1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * All rights reserved. 3d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This package is an SSL implementation written 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * by Eric Young (eay@cryptsoft.com). 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The implementation was written so as to conform with Netscapes SSL. 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This library is free for commercial and non-commercial use as long as 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the following conditions are aheared to. The following conditions 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * apply to all code found in this distribution, be it the RC4, RSA, 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * included with this distribution is covered by the same copyright terms 13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright remains Eric Young's, and as such any Copyright notices in 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the code are not to be removed. 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * If this package is used in a product, Eric Young should be given attribution 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * as the author of the parts of the library used. 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This can be in the form of a textual message at program startup or 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * in documentation (online or textual) provided with the package. 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the copyright 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer. 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in the 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * documentation and/or other materials provided with the distribution. 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this software 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * must display the following acknowledgement: 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes cryptographic software written by 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Eric Young (eay@cryptsoft.com)" 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The word 'cryptographic' can be left out if the rouines from the library 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * being used are not cryptographic related :-). 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. If you include any Windows specific code (or a derivative thereof) from 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the apps directory (application code) you must include an acknowledgement: 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SUCH DAMAGE. 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The licence and distribution terms for any publically available version or 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * derivative of this code cannot be changed. i.e. this code cannot simply be 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * copied and put under another distribution licence 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * [including the GNU Public Licence.] 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright 65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer. 66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in 69d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the documentation and/or other materials provided with the 70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * distribution. 71d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 72d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this 73d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * software must display the following acknowledgment: 74d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 75d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 76d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 77d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 78d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * endorse or promote products derived from this software without 79d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prior written permission. For written permission, please contact 80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * openssl-core@openssl.org. 81d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 82d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL" 83d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * nor may "OpenSSL" appear in their names without prior written 84d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * permission of the OpenSSL Project. 85d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following 87d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * acknowledgment: 88d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 89d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 91d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 92d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 93d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 94d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 95d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 96d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 97d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 98d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 99d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 101d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ==================================================================== 104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This product includes cryptographic software written by Eric Young 106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (eay@cryptsoft.com). This product includes software written by Tim 107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Hudson (tjh@cryptsoft.com). 108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ECC cipher suite support in OpenSSL originally developed by 113d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright 2005 Nokia. All rights reserved. 117d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 118d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The portions of the attached software ("Contribution") is developed by 119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Nokia Corporation and is licensed pursuant to the OpenSSL open source 120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * license. 121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The Contribution, originally written by Mika Kousa and Pasi Eronen of 123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * support (see RFC 4279) to OpenSSL. 125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * No patent licenses or other rights except those expressly stated in 127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the OpenSSL open source license shall be deemed granted or received 128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * expressly, by implication, estoppel, or otherwise. 129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * No assurances are provided by Nokia that the Contribution does not 131d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * infringe the patent or other intellectual property rights of any third 132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * party or that the license provides you with all the necessary rights 133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * to make use of the Contribution. 134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 137d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 138d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 139d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OTHERWISE. 140d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 141d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 142e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#ifndef OPENSSL_HEADER_SSL_INTERNAL_H 143e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define OPENSSL_HEADER_SSL_INTERNAL_H 144d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 145d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/base.h> 146d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 147d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/aead.h> 148e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#include <openssl/pqueue.h> 149d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/ssl.h> 150d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/stack.h> 151d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 152e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#if defined(OPENSSL_WINDOWS) 153e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Windows defines struct timeval in winsock2.h. */ 154e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#pragma warning(push, 3) 155e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#include <winsock2.h> 156e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#pragma warning(pop) 157e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#else 158e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#include <sys/types.h> 159e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#endif 160e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 161e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 162e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Cipher suites. */ 163e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 164e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Bits for |algorithm_mkey| (key exchange algorithm). */ 165e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_kRSA 0x00000001L 166e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_kDHE 0x00000002L 167e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_kECDHE 0x00000004L 168e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* SSL_kPSK is only set for plain PSK, not ECDHE_PSK. */ 169e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_kPSK 0x00000008L 170e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 171e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Bits for |algorithm_auth| (server authentication). */ 172e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_aRSA 0x00000001L 173e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_aECDSA 0x00000002L 174e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* SSL_aPSK is set for both PSK and ECDHE_PSK. */ 175e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_aPSK 0x00000004L 176e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 177e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Bits for |algorithm_enc| (symmetric encryption). */ 178e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_3DES 0x00000001L 179e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_RC4 0x00000002L 180e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_AES128 0x00000004L 181e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_AES256 0x00000008L 182e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_AES128GCM 0x00000010L 183e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_AES256GCM 0x00000020L 184e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_CHACHA20POLY1305 0x00000040L 185e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 186e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM) 187e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 188e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Bits for |algorithm_mac| (symmetric authentication). */ 189e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_MD5 0x00000001L 190e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_SHA1 0x00000002L 191e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_SHA256 0x00000004L 192e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_SHA384 0x00000008L 193e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* SSL_AEAD is set for all AEADs. */ 194e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_AEAD 0x00000010L 195e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 196e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Bits for |algorithm_ssl| (protocol version). These denote the first protocol 197e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * version which introduced the cipher. 198e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * 199e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * TODO(davidben): These are extremely confusing, both in code and in 200e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * cipher rules. Try to remove them. */ 201e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_SSLV3 0x00000002L 202e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_TLSV1 SSL_SSLV3 203e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_TLSV1_2 0x00000004L 204e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 205e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Bits for |algorithm2| (handshake digests and other extra flags). */ 206e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 207e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_HANDSHAKE_MAC_MD5 0x10 208e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_HANDSHAKE_MAC_SHA 0x20 209e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_HANDSHAKE_MAC_SHA256 0x40 210e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_HANDSHAKE_MAC_SHA384 0x80 211e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_HANDSHAKE_MAC_DEFAULT \ 212e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) 213e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 214e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* SSL_MAX_DIGEST is the number of digest types which exist. When adding a new 215e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * one, update the table in ssl_cipher.c. */ 216e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_MAX_DIGEST 4 217e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 218e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD is a flag in 219e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * SSL_CIPHER.algorithm2 which indicates that the variable part of the nonce is 220e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * included as a prefix of the record. (AES-GCM, for example, does with with an 221e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * 8-byte variable nonce.) */ 222e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD (1<<22) 223e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 224e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Bits for |algo_strength|, cipher strength information. */ 225e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_MEDIUM 0x00000001L 226e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_HIGH 0x00000002L 227e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_FIPS 0x00000004L 228e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 229e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* ssl_cipher_get_evp_aead sets |*out_aead| to point to the correct EVP_AEAD 230e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * object for |cipher| protocol version |version|. It sets |*out_mac_secret_len| 231e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * and |*out_fixed_iv_len| to the MAC key length and fixed IV length, 232e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * respectively. The MAC key length is zero except for legacy block and stream 233e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * ciphers. It returns 1 on success and 0 on error. */ 234e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, 235e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley size_t *out_mac_secret_len, 236e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley size_t *out_fixed_iv_len, 237e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley const SSL_CIPHER *cipher, uint16_t version); 238e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 239e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* ssl_get_handshake_digest looks up the |i|th handshake digest type and sets 240e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * |*out_mask| to the |SSL_HANDSHAKE_MAC_*| mask and |*out_md| to the 241e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * |EVP_MD|. It returns one on successs and zero if |i| >= |SSL_MAX_DIGEST|. */ 242e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl_get_handshake_digest(uint32_t *out_mask, const EVP_MD **out_md, 243e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley size_t i); 244e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 245e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* ssl_create_cipher_list evaluates |rule_str| according to the ciphers in 246e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * |ssl_method|. It sets |*out_cipher_list| to a newly-allocated 247e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * |ssl_cipher_preference_list_st| containing the result. 248e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * |*out_cipher_list_by_id| is set to a list of selected ciphers sorted by 249e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * id. It returns |(*out_cipher_list)->ciphers| on success and NULL on 250e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * failure. */ 251e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam LangleySTACK_OF(SSL_CIPHER) * 252e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, 253e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley struct ssl_cipher_preference_list_st **out_cipher_list, 254e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley STACK_OF(SSL_CIPHER) **out_cipher_list_by_id, 255e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley const char *rule_str); 256e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 257e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* SSL_PKEY_* denote certificate types. */ 258e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_PKEY_RSA_ENC 0 259e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_PKEY_RSA_SIGN 1 260e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_PKEY_ECC 2 261e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_PKEY_NUM 3 262e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 26353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* ssl_cipher_get_value returns the cipher suite id of |cipher|. */ 26453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyuint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher); 26553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 266e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* ssl_cipher_get_cert_index returns the |SSL_PKEY_*| value corresponding to the 267e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * certificate type of |cipher| or -1 if there is none. */ 268e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl_cipher_get_cert_index(const SSL_CIPHER *cipher); 269e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 270e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* ssl_cipher_has_server_public_key returns 1 if |cipher| involves a server 271e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * public key in the key exchange, sent in a server Certificate message. 272e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * Otherwise it returns 0. */ 273e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher); 274e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 275e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* ssl_cipher_requires_server_key_exchange returns 1 if |cipher| requires a 276e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * ServerKeyExchange message. Otherwise it returns 0. 277e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * 278e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * Unlike ssl_cipher_has_server_public_key, some ciphers take optional 279e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * ServerKeyExchanges. PSK and RSA_PSK only use the ServerKeyExchange to 280e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * communicate a psk_identity_hint, so it is optional. */ 281e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher); 282e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 283e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 28453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* Encryption layer. */ 28553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 28653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* SSL_AEAD_CTX contains information about an AEAD that is being used to encrypt 28753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * an SSL connection. */ 28853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleystruct ssl_aead_ctx_st { 28953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley const SSL_CIPHER *cipher; 29053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley EVP_AEAD_CTX ctx; 29153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* fixed_nonce contains any bytes of the nonce that are fixed for all 29253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * records. */ 29353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley uint8_t fixed_nonce[8]; 29453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley uint8_t fixed_nonce_len, variable_nonce_len; 29553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* variable_nonce_included_in_record is non-zero if the variable nonce 29653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * for a record is included as a prefix before the ciphertext. */ 29753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley char variable_nonce_included_in_record; 29853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* random_variable_nonce is non-zero if the variable nonce is 29953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * randomly generated, rather than derived from the sequence 30053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * number. */ 30153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley char random_variable_nonce; 30253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* omit_length_in_ad is non-zero if the length should be omitted in the 30353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * AEAD's ad parameter. */ 30453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley char omit_length_in_ad; 30553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* omit_version_in_ad is non-zero if the version should be omitted 30653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * in the AEAD's ad parameter. */ 30753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley char omit_version_in_ad; 30853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley} /* SSL_AEAD_CTX */; 30953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 31053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* SSL_AEAD_CTX_new creates a newly-allocated |SSL_AEAD_CTX| using the supplied 31153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * key material. It returns NULL on error. Only one of |SSL_AEAD_CTX_open| or 31253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * |SSL_AEAD_CTX_seal| may be used with the resulting object, depending on 31353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * |direction|. |version| is the normalized protocol version, so DTLS 1.0 is 31453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * represented as 0x0301, not 0xffef. */ 31553b272a2813a0b11f107d77100ff8805ada8fbd2Adam LangleySSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction, 31653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley uint16_t version, const SSL_CIPHER *cipher, 31753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley const uint8_t *enc_key, size_t enc_key_len, 31853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley const uint8_t *mac_key, size_t mac_key_len, 31953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley const uint8_t *fixed_iv, size_t fixed_iv_len); 32053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 32153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* SSL_AEAD_CTX_free frees |ctx|. */ 32253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyvoid SSL_AEAD_CTX_free(SSL_AEAD_CTX *ctx); 32353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 32453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* SSL_AEAD_CTX_explicit_nonce_len returns the length of the explicit nonce for 32553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * |ctx|, if any. |ctx| may be NULL to denote the null cipher. */ 32653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleysize_t SSL_AEAD_CTX_explicit_nonce_len(SSL_AEAD_CTX *ctx); 32753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 32853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* SSL_AEAD_CTX_max_overhead returns the maximum overhead of calling 32953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * |SSL_AEAD_CTX_seal|. |ctx| may be NULL to denote the null cipher. */ 33053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleysize_t SSL_AEAD_CTX_max_overhead(SSL_AEAD_CTX *ctx); 33153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 33253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* SSL_AEAD_CTX_open authenticates and decrypts |in_len| bytes from |in| and 33353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * writes the result to |out|. It returns one on success and zero on 33453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * error. |ctx| may be NULL to denote the null cipher. 33553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * 33653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * If |in| and |out| alias then |out| must be <= |in| + |explicit_nonce_len|. */ 33753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint SSL_AEAD_CTX_open(SSL_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, 33853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley size_t max_out, uint8_t type, uint16_t wire_version, 33953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley const uint8_t seqnum[8], const uint8_t *in, 34053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley size_t in_len); 34153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 34253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* SSL_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and 34353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * writes the result to |out|. It returns one on success and zero on 34453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * error. |ctx| may be NULL to denote the null cipher. 34553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * 34653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * If |in| and |out| alias then |out| + |explicit_nonce_len| must be <= |in| */ 34753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint SSL_AEAD_CTX_seal(SSL_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, 34853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley size_t max_out, uint8_t type, uint16_t wire_version, 34953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley const uint8_t seqnum[8], const uint8_t *in, 35053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley size_t in_len); 35153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 35253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 353e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* Underdocumented functions. 354e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * 355e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * Functions below here haven't been touched up and may be underdocumented. */ 356d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 357d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define c2l(c, l) \ 358d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (l = ((unsigned long)(*((c)++))), l |= (((unsigned long)(*((c)++))) << 8), \ 359d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l |= (((unsigned long)(*((c)++))) << 16), \ 360d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l |= (((unsigned long)(*((c)++))) << 24)) 361d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 362d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* NOTE - c is not incremented as per c2l */ 363d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define c2ln(c, l1, l2, n) \ 364d9e397b599b13d642138480a28c14db7a136bf0Adam Langley { \ 365d9e397b599b13d642138480a28c14db7a136bf0Adam Langley c += n; \ 366d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l1 = l2 = 0; \ 367d9e397b599b13d642138480a28c14db7a136bf0Adam Langley switch (n) { \ 368d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 8: \ 369d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l2 = ((unsigned long)(*(--(c)))) << 24; \ 370d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 7: \ 371d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l2 |= ((unsigned long)(*(--(c)))) << 16; \ 372d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 6: \ 373d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l2 |= ((unsigned long)(*(--(c)))) << 8; \ 374d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 5: \ 375d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l2 |= ((unsigned long)(*(--(c)))); \ 376d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 4: \ 377d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l1 = ((unsigned long)(*(--(c)))) << 24; \ 378d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 3: \ 379d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l1 |= ((unsigned long)(*(--(c)))) << 16; \ 380d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 2: \ 381d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l1 |= ((unsigned long)(*(--(c)))) << 8; \ 382d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 1: \ 383d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l1 |= ((unsigned long)(*(--(c)))); \ 384d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } \ 385d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 386d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 387d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define l2c(l, c) \ 388d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (*((c)++) = (uint8_t)(((l)) & 0xff), \ 389d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \ 390d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \ 391d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 24) & 0xff)) 392d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 393d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define n2l(c, l) \ 394d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (l = ((unsigned long)(*((c)++))) << 24, \ 395d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l |= ((unsigned long)(*((c)++))) << 16, \ 396d9e397b599b13d642138480a28c14db7a136bf0Adam Langley l |= ((unsigned long)(*((c)++))) << 8, l |= ((unsigned long)(*((c)++)))) 397d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 398d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define l2n(l, c) \ 399d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (*((c)++) = (uint8_t)(((l) >> 24) & 0xff), \ 400d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \ 401d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \ 402d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l)) & 0xff)) 403d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 404d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define l2n8(l, c) \ 405d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (*((c)++) = (uint8_t)(((l) >> 56) & 0xff), \ 406d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 48) & 0xff), \ 407d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 40) & 0xff), \ 408d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 32) & 0xff), \ 409d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 24) & 0xff), \ 410d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 16) & 0xff), \ 411d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l) >> 8) & 0xff), \ 412d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *((c)++) = (uint8_t)(((l)) & 0xff)) 413d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 414d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* NOTE - c is not incremented as per l2c */ 415d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define l2cn(l1, l2, c, n) \ 416d9e397b599b13d642138480a28c14db7a136bf0Adam Langley { \ 417d9e397b599b13d642138480a28c14db7a136bf0Adam Langley c += n; \ 418d9e397b599b13d642138480a28c14db7a136bf0Adam Langley switch (n) { \ 419d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 8: \ 420d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *(--(c)) = (uint8_t)(((l2) >> 24) & 0xff); \ 421d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 7: \ 422d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *(--(c)) = (uint8_t)(((l2) >> 16) & 0xff); \ 423d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 6: \ 424d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *(--(c)) = (uint8_t)(((l2) >> 8) & 0xff); \ 425d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 5: \ 426d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *(--(c)) = (uint8_t)(((l2)) & 0xff); \ 427d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 4: \ 428d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *(--(c)) = (uint8_t)(((l1) >> 24) & 0xff); \ 429d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 3: \ 430d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *(--(c)) = (uint8_t)(((l1) >> 16) & 0xff); \ 431d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 2: \ 432d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *(--(c)) = (uint8_t)(((l1) >> 8) & 0xff); \ 433d9e397b599b13d642138480a28c14db7a136bf0Adam Langley case 1: \ 434d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *(--(c)) = (uint8_t)(((l1)) & 0xff); \ 435d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } \ 436d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 437d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 438d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define n2s(c, s) \ 439d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ((s = (((unsigned int)(c[0])) << 8) | (((unsigned int)(c[1])))), c += 2) 440d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 441d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define s2n(s, c) \ 442d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ((c[0] = (uint8_t)(((s) >> 8) & 0xff), \ 443d9e397b599b13d642138480a28c14db7a136bf0Adam Langley c[1] = (uint8_t)(((s)) & 0xff)), \ 444d9e397b599b13d642138480a28c14db7a136bf0Adam Langley c += 2) 445d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 446d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define n2l3(c, l) \ 447d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ((l = (((unsigned long)(c[0])) << 16) | (((unsigned long)(c[1])) << 8) | \ 448d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (((unsigned long)(c[2])))), \ 449d9e397b599b13d642138480a28c14db7a136bf0Adam Langley c += 3) 450d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 451d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define l2n3(l, c) \ 452d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ((c[0] = (uint8_t)(((l) >> 16) & 0xff), \ 453d9e397b599b13d642138480a28c14db7a136bf0Adam Langley c[1] = (uint8_t)(((l) >> 8) & 0xff), \ 454d9e397b599b13d642138480a28c14db7a136bf0Adam Langley c[2] = (uint8_t)(((l)) & 0xff)), \ 455d9e397b599b13d642138480a28c14db7a136bf0Adam Langley c += 3) 456d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 457d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* LOCAL STUFF */ 458d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 459d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLSEXT_CHANNEL_ID_SIZE 128 460d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 461d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Check if an SSL structure is using DTLS */ 462e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_IS_DTLS(s) (s->method->is_dtls) 463d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* See if we need explicit IV */ 464d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL_USE_EXPLICIT_IV(s) \ 465d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (s->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) 466d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* See if we use signature algorithms extension and signature algorithm before 467d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * signatures. */ 468d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL_USE_SIGALGS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_SIGALGS) 469d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may 470d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * apply to others in future. */ 471d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL_USE_TLS1_2_CIPHERS(s) \ 472d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (s->enc_method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) 473d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method 474d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * flags because it may not be set to correct version yet. */ 475d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \ 476d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \ 477d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION)) 478d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 479d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | 480d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) 481d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) 482e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN 483d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SSL_aRSA <- RSA_ENC | RSA_SIGN 484d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SSL_aDSS <- DSA_SIGN */ 485d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 486d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define PENDING_SESSION -10000 487d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 488d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* From RFC4492, used in encoding the curve type in ECParameters */ 489d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define EXPLICIT_PRIME_CURVE_TYPE 1 490d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define EXPLICIT_CHAR2_CURVE_TYPE 2 491d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define NAMED_CURVE_TYPE 3 492d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 493e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyenum ssl_hash_message_t { 494e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley ssl_dont_hash_message, 495e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley ssl_hash_message, 496e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley}; 497d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 498d9e397b599b13d642138480a28c14db7a136bf0Adam Langleytypedef struct cert_pkey_st { 499d9e397b599b13d642138480a28c14db7a136bf0Adam Langley X509 *x509; 500d9e397b599b13d642138480a28c14db7a136bf0Adam Langley EVP_PKEY *privatekey; 501d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Chain for this certificate */ 502e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley STACK_OF(X509) *chain; 503d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} CERT_PKEY; 504d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 505d9e397b599b13d642138480a28c14db7a136bf0Adam Langleytypedef struct cert_st { 506d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Current active set */ 507d9e397b599b13d642138480a28c14db7a136bf0Adam Langley CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array 508d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Probably it would make more sense to store 509d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * an index, not a pointer. */ 510d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 511d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* For clients the following masks are of *disabled* key and auth algorithms 512d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * based on the current session. 513d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 514d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * TODO(davidben): Remove these. They get checked twice: when sending the 515d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ClientHello and when processing the ServerHello. However, mask_ssl is a 516d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * different value both times. mask_k and mask_a are not, but is a 517d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * round-about way of checking the server's cipher was one of the advertised 518d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ones. (Currently it checks the masks and then the list of ciphers prior to 519d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * applying the masks in ClientHello.) */ 520e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint32_t mask_k; 521e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint32_t mask_a; 522e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint32_t mask_ssl; 523d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 524d9e397b599b13d642138480a28c14db7a136bf0Adam Langley DH *dh_tmp; 525d9e397b599b13d642138480a28c14db7a136bf0Adam Langley DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); 526e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 527e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* ecdh_nid, if not |NID_undef|, is the NID of the curve to use for ephemeral 528e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * ECDH keys. If unset, |ecdh_tmp_cb| is consulted. */ 529e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley int ecdh_nid; 530e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* ecdh_tmp_cb is a callback for selecting the curve to use for ephemeral ECDH 531e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * keys. If NULL, a curve is selected automatically. See 532e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * |SSL_CTX_set_tmp_ecdh_callback|. */ 533d9e397b599b13d642138480a28c14db7a136bf0Adam Langley EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize); 534d9e397b599b13d642138480a28c14db7a136bf0Adam Langley CERT_PKEY pkeys[SSL_PKEY_NUM]; 535d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 536d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Server-only: client_certificate_types is list of certificate types to 537d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * include in the CertificateRequest message. 538d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 539d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *client_certificate_types; 540d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t num_client_certificate_types; 541d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 542d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* signature algorithms peer reports: e.g. supported signature 543d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * algorithms extension for server or as part of a certificate 544d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * request for client. */ 545d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *peer_sigalgs; 546d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Size of above array */ 547d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t peer_sigalgslen; 548d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* suppported signature algorithms. 549d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * When set on a client this is sent in the client hello as the 550d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * supported signature algorithms extension. For servers 551d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * it represents the signature algorithms we are willing to use. */ 552d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *conf_sigalgs; 553d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Size of above array */ 554d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t conf_sigalgslen; 555d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Client authentication signature algorithms, if not set then 556d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * uses conf_sigalgs. On servers these will be the signature 557d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * algorithms sent to the client in a cerificate request for TLS 1.2. 558d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * On a client this represents the signature algortithms we are 559d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * willing to use for client authentication. */ 560d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *client_sigalgs; 561d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Size of above array */ 562d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t client_sigalgslen; 563d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Signature algorithms shared by client and server: cached 564d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * because these are used most often. */ 565d9e397b599b13d642138480a28c14db7a136bf0Adam Langley TLS_SIGALGS *shared_sigalgs; 566d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t shared_sigalgslen; 567d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 568d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Certificate setup callback: if set is called whenever a 569d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * certificate may be required (client or server). the callback 570d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * can then examine any appropriate parameters and setup any 571d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * certificates required. This allows advanced applications 572d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * to select certificates on the fly: for example based on 573d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * supported signature algorithms or curves. */ 574d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*cert_cb)(SSL *ssl, void *arg); 575d9e397b599b13d642138480a28c14db7a136bf0Adam Langley void *cert_cb_arg; 576d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 577d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Optional X509_STORE for chain building or certificate validation 578d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * If NULL the parent SSL_CTX store is used instead. */ 579d9e397b599b13d642138480a28c14db7a136bf0Adam Langley X509_STORE *chain_store; 580d9e397b599b13d642138480a28c14db7a136bf0Adam Langley X509_STORE *verify_store; 581d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} CERT; 582d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 583d9e397b599b13d642138480a28c14db7a136bf0Adam Langleytypedef struct sess_cert_st { 584e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ 585d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 586d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* The 'peer_...' members are used only by clients. */ 587d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int peer_cert_type; 588d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 589d9e397b599b13d642138480a28c14db7a136bf0Adam Langley CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ 590d9e397b599b13d642138480a28c14db7a136bf0Adam Langley CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; 591d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Obviously we don't have the private keys of these, 592d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * so maybe we shouldn't even use the CERT_PKEY type here. */ 593d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 594d9e397b599b13d642138480a28c14db7a136bf0Adam Langley DH *peer_dh_tmp; 595d9e397b599b13d642138480a28c14db7a136bf0Adam Langley EC_KEY *peer_ecdh_tmp; 596d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} SESS_CERT; 597d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 598d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Structure containing decoded values of signature algorithms extension */ 599d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct tls_sigalgs_st { 600d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* NID of hash algorithm */ 601d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int hash_nid; 602d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* NID of signature algorithm */ 603d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int sign_nid; 604d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Combined hash and signature NID */ 605d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int signandhash_nid; 606d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Raw values used in extension */ 607d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t rsign; 608d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t rhash; 609d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}; 610d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 611d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* SSL_METHOD is a compatibility structure to support the legacy version-locked 612d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * methods. */ 613d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct ssl_method_st { 614d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* version, if non-zero, is the only protocol version acceptable to an 615d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SSL_CTX initialized from this method. */ 616d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint16_t version; 617d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* method is the underlying SSL_PROTOCOL_METHOD that initializes the 618d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SSL_CTX. */ 619d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const SSL_PROTOCOL_METHOD *method; 620d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}; 621d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 622d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 623d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct ssl_protocol_method_st { 624e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* is_dtls is one if the protocol is DTLS and zero otherwise. */ 625e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley char is_dtls; 626d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*ssl_new)(SSL *s); 627d9e397b599b13d642138480a28c14db7a136bf0Adam Langley void (*ssl_free)(SSL *s); 628d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*ssl_accept)(SSL *s); 629d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*ssl_connect)(SSL *s); 630d9e397b599b13d642138480a28c14db7a136bf0Adam Langley long (*ssl_get_message)(SSL *s, int header_state, int body_state, 631e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley int msg_type, long max, 632e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley enum ssl_hash_message_t hash_message, int *ok); 63353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley int (*ssl_read_app_data)(SSL *s, uint8_t *buf, int len, int peek); 63453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley void (*ssl_read_close_notify)(SSL *s); 63553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley int (*ssl_write_app_data)(SSL *s, const void *buf_, int len); 636d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*ssl_dispatch_alert)(SSL *s); 637d9e397b599b13d642138480a28c14db7a136bf0Adam Langley long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); 638d9e397b599b13d642138480a28c14db7a136bf0Adam Langley long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); 63953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* supports_cipher returns one if |cipher| is supported by this protocol and 64053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * zero otherwise. */ 64153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley int (*supports_cipher)(const SSL_CIPHER *cipher); 642e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* Handshake header length */ 643e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley unsigned int hhlen; 644e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* Set the handshake header */ 645e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley int (*set_handshake_header)(SSL *s, int type, unsigned long len); 646e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* Write out handshake message */ 647e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley int (*do_write)(SSL *s); 648d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}; 649d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 650d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit 651d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * of a mess of functions, but hell, think of it as an opaque structure. */ 652d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct ssl3_enc_method { 653d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*prf)(SSL *, uint8_t *, size_t, const uint8_t *, size_t, const char *, 654d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t, const uint8_t *, size_t, const uint8_t *, size_t); 655d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*setup_key_block)(SSL *); 656d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*generate_master_secret)(SSL *, uint8_t *, const uint8_t *, size_t); 657d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*change_cipher_state)(SSL *, int); 658d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*final_finish_mac)(SSL *, const char *, int, uint8_t *); 659d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*cert_verify_mac)(SSL *, int, uint8_t *); 660d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const char *client_finished_label; 661d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int client_finished_label_len; 662d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const char *server_finished_label; 663d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int server_finished_label_len; 664d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*alert_value)(int); 665d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int (*export_keying_material)(SSL *, uint8_t *, size_t, const char *, size_t, 666d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const uint8_t *, size_t, int use_context); 667d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Various flags indicating protocol version requirements */ 668d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned int enc_flags; 669d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}; 670d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 671e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_HM_HEADER_LENGTH(s) s->method->hhlen 672d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define ssl_handshake_start(s) \ 673e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley (((uint8_t *)s->init_buf->data) + s->method->hhlen) 674d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define ssl_set_handshake_header(s, htype, len) \ 675e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley s->method->set_handshake_header(s, htype, len) 676e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define ssl_do_write(s) s->method->do_write(s) 677d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 678d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Values for enc_flags */ 679d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 680d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Uses explicit IV for CBC mode */ 681d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL_ENC_FLAG_EXPLICIT_IV 0x1 682d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Uses signature algorithms extension */ 683d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL_ENC_FLAG_SIGALGS 0x2 684d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Uses SHA256 default PRF */ 685d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL_ENC_FLAG_SHA256_PRF 0x4 686d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: 687d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * may apply to others in future. */ 688e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x8 689d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 690e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* lengths of messages */ 691e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DTLS1_COOKIE_LENGTH 256 692e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 693e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DTLS1_RT_HEADER_LENGTH 13 694e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 695e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DTLS1_HM_HEADER_LENGTH 12 696e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 697e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DTLS1_CCS_HEADER_LENGTH 1 698e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 699e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define DTLS1_AL_HEADER_LENGTH 2 700e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 701e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleytypedef struct dtls1_bitmap_st { 702e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* map is a bit mask of the last 64 sequence numbers. Bit 703e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * |1<<i| corresponds to |max_seq_num - i|. */ 704e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint64_t map; 705e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* max_seq_num is the largest sequence number seen so far. It 706e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * is a 64-bit value in big-endian encoding. */ 707e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint8_t max_seq_num[8]; 708e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley} DTLS1_BITMAP; 709e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 710e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* TODO(davidben): This structure is used for both incoming messages and 711e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * outgoing messages. |is_ccs| and |epoch| are only used in the latter and 712e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * should be moved elsewhere. */ 713e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleystruct hm_header_st { 714e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint8_t type; 715e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint32_t msg_len; 716e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint16_t seq; 717e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint32_t frag_off; 718e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint32_t frag_len; 719e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley int is_ccs; 720e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* epoch, for buffered outgoing messages, is the epoch the message was 721e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * originally sent in. */ 722e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint16_t epoch; 723e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley}; 724e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 725e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* TODO(davidben): This structure is used for both incoming messages and 726e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * outgoing messages. |fragment| and |reassembly| are only used in the former 727e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * and should be moved elsewhere. */ 728e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleytypedef struct hm_fragment_st { 729e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley struct hm_header_st msg_header; 730e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint8_t *fragment; 731e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint8_t *reassembly; 732e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley} hm_fragment; 733e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 734e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleytypedef struct dtls1_state_st { 735e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* send_cookie is true if we are resending the ClientHello 736e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * with a cookie from a HelloVerifyRequest. */ 737e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley unsigned int send_cookie; 738e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 739e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint8_t cookie[DTLS1_COOKIE_LENGTH]; 740e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley size_t cookie_len; 741e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 742e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* The current data and handshake epoch. This is initially undefined, and 743e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * starts at zero once the initial handshake is completed. */ 744e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint16_t r_epoch; 745e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint16_t w_epoch; 746e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 747e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* records being received in the current epoch */ 748e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley DTLS1_BITMAP bitmap; 749e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 750e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* handshake message numbers */ 751e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint16_t handshake_write_seq; 752e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint16_t next_handshake_write_seq; 753e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 754e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint16_t handshake_read_seq; 755e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 756e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* save last sequence number for retransmissions */ 757e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint8_t last_write_sequence[8]; 758e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 759e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* buffered_messages is a priority queue of incoming handshake messages that 760e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * have yet to be processed. 761e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * 762e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * TODO(davidben): This data structure may as well be a ring buffer of fixed 763e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * size. */ 764e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley pqueue buffered_messages; 765e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 766e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* send_messages is a priority queue of outgoing handshake messages sent in 767e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * the most recent handshake flight. 768e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * 769e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * TODO(davidben): This data structure may as well be a STACK_OF(T). */ 770e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley pqueue sent_messages; 771e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 772e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley unsigned int mtu; /* max DTLS packet size */ 773e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 774e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley struct hm_header_st w_msg_hdr; 775e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 776e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* num_timeouts is the number of times the retransmit timer has fired since 777e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * the last time it was reset. */ 778e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley unsigned int num_timeouts; 779e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 780e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* Indicates when the last handshake msg or heartbeat sent will 781e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * timeout. */ 782e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley struct timeval next_timeout; 783e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 784e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* Timeout duration */ 785e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley unsigned short timeout_duration; 786e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 787e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley unsigned int change_cipher_spec_ok; 788e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley} DTLS1_STATE; 789e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 790d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyextern const SSL3_ENC_METHOD TLSv1_enc_data; 791d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyextern const SSL3_ENC_METHOD TLSv1_1_enc_data; 792d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyextern const SSL3_ENC_METHOD TLSv1_2_enc_data; 793d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyextern const SSL3_ENC_METHOD SSLv3_enc_data; 794d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 795d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl_clear_cipher_ctx(SSL *s); 796d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_clear_bad_session(SSL *s); 797d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyCERT *ssl_cert_new(void); 798d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyCERT *ssl_cert_dup(CERT *cert); 799d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl_cert_clear_certs(CERT *c); 800d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl_cert_free(CERT *c); 801d9e397b599b13d642138480a28c14db7a136bf0Adam LangleySESS_CERT *ssl_sess_cert_new(void); 802d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl_sess_cert_free(SESS_CERT *sc); 803d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_set_peer_cert_type(SESS_CERT *c, int type); 80453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint ssl_get_new_session(SSL *s, int session); 805d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx); 806e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam LangleySTACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs); 807e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p); 808d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct ssl_cipher_preference_list_st *ssl_cipher_preference_list_dup( 809d9e397b599b13d642138480a28c14db7a136bf0Adam Langley struct ssl_cipher_preference_list_st *cipher_list); 810d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl_cipher_preference_list_free( 811d9e397b599b13d642138480a28c14db7a136bf0Adam Langley struct ssl_cipher_preference_list_st *cipher_list); 812d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct ssl_cipher_preference_list_st *ssl_cipher_preference_list_from_ciphers( 813e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley STACK_OF(SSL_CIPHER) *ciphers); 814d9e397b599b13d642138480a28c14db7a136bf0Adam Langleystruct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s); 815d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 816e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain); 817e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); 818d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_cert_add0_chain_cert(CERT *c, X509 *x); 819d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_cert_add1_chain_cert(CERT *c, X509 *x); 820d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_cert_select_current(CERT *c, X509 *x); 821d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg); 822d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 823e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); 824d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l); 825d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags); 826d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); 827d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyCERT_PKEY *ssl_get_server_send_pkey(const SSL *s); 828d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyEVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c); 82953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyvoid ssl_update_cache(SSL *s, int mode); 830d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_cert_type(EVP_PKEY *pkey); 831d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 832d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl_get_compatible_server_ciphers determines the key exchange and 833d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * authentication cipher suite masks compatible with the server configuration 834d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * and current ClientHello parameters of |s|. It sets |*out_mask_k| to the key 835d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * exchange mask and |*out_mask_a| to the authentication mask. */ 836e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyvoid ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k, 837e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley uint32_t *out_mask_a); 838d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 839e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam LangleySTACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); 840d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_verify_alarm_type(long type); 841d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 84253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley/* ssl_fill_hello_random fills a client_random or server_random field of length 84353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * |len|. It returns one on success and zero on failure. */ 84453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint ssl_fill_hello_random(uint8_t *out, size_t len, int is_server); 84553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 846d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_init_finished_mac(SSL *s); 847d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_server_certificate(SSL *s); 848d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_new_session_ticket(SSL *s); 849d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_cert_status(SSL *s); 850d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_finished(SSL *s, int state_a, int state_b); 851d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b); 852d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, 853d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t secret_len, const char *label, size_t label_len, 854d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const uint8_t *seed1, size_t seed1_len, 855d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const uint8_t *seed2, size_t seed2_len); 856d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl3_cleanup_key_block(SSL *s); 857d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_do_write(SSL *s, int type); 858d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_alert(SSL *s, int level, int desc); 859d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_req_cert_type(SSL *s, uint8_t *p); 860d9e397b599b13d642138480a28c14db7a136bf0Adam Langleylong ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type, 861e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley long max, enum ssl_hash_message_t hash_message, int *ok); 862d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 863e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* ssl3_hash_current_message incorporates the current handshake message into the 864e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * handshake hash. It returns one on success and zero on allocation failure. */ 865e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl3_hash_current_message(SSL *s); 866d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 867d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl3_cert_verify_hash writes the CertificateVerify hash into the bytes 868d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * pointed to by |out| and writes the number of bytes to |*out_len|. |out| must 869d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * have room for EVP_MAX_MD_SIZE bytes. For TLS 1.2 and up, |*out_md| is used 870d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for the hash function, otherwise the hash function depends on the type of 871d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |pkey| and is written to |*out_md|. It returns one on success and zero on 872d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * failure. */ 873d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_cert_verify_hash(SSL *s, uint8_t *out, size_t *out_len, 874d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const EVP_MD **out_md, EVP_PKEY *pkey); 875d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 876d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); 87753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint ssl3_supports_cipher(const SSL_CIPHER *cipher); 878d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_dispatch_alert(SSL *s); 879d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_expect_change_cipher_spec(SSL *s); 88053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint ssl3_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek); 88153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyvoid ssl3_read_close_notify(SSL *ssl); 882d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek); 88353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint ssl3_write_app_data(SSL *ssl, const void *buf, int len); 884d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_write_bytes(SSL *s, int type, const void *buf, int len); 885d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_final_finish_mac(SSL *s, const char *sender, int slen, uint8_t *p); 886d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_cert_verify_mac(SSL *s, int md_nid, uint8_t *p); 887e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl3_finish_mac(SSL *s, const uint8_t *buf, int len); 888d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl3_free_digest_list(SSL *s); 889e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk); 890d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyconst SSL_CIPHER *ssl3_choose_cipher( 891e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, 892d9e397b599b13d642138480a28c14db7a136bf0Adam Langley struct ssl_cipher_preference_list_st *srvr); 893d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_setup_read_buffer(SSL *s); 894d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_setup_write_buffer(SSL *s); 895d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_release_read_buffer(SSL *s); 896d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_release_write_buffer(SSL *s); 897d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 898d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyenum should_free_handshake_buffer_t { 899d9e397b599b13d642138480a28c14db7a136bf0Adam Langley free_handshake_buffer, 900d9e397b599b13d642138480a28c14db7a136bf0Adam Langley dont_free_handshake_buffer, 901d9e397b599b13d642138480a28c14db7a136bf0Adam Langley}; 902d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_digest_cached_records(SSL *s, enum should_free_handshake_buffer_t); 903d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 904d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_new(SSL *s); 905d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl3_free(SSL *s); 906d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_accept(SSL *s); 907d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_connect(SSL *s); 908d9e397b599b13d642138480a28c14db7a136bf0Adam Langleylong ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); 909d9e397b599b13d642138480a28c14db7a136bf0Adam Langleylong ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); 910d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 911e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* ssl3_record_sequence_update increments the sequence number in |seq|. It 912e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * returns one on success and zero on wraparound. */ 913e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl3_record_sequence_update(uint8_t *seq, size_t seq_len); 914e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 915d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_do_change_cipher_spec(SSL *ssl); 916d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 917e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl3_set_handshake_header(SSL *s, int htype, unsigned long len); 918d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_handshake_write(SSL *s); 919d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 92053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyenum dtls1_use_epoch_t { 92153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley dtls1_use_previous_epoch, 92253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley dtls1_use_current_epoch, 92353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley}; 92453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 92553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint dtls1_do_write(SSL *s, int type, enum dtls1_use_epoch_t use_epoch); 926e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl3_read_n(SSL *s, int n, int extend); 92753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint dtls1_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek); 92853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyvoid dtls1_read_close_notify(SSL *ssl); 929d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek); 930d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_write_pending(SSL *s, int type, const uint8_t *buf, unsigned int len); 931d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid dtls1_set_message_header(SSL *s, uint8_t mt, unsigned long len, 932d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned short seq_num, unsigned long frag_off, 933d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned long frag_len); 934d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 93553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint dtls1_write_app_data(SSL *s, const void *buf, int len); 93653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint dtls1_write_bytes(SSL *s, int type, const void *buf, int len, 93753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley enum dtls1_use_epoch_t use_epoch); 938d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 939d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_send_change_cipher_spec(SSL *s, int a, int b); 940d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); 941d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_read_failed(SSL *s, int code); 942d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_buffer_message(SSL *s, int ccs); 943d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_get_queue_priority(unsigned short seq, int is_ccs); 944d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_retransmit_buffered_messages(SSL *s); 945d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid dtls1_clear_record_buffer(SSL *s); 946d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid dtls1_get_message_header(uint8_t *data, struct hm_header_st *msg_hdr); 947d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid dtls1_reset_seq_numbers(SSL *s, int rw); 948d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_check_timeout_num(SSL *s); 949e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint dtls1_set_handshake_header(SSL *s, int type, unsigned long len); 950e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint dtls1_handshake_write(SSL *s); 951e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 95253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langleyint dtls1_supports_cipher(const SSL_CIPHER *cipher); 953d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid dtls1_start_timer(SSL *s); 954d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid dtls1_stop_timer(SSL *s); 955d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_is_timer_expired(SSL *s); 956d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid dtls1_double_timeout(SSL *s); 957d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyunsigned int dtls1_min_mtu(void); 958d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid dtls1_hm_fragment_free(hm_fragment *frag); 959d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 960d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* some client-only functions */ 961d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_client_hello(SSL *s); 962d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_server_hello(SSL *s); 963d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_certificate_request(SSL *s); 964d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_new_session_ticket(SSL *s); 965d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_cert_status(SSL *s); 966d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_server_done(SSL *s); 967d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_cert_verify(SSL *s); 968d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_client_certificate(SSL *s); 969d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); 970d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_client_key_exchange(SSL *s); 971d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_server_key_exchange(SSL *s); 972d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_server_certificate(SSL *s); 973d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_check_cert_and_algorithm(SSL *s); 974d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_next_proto(SSL *s); 975d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_channel_id(SSL *s); 976d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 977d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_client_hello(SSL *s); 978d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 979d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* some server-only functions */ 980d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_initial_bytes(SSL *s); 981d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_v2_client_hello(SSL *s); 982d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_client_hello(SSL *s); 983d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_server_hello(SSL *s); 984d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_server_key_exchange(SSL *s); 985d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_certificate_request(SSL *s); 986d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_send_server_done(SSL *s); 987d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_client_certificate(SSL *s); 988d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_client_key_exchange(SSL *s); 989d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_cert_verify(SSL *s); 990d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_next_proto(SSL *s); 991d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_get_channel_id(SSL *s); 992d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 993d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_new(SSL *s); 994d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_accept(SSL *s); 995d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_connect(SSL *s); 996d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid dtls1_free(SSL *s); 997d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 998d9e397b599b13d642138480a28c14db7a136bf0Adam Langleylong dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, 999e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley enum ssl_hash_message_t hash_message, int *ok); 1000d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_get_record(SSL *s); 1001d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint dtls1_dispatch_alert(SSL *s); 1002d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1003d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_init_wbio_buffer(SSL *s, int push); 1004d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl_free_wbio_buffer(SSL *s); 1005d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1006d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* tls1_prf computes the TLS PRF function for |s| as described in RFC 5246, 1007d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * section 5 and RFC 2246 section 5. It writes |out_len| bytes to |out|, using 1008d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |secret| as the secret and |label| as the label. |seed1| and |seed2| are 1009d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * concatenated to form the seed parameter. It returns one on success and zero 1010d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * on failure. */ 1011d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, 1012d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t secret_len, const char *label, size_t label_len, 1013d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const uint8_t *seed1, size_t seed1_len, 1014d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const uint8_t *seed2, size_t seed2_len); 1015d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1016d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_change_cipher_state(SSL *s, int which); 1017d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_setup_key_block(SSL *s); 1018d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_handshake_digest(SSL *s, uint8_t *out, size_t out_len); 1019d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_final_finish_mac(SSL *s, const char *str, int slen, uint8_t *p); 1020d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_cert_verify_mac(SSL *s, int md_nid, uint8_t *p); 1021d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_generate_master_secret(SSL *s, uint8_t *out, const uint8_t *premaster, 1022d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t premaster_len); 1023e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint tls1_export_keying_material(SSL *s, uint8_t *out, size_t out_len, 1024e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley const char *label, size_t label_len, 1025e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley const uint8_t *context, size_t context_len, 1026e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley int use_context); 1027d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_alert_code(int code); 1028d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_alert_code(int code); 1029d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1030d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); 1031d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1032d9e397b599b13d642138480a28c14db7a136bf0Adam Langleychar ssl_early_callback_init(struct ssl_early_callback_ctx *ctx); 1033d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_ec_curve_id2nid(uint16_t curve_id); 1034d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_ec_nid2curve_id(uint16_t *out_curve_id, int nid); 1035d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1036d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* tls1_check_curve parses ECParameters out of |cbs|, modifying it. It 1037d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * checks the curve is one of our preferences and writes the 1038d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NamedCurve value to |*out_curve_id|. It returns one on success and 1039d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * zero on error. */ 1040d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_check_curve(SSL *s, CBS *cbs, uint16_t *out_curve_id); 1041d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1042d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* tls1_get_shared_curve returns the NID of the first preferred shared curve 1043d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * between client and server preferences. If none can be found, it returns 1044d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NID_undef. */ 1045d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_get_shared_curve(SSL *s); 1046d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1047d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* tls1_set_curves converts the array of |ncurves| NIDs pointed to by |curves| 1048d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * into a newly allocated array of TLS curve IDs. On success, the function 1049d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * returns one and writes the array to |*out_curve_ids| and its size to 1050d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |*out_curve_ids_len|. Otherwise, it returns zero. */ 1051d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_set_curves(uint16_t **out_curve_ids, size_t *out_curve_ids_len, 1052d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const int *curves, size_t ncurves); 1053d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1054d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* tls1_check_ec_cert returns one if |x| is an ECC certificate with curve and 1055d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * point format compatible with the client's preferences. Otherwise it returns 1056d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * zero. */ 1057d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_check_ec_cert(SSL *s, X509 *x); 1058d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1059d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* tls1_check_ec_tmp_key returns one if the EC temporary key is compatible with 1060d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * client extensions and zero otherwise. */ 1061d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_check_ec_tmp_key(SSL *s); 1062d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1063d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_shared_list(SSL *s, const uint8_t *l1, size_t l1len, const uint8_t *l2, 1064d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t l2len, int nmatch); 1065d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyuint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, 1066d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t header_len); 1067d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyuint8_t *ssl_add_serverhello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit); 1068d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_parse_clienthello_tlsext(SSL *s, CBS *cbs); 1069d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_parse_serverhello_tlsext(SSL *s, CBS *cbs); 1070d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_prepare_clienthello_tlsext(SSL *s); 1071d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_prepare_serverhello_tlsext(SSL *s); 1072d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1073d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define tlsext_tick_md EVP_sha256 1074d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_process_ticket(SSL *s, const struct ssl_early_callback_ctx *ctx, 1075d9e397b599b13d642138480a28c14db7a136bf0Adam Langley SSL_SESSION **ret); 1076d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1077d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls12_get_sigandhash(uint8_t *p, const EVP_PKEY *pk, const EVP_MD *md); 1078d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls12_get_sigid(const EVP_PKEY *pk); 1079d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyconst EVP_MD *tls12_get_hash(uint8_t hash_alg); 1080d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1081d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); 1082d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_record_handshake_hashes_for_channel_id(SSL *s); 1083d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1084d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_set_sigalgs_list(CERT *c, const char *str, int client); 1085d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); 1086d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1087d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl_ctx_log_rsa_client_key_exchange logs |premaster| to |ctx|, if logging is 1088d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * enabled. It returns one on success and zero on failure. The entry is 1089d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * identified by the first 8 bytes of |encrypted_premaster|. */ 1090d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_ctx_log_rsa_client_key_exchange(SSL_CTX *ctx, 1091d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const uint8_t *encrypted_premaster, 1092d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t encrypted_premaster_len, 1093d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const uint8_t *premaster, 1094d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t premaster_len); 1095d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1096d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl_ctx_log_master_secret logs |master| to |ctx|, if logging is enabled. It 1097d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * returns one on success and zero on failure. The entry is identified by 1098d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |client_random|. */ 1099d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_ctx_log_master_secret(SSL_CTX *ctx, const uint8_t *client_random, 1100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t client_random_len, const uint8_t *master, 1101d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t master_len); 1102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1103e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* ssl3_can_false_start returns one if |s| is allowed to False Start and zero 1104e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * otherwise. */ 1105e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyint ssl3_can_false_start(const SSL *s); 1106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl3_get_enc_method returns the SSL3_ENC_METHOD corresponding to 1108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * |version|. */ 1109d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyconst SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version); 1110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl3_get_max_server_version returns the maximum SSL/TLS version number 1112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * supported by |s| as a server, or zero if all versions are disabled. */ 1113d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyuint16_t ssl3_get_max_server_version(const SSL *s); 1114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl3_get_mutual_version selects the protocol version on |s| for a client 1116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * which advertises |client_version|. If no suitable version exists, it returns 1117d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * zero. */ 1118d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyuint16_t ssl3_get_mutual_version(SSL *s, uint16_t client_version); 1119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl3_get_max_client_version returns the maximum protocol version configured 1121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for the client. It is guaranteed that the set of allowed versions at or below 1122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * this maximum version is contiguous. If all versions are disabled, it returns 1123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * zero. */ 1124d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyuint16_t ssl3_get_max_client_version(SSL *s); 1125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl3_is_version_enabled returns one if |version| is an enabled protocol 1127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * version for |s| and zero otherwise. */ 1128d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl3_is_version_enabled(SSL *s, uint16_t version); 1129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl3_version_from_wire maps |wire_version| to a protocol version. For 1131d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SSLv3/TLS, the version is returned as-is. For DTLS, the corresponding TLS 1132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * version is used. Note that this mapping is not injective but preserves 1133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * comparisons. 1134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * TODO(davidben): To normalize some DTLS-specific code, move away from using 1136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the wire version except at API boundaries. */ 1137d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyuint16_t ssl3_version_from_wire(SSL *s, uint16_t wire_version); 1138d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1139d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_add_serverhello_renegotiate_ext(SSL *s, uint8_t *p, int *len, 1140d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int maxlen); 1141d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_parse_serverhello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert); 1142d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_add_clienthello_renegotiate_ext(SSL *s, uint8_t *p, int *len, 1143d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int maxlen); 1144d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_parse_clienthello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert); 1145e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langleyuint32_t ssl_get_algorithm2(SSL *s); 1146d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls1_process_sigalgs(SSL *s, const CBS *sigalgs); 1147d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1148d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* tls1_choose_signing_digest returns a digest for use with |pkey| based on the 1149d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * peer's preferences recorded for |s| and the digests supported by |pkey|. */ 1150d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyconst EVP_MD *tls1_choose_signing_digest(SSL *s, EVP_PKEY *pkey); 1151d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1152d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysize_t tls12_get_psigalgs(SSL *s, const uint8_t **psigs); 1153d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint tls12_check_peer_sigalg(const EVP_MD **out_md, int *out_alert, SSL *s, 1154d9e397b599b13d642138480a28c14db7a136bf0Adam Langley CBS *cbs, EVP_PKEY *pkey); 1155d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid ssl_set_client_disabled(SSL *s); 1156d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1157d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_add_clienthello_use_srtp_ext(SSL *s, uint8_t *p, int *len, int maxlen); 1158d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_parse_clienthello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert); 1159d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_add_serverhello_use_srtp_ext(SSL *s, uint8_t *p, int *len, int maxlen); 1160d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyint ssl_parse_serverhello_use_srtp_ext(SSL *s, CBS *cbs, int *out_alert); 1161d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1162e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#endif /* OPENSSL_HEADER_SSL_INTERNAL_H */ 1163