-/* ssl/ssl_locl.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
-# define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
- l|=((BN_ULLONG)(*((c)++)))<<32, \
- l|=((BN_ULLONG)(*((c)++)))<<24, \
- l|=((BN_ULLONG)(*((c)++)))<<16, \
- l|=((BN_ULLONG)(*((c)++)))<< 8, \
- l|=((BN_ULLONG)(*((c)++))))
-
/* NOTE - c is not incremented as per l2c */
# define l2cn(l1,l2,c,n) { \
c+=n; \
# define SSL_kDHE 0x00000002U
/* synonym */
# define SSL_kEDH SSL_kDHE
-/* ECDH cert, RSA CA cert */
-# define SSL_kECDHr 0x00000004U
-/* ECDH cert, ECDSA CA cert */
-# define SSL_kECDHe 0x00000008U
/* ephemeral ECDH */
-# define SSL_kECDHE 0x00000010U
+# define SSL_kECDHE 0x00000004U
/* synonym */
# define SSL_kEECDH SSL_kECDHE
/* PSK */
-# define SSL_kPSK 0x00000020U
+# define SSL_kPSK 0x00000008U
/* GOST key exchange */
-# define SSL_kGOST 0x00000040U
+# define SSL_kGOST 0x00000010U
/* SRP */
-# define SSL_kSRP 0x00000080U
+# define SSL_kSRP 0x00000020U
-# define SSL_kRSAPSK 0x00000100U
-# define SSL_kECDHEPSK 0x00000200U
-# define SSL_kDHEPSK 0x00000400U
+# define SSL_kRSAPSK 0x00000040U
+# define SSL_kECDHEPSK 0x00000080U
+# define SSL_kDHEPSK 0x00000100U
/* all PSK */
# define SSL_aDSS 0x00000002U
/* no auth (i.e. use ADH or AECDH) */
# define SSL_aNULL 0x00000004U
-/* Fixed ECDH auth (kECDHe or kECDHr) */
-# define SSL_aECDH 0x00000008U
/* ECDSA auth*/
-# define SSL_aECDSA 0x00000010U
+# define SSL_aECDSA 0x00000008U
/* PSK auth */
-# define SSL_aPSK 0x00000020U
+# define SSL_aPSK 0x00000010U
/* GOST R 34.10-2001 signature auth */
-# define SSL_aGOST01 0x00000040U
+# define SSL_aGOST01 0x00000020U
/* SRP auth */
-# define SSL_aSRP 0x00000080U
+# define SSL_aSRP 0x00000040U
/* GOST R 34.10-2012 signature auth */
-# define SSL_aGOST12 0x00000100U
+# define SSL_aGOST12 0x00000080U
/* Bits for algorithm_enc (symmetric encryption) */
# define SSL_DES 0x00000001U
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
+# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
/* Bits for algorithm_mac (symmetric authentication) */
/* This is the cert and type for the other end. */
X509 *peer;
int peer_type;
- /* Certificate chain of peer */
+ /* Certificate chain peer sent */
STACK_OF(X509) *peer_chain;
/*
* when app_verify_callback accepts a session where the peer's
# endif
-typedef struct ssl_comp_st SSL_COMP;
-
struct ssl_comp_st {
int id;
const char *name;
COMP_METHOD *method;
};
-DECLARE_STACK_OF(SSL_COMP)
-DECLARE_LHASH_OF(SSL_SESSION);
-
+DEFINE_LHASH_OF(SSL_SESSION);
+/* Needed in ssl_cert.c */
+DEFINE_LHASH_OF(X509_NAME);
struct ssl_ctx_st {
const SSL_METHOD *method;
int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
- unsigned char *data, int len, int *copy);
+ const unsigned char *data, int len,
+ int *copy);
struct {
int sess_connect; /* SSL new conn - started */
int sess_connect_renegotiate; /* SSL reneg - requested */
unsigned int max_psk_len);
# endif
SSL_CTX *ctx;
- /*
- * set this flag to 1 and a sleep(1) is put into all SSL_read() and
- * SSL_write() calls, good for nbio debuging :-)
- */
- int debug;
- /* extra application data */
+ /* Verified chain of peer */
+ STACK_OF(X509) *verified_chain;
long verify_result;
+ /* extra application data */
CRYPTO_EX_DATA ex_data;
/* for server side, keep the list of CA_dn we can use */
STACK_OF(X509_NAME) *client_CA;
/* TLS extension debug callback */
void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
- unsigned char *data, int len, void *arg);
+ const unsigned char *data, int len, void *arg);
void *tlsext_debug_arg;
char *tlsext_hostname;
/*-
* basis, depending on the chosen cipher.
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
-
+
RECORD_LAYER rlayer;
/* Default password callback. */
unsigned char *reassembly;
} hm_fragment;
+typedef struct pqueue_st pqueue;
+typedef struct pitem_st pitem;
+
+struct pitem_st {
+ unsigned char priority[8]; /* 64-bit value in big-endian encoding */
+ void *data;
+ pitem *next;
+};
+
+typedef struct pitem_st *piterator;
+
+pitem *pitem_new(unsigned char *prio64be, void *data);
+void pitem_free(pitem *item);
+pqueue* pqueue_new(void);
+void pqueue_free(pqueue *pq);
+pitem *pqueue_insert(pqueue *pq, pitem *item);
+pitem *pqueue_peek(pqueue *pq);
+pitem *pqueue_pop(pqueue *pq);
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be);
+pitem *pqueue_iterator(pqueue *pq);
+pitem *pqueue_next(piterator *iter);
+void pqueue_print(pqueue *pq);
+int pqueue_size(pqueue *pq);
+
typedef struct dtls1_state_st {
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned int cookie_len;
unsigned short handshake_read_seq;
/* Buffered handshake messages */
- pqueue buffered_messages;
+ pqueue *buffered_messages;
/* Buffered (sent) handshake records */
- pqueue sent_messages;
+ pqueue *sent_messages;
unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max DTLS packet size */
# endif
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN const SSL_CIPHER ssl3_ciphers[];
SSL_METHOD *ssl_bad_method(int ver);
struct openssl_ssl_test_functions {
int (*p_ssl_init_wbio_buffer) (SSL *s, int push);
int (*p_ssl3_setup_buffers) (SSL *s);
- int (*p_tls1_process_heartbeat) (SSL *s,
- unsigned char *p, unsigned int length);
+# ifndef OPENSSL_NO_HEARTBEATS
int (*p_dtls1_process_heartbeat) (SSL *s,
unsigned char *p, unsigned int length);
+# endif
};
# ifndef OPENSSL_UNIT_TEST
__owur int ssl_prepare_serverhello_tlsext(SSL *s);
# ifndef OPENSSL_NO_HEARTBEATS
-__owur int tls1_heartbeat(SSL *s);
__owur int dtls1_heartbeat(SSL *s);
-__owur int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length);
__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length);
# endif
# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
-# define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
# define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
# endif