1ebfedea0SLionel Sambuc /* ssl/ssl_locl.h */ 2ebfedea0SLionel Sambuc /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3ebfedea0SLionel Sambuc * All rights reserved. 4ebfedea0SLionel Sambuc * 5ebfedea0SLionel Sambuc * This package is an SSL implementation written 6ebfedea0SLionel Sambuc * by Eric Young (eay@cryptsoft.com). 7ebfedea0SLionel Sambuc * The implementation was written so as to conform with Netscapes SSL. 8ebfedea0SLionel Sambuc * 9ebfedea0SLionel Sambuc * This library is free for commercial and non-commercial use as long as 10ebfedea0SLionel Sambuc * the following conditions are aheared to. The following conditions 11ebfedea0SLionel Sambuc * apply to all code found in this distribution, be it the RC4, RSA, 12ebfedea0SLionel Sambuc * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13ebfedea0SLionel Sambuc * included with this distribution is covered by the same copyright terms 14ebfedea0SLionel Sambuc * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15ebfedea0SLionel Sambuc * 16ebfedea0SLionel Sambuc * Copyright remains Eric Young's, and as such any Copyright notices in 17ebfedea0SLionel Sambuc * the code are not to be removed. 18ebfedea0SLionel Sambuc * If this package is used in a product, Eric Young should be given attribution 19ebfedea0SLionel Sambuc * as the author of the parts of the library used. 20ebfedea0SLionel Sambuc * This can be in the form of a textual message at program startup or 21ebfedea0SLionel Sambuc * in documentation (online or textual) provided with the package. 22ebfedea0SLionel Sambuc * 23ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without 24ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions 25ebfedea0SLionel Sambuc * are met: 26ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the copyright 27ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer. 28ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright 29ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in the 30ebfedea0SLionel Sambuc * documentation and/or other materials provided with the distribution. 31ebfedea0SLionel Sambuc * 3. All advertising materials mentioning features or use of this software 32ebfedea0SLionel Sambuc * must display the following acknowledgement: 33ebfedea0SLionel Sambuc * "This product includes cryptographic software written by 34ebfedea0SLionel Sambuc * Eric Young (eay@cryptsoft.com)" 35ebfedea0SLionel Sambuc * The word 'cryptographic' can be left out if the rouines from the library 36ebfedea0SLionel Sambuc * being used are not cryptographic related :-). 37ebfedea0SLionel Sambuc * 4. If you include any Windows specific code (or a derivative thereof) from 38ebfedea0SLionel Sambuc * the apps directory (application code) you must include an acknowledgement: 39ebfedea0SLionel Sambuc * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40ebfedea0SLionel Sambuc * 41ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42ebfedea0SLionel Sambuc * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44ebfedea0SLionel Sambuc * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45ebfedea0SLionel Sambuc * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46ebfedea0SLionel Sambuc * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47ebfedea0SLionel Sambuc * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49ebfedea0SLionel Sambuc * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50ebfedea0SLionel Sambuc * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51ebfedea0SLionel Sambuc * SUCH DAMAGE. 52ebfedea0SLionel Sambuc * 53ebfedea0SLionel Sambuc * The licence and distribution terms for any publically available version or 54ebfedea0SLionel Sambuc * derivative of this code cannot be changed. i.e. this code cannot simply be 55ebfedea0SLionel Sambuc * copied and put under another distribution licence 56ebfedea0SLionel Sambuc * [including the GNU Public Licence.] 57ebfedea0SLionel Sambuc */ 58ebfedea0SLionel Sambuc /* ==================================================================== 59ebfedea0SLionel Sambuc * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60ebfedea0SLionel Sambuc * 61ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without 62ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions 63ebfedea0SLionel Sambuc * are met: 64ebfedea0SLionel Sambuc * 65ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright 66ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer. 67ebfedea0SLionel Sambuc * 68ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright 69ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in 70ebfedea0SLionel Sambuc * the documentation and/or other materials provided with the 71ebfedea0SLionel Sambuc * distribution. 72ebfedea0SLionel Sambuc * 73ebfedea0SLionel Sambuc * 3. All advertising materials mentioning features or use of this 74ebfedea0SLionel Sambuc * software must display the following acknowledgment: 75ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project 76ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77ebfedea0SLionel Sambuc * 78ebfedea0SLionel Sambuc * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79ebfedea0SLionel Sambuc * endorse or promote products derived from this software without 80ebfedea0SLionel Sambuc * prior written permission. For written permission, please contact 81ebfedea0SLionel Sambuc * openssl-core@openssl.org. 82ebfedea0SLionel Sambuc * 83ebfedea0SLionel Sambuc * 5. Products derived from this software may not be called "OpenSSL" 84ebfedea0SLionel Sambuc * nor may "OpenSSL" appear in their names without prior written 85ebfedea0SLionel Sambuc * permission of the OpenSSL Project. 86ebfedea0SLionel Sambuc * 87ebfedea0SLionel Sambuc * 6. Redistributions of any form whatsoever must retain the following 88ebfedea0SLionel Sambuc * acknowledgment: 89ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project 90ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91ebfedea0SLionel Sambuc * 92ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93ebfedea0SLionel Sambuc * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95ebfedea0SLionel Sambuc * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96ebfedea0SLionel Sambuc * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97ebfedea0SLionel Sambuc * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98ebfedea0SLionel Sambuc * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99ebfedea0SLionel Sambuc * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101ebfedea0SLionel Sambuc * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102ebfedea0SLionel Sambuc * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103ebfedea0SLionel Sambuc * OF THE POSSIBILITY OF SUCH DAMAGE. 104ebfedea0SLionel Sambuc * ==================================================================== 105ebfedea0SLionel Sambuc * 106ebfedea0SLionel Sambuc * This product includes cryptographic software written by Eric Young 107ebfedea0SLionel Sambuc * (eay@cryptsoft.com). This product includes software written by Tim 108ebfedea0SLionel Sambuc * Hudson (tjh@cryptsoft.com). 109ebfedea0SLionel Sambuc * 110ebfedea0SLionel Sambuc */ 111ebfedea0SLionel Sambuc /* ==================================================================== 112ebfedea0SLionel Sambuc * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113ebfedea0SLionel Sambuc * ECC cipher suite support in OpenSSL originally developed by 114ebfedea0SLionel Sambuc * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115ebfedea0SLionel Sambuc */ 116ebfedea0SLionel Sambuc /* ==================================================================== 117ebfedea0SLionel Sambuc * Copyright 2005 Nokia. All rights reserved. 118ebfedea0SLionel Sambuc * 119ebfedea0SLionel Sambuc * The portions of the attached software ("Contribution") is developed by 120ebfedea0SLionel Sambuc * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121ebfedea0SLionel Sambuc * license. 122ebfedea0SLionel Sambuc * 123ebfedea0SLionel Sambuc * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124ebfedea0SLionel Sambuc * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125ebfedea0SLionel Sambuc * support (see RFC 4279) to OpenSSL. 126ebfedea0SLionel Sambuc * 127ebfedea0SLionel Sambuc * No patent licenses or other rights except those expressly stated in 128ebfedea0SLionel Sambuc * the OpenSSL open source license shall be deemed granted or received 129ebfedea0SLionel Sambuc * expressly, by implication, estoppel, or otherwise. 130ebfedea0SLionel Sambuc * 131ebfedea0SLionel Sambuc * No assurances are provided by Nokia that the Contribution does not 132ebfedea0SLionel Sambuc * infringe the patent or other intellectual property rights of any third 133ebfedea0SLionel Sambuc * party or that the license provides you with all the necessary rights 134ebfedea0SLionel Sambuc * to make use of the Contribution. 135ebfedea0SLionel Sambuc * 136ebfedea0SLionel Sambuc * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137ebfedea0SLionel Sambuc * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138ebfedea0SLionel Sambuc * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139ebfedea0SLionel Sambuc * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140ebfedea0SLionel Sambuc * OTHERWISE. 141ebfedea0SLionel Sambuc */ 142ebfedea0SLionel Sambuc 143ebfedea0SLionel Sambuc #ifndef HEADER_SSL_LOCL_H 144ebfedea0SLionel Sambuc # define HEADER_SSL_LOCL_H 145ebfedea0SLionel Sambuc # include <stdlib.h> 146ebfedea0SLionel Sambuc # include <time.h> 147ebfedea0SLionel Sambuc # include <string.h> 148ebfedea0SLionel Sambuc # include <errno.h> 149ebfedea0SLionel Sambuc 150ebfedea0SLionel Sambuc # include "e_os.h" 151ebfedea0SLionel Sambuc 152ebfedea0SLionel Sambuc # include <openssl/buffer.h> 153ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_COMP 154ebfedea0SLionel Sambuc # include <openssl/comp.h> 155ebfedea0SLionel Sambuc # endif 156ebfedea0SLionel Sambuc # include <openssl/bio.h> 157ebfedea0SLionel Sambuc # include <openssl/stack.h> 158ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_RSA 159ebfedea0SLionel Sambuc # include <openssl/rsa.h> 160ebfedea0SLionel Sambuc # endif 161ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_DSA 162ebfedea0SLionel Sambuc # include <openssl/dsa.h> 163ebfedea0SLionel Sambuc # endif 164ebfedea0SLionel Sambuc # include <openssl/err.h> 165ebfedea0SLionel Sambuc # include <openssl/ssl.h> 166ebfedea0SLionel Sambuc # include <openssl/symhacks.h> 167ebfedea0SLionel Sambuc 168ebfedea0SLionel Sambuc # ifdef OPENSSL_BUILD_SHLIBSSL 169ebfedea0SLionel Sambuc # undef OPENSSL_EXTERN 170ebfedea0SLionel Sambuc # define OPENSSL_EXTERN OPENSSL_EXPORT 171ebfedea0SLionel Sambuc # endif 172ebfedea0SLionel Sambuc 173ebfedea0SLionel Sambuc # undef PKCS1_CHECK 174ebfedea0SLionel Sambuc 175ebfedea0SLionel Sambuc # define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ 176ebfedea0SLionel Sambuc l|=(((unsigned long)(*((c)++)))<< 8), \ 177ebfedea0SLionel Sambuc l|=(((unsigned long)(*((c)++)))<<16), \ 178ebfedea0SLionel Sambuc l|=(((unsigned long)(*((c)++)))<<24)) 179ebfedea0SLionel Sambuc 180ebfedea0SLionel Sambuc /* NOTE - c is not incremented as per c2l */ 181ebfedea0SLionel Sambuc # define c2ln(c,l1,l2,n) { \ 182ebfedea0SLionel Sambuc c+=n; \ 183ebfedea0SLionel Sambuc l1=l2=0; \ 184ebfedea0SLionel Sambuc switch (n) { \ 185ebfedea0SLionel Sambuc case 8: l2 =((unsigned long)(*(--(c))))<<24; \ 186ebfedea0SLionel Sambuc case 7: l2|=((unsigned long)(*(--(c))))<<16; \ 187ebfedea0SLionel Sambuc case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ 188ebfedea0SLionel Sambuc case 5: l2|=((unsigned long)(*(--(c)))); \ 189ebfedea0SLionel Sambuc case 4: l1 =((unsigned long)(*(--(c))))<<24; \ 190ebfedea0SLionel Sambuc case 3: l1|=((unsigned long)(*(--(c))))<<16; \ 191ebfedea0SLionel Sambuc case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ 192ebfedea0SLionel Sambuc case 1: l1|=((unsigned long)(*(--(c)))); \ 193ebfedea0SLionel Sambuc } \ 194ebfedea0SLionel Sambuc } 195ebfedea0SLionel Sambuc 196ebfedea0SLionel Sambuc # define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ 197ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 198ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 199ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>24)&0xff)) 200ebfedea0SLionel Sambuc 201ebfedea0SLionel Sambuc # define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ 202ebfedea0SLionel Sambuc l|=((unsigned long)(*((c)++)))<<16, \ 203ebfedea0SLionel Sambuc l|=((unsigned long)(*((c)++)))<< 8, \ 204ebfedea0SLionel Sambuc l|=((unsigned long)(*((c)++)))) 205ebfedea0SLionel Sambuc 206ebfedea0SLionel Sambuc # define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ 207ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 208ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 209ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l) )&0xff)) 210ebfedea0SLionel Sambuc 211ebfedea0SLionel Sambuc # define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ 212ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>32)&0xff), \ 213ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>24)&0xff), \ 214ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 215ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 216ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l) )&0xff)) 217ebfedea0SLionel Sambuc 218ebfedea0SLionel Sambuc # define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ 219ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>48)&0xff), \ 220ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>40)&0xff), \ 221ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>32)&0xff), \ 222ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>24)&0xff), \ 223ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 224ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 225ebfedea0SLionel Sambuc *((c)++)=(unsigned char)(((l) )&0xff)) 226ebfedea0SLionel Sambuc 227ebfedea0SLionel Sambuc # define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ 228ebfedea0SLionel Sambuc l|=((BN_ULLONG)(*((c)++)))<<32, \ 229ebfedea0SLionel Sambuc l|=((BN_ULLONG)(*((c)++)))<<24, \ 230ebfedea0SLionel Sambuc l|=((BN_ULLONG)(*((c)++)))<<16, \ 231ebfedea0SLionel Sambuc l|=((BN_ULLONG)(*((c)++)))<< 8, \ 232ebfedea0SLionel Sambuc l|=((BN_ULLONG)(*((c)++)))) 233ebfedea0SLionel Sambuc 234ebfedea0SLionel Sambuc /* NOTE - c is not incremented as per l2c */ 235ebfedea0SLionel Sambuc # define l2cn(l1,l2,c,n) { \ 236ebfedea0SLionel Sambuc c+=n; \ 237ebfedea0SLionel Sambuc switch (n) { \ 238ebfedea0SLionel Sambuc case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ 239ebfedea0SLionel Sambuc case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ 240ebfedea0SLionel Sambuc case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ 241ebfedea0SLionel Sambuc case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ 242ebfedea0SLionel Sambuc case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ 243ebfedea0SLionel Sambuc case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ 244ebfedea0SLionel Sambuc case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ 245ebfedea0SLionel Sambuc case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ 246ebfedea0SLionel Sambuc } \ 247ebfedea0SLionel Sambuc } 248ebfedea0SLionel Sambuc 249ebfedea0SLionel Sambuc # define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ 250ebfedea0SLionel Sambuc (((unsigned int)(c[1])) )),c+=2) 251ebfedea0SLionel Sambuc # define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ 252ebfedea0SLionel Sambuc c[1]=(unsigned char)(((s) )&0xff)),c+=2) 253ebfedea0SLionel Sambuc 254ebfedea0SLionel Sambuc # define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \ 255ebfedea0SLionel Sambuc (((unsigned long)(c[1]))<< 8)| \ 256ebfedea0SLionel Sambuc (((unsigned long)(c[2])) )),c+=3) 257ebfedea0SLionel Sambuc 258ebfedea0SLionel Sambuc # define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ 259ebfedea0SLionel Sambuc c[1]=(unsigned char)(((l)>> 8)&0xff), \ 260ebfedea0SLionel Sambuc c[2]=(unsigned char)(((l) )&0xff)),c+=3) 261ebfedea0SLionel Sambuc 262ebfedea0SLionel Sambuc /* LOCAL STUFF */ 263ebfedea0SLionel Sambuc 264ebfedea0SLionel Sambuc # define SSL_DECRYPT 0 265ebfedea0SLionel Sambuc # define SSL_ENCRYPT 1 266ebfedea0SLionel Sambuc 267ebfedea0SLionel Sambuc # define TWO_BYTE_BIT 0x80 268ebfedea0SLionel Sambuc # define SEC_ESC_BIT 0x40 269ebfedea0SLionel Sambuc # define TWO_BYTE_MASK 0x7fff 270ebfedea0SLionel Sambuc # define THREE_BYTE_MASK 0x3fff 271ebfedea0SLionel Sambuc 272ebfedea0SLionel Sambuc # define INC32(a) ((a)=((a)+1)&0xffffffffL) 273ebfedea0SLionel Sambuc # define DEC32(a) ((a)=((a)-1)&0xffffffffL) 274ebfedea0SLionel Sambuc # define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ 275ebfedea0SLionel Sambuc 276ebfedea0SLionel Sambuc /* 277ebfedea0SLionel Sambuc * Define the Bitmasks for SSL_CIPHER.algorithms. 278ebfedea0SLionel Sambuc * This bits are used packed as dense as possible. If new methods/ciphers 279ebfedea0SLionel Sambuc * etc will be added, the bits a likely to change, so this information 280ebfedea0SLionel Sambuc * is for internal library use only, even though SSL_CIPHER.algorithms 281ebfedea0SLionel Sambuc * can be publicly accessed. 282ebfedea0SLionel Sambuc * Use the according functions for cipher management instead. 283ebfedea0SLionel Sambuc * 284ebfedea0SLionel Sambuc * The bit mask handling in the selection and sorting scheme in 285ebfedea0SLionel Sambuc * ssl_create_cipher_list() has only limited capabilities, reflecting 286ebfedea0SLionel Sambuc * that the different entities within are mutually exclusive: 287ebfedea0SLionel Sambuc * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. 288ebfedea0SLionel Sambuc */ 289ebfedea0SLionel Sambuc 290ebfedea0SLionel Sambuc /* Bits for algorithm_mkey (key exchange algorithm) */ 291*0a6a1f1dSLionel Sambuc /* RSA key exchange */ 292*0a6a1f1dSLionel Sambuc # define SSL_kRSA 0x00000001L 293*0a6a1f1dSLionel Sambuc /* DH cert, RSA CA cert */ 294*0a6a1f1dSLionel Sambuc /* no such ciphersuites supported! */ 295*0a6a1f1dSLionel Sambuc # define SSL_kDHr 0x00000002L 296*0a6a1f1dSLionel Sambuc /* DH cert, DSA CA cert */ 297*0a6a1f1dSLionel Sambuc /* no such ciphersuite supported! */ 298*0a6a1f1dSLionel Sambuc # define SSL_kDHd 0x00000004L 299*0a6a1f1dSLionel Sambuc /* tmp DH key no DH cert */ 300*0a6a1f1dSLionel Sambuc # define SSL_kEDH 0x00000008L 301*0a6a1f1dSLionel Sambuc /* Kerberos5 key exchange */ 302*0a6a1f1dSLionel Sambuc # define SSL_kKRB5 0x00000010L 303*0a6a1f1dSLionel Sambuc /* ECDH cert, RSA CA cert */ 304*0a6a1f1dSLionel Sambuc # define SSL_kECDHr 0x00000020L 305*0a6a1f1dSLionel Sambuc /* ECDH cert, ECDSA CA cert */ 306*0a6a1f1dSLionel Sambuc # define SSL_kECDHe 0x00000040L 307*0a6a1f1dSLionel Sambuc /* ephemeral ECDH */ 308*0a6a1f1dSLionel Sambuc # define SSL_kEECDH 0x00000080L 309*0a6a1f1dSLionel Sambuc /* PSK */ 310*0a6a1f1dSLionel Sambuc # define SSL_kPSK 0x00000100L 311*0a6a1f1dSLionel Sambuc /* GOST key exchange */ 312*0a6a1f1dSLionel Sambuc # define SSL_kGOST 0x00000200L 313*0a6a1f1dSLionel Sambuc /* SRP */ 314*0a6a1f1dSLionel Sambuc # define SSL_kSRP 0x00000400L 315ebfedea0SLionel Sambuc 316ebfedea0SLionel Sambuc /* Bits for algorithm_auth (server authentication) */ 317*0a6a1f1dSLionel Sambuc /* RSA auth */ 318*0a6a1f1dSLionel Sambuc # define SSL_aRSA 0x00000001L 319*0a6a1f1dSLionel Sambuc /* DSS auth */ 320*0a6a1f1dSLionel Sambuc # define SSL_aDSS 0x00000002L 321*0a6a1f1dSLionel Sambuc /* no auth (i.e. use ADH or AECDH) */ 322*0a6a1f1dSLionel Sambuc # define SSL_aNULL 0x00000004L 323*0a6a1f1dSLionel Sambuc /* Fixed DH auth (kDHd or kDHr) */ 324*0a6a1f1dSLionel Sambuc /* no such ciphersuites supported! */ 325*0a6a1f1dSLionel Sambuc # define SSL_aDH 0x00000008L 326*0a6a1f1dSLionel Sambuc /* Fixed ECDH auth (kECDHe or kECDHr) */ 327*0a6a1f1dSLionel Sambuc # define SSL_aECDH 0x00000010L 328*0a6a1f1dSLionel Sambuc /* KRB5 auth */ 329*0a6a1f1dSLionel Sambuc # define SSL_aKRB5 0x00000020L 330*0a6a1f1dSLionel Sambuc /* ECDSA auth*/ 331*0a6a1f1dSLionel Sambuc # define SSL_aECDSA 0x00000040L 332*0a6a1f1dSLionel Sambuc /* PSK auth */ 333*0a6a1f1dSLionel Sambuc # define SSL_aPSK 0x00000080L 334*0a6a1f1dSLionel Sambuc /* GOST R 34.10-94 signature auth */ 335*0a6a1f1dSLionel Sambuc # define SSL_aGOST94 0x00000100L 336*0a6a1f1dSLionel Sambuc /* GOST R 34.10-2001 signature auth */ 337*0a6a1f1dSLionel Sambuc # define SSL_aGOST01 0x00000200L 338*0a6a1f1dSLionel Sambuc /* SRP auth */ 339*0a6a1f1dSLionel Sambuc # define SSL_aSRP 0x00000400L 340ebfedea0SLionel Sambuc 341ebfedea0SLionel Sambuc /* Bits for algorithm_enc (symmetric encryption) */ 342ebfedea0SLionel Sambuc # define SSL_DES 0x00000001L 343ebfedea0SLionel Sambuc # define SSL_3DES 0x00000002L 344ebfedea0SLionel Sambuc # define SSL_RC4 0x00000004L 345ebfedea0SLionel Sambuc # define SSL_RC2 0x00000008L 346ebfedea0SLionel Sambuc # define SSL_IDEA 0x00000010L 347ebfedea0SLionel Sambuc # define SSL_eNULL 0x00000020L 348ebfedea0SLionel Sambuc # define SSL_AES128 0x00000040L 349ebfedea0SLionel Sambuc # define SSL_AES256 0x00000080L 350ebfedea0SLionel Sambuc # define SSL_CAMELLIA128 0x00000100L 351ebfedea0SLionel Sambuc # define SSL_CAMELLIA256 0x00000200L 352ebfedea0SLionel Sambuc # define SSL_eGOST2814789CNT 0x00000400L 353ebfedea0SLionel Sambuc # define SSL_SEED 0x00000800L 354ebfedea0SLionel Sambuc # define SSL_AES128GCM 0x00001000L 355ebfedea0SLionel Sambuc # define SSL_AES256GCM 0x00002000L 356ebfedea0SLionel Sambuc 357ebfedea0SLionel Sambuc # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) 358ebfedea0SLionel Sambuc # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) 359ebfedea0SLionel Sambuc 360ebfedea0SLionel Sambuc /* Bits for algorithm_mac (symmetric authentication) */ 361ebfedea0SLionel Sambuc 362ebfedea0SLionel Sambuc # define SSL_MD5 0x00000001L 363ebfedea0SLionel Sambuc # define SSL_SHA1 0x00000002L 364ebfedea0SLionel Sambuc # define SSL_GOST94 0x00000004L 365ebfedea0SLionel Sambuc # define SSL_GOST89MAC 0x00000008L 366ebfedea0SLionel Sambuc # define SSL_SHA256 0x00000010L 367ebfedea0SLionel Sambuc # define SSL_SHA384 0x00000020L 368ebfedea0SLionel Sambuc /* Not a real MAC, just an indication it is part of cipher */ 369ebfedea0SLionel Sambuc # define SSL_AEAD 0x00000040L 370ebfedea0SLionel Sambuc 371ebfedea0SLionel Sambuc /* Bits for algorithm_ssl (protocol version) */ 372*0a6a1f1dSLionel Sambuc # define SSL_SSLV2 0x00000001UL 373*0a6a1f1dSLionel Sambuc # define SSL_SSLV3 0x00000002UL 374ebfedea0SLionel Sambuc # define SSL_TLSV1 SSL_SSLV3/* for now */ 375*0a6a1f1dSLionel Sambuc # define SSL_TLSV1_2 0x00000004UL 376ebfedea0SLionel Sambuc 377ebfedea0SLionel Sambuc /* Bits for algorithm2 (handshake digests and other extra flags) */ 378ebfedea0SLionel Sambuc 379ebfedea0SLionel Sambuc # define SSL_HANDSHAKE_MAC_MD5 0x10 380ebfedea0SLionel Sambuc # define SSL_HANDSHAKE_MAC_SHA 0x20 381ebfedea0SLionel Sambuc # define SSL_HANDSHAKE_MAC_GOST94 0x40 382ebfedea0SLionel Sambuc # define SSL_HANDSHAKE_MAC_SHA256 0x80 383ebfedea0SLionel Sambuc # define SSL_HANDSHAKE_MAC_SHA384 0x100 384ebfedea0SLionel Sambuc # define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) 385ebfedea0SLionel Sambuc 386*0a6a1f1dSLionel Sambuc /* 387*0a6a1f1dSLionel Sambuc * When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX make 388*0a6a1f1dSLionel Sambuc * sure to update this constant too 389*0a6a1f1dSLionel Sambuc */ 390ebfedea0SLionel Sambuc # define SSL_MAX_DIGEST 6 391ebfedea0SLionel Sambuc 392ebfedea0SLionel Sambuc # define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) 393ebfedea0SLionel Sambuc 394ebfedea0SLionel Sambuc # define TLS1_PRF_DGST_SHIFT 10 395ebfedea0SLionel Sambuc # define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) 396ebfedea0SLionel Sambuc # define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) 397ebfedea0SLionel Sambuc # define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) 398ebfedea0SLionel Sambuc # define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) 399ebfedea0SLionel Sambuc # define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) 400ebfedea0SLionel Sambuc # define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) 401ebfedea0SLionel Sambuc 402*0a6a1f1dSLionel Sambuc /* 403*0a6a1f1dSLionel Sambuc * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also 404*0a6a1f1dSLionel Sambuc * goes into algorithm2) 405*0a6a1f1dSLionel Sambuc */ 406ebfedea0SLionel Sambuc # define TLS1_STREAM_MAC 0x04 407ebfedea0SLionel Sambuc 408ebfedea0SLionel Sambuc /* 409ebfedea0SLionel Sambuc * Export and cipher strength information. For each cipher we have to decide 410ebfedea0SLionel Sambuc * whether it is exportable or not. This information is likely to change 411ebfedea0SLionel Sambuc * over time, since the export control rules are no static technical issue. 412ebfedea0SLionel Sambuc * 413ebfedea0SLionel Sambuc * Independent of the export flag the cipher strength is sorted into classes. 414ebfedea0SLionel Sambuc * SSL_EXP40 was denoting the 40bit US export limit of past times, which now 415ebfedea0SLionel Sambuc * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change 416ebfedea0SLionel Sambuc * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, 417ebfedea0SLionel Sambuc * since SSL_EXP64 could be similar to SSL_LOW. 418ebfedea0SLionel Sambuc * For this reason SSL_MICRO and SSL_MINI macros are included to widen the 419ebfedea0SLionel Sambuc * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed 420ebfedea0SLionel Sambuc * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would 421ebfedea0SLionel Sambuc * be possible. 422ebfedea0SLionel Sambuc */ 423ebfedea0SLionel Sambuc # define SSL_EXP_MASK 0x00000003L 424ebfedea0SLionel Sambuc # define SSL_STRONG_MASK 0x000001fcL 425ebfedea0SLionel Sambuc 426ebfedea0SLionel Sambuc # define SSL_NOT_EXP 0x00000001L 427ebfedea0SLionel Sambuc # define SSL_EXPORT 0x00000002L 428ebfedea0SLionel Sambuc 429ebfedea0SLionel Sambuc # define SSL_STRONG_NONE 0x00000004L 430ebfedea0SLionel Sambuc # define SSL_EXP40 0x00000008L 431ebfedea0SLionel Sambuc # define SSL_MICRO (SSL_EXP40) 432ebfedea0SLionel Sambuc # define SSL_EXP56 0x00000010L 433ebfedea0SLionel Sambuc # define SSL_MINI (SSL_EXP56) 434ebfedea0SLionel Sambuc # define SSL_LOW 0x00000020L 435ebfedea0SLionel Sambuc # define SSL_MEDIUM 0x00000040L 436ebfedea0SLionel Sambuc # define SSL_HIGH 0x00000080L 437ebfedea0SLionel Sambuc # define SSL_FIPS 0x00000100L 438ebfedea0SLionel Sambuc 439ebfedea0SLionel Sambuc /* we have used 000001ff - 23 bits left to go */ 440ebfedea0SLionel Sambuc 441*0a6a1f1dSLionel Sambuc /*- 442ebfedea0SLionel Sambuc * Macros to check the export status and cipher strength for export ciphers. 443ebfedea0SLionel Sambuc * Even though the macros for EXPORT and EXPORT40/56 have similar names, 444ebfedea0SLionel Sambuc * their meaning is different: 445ebfedea0SLionel Sambuc * *_EXPORT macros check the 'exportable' status. 446ebfedea0SLionel Sambuc * *_EXPORT40/56 macros are used to check whether a certain cipher strength 447ebfedea0SLionel Sambuc * is given. 448ebfedea0SLionel Sambuc * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct 449ebfedea0SLionel Sambuc * algorithm structure element to be passed (algorithms, algo_strength) and no 450ebfedea0SLionel Sambuc * typechecking can be done as they are all of type unsigned long, their 451ebfedea0SLionel Sambuc * direct usage is discouraged. 452ebfedea0SLionel Sambuc * Use the SSL_C_* macros instead. 453ebfedea0SLionel Sambuc */ 454ebfedea0SLionel Sambuc # define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) 455ebfedea0SLionel Sambuc # define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) 456ebfedea0SLionel Sambuc # define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) 457ebfedea0SLionel Sambuc # define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) 458ebfedea0SLionel Sambuc # define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) 459ebfedea0SLionel Sambuc # define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) 460ebfedea0SLionel Sambuc 461ebfedea0SLionel Sambuc # define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ 462ebfedea0SLionel Sambuc (a) == SSL_DES ? 8 : 7) 463ebfedea0SLionel Sambuc # define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) 464ebfedea0SLionel Sambuc # define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \ 465ebfedea0SLionel Sambuc (c)->algo_strength) 466ebfedea0SLionel Sambuc # define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) 467ebfedea0SLionel Sambuc 468ebfedea0SLionel Sambuc /* Mostly for SSLv3 */ 469ebfedea0SLionel Sambuc # define SSL_PKEY_RSA_ENC 0 470ebfedea0SLionel Sambuc # define SSL_PKEY_RSA_SIGN 1 471ebfedea0SLionel Sambuc # define SSL_PKEY_DSA_SIGN 2 472ebfedea0SLionel Sambuc # define SSL_PKEY_DH_RSA 3 473ebfedea0SLionel Sambuc # define SSL_PKEY_DH_DSA 4 474ebfedea0SLionel Sambuc # define SSL_PKEY_ECC 5 475ebfedea0SLionel Sambuc # define SSL_PKEY_GOST94 6 476ebfedea0SLionel Sambuc # define SSL_PKEY_GOST01 7 477ebfedea0SLionel Sambuc # define SSL_PKEY_NUM 8 478ebfedea0SLionel Sambuc 479*0a6a1f1dSLionel Sambuc /*- 480*0a6a1f1dSLionel Sambuc * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | 481ebfedea0SLionel Sambuc * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) 482ebfedea0SLionel Sambuc * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) 483ebfedea0SLionel Sambuc * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN 484ebfedea0SLionel Sambuc * SSL_aRSA <- RSA_ENC | RSA_SIGN 485ebfedea0SLionel Sambuc * SSL_aDSS <- DSA_SIGN 486ebfedea0SLionel Sambuc */ 487ebfedea0SLionel Sambuc 488*0a6a1f1dSLionel Sambuc /*- 489ebfedea0SLionel Sambuc #define CERT_INVALID 0 490ebfedea0SLionel Sambuc #define CERT_PUBLIC_KEY 1 491ebfedea0SLionel Sambuc #define CERT_PRIVATE_KEY 2 492ebfedea0SLionel Sambuc */ 493ebfedea0SLionel Sambuc 494ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_EC 495*0a6a1f1dSLionel Sambuc /* 496*0a6a1f1dSLionel Sambuc * From ECC-TLS draft, used in encoding the curve type in ECParameters 497ebfedea0SLionel Sambuc */ 498ebfedea0SLionel Sambuc # define EXPLICIT_PRIME_CURVE_TYPE 1 499ebfedea0SLionel Sambuc # define EXPLICIT_CHAR2_CURVE_TYPE 2 500ebfedea0SLionel Sambuc # define NAMED_CURVE_TYPE 3 501ebfedea0SLionel Sambuc # endif /* OPENSSL_NO_EC */ 502ebfedea0SLionel Sambuc 503*0a6a1f1dSLionel Sambuc typedef struct cert_pkey_st { 504ebfedea0SLionel Sambuc X509 *x509; 505ebfedea0SLionel Sambuc EVP_PKEY *privatekey; 506ebfedea0SLionel Sambuc /* Digest to use when signing */ 507ebfedea0SLionel Sambuc const EVP_MD *digest; 508ebfedea0SLionel Sambuc } CERT_PKEY; 509ebfedea0SLionel Sambuc 510*0a6a1f1dSLionel Sambuc typedef struct cert_st { 511ebfedea0SLionel Sambuc /* Current active set */ 512*0a6a1f1dSLionel Sambuc /* 513*0a6a1f1dSLionel Sambuc * ALWAYS points to an element of the pkeys array 514ebfedea0SLionel Sambuc * Probably it would make more sense to store 515*0a6a1f1dSLionel Sambuc * an index, not a pointer. 516*0a6a1f1dSLionel Sambuc */ 517*0a6a1f1dSLionel Sambuc CERT_PKEY *key; 518*0a6a1f1dSLionel Sambuc /* 519*0a6a1f1dSLionel Sambuc * The following masks are for the key and auth algorithms that are 520*0a6a1f1dSLionel Sambuc * supported by the certs below 521*0a6a1f1dSLionel Sambuc */ 522ebfedea0SLionel Sambuc int valid; 523ebfedea0SLionel Sambuc unsigned long mask_k; 524ebfedea0SLionel Sambuc unsigned long mask_a; 525ebfedea0SLionel Sambuc unsigned long export_mask_k; 526ebfedea0SLionel Sambuc unsigned long export_mask_a; 527ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_RSA 528ebfedea0SLionel Sambuc RSA *rsa_tmp; 529ebfedea0SLionel Sambuc RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize); 530ebfedea0SLionel Sambuc # endif 531ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_DH 532ebfedea0SLionel Sambuc DH *dh_tmp; 533ebfedea0SLionel Sambuc DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); 534ebfedea0SLionel Sambuc # endif 535ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_ECDH 536ebfedea0SLionel Sambuc EC_KEY *ecdh_tmp; 537ebfedea0SLionel Sambuc /* Callback for generating ephemeral ECDH keys */ 538ebfedea0SLionel Sambuc EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize); 539ebfedea0SLionel Sambuc # endif 540ebfedea0SLionel Sambuc CERT_PKEY pkeys[SSL_PKEY_NUM]; 541ebfedea0SLionel Sambuc int references; /* >1 only if SSL_copy_session_id is used */ 542ebfedea0SLionel Sambuc } CERT; 543ebfedea0SLionel Sambuc 544*0a6a1f1dSLionel Sambuc typedef struct sess_cert_st { 545ebfedea0SLionel Sambuc STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ 546ebfedea0SLionel Sambuc /* The 'peer_...' members are used only by clients. */ 547ebfedea0SLionel Sambuc int peer_cert_type; 548*0a6a1f1dSLionel Sambuc CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never 549*0a6a1f1dSLionel Sambuc * NULL!) */ 550ebfedea0SLionel Sambuc CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; 551*0a6a1f1dSLionel Sambuc /* 552*0a6a1f1dSLionel Sambuc * Obviously we don't have the private keys of these, so maybe we 553*0a6a1f1dSLionel Sambuc * shouldn't even use the CERT_PKEY type here. 554*0a6a1f1dSLionel Sambuc */ 555ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_RSA 556ebfedea0SLionel Sambuc RSA *peer_rsa_tmp; /* not used for SSL 2 */ 557ebfedea0SLionel Sambuc # endif 558ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_DH 559ebfedea0SLionel Sambuc DH *peer_dh_tmp; /* not used for SSL 2 */ 560ebfedea0SLionel Sambuc # endif 561ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_ECDH 562ebfedea0SLionel Sambuc EC_KEY *peer_ecdh_tmp; 563ebfedea0SLionel Sambuc # endif 564ebfedea0SLionel Sambuc int references; /* actually always 1 at the moment */ 565ebfedea0SLionel Sambuc } SESS_CERT; 566ebfedea0SLionel Sambuc 567*0a6a1f1dSLionel Sambuc /* 568*0a6a1f1dSLionel Sambuc * #define MAC_DEBUG 569*0a6a1f1dSLionel Sambuc */ 570ebfedea0SLionel Sambuc 571*0a6a1f1dSLionel Sambuc /* 572*0a6a1f1dSLionel Sambuc * #define ERR_DEBUG 573*0a6a1f1dSLionel Sambuc */ 574*0a6a1f1dSLionel Sambuc /* 575*0a6a1f1dSLionel Sambuc * #define ABORT_DEBUG 576*0a6a1f1dSLionel Sambuc */ 577*0a6a1f1dSLionel Sambuc /* 578*0a6a1f1dSLionel Sambuc * #define PKT_DEBUG 1 579*0a6a1f1dSLionel Sambuc */ 580*0a6a1f1dSLionel Sambuc /* 581*0a6a1f1dSLionel Sambuc * #define DES_DEBUG 582*0a6a1f1dSLionel Sambuc */ 583*0a6a1f1dSLionel Sambuc /* 584*0a6a1f1dSLionel Sambuc * #define DES_OFB_DEBUG 585*0a6a1f1dSLionel Sambuc */ 586*0a6a1f1dSLionel Sambuc /* 587*0a6a1f1dSLionel Sambuc * #define SSL_DEBUG 588*0a6a1f1dSLionel Sambuc */ 589*0a6a1f1dSLionel Sambuc /* 590*0a6a1f1dSLionel Sambuc * #define RSA_DEBUG 591*0a6a1f1dSLionel Sambuc */ 592*0a6a1f1dSLionel Sambuc /* 593*0a6a1f1dSLionel Sambuc * #define IDEA_DEBUG 594*0a6a1f1dSLionel Sambuc */ 595ebfedea0SLionel Sambuc 596ebfedea0SLionel Sambuc # define FP_ICC (int (*)(const void *,const void *)) 597ebfedea0SLionel Sambuc # define ssl_put_cipher_by_char(ssl,ciph,ptr) \ 598ebfedea0SLionel Sambuc ((ssl)->method->put_cipher_by_char((ciph),(ptr))) 599ebfedea0SLionel Sambuc # define ssl_get_cipher_by_char(ssl,ptr) \ 600ebfedea0SLionel Sambuc ((ssl)->method->get_cipher_by_char(ptr)) 601ebfedea0SLionel Sambuc 602*0a6a1f1dSLionel Sambuc /* 603*0a6a1f1dSLionel Sambuc * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit 604*0a6a1f1dSLionel Sambuc * of a mess of functions, but hell, think of it as an opaque structure :-) 605*0a6a1f1dSLionel Sambuc */ 606*0a6a1f1dSLionel Sambuc typedef struct ssl3_enc_method { 607ebfedea0SLionel Sambuc int (*enc) (SSL *, int); 608ebfedea0SLionel Sambuc int (*mac) (SSL *, unsigned char *, int); 609ebfedea0SLionel Sambuc int (*setup_key_block) (SSL *); 610*0a6a1f1dSLionel Sambuc int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *, 611*0a6a1f1dSLionel Sambuc int); 612ebfedea0SLionel Sambuc int (*change_cipher_state) (SSL *, int); 613ebfedea0SLionel Sambuc int (*final_finish_mac) (SSL *, const char *, int, unsigned char *); 614ebfedea0SLionel Sambuc int finish_mac_length; 615ebfedea0SLionel Sambuc int (*cert_verify_mac) (SSL *, int, unsigned char *); 616ebfedea0SLionel Sambuc const char *client_finished_label; 617ebfedea0SLionel Sambuc int client_finished_label_len; 618ebfedea0SLionel Sambuc const char *server_finished_label; 619ebfedea0SLionel Sambuc int server_finished_label_len; 620ebfedea0SLionel Sambuc int (*alert_value) (int); 621ebfedea0SLionel Sambuc int (*export_keying_material) (SSL *, unsigned char *, size_t, 622ebfedea0SLionel Sambuc const char *, size_t, 623ebfedea0SLionel Sambuc const unsigned char *, size_t, 624ebfedea0SLionel Sambuc int use_context); 625ebfedea0SLionel Sambuc } SSL3_ENC_METHOD; 626ebfedea0SLionel Sambuc 627ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_COMP 628ebfedea0SLionel Sambuc /* Used for holding the relevant compression methods loaded into SSL_CTX */ 629*0a6a1f1dSLionel Sambuc typedef struct ssl3_comp_st { 630*0a6a1f1dSLionel Sambuc int comp_id; /* The identifier byte for this compression 631*0a6a1f1dSLionel Sambuc * type */ 632ebfedea0SLionel Sambuc char *name; /* Text name used for the compression type */ 633ebfedea0SLionel Sambuc COMP_METHOD *method; /* The method :-) */ 634ebfedea0SLionel Sambuc } SSL3_COMP; 635ebfedea0SLionel Sambuc # endif 636ebfedea0SLionel Sambuc 637ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_BUF_FREELISTS 638*0a6a1f1dSLionel Sambuc typedef struct ssl3_buf_freelist_st { 639ebfedea0SLionel Sambuc size_t chunklen; 640ebfedea0SLionel Sambuc unsigned int len; 641ebfedea0SLionel Sambuc struct ssl3_buf_freelist_entry_st *head; 642ebfedea0SLionel Sambuc } SSL3_BUF_FREELIST; 643ebfedea0SLionel Sambuc 644*0a6a1f1dSLionel Sambuc typedef struct ssl3_buf_freelist_entry_st { 645ebfedea0SLionel Sambuc struct ssl3_buf_freelist_entry_st *next; 646ebfedea0SLionel Sambuc } SSL3_BUF_FREELIST_ENTRY; 647ebfedea0SLionel Sambuc # endif 648ebfedea0SLionel Sambuc 649ebfedea0SLionel Sambuc extern SSL3_ENC_METHOD ssl3_undef_enc_method; 650ebfedea0SLionel Sambuc OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[]; 651ebfedea0SLionel Sambuc OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; 652ebfedea0SLionel Sambuc 653ebfedea0SLionel Sambuc SSL_METHOD *ssl_bad_method(int ver); 654ebfedea0SLionel Sambuc 655ebfedea0SLionel Sambuc extern SSL3_ENC_METHOD TLSv1_enc_data; 656ebfedea0SLionel Sambuc extern SSL3_ENC_METHOD SSLv3_enc_data; 657ebfedea0SLionel Sambuc extern SSL3_ENC_METHOD DTLSv1_enc_data; 658ebfedea0SLionel Sambuc 659*0a6a1f1dSLionel Sambuc # define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) 660*0a6a1f1dSLionel Sambuc 661ebfedea0SLionel Sambuc # define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ 662ebfedea0SLionel Sambuc s_get_meth) \ 663ebfedea0SLionel Sambuc const SSL_METHOD *func_name(void) \ 664ebfedea0SLionel Sambuc { \ 665ebfedea0SLionel Sambuc static const SSL_METHOD func_name##_data= { \ 666ebfedea0SLionel Sambuc version, \ 667ebfedea0SLionel Sambuc tls1_new, \ 668ebfedea0SLionel Sambuc tls1_clear, \ 669ebfedea0SLionel Sambuc tls1_free, \ 670ebfedea0SLionel Sambuc s_accept, \ 671ebfedea0SLionel Sambuc s_connect, \ 672ebfedea0SLionel Sambuc ssl3_read, \ 673ebfedea0SLionel Sambuc ssl3_peek, \ 674ebfedea0SLionel Sambuc ssl3_write, \ 675ebfedea0SLionel Sambuc ssl3_shutdown, \ 676ebfedea0SLionel Sambuc ssl3_renegotiate, \ 677ebfedea0SLionel Sambuc ssl3_renegotiate_check, \ 678ebfedea0SLionel Sambuc ssl3_get_message, \ 679ebfedea0SLionel Sambuc ssl3_read_bytes, \ 680ebfedea0SLionel Sambuc ssl3_write_bytes, \ 681ebfedea0SLionel Sambuc ssl3_dispatch_alert, \ 682ebfedea0SLionel Sambuc ssl3_ctrl, \ 683ebfedea0SLionel Sambuc ssl3_ctx_ctrl, \ 684ebfedea0SLionel Sambuc ssl3_get_cipher_by_char, \ 685ebfedea0SLionel Sambuc ssl3_put_cipher_by_char, \ 686ebfedea0SLionel Sambuc ssl3_pending, \ 687ebfedea0SLionel Sambuc ssl3_num_ciphers, \ 688ebfedea0SLionel Sambuc ssl3_get_cipher, \ 689ebfedea0SLionel Sambuc s_get_meth, \ 690ebfedea0SLionel Sambuc tls1_default_timeout, \ 691ebfedea0SLionel Sambuc &TLSv1_enc_data, \ 692ebfedea0SLionel Sambuc ssl_undefined_void_function, \ 693ebfedea0SLionel Sambuc ssl3_callback_ctrl, \ 694ebfedea0SLionel Sambuc ssl3_ctx_callback_ctrl, \ 695ebfedea0SLionel Sambuc }; \ 696ebfedea0SLionel Sambuc return &func_name##_data; \ 697ebfedea0SLionel Sambuc } 698ebfedea0SLionel Sambuc 699ebfedea0SLionel Sambuc # define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 700ebfedea0SLionel Sambuc const SSL_METHOD *func_name(void) \ 701ebfedea0SLionel Sambuc { \ 702ebfedea0SLionel Sambuc static const SSL_METHOD func_name##_data= { \ 703ebfedea0SLionel Sambuc SSL3_VERSION, \ 704ebfedea0SLionel Sambuc ssl3_new, \ 705ebfedea0SLionel Sambuc ssl3_clear, \ 706ebfedea0SLionel Sambuc ssl3_free, \ 707ebfedea0SLionel Sambuc s_accept, \ 708ebfedea0SLionel Sambuc s_connect, \ 709ebfedea0SLionel Sambuc ssl3_read, \ 710ebfedea0SLionel Sambuc ssl3_peek, \ 711ebfedea0SLionel Sambuc ssl3_write, \ 712ebfedea0SLionel Sambuc ssl3_shutdown, \ 713ebfedea0SLionel Sambuc ssl3_renegotiate, \ 714ebfedea0SLionel Sambuc ssl3_renegotiate_check, \ 715ebfedea0SLionel Sambuc ssl3_get_message, \ 716ebfedea0SLionel Sambuc ssl3_read_bytes, \ 717ebfedea0SLionel Sambuc ssl3_write_bytes, \ 718ebfedea0SLionel Sambuc ssl3_dispatch_alert, \ 719ebfedea0SLionel Sambuc ssl3_ctrl, \ 720ebfedea0SLionel Sambuc ssl3_ctx_ctrl, \ 721ebfedea0SLionel Sambuc ssl3_get_cipher_by_char, \ 722ebfedea0SLionel Sambuc ssl3_put_cipher_by_char, \ 723ebfedea0SLionel Sambuc ssl3_pending, \ 724ebfedea0SLionel Sambuc ssl3_num_ciphers, \ 725ebfedea0SLionel Sambuc ssl3_get_cipher, \ 726ebfedea0SLionel Sambuc s_get_meth, \ 727ebfedea0SLionel Sambuc ssl3_default_timeout, \ 728ebfedea0SLionel Sambuc &SSLv3_enc_data, \ 729ebfedea0SLionel Sambuc ssl_undefined_void_function, \ 730ebfedea0SLionel Sambuc ssl3_callback_ctrl, \ 731ebfedea0SLionel Sambuc ssl3_ctx_callback_ctrl, \ 732ebfedea0SLionel Sambuc }; \ 733ebfedea0SLionel Sambuc return &func_name##_data; \ 734ebfedea0SLionel Sambuc } 735ebfedea0SLionel Sambuc 736ebfedea0SLionel Sambuc # define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 737ebfedea0SLionel Sambuc const SSL_METHOD *func_name(void) \ 738ebfedea0SLionel Sambuc { \ 739ebfedea0SLionel Sambuc static const SSL_METHOD func_name##_data= { \ 740ebfedea0SLionel Sambuc TLS1_2_VERSION, \ 741ebfedea0SLionel Sambuc tls1_new, \ 742ebfedea0SLionel Sambuc tls1_clear, \ 743ebfedea0SLionel Sambuc tls1_free, \ 744ebfedea0SLionel Sambuc s_accept, \ 745ebfedea0SLionel Sambuc s_connect, \ 746ebfedea0SLionel Sambuc ssl23_read, \ 747ebfedea0SLionel Sambuc ssl23_peek, \ 748ebfedea0SLionel Sambuc ssl23_write, \ 749ebfedea0SLionel Sambuc ssl_undefined_function, \ 750ebfedea0SLionel Sambuc ssl_undefined_function, \ 751ebfedea0SLionel Sambuc ssl_ok, \ 752ebfedea0SLionel Sambuc ssl3_get_message, \ 753ebfedea0SLionel Sambuc ssl3_read_bytes, \ 754ebfedea0SLionel Sambuc ssl3_write_bytes, \ 755ebfedea0SLionel Sambuc ssl3_dispatch_alert, \ 756ebfedea0SLionel Sambuc ssl3_ctrl, \ 757ebfedea0SLionel Sambuc ssl3_ctx_ctrl, \ 758ebfedea0SLionel Sambuc ssl23_get_cipher_by_char, \ 759ebfedea0SLionel Sambuc ssl23_put_cipher_by_char, \ 760ebfedea0SLionel Sambuc ssl_undefined_const_function, \ 761ebfedea0SLionel Sambuc ssl23_num_ciphers, \ 762ebfedea0SLionel Sambuc ssl23_get_cipher, \ 763ebfedea0SLionel Sambuc s_get_meth, \ 764ebfedea0SLionel Sambuc ssl23_default_timeout, \ 765ebfedea0SLionel Sambuc &ssl3_undef_enc_method, \ 766ebfedea0SLionel Sambuc ssl_undefined_void_function, \ 767ebfedea0SLionel Sambuc ssl3_callback_ctrl, \ 768ebfedea0SLionel Sambuc ssl3_ctx_callback_ctrl, \ 769ebfedea0SLionel Sambuc }; \ 770ebfedea0SLionel Sambuc return &func_name##_data; \ 771ebfedea0SLionel Sambuc } 772ebfedea0SLionel Sambuc 773ebfedea0SLionel Sambuc # define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 774ebfedea0SLionel Sambuc const SSL_METHOD *func_name(void) \ 775ebfedea0SLionel Sambuc { \ 776ebfedea0SLionel Sambuc static const SSL_METHOD func_name##_data= { \ 777ebfedea0SLionel Sambuc SSL2_VERSION, \ 778ebfedea0SLionel Sambuc ssl2_new, /* local */ \ 779ebfedea0SLionel Sambuc ssl2_clear, /* local */ \ 780ebfedea0SLionel Sambuc ssl2_free, /* local */ \ 781ebfedea0SLionel Sambuc s_accept, \ 782ebfedea0SLionel Sambuc s_connect, \ 783ebfedea0SLionel Sambuc ssl2_read, \ 784ebfedea0SLionel Sambuc ssl2_peek, \ 785ebfedea0SLionel Sambuc ssl2_write, \ 786ebfedea0SLionel Sambuc ssl2_shutdown, \ 787ebfedea0SLionel Sambuc ssl_ok, /* NULL - renegotiate */ \ 788ebfedea0SLionel Sambuc ssl_ok, /* NULL - check renegotiate */ \ 789ebfedea0SLionel Sambuc NULL, /* NULL - ssl_get_message */ \ 790ebfedea0SLionel Sambuc NULL, /* NULL - ssl_get_record */ \ 791ebfedea0SLionel Sambuc NULL, /* NULL - ssl_write_bytes */ \ 792ebfedea0SLionel Sambuc NULL, /* NULL - dispatch_alert */ \ 793ebfedea0SLionel Sambuc ssl2_ctrl, /* local */ \ 794ebfedea0SLionel Sambuc ssl2_ctx_ctrl, /* local */ \ 795ebfedea0SLionel Sambuc ssl2_get_cipher_by_char, \ 796ebfedea0SLionel Sambuc ssl2_put_cipher_by_char, \ 797ebfedea0SLionel Sambuc ssl2_pending, \ 798ebfedea0SLionel Sambuc ssl2_num_ciphers, \ 799ebfedea0SLionel Sambuc ssl2_get_cipher, \ 800ebfedea0SLionel Sambuc s_get_meth, \ 801ebfedea0SLionel Sambuc ssl2_default_timeout, \ 802ebfedea0SLionel Sambuc &ssl3_undef_enc_method, \ 803ebfedea0SLionel Sambuc ssl_undefined_void_function, \ 804ebfedea0SLionel Sambuc ssl2_callback_ctrl, /* local */ \ 805ebfedea0SLionel Sambuc ssl2_ctx_callback_ctrl, /* local */ \ 806ebfedea0SLionel Sambuc }; \ 807ebfedea0SLionel Sambuc return &func_name##_data; \ 808ebfedea0SLionel Sambuc } 809ebfedea0SLionel Sambuc 810ebfedea0SLionel Sambuc # define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 811ebfedea0SLionel Sambuc const SSL_METHOD *func_name(void) \ 812ebfedea0SLionel Sambuc { \ 813ebfedea0SLionel Sambuc static const SSL_METHOD func_name##_data= { \ 814ebfedea0SLionel Sambuc DTLS1_VERSION, \ 815ebfedea0SLionel Sambuc dtls1_new, \ 816ebfedea0SLionel Sambuc dtls1_clear, \ 817ebfedea0SLionel Sambuc dtls1_free, \ 818ebfedea0SLionel Sambuc s_accept, \ 819ebfedea0SLionel Sambuc s_connect, \ 820ebfedea0SLionel Sambuc ssl3_read, \ 821ebfedea0SLionel Sambuc ssl3_peek, \ 822ebfedea0SLionel Sambuc ssl3_write, \ 823ebfedea0SLionel Sambuc dtls1_shutdown, \ 824ebfedea0SLionel Sambuc ssl3_renegotiate, \ 825ebfedea0SLionel Sambuc ssl3_renegotiate_check, \ 826ebfedea0SLionel Sambuc dtls1_get_message, \ 827ebfedea0SLionel Sambuc dtls1_read_bytes, \ 828ebfedea0SLionel Sambuc dtls1_write_app_data_bytes, \ 829ebfedea0SLionel Sambuc dtls1_dispatch_alert, \ 830ebfedea0SLionel Sambuc dtls1_ctrl, \ 831ebfedea0SLionel Sambuc ssl3_ctx_ctrl, \ 832ebfedea0SLionel Sambuc ssl3_get_cipher_by_char, \ 833ebfedea0SLionel Sambuc ssl3_put_cipher_by_char, \ 834ebfedea0SLionel Sambuc ssl3_pending, \ 835ebfedea0SLionel Sambuc ssl3_num_ciphers, \ 836ebfedea0SLionel Sambuc dtls1_get_cipher, \ 837ebfedea0SLionel Sambuc s_get_meth, \ 838ebfedea0SLionel Sambuc dtls1_default_timeout, \ 839ebfedea0SLionel Sambuc &DTLSv1_enc_data, \ 840ebfedea0SLionel Sambuc ssl_undefined_void_function, \ 841ebfedea0SLionel Sambuc ssl3_callback_ctrl, \ 842ebfedea0SLionel Sambuc ssl3_ctx_callback_ctrl, \ 843ebfedea0SLionel Sambuc }; \ 844ebfedea0SLionel Sambuc return &func_name##_data; \ 845ebfedea0SLionel Sambuc } 846ebfedea0SLionel Sambuc 847*0a6a1f1dSLionel Sambuc struct openssl_ssl_test_functions { 848*0a6a1f1dSLionel Sambuc int (*p_ssl_init_wbio_buffer) (SSL *s, int push); 849*0a6a1f1dSLionel Sambuc int (*p_ssl3_setup_buffers) (SSL *s); 850*0a6a1f1dSLionel Sambuc int (*p_tls1_process_heartbeat) (SSL *s); 851*0a6a1f1dSLionel Sambuc int (*p_dtls1_process_heartbeat) (SSL *s); 852*0a6a1f1dSLionel Sambuc }; 853*0a6a1f1dSLionel Sambuc 854*0a6a1f1dSLionel Sambuc # ifndef OPENSSL_UNIT_TEST 855*0a6a1f1dSLionel Sambuc 856ebfedea0SLionel Sambuc void ssl_clear_cipher_ctx(SSL *s); 857ebfedea0SLionel Sambuc int ssl_clear_bad_session(SSL *s); 858ebfedea0SLionel Sambuc CERT *ssl_cert_new(void); 859ebfedea0SLionel Sambuc CERT *ssl_cert_dup(CERT *cert); 860ebfedea0SLionel Sambuc int ssl_cert_inst(CERT **o); 861ebfedea0SLionel Sambuc void ssl_cert_free(CERT *c); 862ebfedea0SLionel Sambuc SESS_CERT *ssl_sess_cert_new(void); 863ebfedea0SLionel Sambuc void ssl_sess_cert_free(SESS_CERT *sc); 864ebfedea0SLionel Sambuc int ssl_set_peer_cert_type(SESS_CERT *c, int type); 865ebfedea0SLionel Sambuc int ssl_get_new_session(SSL *s, int session); 866*0a6a1f1dSLionel Sambuc int ssl_get_prev_session(SSL *s, unsigned char *session, int len, 867*0a6a1f1dSLionel Sambuc const unsigned char *limit); 868*0a6a1f1dSLionel Sambuc SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); 869ebfedea0SLionel Sambuc int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); 870*0a6a1f1dSLionel Sambuc DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); 871ebfedea0SLionel Sambuc int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, 872ebfedea0SLionel Sambuc const SSL_CIPHER *const *bp); 873*0a6a1f1dSLionel Sambuc STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, 874*0a6a1f1dSLionel Sambuc int num, 875ebfedea0SLionel Sambuc STACK_OF(SSL_CIPHER) **skp); 876*0a6a1f1dSLionel Sambuc int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, 877*0a6a1f1dSLionel Sambuc unsigned char *p, 878*0a6a1f1dSLionel Sambuc int (*put_cb) (const SSL_CIPHER *, 879*0a6a1f1dSLionel Sambuc unsigned char *)); 880ebfedea0SLionel Sambuc STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, 881ebfedea0SLionel Sambuc STACK_OF(SSL_CIPHER) **pref, 882ebfedea0SLionel Sambuc STACK_OF(SSL_CIPHER) **sorted, 883ebfedea0SLionel Sambuc const char *rule_str); 884ebfedea0SLionel Sambuc void ssl_update_cache(SSL *s, int mode); 885ebfedea0SLionel Sambuc int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 886*0a6a1f1dSLionel Sambuc const EVP_MD **md, int *mac_pkey_type, 887*0a6a1f1dSLionel Sambuc int *mac_secret_size, SSL_COMP **comp); 888ebfedea0SLionel Sambuc int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md); 889ebfedea0SLionel Sambuc int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); 890ebfedea0SLionel Sambuc int ssl_undefined_function(SSL *s); 891ebfedea0SLionel Sambuc int ssl_undefined_void_function(void); 892ebfedea0SLionel Sambuc int ssl_undefined_const_function(const SSL *s); 893ebfedea0SLionel Sambuc CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); 894ebfedea0SLionel Sambuc X509 *ssl_get_server_send_cert(const SSL *); 895ebfedea0SLionel Sambuc EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd); 896ebfedea0SLionel Sambuc int ssl_cert_type(X509 *x, EVP_PKEY *pkey); 897ebfedea0SLionel Sambuc void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); 898ebfedea0SLionel Sambuc STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); 899ebfedea0SLionel Sambuc int ssl_verify_alarm_type(long type); 900ebfedea0SLionel Sambuc void ssl_load_ciphers(void); 901*0a6a1f1dSLionel Sambuc int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); 902ebfedea0SLionel Sambuc 903ebfedea0SLionel Sambuc int ssl2_enc_init(SSL *s, int client); 904ebfedea0SLionel Sambuc int ssl2_generate_key_material(SSL *s); 905*0a6a1f1dSLionel Sambuc int ssl2_enc(SSL *s, int send_data); 906ebfedea0SLionel Sambuc void ssl2_mac(SSL *s, unsigned char *mac, int send_data); 907ebfedea0SLionel Sambuc const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); 908ebfedea0SLionel Sambuc int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); 909ebfedea0SLionel Sambuc int ssl2_part_read(SSL *s, unsigned long f, int i); 910ebfedea0SLionel Sambuc int ssl2_do_write(SSL *s); 911*0a6a1f1dSLionel Sambuc int ssl2_set_certificate(SSL *s, int type, int len, 912*0a6a1f1dSLionel Sambuc const unsigned char *data); 913ebfedea0SLionel Sambuc void ssl2_return_error(SSL *s, int reason); 914ebfedea0SLionel Sambuc void ssl2_write_error(SSL *s); 915ebfedea0SLionel Sambuc int ssl2_num_ciphers(void); 916ebfedea0SLionel Sambuc const SSL_CIPHER *ssl2_get_cipher(unsigned int u); 917ebfedea0SLionel Sambuc int ssl2_new(SSL *s); 918ebfedea0SLionel Sambuc void ssl2_free(SSL *s); 919ebfedea0SLionel Sambuc int ssl2_accept(SSL *s); 920ebfedea0SLionel Sambuc int ssl2_connect(SSL *s); 921ebfedea0SLionel Sambuc int ssl2_read(SSL *s, void *buf, int len); 922ebfedea0SLionel Sambuc int ssl2_peek(SSL *s, void *buf, int len); 923ebfedea0SLionel Sambuc int ssl2_write(SSL *s, const void *buf, int len); 924ebfedea0SLionel Sambuc int ssl2_shutdown(SSL *s); 925ebfedea0SLionel Sambuc void ssl2_clear(SSL *s); 926ebfedea0SLionel Sambuc long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg); 927ebfedea0SLionel Sambuc long ssl2_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); 928ebfedea0SLionel Sambuc long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); 929ebfedea0SLionel Sambuc long ssl2_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)); 930ebfedea0SLionel Sambuc int ssl2_pending(const SSL *s); 931ebfedea0SLionel Sambuc long ssl2_default_timeout(void); 932ebfedea0SLionel Sambuc 933ebfedea0SLionel Sambuc const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); 934ebfedea0SLionel Sambuc int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); 935ebfedea0SLionel Sambuc void ssl3_init_finished_mac(SSL *s); 936ebfedea0SLionel Sambuc int ssl3_send_server_certificate(SSL *s); 937ebfedea0SLionel Sambuc int ssl3_send_newsession_ticket(SSL *s); 938ebfedea0SLionel Sambuc int ssl3_send_cert_status(SSL *s); 939ebfedea0SLionel Sambuc int ssl3_get_finished(SSL *s, int state_a, int state_b); 940ebfedea0SLionel Sambuc int ssl3_setup_key_block(SSL *s); 941ebfedea0SLionel Sambuc int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b); 942ebfedea0SLionel Sambuc int ssl3_change_cipher_state(SSL *s, int which); 943ebfedea0SLionel Sambuc void ssl3_cleanup_key_block(SSL *s); 944ebfedea0SLionel Sambuc int ssl3_do_write(SSL *s, int type); 945ebfedea0SLionel Sambuc int ssl3_send_alert(SSL *s, int level, int desc); 946ebfedea0SLionel Sambuc int ssl3_generate_master_secret(SSL *s, unsigned char *out, 947ebfedea0SLionel Sambuc unsigned char *p, int len); 948ebfedea0SLionel Sambuc int ssl3_get_req_cert_type(SSL *s, unsigned char *p); 949ebfedea0SLionel Sambuc long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 950ebfedea0SLionel Sambuc int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); 951ebfedea0SLionel Sambuc int ssl3_num_ciphers(void); 952ebfedea0SLionel Sambuc const SSL_CIPHER *ssl3_get_cipher(unsigned int u); 953ebfedea0SLionel Sambuc int ssl3_renegotiate(SSL *ssl); 954ebfedea0SLionel Sambuc int ssl3_renegotiate_check(SSL *ssl); 955ebfedea0SLionel Sambuc int ssl3_dispatch_alert(SSL *s); 956ebfedea0SLionel Sambuc int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); 957ebfedea0SLionel Sambuc int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); 958*0a6a1f1dSLionel Sambuc int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, 959*0a6a1f1dSLionel Sambuc unsigned char *p); 960ebfedea0SLionel Sambuc int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); 961ebfedea0SLionel Sambuc void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); 962ebfedea0SLionel Sambuc int ssl3_enc(SSL *s, int send_data); 963ebfedea0SLionel Sambuc int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); 964ebfedea0SLionel Sambuc void ssl3_free_digest_list(SSL *s); 965ebfedea0SLionel Sambuc unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); 966ebfedea0SLionel Sambuc SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, 967ebfedea0SLionel Sambuc STACK_OF(SSL_CIPHER) *srvr); 968ebfedea0SLionel Sambuc int ssl3_setup_buffers(SSL *s); 969ebfedea0SLionel Sambuc int ssl3_setup_read_buffer(SSL *s); 970ebfedea0SLionel Sambuc int ssl3_setup_write_buffer(SSL *s); 971ebfedea0SLionel Sambuc int ssl3_release_read_buffer(SSL *s); 972ebfedea0SLionel Sambuc int ssl3_release_write_buffer(SSL *s); 973ebfedea0SLionel Sambuc int ssl3_digest_cached_records(SSL *s); 974ebfedea0SLionel Sambuc int ssl3_new(SSL *s); 975ebfedea0SLionel Sambuc void ssl3_free(SSL *s); 976ebfedea0SLionel Sambuc int ssl3_accept(SSL *s); 977ebfedea0SLionel Sambuc int ssl3_connect(SSL *s); 978ebfedea0SLionel Sambuc int ssl3_read(SSL *s, void *buf, int len); 979ebfedea0SLionel Sambuc int ssl3_peek(SSL *s, void *buf, int len); 980ebfedea0SLionel Sambuc int ssl3_write(SSL *s, const void *buf, int len); 981ebfedea0SLionel Sambuc int ssl3_shutdown(SSL *s); 982ebfedea0SLionel Sambuc void ssl3_clear(SSL *s); 983ebfedea0SLionel Sambuc long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); 984ebfedea0SLionel Sambuc long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); 985ebfedea0SLionel Sambuc long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); 986ebfedea0SLionel Sambuc long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)); 987ebfedea0SLionel Sambuc int ssl3_pending(const SSL *s); 988ebfedea0SLionel Sambuc 989ebfedea0SLionel Sambuc void ssl3_record_sequence_update(unsigned char *seq); 990ebfedea0SLionel Sambuc int ssl3_do_change_cipher_spec(SSL *ssl); 991ebfedea0SLionel Sambuc long ssl3_default_timeout(void); 992ebfedea0SLionel Sambuc 993ebfedea0SLionel Sambuc int ssl23_num_ciphers(void); 994ebfedea0SLionel Sambuc const SSL_CIPHER *ssl23_get_cipher(unsigned int u); 995ebfedea0SLionel Sambuc int ssl23_read(SSL *s, void *buf, int len); 996ebfedea0SLionel Sambuc int ssl23_peek(SSL *s, void *buf, int len); 997ebfedea0SLionel Sambuc int ssl23_write(SSL *s, const void *buf, int len); 998ebfedea0SLionel Sambuc int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); 999ebfedea0SLionel Sambuc const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); 1000ebfedea0SLionel Sambuc long ssl23_default_timeout(void); 1001ebfedea0SLionel Sambuc 1002ebfedea0SLionel Sambuc long tls1_default_timeout(void); 1003ebfedea0SLionel Sambuc int dtls1_do_write(SSL *s, int type); 1004ebfedea0SLionel Sambuc int ssl3_read_n(SSL *s, int n, int max, int extend); 1005ebfedea0SLionel Sambuc int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); 1006ebfedea0SLionel Sambuc int ssl3_do_compress(SSL *ssl); 1007ebfedea0SLionel Sambuc int ssl3_do_uncompress(SSL *ssl); 1008ebfedea0SLionel Sambuc int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 1009ebfedea0SLionel Sambuc unsigned int len); 1010ebfedea0SLionel Sambuc unsigned char *dtls1_set_message_header(SSL *s, 1011*0a6a1f1dSLionel Sambuc unsigned char *p, unsigned char mt, 1012*0a6a1f1dSLionel Sambuc unsigned long len, 1013*0a6a1f1dSLionel Sambuc unsigned long frag_off, 1014*0a6a1f1dSLionel Sambuc unsigned long frag_len); 1015ebfedea0SLionel Sambuc 1016ebfedea0SLionel Sambuc int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); 1017ebfedea0SLionel Sambuc int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); 1018ebfedea0SLionel Sambuc 1019ebfedea0SLionel Sambuc int dtls1_send_change_cipher_spec(SSL *s, int a, int b); 1020ebfedea0SLionel Sambuc int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); 1021ebfedea0SLionel Sambuc unsigned long dtls1_output_cert_chain(SSL *s, X509 *x); 1022ebfedea0SLionel Sambuc int dtls1_read_failed(SSL *s, int code); 1023ebfedea0SLionel Sambuc int dtls1_buffer_message(SSL *s, int ccs); 1024ebfedea0SLionel Sambuc int dtls1_retransmit_message(SSL *s, unsigned short seq, 1025ebfedea0SLionel Sambuc unsigned long frag_off, int *found); 1026ebfedea0SLionel Sambuc int dtls1_get_queue_priority(unsigned short seq, int is_ccs); 1027ebfedea0SLionel Sambuc int dtls1_retransmit_buffered_messages(SSL *s); 1028ebfedea0SLionel Sambuc void dtls1_clear_record_buffer(SSL *s); 1029*0a6a1f1dSLionel Sambuc void dtls1_get_message_header(unsigned char *data, 1030*0a6a1f1dSLionel Sambuc struct hm_header_st *msg_hdr); 1031ebfedea0SLionel Sambuc void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); 1032ebfedea0SLionel Sambuc void dtls1_reset_seq_numbers(SSL *s, int rw); 1033ebfedea0SLionel Sambuc long dtls1_default_timeout(void); 1034ebfedea0SLionel Sambuc struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft); 1035ebfedea0SLionel Sambuc int dtls1_check_timeout_num(SSL *s); 1036ebfedea0SLionel Sambuc int dtls1_handle_timeout(SSL *s); 1037ebfedea0SLionel Sambuc const SSL_CIPHER *dtls1_get_cipher(unsigned int u); 1038ebfedea0SLionel Sambuc void dtls1_start_timer(SSL *s); 1039ebfedea0SLionel Sambuc void dtls1_stop_timer(SSL *s); 1040ebfedea0SLionel Sambuc int dtls1_is_timer_expired(SSL *s); 1041ebfedea0SLionel Sambuc void dtls1_double_timeout(SSL *s); 1042ebfedea0SLionel Sambuc int dtls1_send_newsession_ticket(SSL *s); 1043*0a6a1f1dSLionel Sambuc unsigned int dtls1_min_mtu(SSL *s); 1044*0a6a1f1dSLionel Sambuc unsigned int dtls1_link_min_mtu(void); 1045*0a6a1f1dSLionel Sambuc void dtls1_hm_fragment_free(hm_fragment *frag); 1046ebfedea0SLionel Sambuc 1047ebfedea0SLionel Sambuc /* some client-only functions */ 1048ebfedea0SLionel Sambuc int ssl3_client_hello(SSL *s); 1049ebfedea0SLionel Sambuc int ssl3_get_server_hello(SSL *s); 1050ebfedea0SLionel Sambuc int ssl3_get_certificate_request(SSL *s); 1051ebfedea0SLionel Sambuc int ssl3_get_new_session_ticket(SSL *s); 1052ebfedea0SLionel Sambuc int ssl3_get_cert_status(SSL *s); 1053ebfedea0SLionel Sambuc int ssl3_get_server_done(SSL *s); 1054ebfedea0SLionel Sambuc int ssl3_send_client_verify(SSL *s); 1055ebfedea0SLionel Sambuc int ssl3_send_client_certificate(SSL *s); 1056ebfedea0SLionel Sambuc int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); 1057ebfedea0SLionel Sambuc int ssl3_send_client_key_exchange(SSL *s); 1058ebfedea0SLionel Sambuc int ssl3_get_key_exchange(SSL *s); 1059ebfedea0SLionel Sambuc int ssl3_get_server_certificate(SSL *s); 1060ebfedea0SLionel Sambuc int ssl3_check_cert_and_algorithm(SSL *s); 1061ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_TLSEXT 1062ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_NEXTPROTONEG 1063ebfedea0SLionel Sambuc int ssl3_send_next_proto(SSL *s); 1064ebfedea0SLionel Sambuc # endif 1065ebfedea0SLionel Sambuc # endif 1066ebfedea0SLionel Sambuc 1067ebfedea0SLionel Sambuc int dtls1_client_hello(SSL *s); 1068ebfedea0SLionel Sambuc int dtls1_send_client_certificate(SSL *s); 1069ebfedea0SLionel Sambuc int dtls1_send_client_key_exchange(SSL *s); 1070ebfedea0SLionel Sambuc int dtls1_send_client_verify(SSL *s); 1071ebfedea0SLionel Sambuc 1072ebfedea0SLionel Sambuc /* some server-only functions */ 1073ebfedea0SLionel Sambuc int ssl3_get_client_hello(SSL *s); 1074ebfedea0SLionel Sambuc int ssl3_send_server_hello(SSL *s); 1075ebfedea0SLionel Sambuc int ssl3_send_hello_request(SSL *s); 1076ebfedea0SLionel Sambuc int ssl3_send_server_key_exchange(SSL *s); 1077ebfedea0SLionel Sambuc int ssl3_send_certificate_request(SSL *s); 1078ebfedea0SLionel Sambuc int ssl3_send_server_done(SSL *s); 1079ebfedea0SLionel Sambuc int ssl3_check_client_hello(SSL *s); 1080ebfedea0SLionel Sambuc int ssl3_get_client_certificate(SSL *s); 1081ebfedea0SLionel Sambuc int ssl3_get_client_key_exchange(SSL *s); 1082ebfedea0SLionel Sambuc int ssl3_get_cert_verify(SSL *s); 1083ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_NEXTPROTONEG 1084ebfedea0SLionel Sambuc int ssl3_get_next_proto(SSL *s); 1085ebfedea0SLionel Sambuc # endif 1086ebfedea0SLionel Sambuc 1087ebfedea0SLionel Sambuc int dtls1_send_hello_request(SSL *s); 1088ebfedea0SLionel Sambuc int dtls1_send_server_hello(SSL *s); 1089ebfedea0SLionel Sambuc int dtls1_send_server_certificate(SSL *s); 1090ebfedea0SLionel Sambuc int dtls1_send_server_key_exchange(SSL *s); 1091ebfedea0SLionel Sambuc int dtls1_send_certificate_request(SSL *s); 1092ebfedea0SLionel Sambuc int dtls1_send_server_done(SSL *s); 1093ebfedea0SLionel Sambuc 1094ebfedea0SLionel Sambuc int ssl23_accept(SSL *s); 1095ebfedea0SLionel Sambuc int ssl23_connect(SSL *s); 1096ebfedea0SLionel Sambuc int ssl23_read_bytes(SSL *s, int n); 1097ebfedea0SLionel Sambuc int ssl23_write_bytes(SSL *s); 1098ebfedea0SLionel Sambuc 1099ebfedea0SLionel Sambuc int tls1_new(SSL *s); 1100ebfedea0SLionel Sambuc void tls1_free(SSL *s); 1101ebfedea0SLionel Sambuc void tls1_clear(SSL *s); 1102ebfedea0SLionel Sambuc long tls1_ctrl(SSL *s, int cmd, long larg, void *parg); 1103ebfedea0SLionel Sambuc long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); 1104ebfedea0SLionel Sambuc 1105ebfedea0SLionel Sambuc int dtls1_new(SSL *s); 1106ebfedea0SLionel Sambuc int dtls1_accept(SSL *s); 1107ebfedea0SLionel Sambuc int dtls1_connect(SSL *s); 1108ebfedea0SLionel Sambuc void dtls1_free(SSL *s); 1109ebfedea0SLionel Sambuc void dtls1_clear(SSL *s); 1110ebfedea0SLionel Sambuc long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); 1111ebfedea0SLionel Sambuc int dtls1_shutdown(SSL *s); 1112ebfedea0SLionel Sambuc 1113ebfedea0SLionel Sambuc long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 1114ebfedea0SLionel Sambuc int dtls1_get_record(SSL *s); 1115ebfedea0SLionel Sambuc int do_dtls1_write(SSL *s, int type, const unsigned char *buf, 1116ebfedea0SLionel Sambuc unsigned int len, int create_empty_fragement); 1117ebfedea0SLionel Sambuc int dtls1_dispatch_alert(SSL *s); 1118ebfedea0SLionel Sambuc int dtls1_enc(SSL *s, int snd); 1119ebfedea0SLionel Sambuc 1120ebfedea0SLionel Sambuc int ssl_init_wbio_buffer(SSL *s, int push); 1121ebfedea0SLionel Sambuc void ssl_free_wbio_buffer(SSL *s); 1122ebfedea0SLionel Sambuc 1123ebfedea0SLionel Sambuc int tls1_change_cipher_state(SSL *s, int which); 1124ebfedea0SLionel Sambuc int tls1_setup_key_block(SSL *s); 1125ebfedea0SLionel Sambuc int tls1_enc(SSL *s, int snd); 1126ebfedea0SLionel Sambuc int tls1_final_finish_mac(SSL *s, 1127ebfedea0SLionel Sambuc const char *str, int slen, unsigned char *p); 1128ebfedea0SLionel Sambuc int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); 1129ebfedea0SLionel Sambuc int tls1_mac(SSL *ssl, unsigned char *md, int snd); 1130ebfedea0SLionel Sambuc int tls1_generate_master_secret(SSL *s, unsigned char *out, 1131ebfedea0SLionel Sambuc unsigned char *p, int len); 1132ebfedea0SLionel Sambuc int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, 1133ebfedea0SLionel Sambuc const char *label, size_t llen, 1134*0a6a1f1dSLionel Sambuc const unsigned char *p, size_t plen, 1135*0a6a1f1dSLionel Sambuc int use_context); 1136ebfedea0SLionel Sambuc int tls1_alert_code(int code); 1137ebfedea0SLionel Sambuc int ssl3_alert_code(int code); 1138ebfedea0SLionel Sambuc int ssl_ok(SSL *s); 1139ebfedea0SLionel Sambuc 1140ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_ECDH 1141ebfedea0SLionel Sambuc int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); 1142ebfedea0SLionel Sambuc # endif 1143ebfedea0SLionel Sambuc 1144ebfedea0SLionel Sambuc SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); 1145ebfedea0SLionel Sambuc 1146ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_EC 1147ebfedea0SLionel Sambuc int tls1_ec_curve_id2nid(int curve_id); 1148ebfedea0SLionel Sambuc int tls1_ec_nid2curve_id(int nid); 1149ebfedea0SLionel Sambuc # endif /* OPENSSL_NO_EC */ 1150ebfedea0SLionel Sambuc 1151ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_TLSEXT 1152*0a6a1f1dSLionel Sambuc unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, 1153*0a6a1f1dSLionel Sambuc unsigned char *limit); 1154*0a6a1f1dSLionel Sambuc unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, 1155*0a6a1f1dSLionel Sambuc unsigned char *limit); 1156*0a6a1f1dSLionel Sambuc int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, 1157*0a6a1f1dSLionel Sambuc unsigned char *d, int n, int *al); 1158*0a6a1f1dSLionel Sambuc int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, 1159*0a6a1f1dSLionel Sambuc unsigned char *d, int n, int *al); 1160ebfedea0SLionel Sambuc int ssl_prepare_clienthello_tlsext(SSL *s); 1161ebfedea0SLionel Sambuc int ssl_prepare_serverhello_tlsext(SSL *s); 1162ebfedea0SLionel Sambuc int ssl_check_clienthello_tlsext_early(SSL *s); 1163ebfedea0SLionel Sambuc int ssl_check_clienthello_tlsext_late(SSL *s); 1164ebfedea0SLionel Sambuc int ssl_check_serverhello_tlsext(SSL *s); 1165ebfedea0SLionel Sambuc 1166ebfedea0SLionel Sambuc # ifndef OPENSSL_NO_HEARTBEATS 1167ebfedea0SLionel Sambuc int tls1_heartbeat(SSL *s); 1168ebfedea0SLionel Sambuc int dtls1_heartbeat(SSL *s); 1169ebfedea0SLionel Sambuc int tls1_process_heartbeat(SSL *s); 1170ebfedea0SLionel Sambuc int dtls1_process_heartbeat(SSL *s); 1171ebfedea0SLionel Sambuc # endif 1172ebfedea0SLionel Sambuc 1173ebfedea0SLionel Sambuc # ifdef OPENSSL_NO_SHA256 1174ebfedea0SLionel Sambuc # define tlsext_tick_md EVP_sha1 1175ebfedea0SLionel Sambuc # else 1176ebfedea0SLionel Sambuc # define tlsext_tick_md EVP_sha256 1177ebfedea0SLionel Sambuc # endif 1178ebfedea0SLionel Sambuc int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, 1179ebfedea0SLionel Sambuc const unsigned char *limit, SSL_SESSION **ret); 1180ebfedea0SLionel Sambuc 1181ebfedea0SLionel Sambuc int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, 1182ebfedea0SLionel Sambuc const EVP_MD *md); 1183ebfedea0SLionel Sambuc int tls12_get_sigid(const EVP_PKEY *pk); 1184ebfedea0SLionel Sambuc const EVP_MD *tls12_get_hash(unsigned char hash_alg); 1185ebfedea0SLionel Sambuc 1186ebfedea0SLionel Sambuc # endif 1187ebfedea0SLionel Sambuc EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); 1188ebfedea0SLionel Sambuc void ssl_clear_hash_ctx(EVP_MD_CTX **hash); 1189ebfedea0SLionel Sambuc int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, 1190ebfedea0SLionel Sambuc int maxlen); 1191ebfedea0SLionel Sambuc int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, 1192ebfedea0SLionel Sambuc int *al); 1193ebfedea0SLionel Sambuc int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, 1194ebfedea0SLionel Sambuc int maxlen); 1195ebfedea0SLionel Sambuc int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, 1196ebfedea0SLionel Sambuc int *al); 1197ebfedea0SLionel Sambuc long ssl_get_algorithm2(SSL *s); 1198ebfedea0SLionel Sambuc int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); 1199ebfedea0SLionel Sambuc int tls12_get_req_sig_algs(SSL *s, unsigned char *p); 1200ebfedea0SLionel Sambuc 1201*0a6a1f1dSLionel Sambuc int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, 1202*0a6a1f1dSLionel Sambuc int maxlen); 1203*0a6a1f1dSLionel Sambuc int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, 1204*0a6a1f1dSLionel Sambuc int *al); 1205*0a6a1f1dSLionel Sambuc int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, 1206*0a6a1f1dSLionel Sambuc int maxlen); 1207*0a6a1f1dSLionel Sambuc int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, 1208*0a6a1f1dSLionel Sambuc int *al); 1209ebfedea0SLionel Sambuc 1210ebfedea0SLionel Sambuc /* s3_cbc.c */ 1211ebfedea0SLionel Sambuc void ssl3_cbc_copy_mac(unsigned char *out, 1212ebfedea0SLionel Sambuc const SSL3_RECORD *rec, 1213ebfedea0SLionel Sambuc unsigned md_size, unsigned orig_len); 1214ebfedea0SLionel Sambuc int ssl3_cbc_remove_padding(const SSL *s, 1215ebfedea0SLionel Sambuc SSL3_RECORD *rec, 1216*0a6a1f1dSLionel Sambuc unsigned block_size, unsigned mac_size); 1217ebfedea0SLionel Sambuc int tls1_cbc_remove_padding(const SSL *s, 1218ebfedea0SLionel Sambuc SSL3_RECORD *rec, 1219*0a6a1f1dSLionel Sambuc unsigned block_size, unsigned mac_size); 1220ebfedea0SLionel Sambuc char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); 1221*0a6a1f1dSLionel Sambuc void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, 1222ebfedea0SLionel Sambuc unsigned char *md_out, 1223ebfedea0SLionel Sambuc size_t *md_out_size, 1224ebfedea0SLionel Sambuc const unsigned char header[13], 1225ebfedea0SLionel Sambuc const unsigned char *data, 1226ebfedea0SLionel Sambuc size_t data_plus_mac_size, 1227ebfedea0SLionel Sambuc size_t data_plus_mac_plus_padding_size, 1228ebfedea0SLionel Sambuc const unsigned char *mac_secret, 1229*0a6a1f1dSLionel Sambuc unsigned mac_secret_length, char is_sslv3); 1230ebfedea0SLionel Sambuc 1231*0a6a1f1dSLionel Sambuc void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, 1232*0a6a1f1dSLionel Sambuc EVP_MD_CTX *mac_ctx, const unsigned char *data, 1233*0a6a1f1dSLionel Sambuc size_t data_len, size_t orig_len); 1234ebfedea0SLionel Sambuc 1235*0a6a1f1dSLionel Sambuc int srp_verify_server_param(SSL *s, int *al); 1236*0a6a1f1dSLionel Sambuc 1237*0a6a1f1dSLionel Sambuc # else 1238*0a6a1f1dSLionel Sambuc 1239*0a6a1f1dSLionel Sambuc # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer 1240*0a6a1f1dSLionel Sambuc # define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers 1241*0a6a1f1dSLionel Sambuc # define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat 1242*0a6a1f1dSLionel Sambuc # define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat 1243*0a6a1f1dSLionel Sambuc 1244*0a6a1f1dSLionel Sambuc # endif 1245ebfedea0SLionel Sambuc #endif 1246