summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_locl.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
-rw-r--r--src/lib/libssl/ssl_locl.h441
1 files changed, 397 insertions, 44 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6a0b7595f4..de94c0d0c7 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -108,6 +108,11 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
111 116
112#ifndef HEADER_SSL_LOCL_H 117#ifndef HEADER_SSL_LOCL_H
113#define HEADER_SSL_LOCL_H 118#define HEADER_SSL_LOCL_H
@@ -121,10 +126,13 @@
121#include <openssl/buffer.h> 126#include <openssl/buffer.h>
122#include <openssl/comp.h> 127#include <openssl/comp.h>
123#include <openssl/bio.h> 128#include <openssl/bio.h>
124#include <openssl/crypto.h>
125#include <openssl/evp.h>
126#include <openssl/stack.h> 129#include <openssl/stack.h>
127#include <openssl/x509.h> 130#ifndef OPENSSL_NO_RSA
131#include <openssl/rsa.h>
132#endif
133#ifndef OPENSSL_NO_DSA
134#include <openssl/dsa.h>
135#endif
128#include <openssl/err.h> 136#include <openssl/err.h>
129#include <openssl/ssl.h> 137#include <openssl/ssl.h>
130#include <openssl/symhacks.h> 138#include <openssl/symhacks.h>
@@ -172,6 +180,20 @@
172 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 180 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
173 *((c)++)=(unsigned char)(((l) )&0xff)) 181 *((c)++)=(unsigned char)(((l) )&0xff))
174 182
183#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
184 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
185 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
186 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
187 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
188 *((c)++)=(unsigned char)(((l) )&0xff))
189
190#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
191 l|=((BN_ULLONG)(*((c)++)))<<32, \
192 l|=((BN_ULLONG)(*((c)++)))<<24, \
193 l|=((BN_ULLONG)(*((c)++)))<<16, \
194 l|=((BN_ULLONG)(*((c)++)))<< 8, \
195 l|=((BN_ULLONG)(*((c)++))))
196
175/* NOTE - c is not incremented as per l2c */ 197/* NOTE - c is not incremented as per l2c */
176#define l2cn(l1,l2,c,n) { \ 198#define l2cn(l1,l2,c,n) { \
177 c+=n; \ 199 c+=n; \
@@ -227,52 +249,58 @@
227 * that the different entities within are mutually exclusive: 249 * that the different entities within are mutually exclusive:
228 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. 250 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
229 */ 251 */
230#define SSL_MKEY_MASK 0x0000003FL 252#define SSL_MKEY_MASK 0x000000FFL
231#define SSL_kRSA 0x00000001L /* RSA key exchange */ 253#define SSL_kRSA 0x00000001L /* RSA key exchange */
232#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ 254#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */
233#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ 255#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */
234#define SSL_kFZA 0x00000008L 256#define SSL_kFZA 0x00000008L
235#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ 257#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
236#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ 258#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */
259#define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */
260#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
237#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) 261#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
238 262
239#define SSL_AUTH_MASK 0x00000FC0L 263#define SSL_AUTH_MASK 0x00007F00L
240#define SSL_aRSA 0x00000040L /* Authenticate with RSA */ 264#define SSL_aRSA 0x00000100L /* Authenticate with RSA */
241#define SSL_aDSS 0x00000080L /* Authenticate with DSS */ 265#define SSL_aDSS 0x00000200L /* Authenticate with DSS */
242#define SSL_DSS SSL_aDSS 266#define SSL_DSS SSL_aDSS
243#define SSL_aFZA 0x00000100L 267#define SSL_aFZA 0x00000400L
244#define SSL_aNULL 0x00000200L /* no Authenticate, ADH */ 268#define SSL_aNULL 0x00000800L /* no Authenticate, ADH */
245#define SSL_aDH 0x00000400L /* no Authenticate, ADH */ 269#define SSL_aDH 0x00001000L /* no Authenticate, ADH */
246#define SSL_aKRB5 0x00000800L /* Authenticate with KRB5 */ 270#define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */
271#define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */
247 272
248#define SSL_NULL (SSL_eNULL) 273#define SSL_NULL (SSL_eNULL)
249#define SSL_ADH (SSL_kEDH|SSL_aNULL) 274#define SSL_ADH (SSL_kEDH|SSL_aNULL)
250#define SSL_RSA (SSL_kRSA|SSL_aRSA) 275#define SSL_RSA (SSL_kRSA|SSL_aRSA)
251#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) 276#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
277#define SSL_ECDH (SSL_kECDH|SSL_kECDHE)
252#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) 278#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
253#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) 279#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5)
254 280
255#define SSL_ENC_MASK 0x0087F000L 281#define SSL_ENC_MASK 0x1C3F8000L
256#define SSL_DES 0x00001000L 282#define SSL_DES 0x00008000L
257#define SSL_3DES 0x00002000L 283#define SSL_3DES 0x00010000L
258#define SSL_RC4 0x00004000L 284#define SSL_RC4 0x00020000L
259#define SSL_RC2 0x00008000L 285#define SSL_RC2 0x00040000L
260#define SSL_IDEA 0x00010000L 286#define SSL_IDEA 0x00080000L
261#define SSL_eFZA 0x00020000L 287#define SSL_eFZA 0x00100000L
262#define SSL_eNULL 0x00040000L 288#define SSL_eNULL 0x00200000L
263#define SSL_AES 0x00800000L 289#define SSL_AES 0x04000000L
264 290#define SSL_CAMELLIA 0x08000000L
265#define SSL_MAC_MASK 0x00180000L 291#define SSL_SEED 0x10000000L
266#define SSL_MD5 0x00080000L 292
267#define SSL_SHA1 0x00100000L 293#define SSL_MAC_MASK 0x00c00000L
294#define SSL_MD5 0x00400000L
295#define SSL_SHA1 0x00800000L
268#define SSL_SHA (SSL_SHA1) 296#define SSL_SHA (SSL_SHA1)
269 297
270#define SSL_SSL_MASK 0x00600000L 298#define SSL_SSL_MASK 0x03000000L
271#define SSL_SSLV2 0x00200000L 299#define SSL_SSLV2 0x01000000L
272#define SSL_SSLV3 0x00400000L 300#define SSL_SSLV3 0x02000000L
273#define SSL_TLSV1 SSL_SSLV3 /* for now */ 301#define SSL_TLSV1 SSL_SSLV3 /* for now */
274 302
275/* we have used 007fffff - 9 bits left to go */ 303/* we have used 1fffffff - 3 bits left to go. */
276 304
277/* 305/*
278 * Export and cipher strength information. For each cipher we have to decide 306 * Export and cipher strength information. For each cipher we have to decide
@@ -302,9 +330,8 @@
302#define SSL_LOW 0x00000020L 330#define SSL_LOW 0x00000020L
303#define SSL_MEDIUM 0x00000040L 331#define SSL_MEDIUM 0x00000040L
304#define SSL_HIGH 0x00000080L 332#define SSL_HIGH 0x00000080L
305#define SSL_FIPS 0x00000100L
306 333
307/* we have used 000001ff - 23 bits left to go */ 334/* we have used 000000ff - 24 bits left to go */
308 335
309/* 336/*
310 * Macros to check the export status and cipher strength for export ciphers. 337 * Macros to check the export status and cipher strength for export ciphers.
@@ -345,7 +372,8 @@
345#define SSL_PKEY_DSA_SIGN 2 372#define SSL_PKEY_DSA_SIGN 2
346#define SSL_PKEY_DH_RSA 3 373#define SSL_PKEY_DH_RSA 3
347#define SSL_PKEY_DH_DSA 4 374#define SSL_PKEY_DH_DSA 4
348#define SSL_PKEY_NUM 5 375#define SSL_PKEY_ECC 5
376#define SSL_PKEY_NUM 6
349 377
350/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | 378/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
351 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) 379 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
@@ -361,6 +389,15 @@
361#define CERT_PRIVATE_KEY 2 389#define CERT_PRIVATE_KEY 2
362*/ 390*/
363 391
392#ifndef OPENSSL_NO_EC
393/* From ECC-TLS draft, used in encoding the curve type in
394 * ECParameters
395 */
396#define EXPLICIT_PRIME_CURVE_TYPE 1
397#define EXPLICIT_CHAR2_CURVE_TYPE 2
398#define NAMED_CURVE_TYPE 3
399#endif /* OPENSSL_NO_EC */
400
364typedef struct cert_pkey_st 401typedef struct cert_pkey_st
365 { 402 {
366 X509 *x509; 403 X509 *x509;
@@ -387,6 +424,11 @@ typedef struct cert_st
387 DH *dh_tmp; 424 DH *dh_tmp;
388 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); 425 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
389#endif 426#endif
427#ifndef OPENSSL_NO_ECDH
428 EC_KEY *ecdh_tmp;
429 /* Callback for generating ephemeral ECDH keys */
430 EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
431#endif
390 432
391 CERT_PKEY pkeys[SSL_PKEY_NUM]; 433 CERT_PKEY pkeys[SSL_PKEY_NUM];
392 434
@@ -412,6 +454,9 @@ typedef struct sess_cert_st
412#ifndef OPENSSL_NO_DH 454#ifndef OPENSSL_NO_DH
413 DH *peer_dh_tmp; /* not used for SSL 2 */ 455 DH *peer_dh_tmp; /* not used for SSL 2 */
414#endif 456#endif
457#ifndef OPENSSL_NO_ECDH
458 EC_KEY *peer_ecdh_tmp;
459#endif
415 460
416 int references; /* actually always 1 at the moment */ 461 int references; /* actually always 1 at the moment */
417 } SESS_CERT; 462 } SESS_CERT;
@@ -466,17 +511,201 @@ extern SSL3_ENC_METHOD ssl3_undef_enc_method;
466OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; 511OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
467OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; 512OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
468 513
469#ifdef OPENSSL_SYS_VMS
470#undef SSL_COMP_get_compression_methods
471#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
472#endif
473
474 514
475SSL_METHOD *ssl_bad_method(int ver); 515SSL_METHOD *ssl_bad_method(int ver);
476SSL_METHOD *sslv2_base_method(void); 516SSL_METHOD *sslv2_base_method(void);
477SSL_METHOD *sslv23_base_method(void); 517SSL_METHOD *sslv23_base_method(void);
478SSL_METHOD *sslv3_base_method(void); 518SSL_METHOD *sslv3_base_method(void);
479 519
520extern SSL3_ENC_METHOD TLSv1_enc_data;
521extern SSL3_ENC_METHOD SSLv3_enc_data;
522extern SSL3_ENC_METHOD DTLSv1_enc_data;
523
524#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
525SSL_METHOD *func_name(void) \
526 { \
527 static SSL_METHOD func_name##_data= { \
528 TLS1_VERSION, \
529 tls1_new, \
530 tls1_clear, \
531 tls1_free, \
532 s_accept, \
533 s_connect, \
534 ssl3_read, \
535 ssl3_peek, \
536 ssl3_write, \
537 ssl3_shutdown, \
538 ssl3_renegotiate, \
539 ssl3_renegotiate_check, \
540 ssl3_get_message, \
541 ssl3_read_bytes, \
542 ssl3_write_bytes, \
543 ssl3_dispatch_alert, \
544 ssl3_ctrl, \
545 ssl3_ctx_ctrl, \
546 ssl3_get_cipher_by_char, \
547 ssl3_put_cipher_by_char, \
548 ssl3_pending, \
549 ssl3_num_ciphers, \
550 ssl3_get_cipher, \
551 s_get_meth, \
552 tls1_default_timeout, \
553 &TLSv1_enc_data, \
554 ssl_undefined_void_function, \
555 ssl3_callback_ctrl, \
556 ssl3_ctx_callback_ctrl, \
557 }; \
558 return &func_name##_data; \
559 }
560
561#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
562SSL_METHOD *func_name(void) \
563 { \
564 static SSL_METHOD func_name##_data= { \
565 SSL3_VERSION, \
566 ssl3_new, \
567 ssl3_clear, \
568 ssl3_free, \
569 s_accept, \
570 s_connect, \
571 ssl3_read, \
572 ssl3_peek, \
573 ssl3_write, \
574 ssl3_shutdown, \
575 ssl3_renegotiate, \
576 ssl3_renegotiate_check, \
577 ssl3_get_message, \
578 ssl3_read_bytes, \
579 ssl3_write_bytes, \
580 ssl3_dispatch_alert, \
581 ssl3_ctrl, \
582 ssl3_ctx_ctrl, \
583 ssl3_get_cipher_by_char, \
584 ssl3_put_cipher_by_char, \
585 ssl3_pending, \
586 ssl3_num_ciphers, \
587 ssl3_get_cipher, \
588 s_get_meth, \
589 ssl3_default_timeout, \
590 &SSLv3_enc_data, \
591 ssl_undefined_void_function, \
592 ssl3_callback_ctrl, \
593 ssl3_ctx_callback_ctrl, \
594 }; \
595 return &func_name##_data; \
596 }
597
598#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
599SSL_METHOD *func_name(void) \
600 { \
601 static SSL_METHOD func_name##_data= { \
602 TLS1_VERSION, \
603 tls1_new, \
604 tls1_clear, \
605 tls1_free, \
606 s_accept, \
607 s_connect, \
608 ssl23_read, \
609 ssl23_peek, \
610 ssl23_write, \
611 ssl_undefined_function, \
612 ssl_undefined_function, \
613 ssl_ok, \
614 ssl3_get_message, \
615 ssl3_read_bytes, \
616 ssl3_write_bytes, \
617 ssl3_dispatch_alert, \
618 ssl3_ctrl, \
619 ssl3_ctx_ctrl, \
620 ssl23_get_cipher_by_char, \
621 ssl23_put_cipher_by_char, \
622 ssl_undefined_const_function, \
623 ssl23_num_ciphers, \
624 ssl23_get_cipher, \
625 s_get_meth, \
626 ssl23_default_timeout, \
627 &ssl3_undef_enc_method, \
628 ssl_undefined_void_function, \
629 ssl3_callback_ctrl, \
630 ssl3_ctx_callback_ctrl, \
631 }; \
632 return &func_name##_data; \
633 }
634
635#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
636SSL_METHOD *func_name(void) \
637 { \
638 static SSL_METHOD func_name##_data= { \
639 SSL2_VERSION, \
640 ssl2_new, /* local */ \
641 ssl2_clear, /* local */ \
642 ssl2_free, /* local */ \
643 s_accept, \
644 s_connect, \
645 ssl2_read, \
646 ssl2_peek, \
647 ssl2_write, \
648 ssl2_shutdown, \
649 ssl_ok, /* NULL - renegotiate */ \
650 ssl_ok, /* NULL - check renegotiate */ \
651 NULL, /* NULL - ssl_get_message */ \
652 NULL, /* NULL - ssl_get_record */ \
653 NULL, /* NULL - ssl_write_bytes */ \
654 NULL, /* NULL - dispatch_alert */ \
655 ssl2_ctrl, /* local */ \
656 ssl2_ctx_ctrl, /* local */ \
657 ssl2_get_cipher_by_char, \
658 ssl2_put_cipher_by_char, \
659 ssl2_pending, \
660 ssl2_num_ciphers, \
661 ssl2_get_cipher, \
662 s_get_meth, \
663 ssl2_default_timeout, \
664 &ssl3_undef_enc_method, \
665 ssl_undefined_void_function, \
666 ssl2_callback_ctrl, /* local */ \
667 ssl2_ctx_callback_ctrl, /* local */ \
668 }; \
669 return &func_name##_data; \
670 }
671
672#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
673SSL_METHOD *func_name(void) \
674 { \
675 static SSL_METHOD func_name##_data= { \
676 DTLS1_VERSION, \
677 dtls1_new, \
678 dtls1_clear, \
679 dtls1_free, \
680 s_accept, \
681 s_connect, \
682 ssl3_read, \
683 ssl3_peek, \
684 ssl3_write, \
685 ssl3_shutdown, \
686 ssl3_renegotiate, \
687 ssl3_renegotiate_check, \
688 dtls1_get_message, \
689 dtls1_read_bytes, \
690 dtls1_write_app_data_bytes, \
691 dtls1_dispatch_alert, \
692 ssl3_ctrl, \
693 ssl3_ctx_ctrl, \
694 ssl3_get_cipher_by_char, \
695 ssl3_put_cipher_by_char, \
696 ssl3_pending, \
697 ssl3_num_ciphers, \
698 dtls1_get_cipher, \
699 s_get_meth, \
700 dtls1_default_timeout, \
701 &DTLSv1_enc_data, \
702 ssl_undefined_void_function, \
703 ssl3_callback_ctrl, \
704 ssl3_ctx_callback_ctrl, \
705 }; \
706 return &func_name##_data; \
707 }
708
480void ssl_clear_cipher_ctx(SSL *s); 709void ssl_clear_cipher_ctx(SSL *s);
481int ssl_clear_bad_session(SSL *s); 710int ssl_clear_bad_session(SSL *s);
482CERT *ssl_cert_new(void); 711CERT *ssl_cert_new(void);
@@ -487,7 +716,7 @@ SESS_CERT *ssl_sess_cert_new(void);
487void ssl_sess_cert_free(SESS_CERT *sc); 716void ssl_sess_cert_free(SESS_CERT *sc);
488int ssl_set_peer_cert_type(SESS_CERT *c, int type); 717int ssl_set_peer_cert_type(SESS_CERT *c, int type);
489int ssl_get_new_session(SSL *s, int session); 718int ssl_get_new_session(SSL *s, int session);
490int ssl_get_prev_session(SSL *s, unsigned char *session,int len); 719int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
491int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); 720int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
492int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, 721int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
493 const SSL_CIPHER * const *bp); 722 const SSL_CIPHER * const *bp);
@@ -504,6 +733,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
504 const EVP_MD **md,SSL_COMP **comp); 733 const EVP_MD **md,SSL_COMP **comp);
505int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); 734int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
506int ssl_undefined_function(SSL *s); 735int ssl_undefined_function(SSL *s);
736int ssl_undefined_void_function(void);
507int ssl_undefined_const_function(const SSL *s); 737int ssl_undefined_const_function(const SSL *s);
508X509 *ssl_get_server_send_cert(SSL *); 738X509 *ssl_get_server_send_cert(SSL *);
509EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); 739EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
@@ -511,6 +741,7 @@ int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
511void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); 741void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
512STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); 742STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
513int ssl_verify_alarm_type(long type); 743int ssl_verify_alarm_type(long type);
744void ssl_load_ciphers(void);
514 745
515int ssl2_enc_init(SSL *s, int client); 746int ssl2_enc_init(SSL *s, int client);
516int ssl2_generate_key_material(SSL *s); 747int ssl2_generate_key_material(SSL *s);
@@ -520,7 +751,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
520int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); 751int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
521int ssl2_part_read(SSL *s, unsigned long f, int i); 752int ssl2_part_read(SSL *s, unsigned long f, int i);
522int ssl2_do_write(SSL *s); 753int ssl2_do_write(SSL *s);
523int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data); 754int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
524void ssl2_return_error(SSL *s,int reason); 755void ssl2_return_error(SSL *s,int reason);
525void ssl2_write_error(SSL *s); 756void ssl2_write_error(SSL *s);
526int ssl2_num_ciphers(void); 757int ssl2_num_ciphers(void);
@@ -536,14 +767,17 @@ int ssl2_shutdown(SSL *s);
536void ssl2_clear(SSL *s); 767void ssl2_clear(SSL *s);
537long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); 768long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
538long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); 769long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
539long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)()); 770long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
540long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); 771long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
541int ssl2_pending(const SSL *s); 772int ssl2_pending(const SSL *s);
773long ssl2_default_timeout(void );
542 774
543SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); 775SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
544int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); 776int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
545void ssl3_init_finished_mac(SSL *s); 777void ssl3_init_finished_mac(SSL *s);
546int ssl3_send_server_certificate(SSL *s); 778int ssl3_send_server_certificate(SSL *s);
779int ssl3_send_newsession_ticket(SSL *s);
780int ssl3_send_cert_status(SSL *s);
547int ssl3_get_finished(SSL *s,int state_a,int state_b); 781int ssl3_get_finished(SSL *s,int state_a,int state_b);
548int ssl3_setup_key_block(SSL *s); 782int ssl3_setup_key_block(SSL *s);
549int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); 783int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
@@ -584,10 +818,94 @@ int ssl3_shutdown(SSL *s);
584void ssl3_clear(SSL *s); 818void ssl3_clear(SSL *s);
585long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); 819long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
586long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); 820long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
587long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)()); 821long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
588long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); 822long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
589int ssl3_pending(const SSL *s); 823int ssl3_pending(const SSL *s);
590 824
825void ssl3_record_sequence_update(unsigned char *seq);
826int ssl3_do_change_cipher_spec(SSL *ssl);
827long ssl3_default_timeout(void );
828
829int ssl23_num_ciphers(void );
830SSL_CIPHER *ssl23_get_cipher(unsigned int u);
831int ssl23_read(SSL *s, void *buf, int len);
832int ssl23_peek(SSL *s, void *buf, int len);
833int ssl23_write(SSL *s, const void *buf, int len);
834int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
835SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
836long ssl23_default_timeout(void );
837
838long tls1_default_timeout(void);
839int dtls1_do_write(SSL *s,int type);
840int ssl3_read_n(SSL *s, int n, int max, int extend);
841int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
842int ssl3_do_compress(SSL *ssl);
843int ssl3_do_uncompress(SSL *ssl);
844int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
845 unsigned int len);
846unsigned char *dtls1_set_message_header(SSL *s,
847 unsigned char *p, unsigned char mt, unsigned long len,
848 unsigned long frag_off, unsigned long frag_len);
849
850int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
851int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
852
853int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
854int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
855unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
856int dtls1_read_failed(SSL *s, int code);
857int dtls1_buffer_message(SSL *s, int ccs);
858int dtls1_retransmit_message(SSL *s, unsigned short seq,
859 unsigned long frag_off, int *found);
860void dtls1_clear_record_buffer(SSL *s);
861void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
862void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
863void dtls1_reset_seq_numbers(SSL *s, int rw);
864long dtls1_default_timeout(void);
865SSL_CIPHER *dtls1_get_cipher(unsigned int u);
866
867
868
869/* some client-only functions */
870int ssl3_client_hello(SSL *s);
871int ssl3_get_server_hello(SSL *s);
872int ssl3_get_certificate_request(SSL *s);
873int ssl3_get_new_session_ticket(SSL *s);
874int ssl3_get_cert_status(SSL *s);
875int ssl3_get_server_done(SSL *s);
876int ssl3_send_client_verify(SSL *s);
877int ssl3_send_client_certificate(SSL *s);
878int ssl3_send_client_key_exchange(SSL *s);
879int ssl3_get_key_exchange(SSL *s);
880int ssl3_get_server_certificate(SSL *s);
881int ssl3_check_cert_and_algorithm(SSL *s);
882
883int dtls1_client_hello(SSL *s);
884int dtls1_send_client_certificate(SSL *s);
885int dtls1_send_client_key_exchange(SSL *s);
886int dtls1_send_client_verify(SSL *s);
887
888/* some server-only functions */
889int ssl3_get_client_hello(SSL *s);
890int ssl3_send_server_hello(SSL *s);
891int ssl3_send_hello_request(SSL *s);
892int ssl3_send_server_key_exchange(SSL *s);
893int ssl3_send_certificate_request(SSL *s);
894int ssl3_send_server_done(SSL *s);
895int ssl3_check_client_hello(SSL *s);
896int ssl3_get_client_certificate(SSL *s);
897int ssl3_get_client_key_exchange(SSL *s);
898int ssl3_get_cert_verify(SSL *s);
899
900int dtls1_send_hello_request(SSL *s);
901int dtls1_send_server_hello(SSL *s);
902int dtls1_send_server_certificate(SSL *s);
903int dtls1_send_server_key_exchange(SSL *s);
904int dtls1_send_certificate_request(SSL *s);
905int dtls1_send_server_done(SSL *s);
906
907
908
591int ssl23_accept(SSL *s); 909int ssl23_accept(SSL *s);
592int ssl23_connect(SSL *s); 910int ssl23_connect(SSL *s);
593int ssl23_read_bytes(SSL *s, int n); 911int ssl23_read_bytes(SSL *s, int n);
@@ -597,9 +915,24 @@ int tls1_new(SSL *s);
597void tls1_free(SSL *s); 915void tls1_free(SSL *s);
598void tls1_clear(SSL *s); 916void tls1_clear(SSL *s);
599long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); 917long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
600long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)()); 918long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
601SSL_METHOD *tlsv1_base_method(void ); 919SSL_METHOD *tlsv1_base_method(void );
602 920
921int dtls1_new(SSL *s);
922int dtls1_accept(SSL *s);
923int dtls1_connect(SSL *s);
924void dtls1_free(SSL *s);
925void dtls1_clear(SSL *s);
926long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
927SSL_METHOD *dtlsv1_base_method(void );
928
929long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
930int dtls1_get_record(SSL *s);
931int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
932 unsigned int len, int create_empty_fragement);
933int dtls1_dispatch_alert(SSL *s);
934int dtls1_enc(SSL *s, int snd);
935
603int ssl_init_wbio_buffer(SSL *s, int push); 936int ssl_init_wbio_buffer(SSL *s, int push);
604void ssl_free_wbio_buffer(SSL *s); 937void ssl_free_wbio_buffer(SSL *s);
605 938
@@ -616,8 +949,28 @@ int tls1_alert_code(int code);
616int ssl3_alert_code(int code); 949int ssl3_alert_code(int code);
617int ssl_ok(SSL *s); 950int ssl_ok(SSL *s);
618 951
952int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
953
619SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); 954SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
620STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
621 955
956#ifndef OPENSSL_NO_TLSEXT
957unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
958unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
959int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
960int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
961int ssl_prepare_clienthello_tlsext(SSL *s);
962int ssl_prepare_serverhello_tlsext(SSL *s);
963int ssl_check_clienthello_tlsext(SSL *s);
964int ssl_check_serverhello_tlsext(SSL *s);
965#ifdef OPENSSL_NO_SHA256
966#define tlsext_tick_md EVP_sha1
967#else
968#define tlsext_tick_md EVP_sha256
969#endif
970int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
971 const unsigned char *limit, SSL_SESSION **ret);
972EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
973void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
974#endif
622 975
623#endif 976#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 12:01:19 +0000