X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=913b0e9dc31722106d22e226a19fbaced3d8da27;hp=3745f0f0e2edcab4584fb6233cc78951c5f2bf76;hb=ce0c1f2bb2fd296f10a2847844205df0ed95fb8e;hpb=cf2cede4a75f5e269f791bf1dcc029bba8c1f689 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 3745f0f0e2..913b0e9dc3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1,4 +1,3 @@ -/* ssl/ssl_locl.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -230,13 +229,6 @@ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) -# define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ - l|=((BN_ULLONG)(*((c)++)))<<32, \ - l|=((BN_ULLONG)(*((c)++)))<<24, \ - l|=((BN_ULLONG)(*((c)++)))<<16, \ - l|=((BN_ULLONG)(*((c)++)))<< 8, \ - l|=((BN_ULLONG)(*((c)++)))) - /* NOTE - c is not incremented as per l2c */ # define l2cn(l1,l2,c,n) { \ c+=n; \ @@ -305,24 +297,20 @@ # define SSL_kDHE 0x00000002U /* synonym */ # define SSL_kEDH SSL_kDHE -/* ECDH cert, RSA CA cert */ -# define SSL_kECDHr 0x00000004U -/* ECDH cert, ECDSA CA cert */ -# define SSL_kECDHe 0x00000008U /* ephemeral ECDH */ -# define SSL_kECDHE 0x00000010U +# define SSL_kECDHE 0x00000004U /* synonym */ # define SSL_kEECDH SSL_kECDHE /* PSK */ -# define SSL_kPSK 0x00000020U +# define SSL_kPSK 0x00000008U /* GOST key exchange */ -# define SSL_kGOST 0x00000040U +# define SSL_kGOST 0x00000010U /* SRP */ -# define SSL_kSRP 0x00000080U +# define SSL_kSRP 0x00000020U -# define SSL_kRSAPSK 0x00000100U -# define SSL_kECDHEPSK 0x00000200U -# define SSL_kDHEPSK 0x00000400U +# define SSL_kRSAPSK 0x00000040U +# define SSL_kECDHEPSK 0x00000080U +# define SSL_kDHEPSK 0x00000100U /* all PSK */ @@ -335,18 +323,16 @@ # define SSL_aDSS 0x00000002U /* no auth (i.e. use ADH or AECDH) */ # define SSL_aNULL 0x00000004U -/* Fixed ECDH auth (kECDHe or kECDHr) */ -# define SSL_aECDH 0x00000008U /* ECDSA auth*/ -# define SSL_aECDSA 0x00000010U +# define SSL_aECDSA 0x00000008U /* PSK auth */ -# define SSL_aPSK 0x00000020U +# define SSL_aPSK 0x00000010U /* GOST R 34.10-2001 signature auth */ -# define SSL_aGOST01 0x00000040U +# define SSL_aGOST01 0x00000020U /* SRP auth */ -# define SSL_aSRP 0x00000080U +# define SSL_aSRP 0x00000040U /* GOST R 34.10-2012 signature auth */ -# define SSL_aGOST12 0x00000100U +# define SSL_aGOST12 0x00000080U /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001U @@ -372,6 +358,7 @@ # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) +# define SSL_CHACHA20 (SSL_CHACHA20POLY1305) /* Bits for algorithm_mac (symmetric authentication) */ @@ -622,7 +609,7 @@ struct ssl_session_st { /* This is the cert and type for the other end. */ X509 *peer; int peer_type; - /* Certificate chain of peer */ + /* Certificate chain peer sent */ STACK_OF(X509) *peer_chain; /* * when app_verify_callback accepts a session where the peer's @@ -692,7 +679,8 @@ struct ssl_comp_st { }; DEFINE_LHASH_OF(SSL_SESSION); - +/* Needed in ssl_cert.c */ +DEFINE_LHASH_OF(X509_NAME); struct ssl_ctx_st { const SSL_METHOD *method; @@ -732,7 +720,8 @@ struct ssl_ctx_st { int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, - unsigned char *data, int len, int *copy); + const unsigned char *data, int len, + int *copy); struct { int sess_connect; /* SSL new conn - started */ int sess_connect_renegotiate; /* SSL reneg - requested */ @@ -1065,8 +1054,10 @@ struct ssl_st { unsigned int max_psk_len); # endif SSL_CTX *ctx; - /* extra application data */ + /* Verified chain of peer */ + STACK_OF(X509) *verified_chain; long verify_result; + /* extra application data */ CRYPTO_EX_DATA ex_data; /* for server side, keep the list of CA_dn we can use */ STACK_OF(X509_NAME) *client_CA; @@ -1085,7 +1076,7 @@ struct ssl_st { /* TLS extension debug callback */ void (*tlsext_debug_cb) (SSL *s, int client_server, int type, - unsigned char *data, int len, void *arg); + const unsigned char *data, int len, void *arg); void *tlsext_debug_arg; char *tlsext_hostname; /*- @@ -1836,8 +1827,6 @@ const SSL_METHOD *func_name(void) \ struct openssl_ssl_test_functions { int (*p_ssl_init_wbio_buffer) (SSL *s, int push); int (*p_ssl3_setup_buffers) (SSL *s); - int (*p_tls1_process_heartbeat) (SSL *s, - unsigned char *p, unsigned int length); int (*p_dtls1_process_heartbeat) (SSL *s, unsigned char *p, unsigned int length); }; @@ -2057,9 +2046,7 @@ __owur int ssl_prepare_clienthello_tlsext(SSL *s); __owur int ssl_prepare_serverhello_tlsext(SSL *s); # ifndef OPENSSL_NO_HEARTBEATS -__owur int tls1_heartbeat(SSL *s); __owur int dtls1_heartbeat(SSL *s); -__owur int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length); __owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length); # endif @@ -2155,7 +2142,6 @@ void custom_exts_free(custom_ext_methods *exts); # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer # define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers -# define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat # define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat # endif