X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl3.h;h=f49e1c8c7641369c1760736dc34fb86db073e95b;hp=2c2f6ae6fea329b83cdbb9bb2f9117ba157159f2;hb=45473632c54947859a731dfe2db087c002ef7aa7;hpb=dece3209f299ebcd82414868ee39b2c6feb3be0a diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 2c2f6ae6fe..f49e1c8c76 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -422,6 +422,8 @@ typedef struct ssl3_buffer_st * effected, but we can't prevent that. */ #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 +/* Set if we encrypt then mac instead of usual mac then encrypt */ +#define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0080 #ifndef OPENSSL_NO_SSL_INTERN @@ -564,20 +566,6 @@ typedef struct ssl3_state_st #endif #ifndef OPENSSL_NO_TLSEXT - /* tlsext_authz_client_types contains an array of supported authz - * types, as advertised by the client. The array is sorted and - * does not contain any duplicates. */ - unsigned char *tlsext_authz_client_types; - size_t tlsext_authz_client_types_len; - /* tlsext_authz_promised_to_client is true iff we're a server and we - * echoed the client's supplemental data extension and therefore must - * send a supplemental data handshake message. */ - char tlsext_authz_promised_to_client; - /* tlsext_authz_server_promised is true iff we're a client and the - * server echoed our server_authz extension and therefore must send us - * a supplemental data handshake message. */ - char tlsext_authz_server_promised; - /* tlsext_custom_types contains an array of TLS Extension types which * were advertised by the client in its ClientHello, which were not * otherwise handled by OpenSSL, and which the server has registered @@ -602,9 +590,9 @@ typedef struct ssl3_state_st * running on OS X 10.6 or newer. We wish to know this because Safari * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ char is_probably_safari; -#endif /* OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_EC */ -#endif /* OPENSSL_NO_TLSEXT */ +#endif /* !OPENSSL_NO_TLSEXT */ } SSL3_STATE; #endif @@ -633,8 +621,10 @@ typedef struct ssl3_state_st #define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) -#define SSL3_ST_CR_SUPPLEMENTAL_DATA_A (0x210|SSL_ST_CONNECT) -#define SSL3_ST_CR_SUPPLEMENTAL_DATA_B (0x211|SSL_ST_CONNECT) +#ifndef OPENSSL_NO_TLSEXT +#define SSL3_ST_CR_SUPPLEMENTAL_DATA_A (0x212|SSL_ST_CONNECT) +#define SSL3_ST_CR_SUPPLEMENTAL_DATA_B (0x213|SSL_ST_CONNECT) +#endif /* write to server */ #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) @@ -649,6 +639,10 @@ typedef struct ssl3_state_st #ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) +#ifndef OPENSSL_NO_TLSEXT +#define SSL3_ST_CW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_CONNECT) +#define SSL3_ST_CW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_CONNECT) +#endif #endif #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) @@ -674,6 +668,10 @@ typedef struct ssl3_state_st #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) +#ifndef OPENSSL_NO_TLSEXT +#define SSL3_ST_SR_SUPPLEMENTAL_DATA_A (0x212|SSL_ST_ACCEPT) +#define SSL3_ST_SR_SUPPLEMENTAL_DATA_B (0x213|SSL_ST_ACCEPT) +#endif /* write to client */ #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) @@ -714,8 +712,10 @@ typedef struct ssl3_state_st #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x220|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x221|SSL_ST_ACCEPT) +#ifndef OPENSSL_NO_TLSEXT +#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_ACCEPT) +#endif #define SSL3_MT_HELLO_REQUEST 0 #define SSL3_MT_CLIENT_HELLO 1 @@ -729,7 +729,9 @@ typedef struct ssl3_state_st #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 #define SSL3_MT_FINISHED 20 #define SSL3_MT_CERTIFICATE_STATUS 22 +#ifndef OPENSSL_NO_TLSEXT #define SSL3_MT_SUPPLEMENTAL_DATA 23 +#endif #ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_MT_NEXT_PROTO 67 #endif