diff options
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 108 |
1 files changed, 107 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 9ea22bac05..d8818e1850 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.157 2017/01/23 05:27:22 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.158 2017/01/23 06:45:30 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -620,6 +620,112 @@ typedef struct ssl_internal_st { | |||
| 620 | tls_session_secret_cb_fn tls_session_secret_cb; | 620 | tls_session_secret_cb_fn tls_session_secret_cb; |
| 621 | void *tls_session_secret_cb_arg; | 621 | void *tls_session_secret_cb_arg; |
| 622 | 622 | ||
| 623 | /* XXX non-callback */ | ||
| 624 | |||
| 625 | int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ | ||
| 626 | |||
| 627 | /* This holds a variable that indicates what we were doing | ||
| 628 | * when a 0 or -1 is returned. This is needed for | ||
| 629 | * non-blocking IO so we know what request needs re-doing when | ||
| 630 | * in SSL_accept or SSL_connect */ | ||
| 631 | int rwstate; | ||
| 632 | |||
| 633 | /* Imagine that here's a boolean member "init" that is | ||
| 634 | * switched as soon as SSL_set_{accept/connect}_state | ||
| 635 | * is called for the first time, so that "state" and | ||
| 636 | * "handshake_func" are properly initialized. But as | ||
| 637 | * handshake_func is == 0 until then, we use this | ||
| 638 | * test instead of an "init" member. | ||
| 639 | */ | ||
| 640 | |||
| 641 | int new_session;/* Generate a new session or reuse an old one. | ||
| 642 | * NB: For servers, the 'new' session may actually be a previously | ||
| 643 | * cached session or even the previous session unless | ||
| 644 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ | ||
| 645 | int quiet_shutdown;/* don't send shutdown packets */ | ||
| 646 | int shutdown; /* we have shut things down, 0x01 sent, 0x02 | ||
| 647 | * for received */ | ||
| 648 | BUF_MEM *init_buf; /* buffer used during init */ | ||
| 649 | void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ | ||
| 650 | int init_num; /* amount read/written */ | ||
| 651 | int init_off; /* amount read/written */ | ||
| 652 | |||
| 653 | /* used internally to point at a raw packet */ | ||
| 654 | unsigned char *packet; | ||
| 655 | unsigned int packet_length; | ||
| 656 | |||
| 657 | int read_ahead; /* Read as many input bytes as possible | ||
| 658 | * (for non-blocking reads) */ | ||
| 659 | |||
| 660 | int hit; /* reusing a previous session */ | ||
| 661 | |||
| 662 | /* crypto */ | ||
| 663 | STACK_OF(SSL_CIPHER) *cipher_list_by_id; | ||
| 664 | |||
| 665 | /* These are the ones being used, the ones in SSL_SESSION are | ||
| 666 | * the ones to be 'copied' into these ones */ | ||
| 667 | int mac_flags; | ||
| 668 | |||
| 669 | SSL_AEAD_CTX *aead_read_ctx; /* AEAD context. If non-NULL, then | ||
| 670 | enc_read_ctx and read_hash are | ||
| 671 | ignored. */ | ||
| 672 | |||
| 673 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ | ||
| 674 | EVP_MD_CTX *read_hash; /* used for mac generation */ | ||
| 675 | |||
| 676 | SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then | ||
| 677 | enc_write_ctx and write_hash are | ||
| 678 | ignored. */ | ||
| 679 | |||
| 680 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | ||
| 681 | EVP_MD_CTX *write_hash; /* used for mac generation */ | ||
| 682 | |||
| 683 | /* session info */ | ||
| 684 | |||
| 685 | /* extra application data */ | ||
| 686 | CRYPTO_EX_DATA ex_data; | ||
| 687 | |||
| 688 | /* client cert? */ | ||
| 689 | /* for server side, keep the list of CA_dn we can use */ | ||
| 690 | STACK_OF(X509_NAME) *client_CA; | ||
| 691 | |||
| 692 | /* set this flag to 1 and a sleep(1) is put into all SSL_read() | ||
| 693 | * and SSL_write() calls, good for nbio debuging :-) */ | ||
| 694 | int debug; | ||
| 695 | long max_cert_list; | ||
| 696 | int first_packet; | ||
| 697 | |||
| 698 | int servername_done; /* no further mod of servername | ||
| 699 | 0 : call the servername extension callback. | ||
| 700 | 1 : prepare 2, allow last ack just after in server callback. | ||
| 701 | 2 : don't call servername callback, no ack in server hello | ||
| 702 | */ | ||
| 703 | |||
| 704 | /* Expect OCSP CertificateStatus message */ | ||
| 705 | int tlsext_status_expected; | ||
| 706 | /* OCSP status request only */ | ||
| 707 | STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; | ||
| 708 | X509_EXTENSIONS *tlsext_ocsp_exts; | ||
| 709 | /* OCSP response received or to be sent */ | ||
| 710 | unsigned char *tlsext_ocsp_resp; | ||
| 711 | int tlsext_ocsp_resplen; | ||
| 712 | |||
| 713 | /* RFC4507 session ticket expected to be received or sent */ | ||
| 714 | int tlsext_ticket_expected; | ||
| 715 | size_t tlsext_ecpointformatlist_length; | ||
| 716 | uint8_t *tlsext_ecpointformatlist; /* our list */ | ||
| 717 | size_t tlsext_ellipticcurvelist_length; | ||
| 718 | uint16_t *tlsext_ellipticcurvelist; /* our list */ | ||
| 719 | |||
| 720 | /* TLS Session Ticket extension override */ | ||
| 721 | TLS_SESSION_TICKET_EXT *tlsext_session_ticket; | ||
| 722 | |||
| 723 | STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ | ||
| 724 | SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ | ||
| 725 | |||
| 726 | int renegotiate;/* 1 if we are renegotiating. | ||
| 727 | * 2 if we are a server and are inside a handshake | ||
| 728 | * (i.e. not just sending a HelloRequest) */ | ||
| 623 | } SSL_INTERNAL; | 729 | } SSL_INTERNAL; |
| 624 | 730 | ||
| 625 | typedef struct ssl3_state_internal_st { | 731 | typedef struct ssl3_state_internal_st { |