X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=adb1f3214b75cfa8d25b38f9877acf9f26d255e1;hp=a19f98569ebbb0e46242ef4c5cd078fba2219441;hb=15de0f609c859883347357aaf6cc685c797358bd;hpb=b60b9e7afe649a564db13dbf10ca571e973844c1 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a19f98569e..adb1f3214b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -311,6 +311,7 @@ #define SSL_aPSK 0x00000080L /* PSK auth */ #define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ +#define SSL_aSRP 0x00000400L /* SRP auth */ /* Bits for algorithm_enc (symmetric encryption) */ @@ -505,14 +506,6 @@ typedef struct cert_pkey_st /* Chain for this certificate */ STACK_OF(X509) *chain; #ifndef OPENSSL_NO_TLSEXT - /* authz/authz_length contain authz data for this certificate. The data - * is in wire format, specifically it's a series of records like: - * uint8_t authz_type; // (RFC 5878, AuthzDataFormat) - * uint16_t length; - * uint8_t data[length]; */ - unsigned char *authz; - size_t authz_length; - /* serverinfo data for this certificate. The data is in TLS Extension * wire format, specifically it's a series of records like: * uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension) @@ -881,7 +874,7 @@ const SSL_METHOD *func_name(void) \ ssl23_get_cipher, \ s_get_meth, \ ssl23_default_timeout, \ - &ssl3_undef_enc_method, \ + &TLSv1_2_enc_data, \ ssl_undefined_void_function, \ ssl3_callback_ctrl, \ ssl3_ctx_callback_ctrl, \ @@ -1000,6 +993,9 @@ int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain); int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); int ssl_cert_add0_chain_cert(CERT *c, X509 *x); int ssl_cert_add1_chain_cert(CERT *c, X509 *x); +int ssl_cert_select_current(CERT *c, X509 *x); +int ssl_cert_set_current(CERT *c, long arg); +X509 *ssl_cert_get0_next_certificate(CERT *c, int first); void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg); int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); @@ -1011,7 +1007,6 @@ int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); #ifndef OPENSSL_NO_TLSEXT -unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length); int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length); #endif @@ -1021,6 +1016,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); +int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s); @@ -1268,8 +1264,8 @@ int tls1_shared_list(SSL *s, const unsigned char *l1, size_t l1len, const unsigned char *l2, size_t l2len, int nmatch); -unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); -unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); +unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit, int *al); +unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit, int *al); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n); int ssl_check_clienthello_tlsext_late(SSL *s); int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n); @@ -1277,8 +1273,10 @@ int ssl_prepare_clienthello_tlsext(SSL *s); int ssl_prepare_serverhello_tlsext(SSL *s); /* server only */ -int tls1_send_server_supplemental_data(SSL *s); +int tls1_send_server_supplemental_data(SSL *s, int *skip); +int tls1_get_client_supplemental_data(SSL *s); /* client only */ +int tls1_send_client_supplemental_data(SSL *s, int *skip); int tls1_get_server_supplemental_data(SSL *s); #ifndef OPENSSL_NO_HEARTBEATS