summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/ssl.h131
-rw-r--r--src/lib/libssl/ssl_locl.h127
-rw-r--r--src/lib/libssl/tls1.h10
3 files changed, 128 insertions, 140 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 2c208b098b..2a55cf0efb 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.209 2021/09/14 23:07:18 inoguchi Exp $ */ 1/* $OpenBSD: ssl.h,v 1.210 2021/10/15 16:48:46 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -357,9 +357,6 @@ extern "C" {
357 * in SSL_CTX. */ 357 * in SSL_CTX. */
358typedef struct ssl_st *ssl_crock_st; 358typedef struct ssl_st *ssl_crock_st;
359 359
360#if defined(LIBRESSL_INTERNAL)
361typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
362#endif
363typedef struct ssl_method_st SSL_METHOD; 360typedef struct ssl_method_st SSL_METHOD;
364typedef struct ssl_cipher_st SSL_CIPHER; 361typedef struct ssl_cipher_st SSL_CIPHER;
365typedef struct ssl_session_st SSL_SESSION; 362typedef struct ssl_session_st SSL_SESSION;
@@ -537,57 +534,10 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
537typedef struct ssl_comp_st SSL_COMP; 534typedef struct ssl_comp_st SSL_COMP;
538 535
539#ifdef LIBRESSL_INTERNAL 536#ifdef LIBRESSL_INTERNAL
540
541struct ssl_comp_st {
542 int id;
543 const char *name;
544};
545
546DECLARE_STACK_OF(SSL_COMP) 537DECLARE_STACK_OF(SSL_COMP)
547struct lhash_st_SSL_SESSION { 538struct lhash_st_SSL_SESSION {
548 int dummy; 539 int dummy;
549}; 540};
550
551struct ssl_ctx_internal_st;
552
553struct ssl_ctx_st {
554 const SSL_METHOD *method;
555
556 STACK_OF(SSL_CIPHER) *cipher_list;
557
558 struct x509_store_st /* X509_STORE */ *cert_store;
559
560 /* If timeout is not 0, it is the default timeout value set
561 * when SSL_new() is called. This has been put in to make
562 * life easier to set things up */
563 long session_timeout;
564
565 int references;
566
567 /* Default values to use in SSL structures follow (these are copied by SSL_new) */
568
569 STACK_OF(X509) *extra_certs;
570
571 int verify_mode;
572 unsigned int sid_ctx_length;
573 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
574
575 X509_VERIFY_PARAM *param;
576
577 /*
578 * XXX
579 * default_passwd_cb used by python and openvpn, need to keep it until we
580 * add an accessor
581 */
582 /* Default password callback. */
583 pem_password_cb *default_passwd_callback;
584
585 /* Default password callback user data. */
586 void *default_passwd_callback_userdata;
587
588 struct ssl_ctx_internal_st *internal;
589};
590
591#endif 541#endif
592 542
593#define SSL_SESS_CACHE_OFF 0x0000 543#define SSL_SESS_CACHE_OFF 0x0000
@@ -703,85 +653,6 @@ void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
703#define SSL_MAC_FLAG_READ_MAC_STREAM 1 653#define SSL_MAC_FLAG_READ_MAC_STREAM 1
704#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 654#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
705 655
706#if defined(LIBRESSL_INTERNAL)
707struct ssl_internal_st;
708
709struct ssl_st {
710 /* protocol version
711 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
712 */
713 int version;
714
715 const SSL_METHOD *method; /* SSLv3 */
716
717 /* There are 2 BIO's even though they are normally both the
718 * same. This is so data can be read and written to different
719 * handlers */
720
721 BIO *rbio; /* used by SSL_read */
722 BIO *wbio; /* used by SSL_write */
723 BIO *bbio; /* used during session-id reuse to concatenate
724 * messages */
725 int server; /* are we the server side? - mostly used by SSL_clear*/
726
727 struct ssl3_state_st *s3; /* SSLv3 variables */
728 struct dtls1_state_st *d1; /* DTLSv1 variables */
729
730 X509_VERIFY_PARAM *param;
731
732 /* crypto */
733 STACK_OF(SSL_CIPHER) *cipher_list;
734
735 /* This is used to hold the server certificate used */
736 struct cert_st /* CERT */ *cert;
737
738 /* the session_id_context is used to ensure sessions are only reused
739 * in the appropriate context */
740 unsigned int sid_ctx_length;
741 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
742
743 /* This can also be in the session once a session is established */
744 SSL_SESSION *session;
745
746 /* Used in SSL2 and SSL3 */
747 int verify_mode; /* 0 don't care about verify failure.
748 * 1 fail if verify fails */
749 int error; /* error bytes to be written */
750 int error_code; /* actual code */
751
752 SSL_CTX *ctx;
753
754 long verify_result;
755
756 int references;
757
758 int client_version; /* what was passed, used for
759 * SSLv3/TLS rollback check */
760
761 unsigned int max_send_fragment;
762
763 char *tlsext_hostname;
764
765 /* certificate status request info */
766 /* Status type or -1 if no status type */
767 int tlsext_status_type;
768
769 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
770#define session_ctx initial_ctx
771
772 /*
773 * XXX really should be internal, but is
774 * touched unnaturally by wpa-supplicant
775 * and freeradius and other perversions
776 */
777 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
778 EVP_MD_CTX *read_hash; /* used for mac generation */
779
780 struct ssl_internal_st *internal;
781};
782
783#endif
784
785#ifdef __cplusplus 656#ifdef __cplusplus
786} 657}
787#endif 658#endif
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7ff3e0713d..f102c2fc95 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.358 2021/08/30 19:25:43 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.359 2021/10/15 16:48:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -361,6 +361,11 @@ __BEGIN_HIDDEN_DECLS
361#define EXPLICIT_CHAR2_CURVE_TYPE 2 361#define EXPLICIT_CHAR2_CURVE_TYPE 2
362#define NAMED_CURVE_TYPE 3 362#define NAMED_CURVE_TYPE 3
363 363
364struct ssl_comp_st {
365 int id;
366 const char *name;
367};
368
364struct ssl_cipher_st { 369struct ssl_cipher_st {
365 int valid; 370 int valid;
366 const char *name; /* text name */ 371 const char *name; /* text name */
@@ -611,6 +616,14 @@ typedef struct ssl_handshake_st {
611 SSL_HANDSHAKE_TLS13 tls13; 616 SSL_HANDSHAKE_TLS13 tls13;
612} SSL_HANDSHAKE; 617} SSL_HANDSHAKE;
613 618
619typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
620
621/* TLS Session Ticket extension struct. */
622struct tls_session_ticket_ext_st {
623 unsigned short length;
624 void *data;
625};
626
614struct tls12_key_block; 627struct tls12_key_block;
615 628
616struct tls12_key_block *tls12_key_block_new(void); 629struct tls12_key_block *tls12_key_block_new(void);
@@ -832,6 +845,44 @@ typedef struct ssl_ctx_internal_st {
832 uint16_t *tlsext_supportedgroups; /* our list */ 845 uint16_t *tlsext_supportedgroups; /* our list */
833} SSL_CTX_INTERNAL; 846} SSL_CTX_INTERNAL;
834 847
848struct ssl_ctx_st {
849 const SSL_METHOD *method;
850
851 STACK_OF(SSL_CIPHER) *cipher_list;
852
853 struct x509_store_st /* X509_STORE */ *cert_store;
854
855 /* If timeout is not 0, it is the default timeout value set
856 * when SSL_new() is called. This has been put in to make
857 * life easier to set things up */
858 long session_timeout;
859
860 int references;
861
862 /* Default values to use in SSL structures follow (these are copied by SSL_new) */
863
864 STACK_OF(X509) *extra_certs;
865
866 int verify_mode;
867 unsigned int sid_ctx_length;
868 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
869
870 X509_VERIFY_PARAM *param;
871
872 /*
873 * XXX
874 * default_passwd_cb used by python and openvpn, need to keep it until we
875 * add an accessor
876 */
877 /* Default password callback. */
878 pem_password_cb *default_passwd_callback;
879
880 /* Default password callback user data. */
881 void *default_passwd_callback_userdata;
882
883 struct ssl_ctx_internal_st *internal;
884};
885
835typedef struct ssl_internal_st { 886typedef struct ssl_internal_st {
836 struct tls13_ctx *tls13; 887 struct tls13_ctx *tls13;
837 888
@@ -973,6 +1024,80 @@ typedef struct ssl_internal_st {
973 int empty_record_count; 1024 int empty_record_count;
974} SSL_INTERNAL; 1025} SSL_INTERNAL;
975 1026
1027struct ssl_st {
1028 /* protocol version
1029 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
1030 */
1031 int version;
1032
1033 const SSL_METHOD *method; /* SSLv3 */
1034
1035 /* There are 2 BIO's even though they are normally both the
1036 * same. This is so data can be read and written to different
1037 * handlers */
1038
1039 BIO *rbio; /* used by SSL_read */
1040 BIO *wbio; /* used by SSL_write */
1041 BIO *bbio; /* used during session-id reuse to concatenate
1042 * messages */
1043 int server; /* are we the server side? - mostly used by SSL_clear*/
1044
1045 struct ssl3_state_st *s3; /* SSLv3 variables */
1046 struct dtls1_state_st *d1; /* DTLSv1 variables */
1047
1048 X509_VERIFY_PARAM *param;
1049
1050 /* crypto */
1051 STACK_OF(SSL_CIPHER) *cipher_list;
1052
1053 /* This is used to hold the server certificate used */
1054 struct cert_st /* CERT */ *cert;
1055
1056 /* the session_id_context is used to ensure sessions are only reused
1057 * in the appropriate context */
1058 unsigned int sid_ctx_length;
1059 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
1060
1061 /* This can also be in the session once a session is established */
1062 SSL_SESSION *session;
1063
1064 /* Used in SSL2 and SSL3 */
1065 int verify_mode; /* 0 don't care about verify failure.
1066 * 1 fail if verify fails */
1067 int error; /* error bytes to be written */
1068 int error_code; /* actual code */
1069
1070 SSL_CTX *ctx;
1071
1072 long verify_result;
1073
1074 int references;
1075
1076 int client_version; /* what was passed, used for
1077 * SSLv3/TLS rollback check */
1078
1079 unsigned int max_send_fragment;
1080
1081 char *tlsext_hostname;
1082
1083 /* certificate status request info */
1084 /* Status type or -1 if no status type */
1085 int tlsext_status_type;
1086
1087 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1088#define session_ctx initial_ctx
1089
1090 /*
1091 * XXX really should be internal, but is
1092 * touched unnaturally by wpa-supplicant
1093 * and freeradius and other perversions
1094 */
1095 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
1096 EVP_MD_CTX *read_hash; /* used for mac generation */
1097
1098 struct ssl_internal_st *internal;
1099};
1100
976typedef struct ssl3_record_internal_st { 1101typedef struct ssl3_record_internal_st {
977 int type; /* type of record */ 1102 int type; /* type of record */
978 unsigned int length; /* How many bytes available */ 1103 unsigned int length; /* How many bytes available */
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index cb06a53969..90523dd0f9 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls1.h,v 1.49 2021/09/10 14:57:31 tb Exp $ */ 1/* $OpenBSD: tls1.h,v 1.50 2021/10/15 16:48:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -761,14 +761,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
761#define TLS_MD_MASTER_SECRET_CONST "master secret" 761#define TLS_MD_MASTER_SECRET_CONST "master secret"
762#define TLS_MD_MASTER_SECRET_CONST_SIZE 13 762#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
763 763
764#if defined(LIBRESSL_INTERNAL)
765/* TLS Session Ticket extension struct. */
766struct tls_session_ticket_ext_st {
767 unsigned short length;
768 void *data;
769};
770#endif
771
772#ifdef __cplusplus 764#ifdef __cplusplus
773} 765}
774#endif 766#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 07:41:06 +0000