGOST       0x00000200L
+/* SRP */
+#define SSL_kSRP        0x00000400L
 
 /* Bits for algorithm_auth (server authentication) */
-#define SSL_aRSA		0x00000001L /* RSA auth */
-#define SSL_aDSS 		0x00000002L /* DSS auth */
-#define SSL_aNULL 		0x00000004L /* no auth (i.e. use ADH or AECDH) */
-#define SSL_aDH 		0x00000008L /* Fixed DH auth (kDHd or kDHr) */
-#define SSL_aECDH 		0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
-#define SSL_aKRB5               0x00000020L /* KRB5 auth */
-#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
-#define SSL_aPSK                0x00000080L /* PSK auth */
-#define SSL_aGOST94				0x00000100L /* GOST R 34.10-94 signature auth */
-#define SSL_aGOST01 			0x00000200L /* GOST R 34.10-2001 signature auth */
-#define SSL_aSRP 		0x00000400L /* SRP auth */
+/* RSA auth */
+#define SSL_aRSA		0x00000001L
+/* DSS auth */
+#define SSL_aDSS 		0x00000002L
+/* no auth (i.e. use ADH or AECDH) */
+#define SSL_aNULL 		0x00000004L
+/* Fixed DH auth (kDHd or kDHr) */
+#define SSL_aDH 		0x00000008L
+/* Fixed ECDH auth (kECDHe or kECDHr) */
+#define SSL_aECDH 		0x00000010L
+/* KRB5 auth */
+#define SSL_aKRB5               0x00000020L
+/* ECDSA auth*/
+#define SSL_aECDSA              0x00000040L
+/* PSK auth */
+#define SSL_aPSK                0x00000080L
+/* GOST R 34.10-94 signature auth */
+#define SSL_aGOST94				0x00000100L
+/* GOST R 34.10-2001 signature auth */
+#define SSL_aGOST01 			0x00000200L
+/* SRP auth */
+#define SSL_aSRP 		0x00000400L
 
 
 /* Bits for algorithm_enc (symmetric encryption) */
@@ -414,7 +440,7 @@
 
 /* we have used 000001ff - 23 bits left to go */
 
-/*
+/*-
  * Macros to check the export status and cipher strength for export ciphers.
  * Even though the macros for EXPORT and EXPORT40/56 have similar names,
  * their meaning is different:
@@ -474,7 +500,8 @@
 #define SSL_PKEY_GOST01		7
 #define SSL_PKEY_NUM		8
 
-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
+/*-
+ * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
  * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
  * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
  * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
@@ -482,7 +509,7 @@
  * SSL_aDSS <- DSA_SIGN
  */
 
-/*
+/*-
 #define CERT_INVALID		0
 #define CERT_PUBLIC_KEY		1
 #define CERT_PRIVATE_KEY	2
@@ -506,11 +533,13 @@ typedef struct cert_pkey_st
 	/* Chain for this certificate */
 	STACK_OF(X509) *chain;
 #ifndef OPENSSL_NO_TLSEXT
-	/* serverinfo data for this certificate.  The data is in TLS Extension
+	/*-
+	 * serverinfo data for this certificate.  The data is in TLS Extension
 	 * wire format, specifically it's a series of records like:
 	 *   uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension)
 	 *   uint16_t length;
-	 *   uint8_t data[length]; */
+	 *   uint8_t data[length]; 
+	 */
 	unsigned char *serverinfo;
 	size_t serverinfo_length;
 #endif
@@ -533,8 +562,10 @@ typedef struct {
 	 */
 	unsigned short ext_flags;
 	custom_ext_add_cb add_cb; 
+	custom_ext_free_cb free_cb; 
+	void *add_arg;
 	custom_ext_parse_cb parse_cb; 
-	void *arg;
+	void *parse_arg;
 } custom_ext_method;
 
 /* ext_flags values */
@@ -556,9 +587,12 @@ typedef struct {
 typedef struct cert_st
 	{
 	/* Current active set */
-	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
-			 * Probably it would make more sense to store
-			 * an index, not a pointer. */
+	/*
+	 * ALWAYS points to an element of the pkeys array
+	 * Probably it would make more sense to store
+	 * an index, not a pointer.
+	 */
+	CERT_PKEY *key;
  
 	/* For servers the following masks are for the key and auth
 	 * algorithms that are supported by the certs below.
@@ -1061,7 +1095,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
+int ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
@@ -1176,7 +1210,6 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
 
 int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
 int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-unsigned long dtls1_output_cert_chain(SSL *s, CERT_PKEY *cpk);
 int dtls1_read_failed(SSL *s, int code);
 int dtls1_buffer_message(SSL *s, int ccs);
 int dtls1_retransmit_message(SSL *s, unsigned short seq, 
@@ -1197,7 +1230,9 @@ void dtls1_stop_timer(SSL *s);
 int dtls1_is_timer_expired(SSL *s);
 void dtls1_double_timeout(SSL *s);
 int dtls1_send_newsession_ticket(SSL *s);
-unsigned int dtls1_min_mtu(void);
+unsigned int dtls1_min_mtu(SSL *s);
+unsigned int dtls1_link_min_mtu(void);
+void dtls1_hm_fragment_free(hm_fragment *frag);
 
 /* some client-only functions */
 int ssl3_client_hello(SSL *s);
@@ -1214,7 +1249,6 @@ int ssl3_get_key_exchange(SSL *s);
 int ssl3_get_server_certificate(SSL *s);
 int ssl3_check_cert_and_algorithm(SSL *s);
 #ifndef OPENSSL_NO_TLSEXT
-int ssl3_check_finished(SSL *s);
 # ifndef OPENSSL_NO_NEXTPROTONEG
 int ssl3_send_next_proto(SSL *s);
 # endif
@@ -1229,7 +1263,6 @@ int ssl3_send_hello_request(SSL *s);
 int ssl3_send_server_key_exchange(SSL *s);
 int ssl3_send_certificate_request(SSL *s);
 int ssl3_send_server_done(SSL *s);
-int ssl3_check_client_hello(SSL *s);
 int ssl3_get_client_certificate(SSL *s);
 int ssl3_get_client_key_exchange(SSL *s);
 int ssl3_get_cert_verify(SSL *s);
@@ -1261,7 +1294,6 @@ int dtls1_get_record(SSL *s);
 int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
 	unsigned int len, int create_empty_fragement);
 int dtls1_dispatch_alert(SSL *s);
-int dtls1_enc(SSL *s, int snd);
 
 int ssl_init_wbio_buffer(SSL *s, int push);
 void ssl_free_wbio_buffer(SSL *s);
@@ -1297,7 +1329,9 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
 			int *curves, size_t ncurves);
 int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, 
 				const char *str);
+#ifndef OPENSSL_NO_ECDH
 int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
+#endif /* OPENSSL_NO_ECDH */
 #endif /* OPENSSL_NO_EC */
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -1308,6 +1342,7 @@ int tls1_shared_list(SSL *s,
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
+int tls1_set_server_sigalgs(SSL *s);
 int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
 int ssl_prepare_clienthello_tlsext(SSL *s);
@@ -1351,7 +1386,8 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
 int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
 					  int *al);
 long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls1_process_sigalgs(SSL *s);
 size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
 int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
 				const unsigned char *sig, EVP_PKEY *pkey);
@@ -1398,9 +1434,9 @@ int srp_verify_server_param(SSL *s, int *al);
 void custom_ext_init(custom_ext_methods *meths);
 
 int custom_ext_parse(SSL *s, int server,
-			unsigned short ext_type,
+			unsigned int ext_type,
 			const unsigned char *ext_data, 
-			unsigned short ext_size,
+			size_t ext_size,
 			int *al);
 int custom_ext_add(SSL *s, int server,
 			unsigned char **pret,