diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 90 |
1 files changed, 45 insertions, 45 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 5361704d70..e8c277ec60 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.376 2022/01/07 16:45:06 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.377 2022/01/08 12:43:44 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -361,6 +361,34 @@ __BEGIN_HIDDEN_DECLS | |||
| 361 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 | 361 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 |
| 362 | #define NAMED_CURVE_TYPE 3 | 362 | #define NAMED_CURVE_TYPE 3 |
| 363 | 363 | ||
| 364 | typedef struct ssl_cert_pkey_st { | ||
| 365 | X509 *x509; | ||
| 366 | EVP_PKEY *privatekey; | ||
| 367 | STACK_OF(X509) *chain; | ||
| 368 | } SSL_CERT_PKEY; | ||
| 369 | |||
| 370 | typedef struct ssl_cert_st { | ||
| 371 | /* Current active set */ | ||
| 372 | /* ALWAYS points to an element of the pkeys array | ||
| 373 | * Probably it would make more sense to store | ||
| 374 | * an index, not a pointer. */ | ||
| 375 | SSL_CERT_PKEY *key; | ||
| 376 | |||
| 377 | SSL_CERT_PKEY pkeys[SSL_PKEY_NUM]; | ||
| 378 | |||
| 379 | /* The following masks are for the key and auth | ||
| 380 | * algorithms that are supported by the certs below */ | ||
| 381 | int valid; | ||
| 382 | unsigned long mask_k; | ||
| 383 | unsigned long mask_a; | ||
| 384 | |||
| 385 | DH *dhe_params; | ||
| 386 | DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize); | ||
| 387 | int dhe_params_auto; | ||
| 388 | |||
| 389 | int references; /* >1 only if SSL_copy_session_id is used */ | ||
| 390 | } SSL_CERT; | ||
| 391 | |||
| 364 | struct ssl_comp_st { | 392 | struct ssl_comp_st { |
| 365 | int id; | 393 | int id; |
| 366 | const char *name; | 394 | const char *name; |
| @@ -498,12 +526,6 @@ struct ssl_session_st { | |||
| 498 | uint16_t *tlsext_supportedgroups; /* peer's list */ | 526 | uint16_t *tlsext_supportedgroups; /* peer's list */ |
| 499 | }; | 527 | }; |
| 500 | 528 | ||
| 501 | typedef struct cert_pkey_st { | ||
| 502 | X509 *x509; | ||
| 503 | EVP_PKEY *privatekey; | ||
| 504 | STACK_OF(X509) *chain; | ||
| 505 | } CERT_PKEY; | ||
| 506 | |||
| 507 | struct ssl_sigalg; | 529 | struct ssl_sigalg; |
| 508 | 530 | ||
| 509 | typedef struct ssl_handshake_tls12_st { | 531 | typedef struct ssl_handshake_tls12_st { |
| @@ -533,7 +555,7 @@ typedef struct ssl_handshake_tls13_st { | |||
| 533 | int hrr; | 555 | int hrr; |
| 534 | 556 | ||
| 535 | /* Certificate selected for use (static pointer). */ | 557 | /* Certificate selected for use (static pointer). */ |
| 536 | const CERT_PKEY *cpk; | 558 | const SSL_CERT_PKEY *cpk; |
| 537 | 559 | ||
| 538 | /* Version proposed by peer server. */ | 560 | /* Version proposed by peer server. */ |
| 539 | uint16_t server_version; | 561 | uint16_t server_version; |
| @@ -785,7 +807,7 @@ typedef struct ssl_ctx_internal_st { | |||
| 785 | 807 | ||
| 786 | STACK_OF(SSL_CIPHER) *cipher_list_tls13; | 808 | STACK_OF(SSL_CIPHER) *cipher_list_tls13; |
| 787 | 809 | ||
| 788 | struct cert_st /* CERT */ *cert; | 810 | SSL_CERT *cert; |
| 789 | 811 | ||
| 790 | /* Default values used when no per-SSL value is defined follow */ | 812 | /* Default values used when no per-SSL value is defined follow */ |
| 791 | 813 | ||
| @@ -1058,7 +1080,7 @@ struct ssl_st { | |||
| 1058 | STACK_OF(SSL_CIPHER) *cipher_list; | 1080 | STACK_OF(SSL_CIPHER) *cipher_list; |
| 1059 | 1081 | ||
| 1060 | /* This is used to hold the server certificate used */ | 1082 | /* This is used to hold the server certificate used */ |
| 1061 | struct cert_st /* CERT */ *cert; | 1083 | SSL_CERT *cert; |
| 1062 | 1084 | ||
| 1063 | /* the session_id_context is used to ensure sessions are only reused | 1085 | /* the session_id_context is used to ensure sessions are only reused |
| 1064 | * in the appropriate context */ | 1086 | * in the appropriate context */ |
| @@ -1200,38 +1222,16 @@ typedef struct ssl3_state_st { | |||
| 1200 | struct ssl3_state_internal_st *internal; | 1222 | struct ssl3_state_internal_st *internal; |
| 1201 | } SSL3_STATE; | 1223 | } SSL3_STATE; |
| 1202 | 1224 | ||
| 1203 | typedef struct cert_st { | ||
| 1204 | /* Current active set */ | ||
| 1205 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array | ||
| 1206 | * Probably it would make more sense to store | ||
| 1207 | * an index, not a pointer. */ | ||
| 1208 | |||
| 1209 | /* The following masks are for the key and auth | ||
| 1210 | * algorithms that are supported by the certs below */ | ||
| 1211 | int valid; | ||
| 1212 | unsigned long mask_k; | ||
| 1213 | unsigned long mask_a; | ||
| 1214 | |||
| 1215 | DH *dhe_params; | ||
| 1216 | DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize); | ||
| 1217 | int dhe_params_auto; | ||
| 1218 | |||
| 1219 | CERT_PKEY pkeys[SSL_PKEY_NUM]; | ||
| 1220 | |||
| 1221 | int references; /* >1 only if SSL_copy_session_id is used */ | ||
| 1222 | } CERT; | ||
| 1223 | |||
| 1224 | |||
| 1225 | typedef struct sess_cert_st { | 1225 | typedef struct sess_cert_st { |
| 1226 | STACK_OF(X509) *cert_chain; /* as received from peer */ | 1226 | STACK_OF(X509) *cert_chain; /* as received from peer */ |
| 1227 | 1227 | ||
| 1228 | /* The 'peer_...' members are used only by clients. */ | 1228 | /* The 'peer_...' members are used only by clients. */ |
| 1229 | int peer_cert_type; | 1229 | int peer_cert_type; |
| 1230 | 1230 | ||
| 1231 | CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ | 1231 | SSL_CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ |
| 1232 | CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; | 1232 | SSL_CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; |
| 1233 | /* Obviously we don't have the private keys of these, | 1233 | /* Obviously we don't have the private keys of these, |
| 1234 | * so maybe we shouldn't even use the CERT_PKEY type here. */ | 1234 | * so maybe we shouldn't even use the SSL_CERT_PKEY type here. */ |
| 1235 | 1235 | ||
| 1236 | int references; /* actually always 1 at the moment */ | 1236 | int references; /* actually always 1 at the moment */ |
| 1237 | } SESS_CERT; | 1237 | } SESS_CERT; |
| @@ -1293,13 +1293,13 @@ void ssl_info_callback(const SSL *s, int type, int value); | |||
| 1293 | void ssl_msg_callback(SSL *s, int is_write, int content_type, | 1293 | void ssl_msg_callback(SSL *s, int is_write, int content_type, |
| 1294 | const void *msg_buf, size_t msg_len); | 1294 | const void *msg_buf, size_t msg_len); |
| 1295 | 1295 | ||
| 1296 | CERT *ssl_cert_new(void); | 1296 | SSL_CERT *ssl_cert_new(void); |
| 1297 | CERT *ssl_cert_dup(CERT *cert); | 1297 | SSL_CERT *ssl_cert_dup(SSL_CERT *cert); |
| 1298 | void ssl_cert_free(CERT *c); | 1298 | void ssl_cert_free(SSL_CERT *c); |
| 1299 | int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain); | 1299 | int ssl_cert_set0_chain(SSL_CERT *c, STACK_OF(X509) *chain); |
| 1300 | int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); | 1300 | int ssl_cert_set1_chain(SSL_CERT *c, STACK_OF(X509) *chain); |
| 1301 | int ssl_cert_add0_chain_cert(CERT *c, X509 *cert); | 1301 | int ssl_cert_add0_chain_cert(SSL_CERT *c, X509 *cert); |
| 1302 | int ssl_cert_add1_chain_cert(CERT *c, X509 *cert); | 1302 | int ssl_cert_add1_chain_cert(SSL_CERT *c, X509 *cert); |
| 1303 | 1303 | ||
| 1304 | SESS_CERT *ssl_sess_cert_new(void); | 1304 | SESS_CERT *ssl_sess_cert_new(void); |
| 1305 | void ssl_sess_cert_free(SESS_CERT *sc); | 1305 | void ssl_sess_cert_free(SESS_CERT *sc); |
| @@ -1328,12 +1328,12 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); | |||
| 1328 | int ssl_undefined_function(SSL *s); | 1328 | int ssl_undefined_function(SSL *s); |
| 1329 | int ssl_undefined_void_function(void); | 1329 | int ssl_undefined_void_function(void); |
| 1330 | int ssl_undefined_const_function(const SSL *s); | 1330 | int ssl_undefined_const_function(const SSL *s); |
| 1331 | CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); | 1331 | SSL_CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); |
| 1332 | EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd, | 1332 | EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd, |
| 1333 | const struct ssl_sigalg **sap); | 1333 | const struct ssl_sigalg **sap); |
| 1334 | size_t ssl_dhe_params_auto_key_bits(SSL *s); | 1334 | size_t ssl_dhe_params_auto_key_bits(SSL *s); |
| 1335 | int ssl_cert_type(X509 *x, EVP_PKEY *pkey); | 1335 | int ssl_cert_type(X509 *x, EVP_PKEY *pkey); |
| 1336 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); | 1336 | void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher); |
| 1337 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | 1337 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); |
| 1338 | int ssl_has_ecc_ciphers(SSL *s); | 1338 | int ssl_has_ecc_ciphers(SSL *s); |
| 1339 | int ssl_verify_alarm_type(long type); | 1339 | int ssl_verify_alarm_type(long type); |
| @@ -1365,7 +1365,7 @@ void ssl_force_want_read(SSL *s); | |||
| 1365 | int ssl3_dispatch_alert(SSL *s); | 1365 | int ssl3_dispatch_alert(SSL *s); |
| 1366 | int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); | 1366 | int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); |
| 1367 | int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); | 1367 | int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); |
| 1368 | int ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk); | 1368 | int ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk); |
| 1369 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, | 1369 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, |
| 1370 | STACK_OF(SSL_CIPHER) *srvr); | 1370 | STACK_OF(SSL_CIPHER) *srvr); |
| 1371 | int ssl3_setup_buffers(SSL *s); | 1371 | int ssl3_setup_buffers(SSL *s); |