1 files changed, 45 insertions, 2 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index d87fd51cfa..e485907748 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -215,6 +215,15 @@
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
                         *((c)++)=(unsigned char)(((l)    )&0xff))
+#define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
 #define n2l6(c,l)       (l =((BN_ULLONG)(*((c)++)))<<40, \
                         l|=((BN_ULLONG)(*((c)++)))<<32, \
                         l|=((BN_ULLONG)(*((c)++)))<<24, \
@@ -612,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
 extern SSL3_ENC_METHOD SSLv3_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
 #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
                                s_get_meth) \
 const SSL_METHOD *func_name(void)  \
@@ -830,13 +841,15 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
-X509 *ssl_get_server_send_cert(SSL *);
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
+X509 *ssl_get_server_send_cert(const SSL *);
 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
@@ -1088,7 +1101,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
-int ssl_check_clienthello_tlsext(SSL *s);
+int ssl_check_clienthello_tlsext_early(SSL *s);
+int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 #ifndef OPENSSL_NO_HEARTBEATS
@@ -1131,4 +1145,33 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al
 int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
 int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
+/* s3_cbc.c */
+void ssl3_cbc_copy_mac(unsigned char* out,
+                       const SSL3_RECORD *rec,
+                       unsigned md_size,unsigned orig_len);
+int ssl3_cbc_remove_padding(const SSL* s,
+                            SSL3_RECORD *rec,
+                            unsigned block_size,
+                            unsigned mac_size);
+int tls1_cbc_remove_padding(const SSL* s,
+                            SSL3_RECORD *rec,
+                            unsigned block_size,
+                            unsigned mac_size);
+char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+void ssl3_cbc_digest_record(
+        const EVP_MD_CTX *ctx,
+        unsigned char* md_out,
+        size_t* md_out_size,
+        const unsigned char header[13],
+        const unsigned char *data,
+        size_t data_plus_mac_size,
+        size_t data_plus_mac_plus_padding_size,
+        const unsigned char *mac_secret,
+        unsigned mac_secret_length,
+        char is_sslv3);
+void tls_fips_digest_extra(
+        const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
+        const unsigned char *data, size_t data_len, size_t orig_len);
 #endif

diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index d87fd51cfa..e485907748 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -215,6 +215,15 @@
215	*((c)++)=(unsigned char)(((l)>> 8)&0xff), \	215	*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
216	*((c)++)=(unsigned char)(((l) )&0xff))	216	*((c)++)=(unsigned char)(((l) )&0xff))
217		217
		218	#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
		219	*((c)++)=(unsigned char)(((l)>>48)&0xff), \
		220	*((c)++)=(unsigned char)(((l)>>40)&0xff), \
		221	*((c)++)=(unsigned char)(((l)>>32)&0xff), \
		222	*((c)++)=(unsigned char)(((l)>>24)&0xff), \
		223	*((c)++)=(unsigned char)(((l)>>16)&0xff), \
		224	*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
		225	*((c)++)=(unsigned char)(((l) )&0xff))
		226
218	#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \	227	#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
219	l\|=((BN_ULLONG)(*((c)++)))<<32, \	228	l\|=((BN_ULLONG)(*((c)++)))<<32, \
220	l\|=((BN_ULLONG)(*((c)++)))<<24, \	229	l\|=((BN_ULLONG)(*((c)++)))<<24, \
@@ -612,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
612	extern SSL3_ENC_METHOD SSLv3_enc_data;	621	extern SSL3_ENC_METHOD SSLv3_enc_data;
613	extern SSL3_ENC_METHOD DTLSv1_enc_data;	622	extern SSL3_ENC_METHOD DTLSv1_enc_data;
614		623
		624	#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
		625
615	#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \	626	#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
616	s_get_meth) \	627	s_get_meth) \
617	const SSL_METHOD *func_name(void) \	628	const SSL_METHOD *func_name(void) \
@@ -830,13 +841,15 @@ int ssl_verify_cert_chain(SSL s,STACK_OF(X509) sk);
830	int ssl_undefined_function(SSL *s);	841	int ssl_undefined_function(SSL *s);
831	int ssl_undefined_void_function(void);	842	int ssl_undefined_void_function(void);
832	int ssl_undefined_const_function(const SSL *s);	843	int ssl_undefined_const_function(const SSL *s);
833	X509 ssl_get_server_send_cert(SSL );	844	CERT_PKEY ssl_get_server_send_pkey(const SSL s);
		845	X509 ssl_get_server_send_cert(const SSL );
834	EVP_PKEY ssl_get_sign_pkey(SSL s,const SSL_CIPHER c, const EVP_MD *pmd);	846	EVP_PKEY ssl_get_sign_pkey(SSL s,const SSL_CIPHER c, const EVP_MD *pmd);
835	int ssl_cert_type(X509 x,EVP_PKEY pkey);	847	int ssl_cert_type(X509 x,EVP_PKEY pkey);
836	void ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher);	848	void ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher);
837	STACK_OF(SSL_CIPHER) ssl_get_ciphers_by_id(SSL s);	849	STACK_OF(SSL_CIPHER) ssl_get_ciphers_by_id(SSL s);
838	int ssl_verify_alarm_type(long type);	850	int ssl_verify_alarm_type(long type);
839	void ssl_load_ciphers(void);	851	void ssl_load_ciphers(void);
		852	int ssl_fill_hello_random(SSL s, int server, unsigned char field, int len);
840		853
841	int ssl2_enc_init(SSL *s, int client);	854	int ssl2_enc_init(SSL *s, int client);
842	int ssl2_generate_key_material(SSL *s);	855	int ssl2_generate_key_material(SSL *s);
@@ -1088,7 +1101,8 @@ int ssl_parse_clienthello_tlsext(SSL s, unsigned char data, unsigned char d,
1088	int ssl_parse_serverhello_tlsext(SSL s, unsigned char data, unsigned char d, int n, int *al);	1101	int ssl_parse_serverhello_tlsext(SSL s, unsigned char data, unsigned char d, int n, int *al);
1089	int ssl_prepare_clienthello_tlsext(SSL *s);	1102	int ssl_prepare_clienthello_tlsext(SSL *s);
1090	int ssl_prepare_serverhello_tlsext(SSL *s);	1103	int ssl_prepare_serverhello_tlsext(SSL *s);
1091	int ssl_check_clienthello_tlsext(SSL *s);	1104	int ssl_check_clienthello_tlsext_early(SSL *s);
		1105	int ssl_check_clienthello_tlsext_late(SSL *s);
1092	int ssl_check_serverhello_tlsext(SSL *s);	1106	int ssl_check_serverhello_tlsext(SSL *s);
1093		1107
1094	#ifndef OPENSSL_NO_HEARTBEATS	1108	#ifndef OPENSSL_NO_HEARTBEATS
@@ -1131,4 +1145,33 @@ int ssl_parse_clienthello_use_srtp_ext(SSL s, unsigned char d, int len,int *al
1131	int ssl_add_serverhello_use_srtp_ext(SSL s, unsigned char p, int *len, int maxlen);	1145	int ssl_add_serverhello_use_srtp_ext(SSL s, unsigned char p, int *len, int maxlen);
1132	int ssl_parse_serverhello_use_srtp_ext(SSL s, unsigned char d, int len,int *al);	1146	int ssl_parse_serverhello_use_srtp_ext(SSL s, unsigned char d, int len,int *al);
1133		1147
		1148	/* s3_cbc.c */
		1149	void ssl3_cbc_copy_mac(unsigned char* out,
		1150	const SSL3_RECORD *rec,
		1151	unsigned md_size,unsigned orig_len);
		1152	int ssl3_cbc_remove_padding(const SSL* s,
		1153	SSL3_RECORD *rec,
		1154	unsigned block_size,
		1155	unsigned mac_size);
		1156	int tls1_cbc_remove_padding(const SSL* s,
		1157	SSL3_RECORD *rec,
		1158	unsigned block_size,
		1159	unsigned mac_size);
		1160	char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
		1161	void ssl3_cbc_digest_record(
		1162	const EVP_MD_CTX *ctx,
		1163	unsigned char* md_out,
		1164	size_t* md_out_size,
		1165	const unsigned char header[13],
		1166	const unsigned char *data,
		1167	size_t data_plus_mac_size,
		1168	size_t data_plus_mac_plus_padding_size,
		1169	const unsigned char *mac_secret,
		1170	unsigned mac_secret_length,
		1171	char is_sslv3);
		1172
		1173	void tls_fips_digest_extra(
		1174	const EVP_CIPHER_CTX cipher_ctx, EVP_MD_CTX mac_ctx,
		1175	const unsigned char *data, size_t data_len, size_t orig_len);
		1176
1134	#endif	1177	#endif