BN_RECURSION causes the stuff in bn_mont.c to fall over for large keys. For

[oweals/openssl.git] / ssl / ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 1a907514d997446d9ea323dfcf87601d6bf9e789..3317ecc6c9b8a1e9e84c81f0452a55d3706f1c24 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -192,13 +192,24 @@
 #define SSL_SHA                        (SSL_SHA1)
 
 #define SSL_EXP_MASK           0x00300000L
-#define SSL_EXP                        0x00100000L
+#define SSL_EXP40              0x00100000L
 #define SSL_NOT_EXP            0x00200000L
-#define SSL_EXPORT             SSL_EXP
+#define SSL_EXP56              0x00300000L
+#define SSL_IS_EXPORT(a)       ((a)&SSL_EXP40)
+#define SSL_IS_EXPORT56(a)     (((a)&SSL_EXP_MASK) == SSL_EXP56)
+#define SSL_IS_EXPORT40(a)     (((a)&SSL_EXP_MASK) == SSL_EXP40)
+#define SSL_C_IS_EXPORT(c)     SSL_IS_EXPORT((c)->algorithms)
+#define SSL_C_IS_EXPORT56(c)   SSL_IS_EXPORT56((c)->algorithms)
+#define SSL_C_IS_EXPORT40(c)   SSL_IS_EXPORT40((c)->algorithms)
+#define SSL_EXPORT_KEYLENGTH(a)        (SSL_IS_EXPORT40(a) ? 5 : 7)
+#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
+#define SSL_C_EXPORT_KEYLENGTH(c)      SSL_EXPORT_KEYLENGTH((c)->algorithms)
+#define SSL_C_EXPORT_PKEYLENGTH(c)     SSL_EXPORT_PKEYLENGTH((c)->algorithms)
 
 #define SSL_SSL_MASK           0x00c00000L
 #define SSL_SSLV2              0x00400000L
 #define SSL_SSLV3              0x00800000L
+#define SSL_TLSV1              SSL_SSLV3       /* for now */
 
 #define SSL_STRONG_MASK                0x07000000L
 #define SSL_LOW                        0x01000000L
@@ -264,8 +275,8 @@ typedef struct cert_st
 
        RSA *rsa_tmp;
        DH *dh_tmp;
-       RSA *(*rsa_tmp_cb)();
-       DH *(*dh_tmp_cb)();
+       RSA *(*rsa_tmp_cb)(SSL *ssl,int export,int keysize);
+       DH *(*dh_tmp_cb)(SSL *ssl,int export,int keysize);
        CERT_PKEY pkeys[SSL_PKEY_NUM];
 
        STACK *cert_chain;
@@ -337,6 +348,7 @@ SSL_METHOD *sslv3_base_method(void);
 void ssl_clear_cipher_ctx(SSL *s);
 int ssl_clear_bad_session(SSL *s);
 CERT *ssl_cert_new(void);
+int ssl_cert_instantiate(CERT **o, CERT *d);
 void ssl_cert_free(CERT *c);
 int ssl_set_cert_type(CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
@@ -355,7 +367,7 @@ int ssl_undefined_function(SSL *s);
 X509 *ssl_get_server_send_cert(SSL *);
 EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c);
+void ssl_set_cert_masks(CERT *c,SSL_CIPHER *cipher);
 STACK *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 
@@ -472,6 +484,7 @@ SSL_METHOD *sslv3_base_method();
 void ssl_clear_cipher_ctx();
 int ssl_clear_bad_session();
 CERT *ssl_cert_new();
+int ssl_cert_instantiate();
 void ssl_cert_free();
 int ssl_set_cert_type();
 int ssl_get_new_session();