projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Don't test heartbeats when there aren't any.
[openssl.git]
/
ssl
/
ssl_locl.h
diff --git
a/ssl/ssl_locl.h
b/ssl/ssl_locl.h
index 3745f0f0e2edcab4584fb6233cc78951c5f2bf76..00136b3d4ec95655b3a620d81d2597de780f9ba1 100644
(file)
--- a/
ssl/ssl_locl.h
+++ b/
ssl/ssl_locl.h
@@
-1,4
+1,3
@@
-/* ssl/ssl_locl.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@
-230,13
+229,6
@@
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
-# define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
- l|=((BN_ULLONG)(*((c)++)))<<32, \
- l|=((BN_ULLONG)(*((c)++)))<<24, \
- l|=((BN_ULLONG)(*((c)++)))<<16, \
- l|=((BN_ULLONG)(*((c)++)))<< 8, \
- l|=((BN_ULLONG)(*((c)++))))
-
/* NOTE - c is not incremented as per l2c */
# define l2cn(l1,l2,c,n) { \
c+=n; \
/* NOTE - c is not incremented as per l2c */
# define l2cn(l1,l2,c,n) { \
c+=n; \
@@
-305,24
+297,20
@@
# define SSL_kDHE 0x00000002U
/* synonym */
# define SSL_kEDH SSL_kDHE
# define SSL_kDHE 0x00000002U
/* synonym */
# define SSL_kEDH SSL_kDHE
-/* ECDH cert, RSA CA cert */
-# define SSL_kECDHr 0x00000004U
-/* ECDH cert, ECDSA CA cert */
-# define SSL_kECDHe 0x00000008U
/* ephemeral ECDH */
/* ephemeral ECDH */
-# define SSL_kECDHE 0x000000
10
U
+# define SSL_kECDHE 0x000000
04
U
/* synonym */
# define SSL_kEECDH SSL_kECDHE
/* PSK */
/* synonym */
# define SSL_kEECDH SSL_kECDHE
/* PSK */
-# define SSL_kPSK 0x000000
20
U
+# define SSL_kPSK 0x000000
08
U
/* GOST key exchange */
/* GOST key exchange */
-# define SSL_kGOST 0x000000
4
0U
+# define SSL_kGOST 0x000000
1
0U
/* SRP */
/* SRP */
-# define SSL_kSRP 0x000000
8
0U
+# define SSL_kSRP 0x000000
2
0U
-# define SSL_kRSAPSK 0x00000
10
0U
-# define SSL_kECDHEPSK 0x00000
20
0U
-# define SSL_kDHEPSK 0x00000
4
00U
+# define SSL_kRSAPSK 0x00000
04
0U
+# define SSL_kECDHEPSK 0x00000
08
0U
+# define SSL_kDHEPSK 0x00000
1
00U
/* all PSK */
/* all PSK */
@@
-335,18
+323,16
@@
# define SSL_aDSS 0x00000002U
/* no auth (i.e. use ADH or AECDH) */
# define SSL_aNULL 0x00000004U
# define SSL_aDSS 0x00000002U
/* no auth (i.e. use ADH or AECDH) */
# define SSL_aNULL 0x00000004U
-/* Fixed ECDH auth (kECDHe or kECDHr) */
-# define SSL_aECDH 0x00000008U
/* ECDSA auth*/
/* ECDSA auth*/
-# define SSL_aECDSA 0x000000
10
U
+# define SSL_aECDSA 0x000000
08
U
/* PSK auth */
/* PSK auth */
-# define SSL_aPSK 0x000000
2
0U
+# define SSL_aPSK 0x000000
1
0U
/* GOST R 34.10-2001 signature auth */
/* GOST R 34.10-2001 signature auth */
-# define SSL_aGOST01 0x000000
4
0U
+# define SSL_aGOST01 0x000000
2
0U
/* SRP auth */
/* SRP auth */
-# define SSL_aSRP 0x000000
8
0U
+# define SSL_aSRP 0x000000
4
0U
/* GOST R 34.10-2012 signature auth */
/* GOST R 34.10-2012 signature auth */
-# define SSL_aGOST12 0x00000
10
0U
+# define SSL_aGOST12 0x00000
08
0U
/* Bits for algorithm_enc (symmetric encryption) */
# define SSL_DES 0x00000001U
/* Bits for algorithm_enc (symmetric encryption) */
# define SSL_DES 0x00000001U
@@
-372,6
+358,7
@@
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
+# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
/* Bits for algorithm_mac (symmetric authentication) */
/* Bits for algorithm_mac (symmetric authentication) */
@@
-622,7
+609,7
@@
struct ssl_session_st {
/* This is the cert and type for the other end. */
X509 *peer;
int peer_type;
/* This is the cert and type for the other end. */
X509 *peer;
int peer_type;
- /* Certificate chain
of peer
*/
+ /* Certificate chain
peer sent
*/
STACK_OF(X509) *peer_chain;
/*
* when app_verify_callback accepts a session where the peer's
STACK_OF(X509) *peer_chain;
/*
* when app_verify_callback accepts a session where the peer's
@@
-692,7
+679,8
@@
struct ssl_comp_st {
};
DEFINE_LHASH_OF(SSL_SESSION);
};
DEFINE_LHASH_OF(SSL_SESSION);
-
+/* Needed in ssl_cert.c */
+DEFINE_LHASH_OF(X509_NAME);
struct ssl_ctx_st {
const SSL_METHOD *method;
struct ssl_ctx_st {
const SSL_METHOD *method;
@@
-732,7
+720,8
@@
struct ssl_ctx_st {
int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
- unsigned char *data, int len, int *copy);
+ const unsigned char *data, int len,
+ int *copy);
struct {
int sess_connect; /* SSL new conn - started */
int sess_connect_renegotiate; /* SSL reneg - requested */
struct {
int sess_connect; /* SSL new conn - started */
int sess_connect_renegotiate; /* SSL reneg - requested */
@@
-1065,8
+1054,10
@@
struct ssl_st {
unsigned int max_psk_len);
# endif
SSL_CTX *ctx;
unsigned int max_psk_len);
# endif
SSL_CTX *ctx;
- /* extra application data */
+ /* Verified chain of peer */
+ STACK_OF(X509) *verified_chain;
long verify_result;
long verify_result;
+ /* extra application data */
CRYPTO_EX_DATA ex_data;
/* for server side, keep the list of CA_dn we can use */
STACK_OF(X509_NAME) *client_CA;
CRYPTO_EX_DATA ex_data;
/* for server side, keep the list of CA_dn we can use */
STACK_OF(X509_NAME) *client_CA;
@@
-1085,7
+1076,7
@@
struct ssl_st {
/* TLS extension debug callback */
void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
/* TLS extension debug callback */
void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
- unsigned char *data, int len, void *arg);
+
const
unsigned char *data, int len, void *arg);
void *tlsext_debug_arg;
char *tlsext_hostname;
/*-
void *tlsext_debug_arg;
char *tlsext_hostname;
/*-
@@
-1174,7
+1165,7
@@
struct ssl_st {
* basis, depending on the chosen cipher.
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
* basis, depending on the chosen cipher.
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
-
+
RECORD_LAYER rlayer;
/* Default password callback. */
RECORD_LAYER rlayer;
/* Default password callback. */
@@
-1700,7
+1691,6
@@
typedef struct ssl3_comp_st {
# endif
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
# endif
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN const SSL_CIPHER ssl3_ciphers[];
SSL_METHOD *ssl_bad_method(int ver);
SSL_METHOD *ssl_bad_method(int ver);
@@
-1836,10
+1826,10
@@
const SSL_METHOD *func_name(void) \
struct openssl_ssl_test_functions {
int (*p_ssl_init_wbio_buffer) (SSL *s, int push);
int (*p_ssl3_setup_buffers) (SSL *s);
struct openssl_ssl_test_functions {
int (*p_ssl_init_wbio_buffer) (SSL *s, int push);
int (*p_ssl3_setup_buffers) (SSL *s);
- int (*p_tls1_process_heartbeat) (SSL *s,
- unsigned char *p, unsigned int length);
+# ifndef OPENSSL_NO_HEARTBEATS
int (*p_dtls1_process_heartbeat) (SSL *s,
unsigned char *p, unsigned int length);
int (*p_dtls1_process_heartbeat) (SSL *s,
unsigned char *p, unsigned int length);
+# endif
};
# ifndef OPENSSL_UNIT_TEST
};
# ifndef OPENSSL_UNIT_TEST
@@
-2057,9
+2047,7
@@
__owur int ssl_prepare_clienthello_tlsext(SSL *s);
__owur int ssl_prepare_serverhello_tlsext(SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS
__owur int ssl_prepare_serverhello_tlsext(SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS
-__owur int tls1_heartbeat(SSL *s);
__owur int dtls1_heartbeat(SSL *s);
__owur int dtls1_heartbeat(SSL *s);
-__owur int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length);
__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length);
# endif
__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length);
# endif
@@
-2155,7
+2143,6
@@
void custom_exts_free(custom_ext_methods *exts);
# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
-# define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
# define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
# endif
# define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
# endif