X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=c9c071ae6fdc871d60dc1da93f388036c184475b;hp=ef5eb8cf53d561d38852532056892db050211cbe;hb=6d8b3dce7c8feee8aa9107e2ffcc588c782a6113;hpb=3eb2aff40116ecceab847c895cbf02cdb075d194 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ef5eb8cf53..c9c071ae6f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -147,26 +147,21 @@ # include # include "e_os.h" +# if defined(__unix) || defined(__unix__) +# include /* struct timeval for DTLS */ +# endif # include -# ifndef OPENSSL_NO_COMP -# include -# endif +# include # include # include -# ifndef OPENSSL_NO_RSA -# include -# endif -# ifndef OPENSSL_NO_DSA -# include -# endif +# include +# include # include # include # include # include -# ifndef OPENSSL_NO_CT -# include -# endif +# include #include "record/record.h" #include "statem/statem.h" #include "packet_locl.h" @@ -425,6 +420,7 @@ */ # define TLS1_STREAM_MAC 0x10000 +# define SSL_STRONG_MASK 0x0000001FU # define SSL_DEFAULT_MASK 0X00000020U # define SSL_STRONG_NONE 0x00000001U @@ -460,6 +456,12 @@ # define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \ (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION))) +/* + * Determine if a client should send signature algorithms extension: + * as with TLS1.2 cipher we can't rely on method flags. + */ +# define SSL_CLIENT_USE_SIGALGS(s) \ + SSL_CLIENT_USE_TLS1_2_CIPHERS(s) # ifdef TLSEXT_TYPE_encrypt_then_mac # define SSL_USE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) @@ -549,7 +551,6 @@ struct ssl_method_st { int (*ssl_pending) (const SSL *s); int (*num_ciphers) (void); const SSL_CIPHER *(*get_cipher) (unsigned ncipher); - const struct ssl_method_st *(*get_ssl_method) (int version); long (*get_timeout) (void); const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ int (*ssl_version) (void); @@ -824,7 +825,7 @@ struct ssl_ctx_st { * Validates that the SCTs (Signed Certificate Timestamps) are sufficient. * If they are not, the connection should be aborted. */ - ct_validation_cb ct_validation_callback; + ssl_ct_validation_cb ct_validation_callback; void *ct_validation_callback_arg; # endif @@ -1023,7 +1024,7 @@ struct ssl_st { X509_VERIFY_PARAM *param; /* Per connection DANE state */ - struct dane_st dane; + SSL_DANE dane; /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; @@ -1131,7 +1132,7 @@ struct ssl_st { * Validates that the SCTs (Signed Certificate Timestamps) are sufficient. * If they are not, the connection should be aborted. */ - ct_validation_cb ct_validation_callback; + ssl_ct_validation_cb ct_validation_callback; /* User-supplied argument tha tis passed to the ct_validation_callback */ void *ct_validation_callback_arg; /* @@ -1472,7 +1473,6 @@ pitem *pqueue_pop(pqueue *pq); pitem *pqueue_find(pqueue *pq, unsigned char *prio64be); pitem *pqueue_iterator(pqueue *pq); pitem *pqueue_next(piterator *iter); -void pqueue_print(pqueue *pq); int pqueue_size(pqueue *pq); typedef struct dtls1_state_st { @@ -1734,7 +1734,25 @@ typedef struct ssl3_comp_st { extern SSL3_ENC_METHOD ssl3_undef_enc_method; -SSL_METHOD *ssl_bad_method(int ver); +__owur const SSL_METHOD *ssl_bad_method(int ver); +__owur const SSL_METHOD *sslv3_method(void); +__owur const SSL_METHOD *sslv3_server_method(void); +__owur const SSL_METHOD *sslv3_client_method(void); +__owur const SSL_METHOD *tlsv1_method(void); +__owur const SSL_METHOD *tlsv1_server_method(void); +__owur const SSL_METHOD *tlsv1_client_method(void); +__owur const SSL_METHOD *tlsv1_1_method(void); +__owur const SSL_METHOD *tlsv1_1_server_method(void); +__owur const SSL_METHOD *tlsv1_1_client_method(void); +__owur const SSL_METHOD *tlsv1_2_method(void); +__owur const SSL_METHOD *tlsv1_2_server_method(void); +__owur const SSL_METHOD *tlsv1_2_client_method(void); +__owur const SSL_METHOD *dtlsv1_method(void); +__owur const SSL_METHOD *dtlsv1_server_method(void); +__owur const SSL_METHOD *dtlsv1_client_method(void); +__owur const SSL_METHOD *dtlsv1_2_method(void); +__owur const SSL_METHOD *dtlsv1_2_server_method(void); +__owur const SSL_METHOD *dtlsv1_2_client_method(void); extern const SSL3_ENC_METHOD TLSv1_enc_data; extern const SSL3_ENC_METHOD TLSv1_1_enc_data; @@ -1750,7 +1768,7 @@ extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; #define SSL_METHOD_NO_SUITEB (1U<<1) # define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, s_get_meth, enc_data) \ + s_connect, enc_data) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -1778,7 +1796,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ tls1_default_timeout, \ &enc_data, \ ssl_undefined_void_function, \ @@ -1788,7 +1805,7 @@ const SSL_METHOD *func_name(void) \ return &func_name##_data; \ } -# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ +# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -1816,7 +1833,6 @@ const SSL_METHOD *func_name(void) \ ssl3_pending, \ ssl3_num_ciphers, \ ssl3_get_cipher, \ - s_get_meth, \ ssl3_default_timeout, \ &SSLv3_enc_data, \ ssl_undefined_void_function, \ @@ -1827,7 +1843,7 @@ const SSL_METHOD *func_name(void) \ } # define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \ - s_connect, s_get_meth, enc_data) \ + s_connect, enc_data) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -1854,8 +1870,7 @@ const SSL_METHOD *func_name(void) \ ssl3_put_cipher_by_char, \ ssl3_pending, \ ssl3_num_ciphers, \ - dtls1_get_cipher, \ - s_get_meth, \ + ssl3_get_cipher, \ dtls1_default_timeout, \ &enc_data, \ ssl_undefined_void_function, \ @@ -1931,6 +1946,7 @@ __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey); void ssl_set_masks(SSL *s); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_verify_alarm_type(long type); +void ssl_sort_cipher_list(void); void ssl_load_ciphers(void); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, @@ -1984,6 +2000,8 @@ __owur int ssl3_handshake_write(SSL *s); __owur int ssl_allow_compression(SSL *s); +__owur int ssl_version_supported(const SSL *s, int version); + __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); __owur int ssl_set_version_bound(int method_version, int version, int *bound); @@ -2013,7 +2031,6 @@ __owur long dtls1_default_timeout(void); __owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft); __owur int dtls1_check_timeout_num(SSL *s); __owur int dtls1_handle_timeout(SSL *s); -__owur const SSL_CIPHER *dtls1_get_cipher(unsigned int u); void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); @@ -2187,6 +2204,8 @@ __owur int custom_ext_add(SSL *s, int server, __owur int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src); void custom_exts_free(custom_ext_methods *exts); +void ssl_comp_free_compression_methods_int(void); + # else # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer