/* SRP */
# define SSL_kSRP 0x00000400L
+# define SSL_kRSAPSK 0x00000800L
+# define SSL_kECDHEPSK 0x00001000L
+# define SSL_kDHEPSK 0x00002000L
+
+/* all PSK */
+
+#define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
+
/* Bits for algorithm_auth (server authentication) */
/* RSA auth */
# define SSL_aRSA 0x00000001L
# ifndef OPENSSL_NO_SRP
char *srp_username;
# endif
- long flags;
+ uint32_t flags;
};
/* Extended master secret support */
* SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
* means only SSL_accept which cache SSL_SESSIONS.
*/
- int session_cache_mode;
+ uint32_t session_cache_mode;
/*
* If timeout is not 0, it is the default timeout value set when
* SSL_new() is called. This has been put in to make life easier to set
* SSL_new)
*/
- unsigned long options;
- unsigned long mode;
+ uint32_t options;
+ uint32_t mode;
long max_cert_list;
struct cert_st /* CERT */ *cert;
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
- int verify_mode;
+ uint32_t verify_mode;
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* called 'verify_callback' in the SSL */
* These are the ones being used, the ones in SSL_SESSION are the ones to
* be 'copied' into these ones
*/
- int mac_flags;
+ uint32_t mac_flags;
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
EVP_MD_CTX *read_hash; /* used for mac generation */
COMP_CTX *compress; /* compression */
* 0 don't care about verify failure.
* 1 fail if verify fails
*/
- int verify_mode;
+ uint32_t verify_mode;
/* fail if callback returns 0 */
int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
/* optional informational callback */
STACK_OF(X509_NAME) *client_CA;
int references;
/* protocol behaviour */
- unsigned long options;
+ uint32_t options;
/* API behaviour */
- unsigned long mode;
+ uint32_t mode;
long max_cert_list;
int first_packet;
/* what was passed, used for SSLv3/TLS rollback check */
typedef struct ssl3_state_st {
long flags;
- int delay_buf_pop_ret;
int read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
int write_mac_secret_size;
/* Temporary storage for premaster secret */
unsigned char *pms;
size_t pmslen;
+#ifndef OPENSSL_NO_PSK
+ /* Temporary storage for PSK key */
+ unsigned char *psk;
+ size_t psklen;
+#endif
/*
* signature algorithms peer reports: e.g. supported signature
* algorithms extension for server or as part of a certificate
* SSL session: e.g. appropriate curve, signature algorithms etc.
* If zero it can't be used at all.
*/
- int valid_flags[SSL_PKEY_NUM];
+ uint32_t valid_flags[SSL_PKEY_NUM];
/*
* For servers the following masks are for the key and auth algorithms
* that are supported by the certs below. For clients they are masks of
* Per-connection flags relating to this extension type: not used if
* part of an SSL_CTX structure.
*/
- unsigned short ext_flags;
+ uint32_t ext_flags;
custom_ext_add_cb add_cb;
custom_ext_free_cb free_cb;
void *add_arg;
int ecdh_tmp_auto;
# endif
/* Flags related to certificates */
- unsigned int cert_flags;
+ uint32_t cert_flags;
CERT_PKEY pkeys[SSL_PKEY_NUM];
/*
* Certificate types (received or sent) in certificate request message.
const unsigned char *, size_t,
int use_context);
/* Various flags indicating protocol version requirements */
- unsigned int enc_flags;
+ uint32_t enc_flags;
/* Handshake header length */
unsigned int hhlen;
/* Set the handshake header */
projects / openssl.git / blobdiff