Tidy up EC parameter check code: instead of accessing internal structures

[openssl.git] / ssl / ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 95b531e8324c717cb950ca958862e4b15587b680..1b646515a0a92cd680011f90e9bc4ca171185168 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -506,6 +506,11 @@ typedef struct cert_st
 
        CERT_PKEY pkeys[SSL_PKEY_NUM];
 
+       /* Array of pairs of NIDs for signature algorithm extension */
+       TLS_SIGALGS *sigalgs;
+       /* Size of above array */
+       size_t sigalgslen;
+
        int references; /* >1 only if SSL_copy_session_id is used */
        } CERT;
 
@@ -534,7 +539,19 @@ typedef struct sess_cert_st
 
        int references; /* actually always 1 at the moment */
        } SESS_CERT;
-
+/* Structure containing decoded values of signature algorithms extension */
+struct tls_sigalgs_st
+       {
+       /* NID of hash algorithm */
+       int hash_nid;
+       /* NID of signature algorithm */
+       int sign_nid;
+       /* Combined hash and signature NID */
+       int signandhash_nid;
+       /* Raw values used in extension */
+       unsigned char rsign;
+       unsigned char rhash;
+       };
 
 /*#define MAC_DEBUG    */
 
@@ -571,11 +588,11 @@ typedef struct ssl3_enc_method
        const char *server_finished_label;
        int server_finished_label_len;
        int (*alert_value)(int);
-        int (*export_keying_material)(SSL *, unsigned char *, unsigned int,
-                                     const char *, unsigned int,
-                                     const unsigned char *, unsigned int,
-                                     int use_context);
-       } SSL3_ENC_METHOD;
+       int (*export_keying_material)(SSL *, unsigned char *, size_t,
+                                     const char *, size_t,
+                                     const unsigned char *, size_t,
+                                     int use_context);
+       } SSL3_ENC_METHOD;
 
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
@@ -971,6 +988,7 @@ void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
 long dtls1_default_timeout(void);
 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
+int dtls1_check_timeout_num(SSL *s);
 int dtls1_handle_timeout(SSL *s);
 const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
 void dtls1_start_timer(SSL *s);
@@ -1068,9 +1086,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
        unsigned char *p, int len);
-int tls1_export_keying_material(SSL *s, unsigned char *out, unsigned int olen, 
-       const char *label, unsigned int llen, const unsigned char *p, 
-        unsigned int plen, int use_context);
+int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+       const char *label, size_t llen,
+       const unsigned char *p, size_t plen, int use_context);
 int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
@@ -1084,9 +1102,20 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
 #ifndef OPENSSL_NO_EC
 int tls1_ec_curve_id2nid(int curve_id);
 int tls1_ec_nid2curve_id(int nid);
+int tls1_shared_curve(SSL *s, int nmatch);
+int tls1_set_curves(unsigned char **pext, size_t *pextlen,
+                       int *curves, size_t ncurves);
+int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, 
+                               const char *str);
+int tls1_check_ec_server_key(SSL *s);
+int tls1_check_ec_tmp_key(SSL *s);
 #endif /* OPENSSL_NO_EC */
 
 #ifndef OPENSSL_NO_TLSEXT
+int tls1_shared_list(SSL *s,
+                       const unsigned char *l1, size_t l1len,
+                       const unsigned char *l2, size_t l2len,
+                       int nmatch);
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);