X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=2672918ba6b2f11c4235ba0d996a612ec129c62d;hp=b3fabf734169e2717bd1bc52b7ea07e65e7d707b;hb=f7d5348710ad4f26a97458b102f0c2854e4a0520;hpb=8d92c1f8a381a3be7fe5b3a2c2aa9bfce22f5c72

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index b3fabf7341..2672918ba6 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -624,15 +624,11 @@ struct ssl_session_st {
      * to disable session caching and tickets.
      */
     int not_resumable;
-    /* The cert is the certificate used to establish this connection */
-    struct sess_cert_st /* SESS_CERT */ *sess_cert;
-    /*
-     * This is the cert for the other end. On clients, it will be the same as
-     * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is
-     * not retained in the external representation of sessions, see
-     * ssl_asn1.c).
-     */
+    /* This is the cert and type for the other end. */
     X509 *peer;
+    int peer_type;
+    /* Certificate chain of peer */
+    STACK_OF(X509) *peer_chain;
     /*
      * when app_verify_callback accepts a session where the peer's
      * certificate is not ok, we must remember the error for session reuse:
@@ -666,7 +662,7 @@ struct ssl_session_st {
 # ifndef OPENSSL_NO_SRP
     char *srp_username;
 # endif
-    long flags;
+    uint32_t flags;
 };
 
 /* Extended master secret support */
@@ -724,7 +720,7 @@ struct ssl_ctx_st {
      * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
      * means only SSL_accept which cache SSL_SESSIONS.
      */
-    int session_cache_mode;
+    uint32_t session_cache_mode;
     /*
      * If timeout is not 0, it is the default timeout value set when
      * SSL_new() is called.  This has been put in to make life easier to set
@@ -810,8 +806,8 @@ struct ssl_ctx_st {
      * SSL_new)
      */
 
-    unsigned long options;
-    unsigned long mode;
+    uint32_t options;
+    uint32_t mode;
     long max_cert_list;
 
     struct cert_st /* CERT */ *cert;
@@ -822,7 +818,7 @@ struct ssl_ctx_st {
                           const void *buf, size_t len, SSL *ssl, void *arg);
     void *msg_callback_arg;
 
-    int verify_mode;
+    uint32_t verify_mode;
     unsigned int sid_ctx_length;
     unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
     /* called 'verify_callback' in the SSL */
@@ -1023,7 +1019,7 @@ struct ssl_st {
      * These are the ones being used, the ones in SSL_SESSION are the ones to
      * be 'copied' into these ones
      */
-    int mac_flags;
+    uint32_t mac_flags;
     EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
     EVP_MD_CTX *read_hash;      /* used for mac generation */
     COMP_CTX *compress;         /* compression */
@@ -1049,7 +1045,7 @@ struct ssl_st {
      * 0 don't care about verify failure.
      * 1 fail if verify fails
      */
-    int verify_mode;
+    uint32_t verify_mode;
     /* fail if callback returns 0 */
     int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
     /* optional informational callback */
@@ -1081,9 +1077,9 @@ struct ssl_st {
     STACK_OF(X509_NAME) *client_CA;
     int references;
     /* protocol behaviour */
-    unsigned long options;
+    uint32_t options;
     /* API behaviour */
-    unsigned long mode;
+    uint32_t mode;
     long max_cert_list;
     int first_packet;
     /* what was passed, used for SSLv3/TLS rollback check */
@@ -1291,7 +1287,7 @@ typedef struct ssl3_state_st {
          * SSL session: e.g. appropriate curve, signature algorithms etc.
          * If zero it can't be used at all.
          */
-        int valid_flags[SSL_PKEY_NUM];
+        uint32_t valid_flags[SSL_PKEY_NUM];
         /*
          * For servers the following masks are for the key and auth algorithms
          * that are supported by the certs below. For clients they are masks of
@@ -1479,7 +1475,7 @@ typedef struct {
      * Per-connection flags relating to this extension type: not used if
      * part of an SSL_CTX structure.
      */
-    unsigned short ext_flags;
+    uint32_t ext_flags;
     custom_ext_add_cb add_cb;
     custom_ext_free_cb free_cb;
     void *add_arg;
@@ -1530,7 +1526,7 @@ typedef struct cert_st {
     int ecdh_tmp_auto;
 # endif
     /* Flags related to certificates */
-    unsigned int cert_flags;
+    uint32_t cert_flags;
     CERT_PKEY pkeys[SSL_PKEY_NUM];
     /*
      * Certificate types (received or sent) in certificate request message.
@@ -1590,19 +1586,6 @@ typedef struct cert_st {
     int references;             /* >1 only if SSL_copy_session_id is used */
 } CERT;
 
-typedef struct sess_cert_st {
-    STACK_OF(X509) *cert_chain; /* as received from peer */
-    /* The 'peer_...' members are used only by clients. */
-    int peer_cert_type;
-    CERT_PKEY *peer_key;        /* points to an element of peer_pkeys (never
-                                 * NULL!) */
-    CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
-    /*
-     * Obviously we don't have the private keys of these, so maybe we
-     * shouldn't even use the CERT_PKEY type here.
-     */
-    int references;             /* actually always 1 at the moment */
-} SESS_CERT;
 /* Structure containing decoded values of signature algorithms extension */
 struct tls_sigalgs_st {
     /* NID of hash algorithm */
@@ -1673,7 +1656,7 @@ typedef struct ssl3_enc_method {
                                    const unsigned char *, size_t,
                                    int use_context);
     /* Various flags indicating protocol version requirements */
-    unsigned int enc_flags;
+    uint32_t enc_flags;
     /* Handshake header length */
     unsigned int hhlen;
     /* Set the handshake header */
@@ -1857,9 +1840,6 @@ __owur CERT *ssl_cert_new(void);
 __owur CERT *ssl_cert_dup(CERT *cert);
 void ssl_cert_clear_certs(CERT *c);
 void ssl_cert_free(CERT *c);
-__owur SESS_CERT *ssl_sess_cert_new(void);
-void ssl_sess_cert_free(SESS_CERT *sc);
-__owur int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 __owur int ssl_get_new_session(SSL *s, int session);
 __owur int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
                          const unsigned char *limit);
@@ -1910,6 +1890,8 @@ __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 __owur int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
 __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
+__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+                                      int free_pms);
 
 __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
 __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
@@ -1942,7 +1924,7 @@ void ssl3_free_digest_list(SSL *s);
 __owur unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
 __owur SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
                                STACK_OF(SSL_CIPHER) *srvr);
-__owur int ssl3_digest_cached_records(SSL *s);
+__owur int ssl3_digest_cached_records(SSL *s, int keep);
 __owur int ssl3_new(SSL *s);
 void ssl3_free(SSL *s);
 __owur int ssl3_accept(SSL *s);
@@ -2179,6 +2161,8 @@ void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
                            EVP_MD_CTX *mac_ctx, const unsigned char *data,
                            size_t data_len, size_t orig_len);
 
+__owur int srp_generate_server_master_secret(SSL *s);
+__owur int srp_generate_client_master_secret(SSL *s);
 __owur int srp_verify_server_param(SSL *s, int *al);
 
 /* t1_ext.c */