diff options
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 107 |
1 files changed, 106 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 200219c141..10fa9b6c17 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.352 2021/06/27 19:23:51 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.353 2021/06/30 18:04:06 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -361,6 +361,23 @@ __BEGIN_HIDDEN_DECLS | |||
| 361 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 | 361 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 |
| 362 | #define NAMED_CURVE_TYPE 3 | 362 | #define NAMED_CURVE_TYPE 3 |
| 363 | 363 | ||
| 364 | struct ssl_cipher_st { | ||
| 365 | int valid; | ||
| 366 | const char *name; /* text name */ | ||
| 367 | unsigned long id; /* id, 4 bytes, first is version */ | ||
| 368 | |||
| 369 | unsigned long algorithm_mkey; /* key exchange algorithm */ | ||
| 370 | unsigned long algorithm_auth; /* server authentication */ | ||
| 371 | unsigned long algorithm_enc; /* symmetric encryption */ | ||
| 372 | unsigned long algorithm_mac; /* symmetric authentication */ | ||
| 373 | unsigned long algorithm_ssl; /* (major) protocol version */ | ||
| 374 | |||
| 375 | unsigned long algo_strength; /* strength and export flags */ | ||
| 376 | unsigned long algorithm2; /* Extra flags */ | ||
| 377 | int strength_bits; /* Number of bits really used */ | ||
| 378 | int alg_bits; /* Number of bits for algorithm */ | ||
| 379 | }; | ||
| 380 | |||
| 364 | typedef struct ssl_method_internal_st { | 381 | typedef struct ssl_method_internal_st { |
| 365 | int dtls; | 382 | int dtls; |
| 366 | int server; | 383 | int server; |
| @@ -388,6 +405,16 @@ typedef struct ssl_method_internal_st { | |||
| 388 | unsigned int enc_flags; /* SSL_ENC_FLAG_* */ | 405 | unsigned int enc_flags; /* SSL_ENC_FLAG_* */ |
| 389 | } SSL_METHOD_INTERNAL; | 406 | } SSL_METHOD_INTERNAL; |
| 390 | 407 | ||
| 408 | struct ssl_method_st { | ||
| 409 | int (*ssl_dispatch_alert)(SSL *s); | ||
| 410 | int (*num_ciphers)(void); | ||
| 411 | const SSL_CIPHER *(*get_cipher)(unsigned int ncipher); | ||
| 412 | const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); | ||
| 413 | int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr); | ||
| 414 | |||
| 415 | const struct ssl_method_internal_st *internal; | ||
| 416 | }; | ||
| 417 | |||
| 391 | typedef struct ssl_session_internal_st { | 418 | typedef struct ssl_session_internal_st { |
| 392 | CRYPTO_EX_DATA ex_data; /* application specific data */ | 419 | CRYPTO_EX_DATA ex_data; /* application specific data */ |
| 393 | 420 | ||
| @@ -410,6 +437,75 @@ typedef struct ssl_session_internal_st { | |||
| 410 | } SSL_SESSION_INTERNAL; | 437 | } SSL_SESSION_INTERNAL; |
| 411 | #define SSI(s) (s->session->internal) | 438 | #define SSI(s) (s->session->internal) |
| 412 | 439 | ||
| 440 | /* Lets make this into an ASN.1 type structure as follows | ||
| 441 | * SSL_SESSION_ID ::= SEQUENCE { | ||
| 442 | * version INTEGER, -- structure version number | ||
| 443 | * SSLversion INTEGER, -- SSL version number | ||
| 444 | * Cipher OCTET STRING, -- the 3 byte cipher ID | ||
| 445 | * Session_ID OCTET STRING, -- the Session ID | ||
| 446 | * Master_key OCTET STRING, -- the master key | ||
| 447 | * KRB5_principal OCTET STRING -- optional Kerberos principal | ||
| 448 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time | ||
| 449 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds | ||
| 450 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate | ||
| 451 | * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context | ||
| 452 | * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' | ||
| 453 | * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension | ||
| 454 | * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint | ||
| 455 | * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity | ||
| 456 | * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket | ||
| 457 | * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) | ||
| 458 | * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method | ||
| 459 | * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username | ||
| 460 | * } | ||
| 461 | * Look in ssl/ssl_asn1.c for more details | ||
| 462 | * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). | ||
| 463 | */ | ||
| 464 | struct ssl_session_st { | ||
| 465 | int ssl_version; /* what ssl version session info is | ||
| 466 | * being kept in here? */ | ||
| 467 | |||
| 468 | int master_key_length; | ||
| 469 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | ||
| 470 | |||
| 471 | /* session_id - valid? */ | ||
| 472 | unsigned int session_id_length; | ||
| 473 | unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; | ||
| 474 | |||
| 475 | /* this is used to determine whether the session is being reused in | ||
| 476 | * the appropriate context. It is up to the application to set this, | ||
| 477 | * via SSL_new */ | ||
| 478 | unsigned int sid_ctx_length; | ||
| 479 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
| 480 | |||
| 481 | /* This is the cert for the other end. */ | ||
| 482 | X509 *peer; | ||
| 483 | |||
| 484 | /* when app_verify_callback accepts a session where the peer's certificate | ||
| 485 | * is not ok, we must remember the error for session reuse: */ | ||
| 486 | long verify_result; /* only for servers */ | ||
| 487 | |||
| 488 | long timeout; | ||
| 489 | time_t time; | ||
| 490 | int references; | ||
| 491 | |||
| 492 | const SSL_CIPHER *cipher; | ||
| 493 | unsigned long cipher_id; /* when ASN.1 loaded, this | ||
| 494 | * needs to be used to load | ||
| 495 | * the 'cipher' structure */ | ||
| 496 | |||
| 497 | STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ | ||
| 498 | |||
| 499 | char *tlsext_hostname; | ||
| 500 | |||
| 501 | /* RFC4507 info */ | ||
| 502 | unsigned char *tlsext_tick; /* Session ticket */ | ||
| 503 | size_t tlsext_ticklen; /* Session ticket length */ | ||
| 504 | long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ | ||
| 505 | |||
| 506 | struct ssl_session_internal_st *internal; | ||
| 507 | }; | ||
| 508 | |||
| 413 | typedef struct cert_pkey_st { | 509 | typedef struct cert_pkey_st { |
| 414 | X509 *x509; | 510 | X509 *x509; |
| 415 | EVP_PKEY *privatekey; | 511 | EVP_PKEY *privatekey; |
| @@ -985,6 +1081,15 @@ typedef struct ssl3_state_internal_st { | |||
| 985 | } SSL3_STATE_INTERNAL; | 1081 | } SSL3_STATE_INTERNAL; |
| 986 | #define S3I(s) (s->s3->internal) | 1082 | #define S3I(s) (s->s3->internal) |
| 987 | 1083 | ||
| 1084 | typedef struct ssl3_state_st { | ||
| 1085 | long flags; | ||
| 1086 | |||
| 1087 | unsigned char server_random[SSL3_RANDOM_SIZE]; | ||
| 1088 | unsigned char client_random[SSL3_RANDOM_SIZE]; | ||
| 1089 | |||
| 1090 | struct ssl3_state_internal_st *internal; | ||
| 1091 | } SSL3_STATE; | ||
| 1092 | |||
| 988 | typedef struct cert_st { | 1093 | typedef struct cert_st { |
| 989 | /* Current active set */ | 1094 | /* Current active set */ |
| 990 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array | 1095 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array |