diff options
| author | simon <simon@FreeBSD.org> | 2009-06-14 19:45:16 +0000 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2009-06-14 19:45:16 +0000 |
| commit | 5fb395764b4b691c877e526b4e65bbedb5cb67c7 (patch) | |
| tree | 90cf0e59374e08e88c1514f35c4b2aab0cccd66d /crypto/openssl/ssl/ssl_locl.h | |
| parent | 07b720e0fe4141d966e129428ee8eb96f394787f (diff) | |
| parent | d5528ae65fadeed6bcb5c766bf12ed4b275a9271 (diff) | |
| download | FreeBSD-src-5fb395764b4b691c877e526b4e65bbedb5cb67c7.zip FreeBSD-src-5fb395764b4b691c877e526b4e65bbedb5cb67c7.tar.gz | |
Merge OpenSSL 0.9.8k into head.
Approved by: re
Diffstat (limited to 'crypto/openssl/ssl/ssl_locl.h')
| -rw-r--r-- | crypto/openssl/ssl/ssl_locl.h | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h index 786d988..ed4ddbb 100644 --- a/crypto/openssl/ssl/ssl_locl.h +++ b/crypto/openssl/ssl/ssl_locl.h @@ -124,7 +124,9 @@ #include "e_os.h" #include <openssl/buffer.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include <openssl/bio.h> #include <openssl/stack.h> #ifndef OPENSSL_NO_RSA @@ -278,7 +280,7 @@ #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) -#define SSL_ENC_MASK 0x0C3F8000L +#define SSL_ENC_MASK 0x1C3F8000L #define SSL_DES 0x00008000L #define SSL_3DES 0x00010000L #define SSL_RC4 0x00020000L @@ -288,6 +290,7 @@ #define SSL_eNULL 0x00200000L #define SSL_AES 0x04000000L #define SSL_CAMELLIA 0x08000000L +#define SSL_SEED 0x10000000L #define SSL_MAC_MASK 0x00c00000L #define SSL_MD5 0x00400000L @@ -299,7 +302,7 @@ #define SSL_SSLV3 0x02000000L #define SSL_TLSV1 SSL_SSLV3 /* for now */ -/* we have used 0fffffff - 4 bits left to go. */ +/* we have used 1fffffff - 3 bits left to go. */ /* * Export and cipher strength information. For each cipher we have to decide @@ -329,8 +332,9 @@ #define SSL_LOW 0x00000020L #define SSL_MEDIUM 0x00000040L #define SSL_HIGH 0x00000080L +#define SSL_FIPS 0x00000100L -/* we have used 000000ff - 24 bits left to go */ +/* we have used 000001ff - 23 bits left to go */ /* * Macros to check the export status and cipher strength for export ciphers. @@ -498,6 +502,7 @@ typedef struct ssl3_enc_method int (*alert_value)(int); } SSL3_ENC_METHOD; +#ifndef OPENSSL_NO_COMP /* Used for holding the relevant compression methods loaded into SSL_CTX */ typedef struct ssl3_comp_st { @@ -505,6 +510,7 @@ typedef struct ssl3_comp_st char *name; /* Text name used for the compression type */ COMP_METHOD *method; /* The method :-) */ } SSL3_COMP; +#endif extern SSL3_ENC_METHOD ssl3_undef_enc_method; OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; @@ -694,7 +700,7 @@ SSL_METHOD *func_name(void) \ ssl3_put_cipher_by_char, \ ssl3_pending, \ ssl3_num_ciphers, \ - ssl3_get_cipher, \ + dtls1_get_cipher, \ s_get_meth, \ dtls1_default_timeout, \ &DTLSv1_enc_data, \ @@ -715,7 +721,7 @@ SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); -int ssl_get_prev_session(SSL *s, unsigned char *session,int len); +int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, const SSL_CIPHER * const *bp); @@ -775,6 +781,8 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); void ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); +int ssl3_send_newsession_ticket(SSL *s); +int ssl3_send_cert_status(SSL *s); int ssl3_get_finished(SSL *s,int state_a,int state_b); int ssl3_setup_key_block(SSL *s); int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); @@ -859,14 +867,19 @@ void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); long dtls1_default_timeout(void); +SSL_CIPHER *dtls1_get_cipher(unsigned int u); + /* some client-only functions */ int ssl3_client_hello(SSL *s); int ssl3_get_server_hello(SSL *s); int ssl3_get_certificate_request(SSL *s); +int ssl3_get_new_session_ticket(SSL *s); +int ssl3_get_cert_status(SSL *s); int ssl3_get_server_done(SSL *s); int ssl3_send_client_verify(SSL *s); +int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); int ssl3_send_client_certificate(SSL *s); int ssl3_send_client_key_exchange(SSL *s); int ssl3_get_key_exchange(SSL *s); @@ -946,5 +959,24 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); +#ifndef OPENSSL_NO_TLSEXT +unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); +unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); +int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); +int ssl_prepare_clienthello_tlsext(SSL *s); +int ssl_prepare_serverhello_tlsext(SSL *s); +int ssl_check_clienthello_tlsext(SSL *s); +int ssl_check_serverhello_tlsext(SSL *s); +#ifdef OPENSSL_NO_SHA256 +#define tlsext_tick_md EVP_sha1 +#else +#define tlsext_tick_md EVP_sha256 +#endif +int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, + const unsigned char *limit, SSL_SESSION **ret); +EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; +void ssl_clear_hash_ctx(EVP_MD_CTX **hash); +#endif #endif |
