Return 1 when setting ECDH auto mode.

[openssl.git] / ssl / ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 13680cbf72289b766a591da50783a0627d56e28b..56f9b4b260d9a7bf1cc05660aea4dec508af364f 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -448,6 +448,17 @@
  */
 #define SSL_USE_SIGALGS(s)     \
                        (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
+/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2:
+ * may apply to others in future.
+ */
+#define SSL_USE_TLS1_2_CIPHERS(s)      \
+               (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+/* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method
+ * flags because it may not be set to correct version yet.
+ */
+#define SSL_CLIENT_USE_TLS1_2_CIPHERS(s)       \
+               ((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \
+               (!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION))
 
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC       0
@@ -499,6 +510,14 @@ typedef struct cert_pkey_st
         *   uint8_t data[length]; */
        unsigned char *authz;
        size_t authz_length;
+
+       /* serverinfo data for this certificate.  The data is in TLS Extension
+        * wire format, specifically it's a series of records like:
+        *   uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension)
+        *   uint16_t length;
+        *   uint8_t data[length]; */
+       unsigned char *serverinfo;
+       size_t serverinfo_length;
 #endif
        /* Set if CERT_PKEY can be used with current SSL session: e.g.
         * appropriate curve, signature algorithms etc. If zero it can't be
@@ -713,6 +732,10 @@ typedef struct ssl3_enc_method
 #define SSL_ENC_FLAG_SHA256_PRF                0x4
 /* Is DTLS */
 #define SSL_ENC_FLAG_DTLS              0x8
+/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2:
+ * may apply to others in future.
+ */
+#define SSL_ENC_FLAG_TLS1_2_CIPHERS    0x10
 
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
@@ -856,7 +879,7 @@ const SSL_METHOD *func_name(void)  \
        ssl23_get_cipher, \
        s_get_meth, \
        ssl23_default_timeout, \
-       &ssl3_undef_enc_method, \
+       &TLSv1_2_enc_data, \
        ssl_undefined_void_function, \
        ssl3_callback_ctrl, \
        ssl3_ctx_callback_ctrl, \
@@ -985,7 +1008,11 @@ int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
+#ifndef OPENSSL_NO_TLSEXT
 unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length);
+int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
+                                  size_t *serverinfo_length);
+#endif
 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);