# endif
+#define MAX_COMPRESSIONS_SIZE 255
+
struct ssl_comp_st {
int id;
const char *name;
COMP_METHOD *method;
};
+typedef struct raw_extension_st {
+ /* Raw packet data for the extension */
+ PACKET data;
+ /* Set to 1 if the extension is present or 0 otherwise */
+ int present;
+ /* Set to 1 if we have already parsed the extension or 0 otherwise */
+ int parsed;
+ /* The type of this extension, i.e. a TLSEXT_TYPE_* value */
+ unsigned int type;
+} RAW_EXTENSION;
+
+typedef struct {
+ unsigned int isv2;
+ unsigned int legacy_version;
+ unsigned char random[SSL3_RANDOM_SIZE];
+ size_t session_id_len;
+ unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+ size_t dtls_cookie_len;
+ unsigned char dtls_cookie[DTLS1_COOKIE_LENGTH];
+ PACKET ciphersuites;
+ size_t compressions_len;
+ unsigned char compressions[MAX_COMPRESSIONS_SIZE];
+ PACKET extensions;
+ size_t pre_proc_exts_len;
+ RAW_EXTENSION *pre_proc_exts;
+} CLIENTHELLO_MSG;
+
DEFINE_LHASH_OF(SSL_SESSION);
/* Needed in ssl_cert.c */
DEFINE_LHASH_OF(X509_NAME);
ENGINE *client_cert_engine;
# endif
+ /* Early callback. Mostly for extensions, but not entirely. */
+ SSL_early_cb_fn early_cb;
+ void *early_cb_arg;
+
/* TLS extensions. */
struct {
/* TLS extensions servername callback */
int use_etm;
} ext;
+ /* Parsed form of the ClientHello, kept around across early_cb calls. */
+ CLIENTHELLO_MSG *clienthello;
+
/*-
* no further mod of servername
* 0 : call the servername extension callback.
# endif
/* used for certificate requests */
int cert_req;
- int ctype_num;
- char ctype[SSL3_CT_NUMBER];
+ /* Certificate types in certificate request message. */
+ uint8_t *ctype;
+ size_t ctype_len;
STACK_OF(X509_NAME) *ca_names;
size_t key_block_length;
unsigned char *key_block;
size_t peer_sigalgslen;
/* Sigalg peer actualy uses */
const SIGALG_LOOKUP *peer_sigalg;
- /* Array of digests used for signing */
- const EVP_MD *md[SSL_PKEY_NUM];
/*
* Set if corresponding CERT_PKEY can be used with current
* SSL session: e.g. appropriate curve, signature algorithms etc.
/* Flags related to certificates */
uint32_t cert_flags;
CERT_PKEY pkeys[SSL_PKEY_NUM];
- /*
- * Certificate types (received or sent) in certificate request message.
- * On receive this is only set if number of certificate types exceeds
- * SSL3_CT_NUMBER.
- */
- unsigned char *ctypes;
- size_t ctype_num;
+ /* Custom certificate types sent in certificate request message. */
+ uint8_t *ctype;
+ size_t ctype_len;
/*
* supported signature algorithms. When set on a client this is sent in
* the client hello as the supported signature algorithms extension. For
} SSL3_COMP;
# endif
-typedef struct raw_extension_st {
- /* Raw packet data for the extension */
- PACKET data;
- /* Set to 1 if the extension is present or 0 otherwise */
- int present;
- /* Set to 1 if we have already parsed the extension or 0 otherwise */
- int parsed;
- /* The type of this extension, i.e. a TLSEXT_TYPE_* value */
- unsigned int type;
-} RAW_EXTENSION;
-
/*
* Extension index values NOTE: Any updates to these defines should be mirrored
* with equivalent updates to ext_defs in extensions.c
#define TLSEXT_signature_rsa_pss 0x0101
-#define MAX_COMPRESSIONS_SIZE 255
-
-typedef struct {
- unsigned int isv2;
- unsigned int legacy_version;
- unsigned char random[SSL3_RANDOM_SIZE];
- size_t session_id_len;
- unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
- size_t dtls_cookie_len;
- unsigned char dtls_cookie[DTLS1_COOKIE_LENGTH];
- PACKET ciphersuites;
- size_t compressions_len;
- unsigned char compressions[MAX_COMPRESSIONS_SIZE];
- PACKET extensions;
- RAW_EXTENSION *pre_proc_exts;
-} CLIENTHELLO_MSG;
-
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
__owur const SSL_METHOD *ssl_bad_method(int ver);
# ifndef OPENSSL_UNIT_TEST
+__owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes);
+__owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written);
void ssl_clear_cipher_ctx(SSL *s);
int ssl_clear_bad_session(SSL *s);
__owur CERT *ssl_cert_new(void);
**sorted,
const char *rule_str,
CERT *c);
+__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites,
+ int sslv2format, int *al);
+__owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
+ STACK_OF(SSL_CIPHER) **skp,
+ STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
+ int *al);
void ssl_update_cache(SSL *s, int mode);
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
size_t *ext_overhead);
__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
- const unsigned char *ptr);
+ const unsigned char *ptr,
+ int all);
__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
__owur int tls1_alert_code(int code);
__owur int tls13_alert_code(int code);
__owur int ssl3_alert_code(int code);
-__owur int ssl_ok(SSL *s);
# ifndef OPENSSL_NO_EC
__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
void ssl_comp_free_compression_methods_int(void);
-# else
+# else /* OPENSSL_UNIT_TEST */
# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers