summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/ssl/ssl_locl.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/ssl/ssl_locl.h')
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h75
1 files changed, 10 insertions, 65 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index d87fd51cfa..cea622a2a6 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -170,7 +170,7 @@
170# define OPENSSL_EXTERN OPENSSL_EXPORT 170# define OPENSSL_EXTERN OPENSSL_EXPORT
171#endif 171#endif
172 172
173#undef PKCS1_CHECK 173#define PKCS1_CHECK
174 174
175#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ 175#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
176 l|=(((unsigned long)(*((c)++)))<< 8), \ 176 l|=(((unsigned long)(*((c)++)))<< 8), \
@@ -289,7 +289,6 @@
289#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ 289#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
290#define SSL_kPSK 0x00000100L /* PSK */ 290#define SSL_kPSK 0x00000100L /* PSK */
291#define SSL_kGOST 0x00000200L /* GOST key exchange */ 291#define SSL_kGOST 0x00000200L /* GOST key exchange */
292#define SSL_kSRP 0x00000400L /* SRP */
293 292
294/* Bits for algorithm_auth (server authentication) */ 293/* Bits for algorithm_auth (server authentication) */
295#define SSL_aRSA 0x00000001L /* RSA auth */ 294#define SSL_aRSA 0x00000001L /* RSA auth */
@@ -317,29 +316,21 @@
317#define SSL_CAMELLIA256 0x00000200L 316#define SSL_CAMELLIA256 0x00000200L
318#define SSL_eGOST2814789CNT 0x00000400L 317#define SSL_eGOST2814789CNT 0x00000400L
319#define SSL_SEED 0x00000800L 318#define SSL_SEED 0x00000800L
320#define SSL_AES128GCM 0x00001000L
321#define SSL_AES256GCM 0x00002000L
322 319
323#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) 320#define SSL_AES (SSL_AES128|SSL_AES256)
324#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) 321#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
325 322
326 323
327/* Bits for algorithm_mac (symmetric authentication) */ 324/* Bits for algorithm_mac (symmetric authentication) */
328
329#define SSL_MD5 0x00000001L 325#define SSL_MD5 0x00000001L
330#define SSL_SHA1 0x00000002L 326#define SSL_SHA1 0x00000002L
331#define SSL_GOST94 0x00000004L 327#define SSL_GOST94 0x00000004L
332#define SSL_GOST89MAC 0x00000008L 328#define SSL_GOST89MAC 0x00000008L
333#define SSL_SHA256 0x00000010L
334#define SSL_SHA384 0x00000020L
335/* Not a real MAC, just an indication it is part of cipher */
336#define SSL_AEAD 0x00000040L
337 329
338/* Bits for algorithm_ssl (protocol version) */ 330/* Bits for algorithm_ssl (protocol version) */
339#define SSL_SSLV2 0x00000001L 331#define SSL_SSLV2 0x00000001L
340#define SSL_SSLV3 0x00000002L 332#define SSL_SSLV3 0x00000002L
341#define SSL_TLSV1 SSL_SSLV3 /* for now */ 333#define SSL_TLSV1 SSL_SSLV3 /* for now */
342#define SSL_TLSV1_2 0x00000004L
343 334
344 335
345/* Bits for algorithm2 (handshake digests and other extra flags) */ 336/* Bits for algorithm2 (handshake digests and other extra flags) */
@@ -347,21 +338,15 @@
347#define SSL_HANDSHAKE_MAC_MD5 0x10 338#define SSL_HANDSHAKE_MAC_MD5 0x10
348#define SSL_HANDSHAKE_MAC_SHA 0x20 339#define SSL_HANDSHAKE_MAC_SHA 0x20
349#define SSL_HANDSHAKE_MAC_GOST94 0x40 340#define SSL_HANDSHAKE_MAC_GOST94 0x40
350#define SSL_HANDSHAKE_MAC_SHA256 0x80
351#define SSL_HANDSHAKE_MAC_SHA384 0x100
352#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) 341#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
353 342
354/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX 343/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
355 * make sure to update this constant too */ 344 * make sure to update this constant too */
356#define SSL_MAX_DIGEST 6 345#define SSL_MAX_DIGEST 4
357
358#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT)
359 346
360#define TLS1_PRF_DGST_SHIFT 10 347#define TLS1_PRF_DGST_SHIFT 8
361#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) 348#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
362#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) 349#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
363#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
364#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
365#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) 350#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
366#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) 351#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
367 352
@@ -472,8 +457,6 @@ typedef struct cert_pkey_st
472 { 457 {
473 X509 *x509; 458 X509 *x509;
474 EVP_PKEY *privatekey; 459 EVP_PKEY *privatekey;
475 /* Digest to use when signing */
476 const EVP_MD *digest;
477 } CERT_PKEY; 460 } CERT_PKEY;
478 461
479typedef struct cert_st 462typedef struct cert_st
@@ -571,10 +554,6 @@ typedef struct ssl3_enc_method
571 const char *server_finished_label; 554 const char *server_finished_label;
572 int server_finished_label_len; 555 int server_finished_label_len;
573 int (*alert_value)(int); 556 int (*alert_value)(int);
574 int (*export_keying_material)(SSL *, unsigned char *, size_t,
575 const char *, size_t,
576 const unsigned char *, size_t,
577 int use_context);
578 } SSL3_ENC_METHOD; 557 } SSL3_ENC_METHOD;
579 558
580#ifndef OPENSSL_NO_COMP 559#ifndef OPENSSL_NO_COMP
@@ -612,12 +591,11 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
612extern SSL3_ENC_METHOD SSLv3_enc_data; 591extern SSL3_ENC_METHOD SSLv3_enc_data;
613extern SSL3_ENC_METHOD DTLSv1_enc_data; 592extern SSL3_ENC_METHOD DTLSv1_enc_data;
614 593
615#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ 594#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
616 s_get_meth) \
617const SSL_METHOD *func_name(void) \ 595const SSL_METHOD *func_name(void) \
618 { \ 596 { \
619 static const SSL_METHOD func_name##_data= { \ 597 static const SSL_METHOD func_name##_data= { \
620 version, \ 598 TLS1_VERSION, \
621 tls1_new, \ 599 tls1_new, \
622 tls1_clear, \ 600 tls1_clear, \
623 tls1_free, \ 601 tls1_free, \
@@ -691,7 +669,7 @@ const SSL_METHOD *func_name(void) \
691const SSL_METHOD *func_name(void) \ 669const SSL_METHOD *func_name(void) \
692 { \ 670 { \
693 static const SSL_METHOD func_name##_data= { \ 671 static const SSL_METHOD func_name##_data= { \
694 TLS1_2_VERSION, \ 672 TLS1_VERSION, \
695 tls1_new, \ 673 tls1_new, \
696 tls1_clear, \ 674 tls1_clear, \
697 tls1_free, \ 675 tls1_free, \
@@ -774,7 +752,7 @@ const SSL_METHOD *func_name(void) \
774 ssl3_read, \ 752 ssl3_read, \
775 ssl3_peek, \ 753 ssl3_peek, \
776 ssl3_write, \ 754 ssl3_write, \
777 dtls1_shutdown, \ 755 ssl3_shutdown, \
778 ssl3_renegotiate, \ 756 ssl3_renegotiate, \
779 ssl3_renegotiate_check, \ 757 ssl3_renegotiate_check, \
780 dtls1_get_message, \ 758 dtls1_get_message, \
@@ -831,7 +809,7 @@ int ssl_undefined_function(SSL *s);
831int ssl_undefined_void_function(void); 809int ssl_undefined_void_function(void);
832int ssl_undefined_const_function(const SSL *s); 810int ssl_undefined_const_function(const SSL *s);
833X509 *ssl_get_server_send_cert(SSL *); 811X509 *ssl_get_server_send_cert(SSL *);
834EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); 812EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
835int ssl_cert_type(X509 *x,EVP_PKEY *pkey); 813int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
836void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); 814void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
837STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); 815STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
@@ -965,7 +943,6 @@ void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
965void dtls1_reset_seq_numbers(SSL *s, int rw); 943void dtls1_reset_seq_numbers(SSL *s, int rw);
966long dtls1_default_timeout(void); 944long dtls1_default_timeout(void);
967struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); 945struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
968int dtls1_check_timeout_num(SSL *s);
969int dtls1_handle_timeout(SSL *s); 946int dtls1_handle_timeout(SSL *s);
970const SSL_CIPHER *dtls1_get_cipher(unsigned int u); 947const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
971void dtls1_start_timer(SSL *s); 948void dtls1_start_timer(SSL *s);
@@ -991,9 +968,6 @@ int ssl3_get_server_certificate(SSL *s);
991int ssl3_check_cert_and_algorithm(SSL *s); 968int ssl3_check_cert_and_algorithm(SSL *s);
992#ifndef OPENSSL_NO_TLSEXT 969#ifndef OPENSSL_NO_TLSEXT
993int ssl3_check_finished(SSL *s); 970int ssl3_check_finished(SSL *s);
994# ifndef OPENSSL_NO_NEXTPROTONEG
995int ssl3_send_next_proto(SSL *s);
996# endif
997#endif 971#endif
998 972
999int dtls1_client_hello(SSL *s); 973int dtls1_client_hello(SSL *s);
@@ -1012,9 +986,6 @@ int ssl3_check_client_hello(SSL *s);
1012int ssl3_get_client_certificate(SSL *s); 986int ssl3_get_client_certificate(SSL *s);
1013int ssl3_get_client_key_exchange(SSL *s); 987int ssl3_get_client_key_exchange(SSL *s);
1014int ssl3_get_cert_verify(SSL *s); 988int ssl3_get_cert_verify(SSL *s);
1015#ifndef OPENSSL_NO_NEXTPROTONEG
1016int ssl3_get_next_proto(SSL *s);
1017#endif
1018 989
1019int dtls1_send_hello_request(SSL *s); 990int dtls1_send_hello_request(SSL *s);
1020int dtls1_send_server_hello(SSL *s); 991int dtls1_send_server_hello(SSL *s);
@@ -1042,7 +1013,6 @@ int dtls1_connect(SSL *s);
1042void dtls1_free(SSL *s); 1013void dtls1_free(SSL *s);
1043void dtls1_clear(SSL *s); 1014void dtls1_clear(SSL *s);
1044long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); 1015long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
1045int dtls1_shutdown(SSL *s);
1046 1016
1047long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 1017long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
1048int dtls1_get_record(SSL *s); 1018int dtls1_get_record(SSL *s);
@@ -1063,15 +1033,12 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
1063int tls1_mac(SSL *ssl, unsigned char *md, int snd); 1033int tls1_mac(SSL *ssl, unsigned char *md, int snd);
1064int tls1_generate_master_secret(SSL *s, unsigned char *out, 1034int tls1_generate_master_secret(SSL *s, unsigned char *out,
1065 unsigned char *p, int len); 1035 unsigned char *p, int len);
1066int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1067 const char *label, size_t llen,
1068 const unsigned char *p, size_t plen, int use_context);
1069int tls1_alert_code(int code); 1036int tls1_alert_code(int code);
1070int ssl3_alert_code(int code); 1037int ssl3_alert_code(int code);
1071int ssl_ok(SSL *s); 1038int ssl_ok(SSL *s);
1072 1039
1073#ifndef OPENSSL_NO_ECDH 1040#ifndef OPENSSL_NO_ECDH
1074int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); 1041int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
1075#endif 1042#endif
1076 1043
1077SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); 1044SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
@@ -1091,13 +1058,6 @@ int ssl_prepare_serverhello_tlsext(SSL *s);
1091int ssl_check_clienthello_tlsext(SSL *s); 1058int ssl_check_clienthello_tlsext(SSL *s);
1092int ssl_check_serverhello_tlsext(SSL *s); 1059int ssl_check_serverhello_tlsext(SSL *s);
1093 1060
1094#ifndef OPENSSL_NO_HEARTBEATS
1095int tls1_heartbeat(SSL *s);
1096int dtls1_heartbeat(SSL *s);
1097int tls1_process_heartbeat(SSL *s);
1098int dtls1_process_heartbeat(SSL *s);
1099#endif
1100
1101#ifdef OPENSSL_NO_SHA256 1061#ifdef OPENSSL_NO_SHA256
1102#define tlsext_tick_md EVP_sha1 1062#define tlsext_tick_md EVP_sha1
1103#else 1063#else
@@ -1105,12 +1065,6 @@ int dtls1_process_heartbeat(SSL *s);
1105#endif 1065#endif
1106int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, 1066int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
1107 const unsigned char *limit, SSL_SESSION **ret); 1067 const unsigned char *limit, SSL_SESSION **ret);
1108
1109int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
1110 const EVP_MD *md);
1111int tls12_get_sigid(const EVP_PKEY *pk);
1112const EVP_MD *tls12_get_hash(unsigned char hash_alg);
1113
1114#endif 1068#endif
1115EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; 1069EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
1116void ssl_clear_hash_ctx(EVP_MD_CTX **hash); 1070void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
@@ -1122,13 +1076,4 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
1122 int maxlen); 1076 int maxlen);
1123int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, 1077int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1124 int *al); 1078 int *al);
1125long ssl_get_algorithm2(SSL *s);
1126int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
1127int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
1128
1129int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
1130int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
1131int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
1132int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
1133
1134#endif 1079#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 22:36:32 +0000