const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to
* load the 'cipher' structure */
- STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
+ STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */
CRYPTO_EX_DATA ex_data; /* application specific data */
/*
* These are used to make removal of session-ids more efficient and to
/* Needed in ssl_cert.c */
DEFINE_LHASH_OF(X509_NAME);
-# define TLSEXT_KEYNAME_LENGTH 16
+# define TLSEXT_KEYNAME_LENGTH 16
+# define TLSEXT_TICK_KEY_LENGTH 32
+
+typedef struct ssl_ctx_ext_secure_st {
+ unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH];
+ unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
+} SSL_CTX_EXT_SECURE;
struct ssl_ctx_st {
const SSL_METHOD *method;
void *servername_arg;
/* RFC 4507 session ticket keys */
unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH];
- unsigned char tick_hmac_key[32];
- unsigned char tick_aes_key[32];
+ SSL_CTX_EXT_SECURE *secure;
/* Callback to support customisation of ticket key setting */
int (*ticket_key_cb) (SSL *ssl,
unsigned char *name, unsigned char *iv,
/* Shared DANE context */
struct dane_ctx_st dane;
+# ifndef OPENSSL_NO_SRTP
/* SRTP profiles we are willing to do from RFC 5764 */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+# endif
/*
* Callback for disabling session caching and ticket support on a session
* basis, depending on the chosen cipher.
int scts_parsed;
# endif
SSL_CTX *session_ctx; /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_SRTP
/* What we'll do */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* What's been chosen */
SRTP_PROTECTION_PROFILE *srtp_profile;
+# endif
/*-
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
+__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
size_t *serverinfo_length);
void ssl_set_masks(SSL *s);
__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-__owur int ssl_verify_alarm_type(long type);
+__owur int ssl_x509err2alert(int type);
void ssl_sort_cipher_list(void);
int ssl_load_ciphers(void);
__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
# ifndef OPENSSL_NO_EC
__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
-__owur int tls1_check_group_id(SSL *s, uint16_t group_id);
+__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
int *curves, size_t ncurves);
#define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET"
#define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0"
#define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0"
+#define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET"
+#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET"
/* s3_cbc.c */
__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
void ssl_comp_free_compression_methods_int(void);
+/* ssl_mcnf.c */
+void ssl_ctx_system_config(SSL_CTX *ctx);
+
# else /* OPENSSL_UNIT_TEST */
# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer