Process signature algorithms in ClientHello late.

[oweals/openssl.git] / ssl / ssl_locl.h
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 1d90ddda53f4070ea0908d3c7dd9f9252b76aa72..6d8047c91cf72b8396c8d645de95d75eae558a5c 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -526,6 +526,35 @@ typedef struct cert_pkey_st
  #define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
         (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
  
+typedef struct {
+       unsigned short ext_type;
+       /* Per-connection flags relating to this extension type: not used 
+        * if part of an SSL_CTX structure.
+        */
+       unsigned short ext_flags;
+       custom_ext_add_cb add_cb; 
+       custom_ext_free_cb free_cb; 
+       void *add_arg;
+       custom_ext_parse_cb parse_cb; 
+       void *parse_arg;
+} custom_ext_method;
+
+/* ext_flags values */
+
+/* Indicates an extension has been received.
+ * Used to check for unsolicited or duplicate extensions.
+ */
+#define SSL_EXT_FLAG_RECEIVED  0x1
+/* Indicates an extension has been sent: used to
+ * enable sending of corresponding ServerHello extension.
+ */
+#define SSL_EXT_FLAG_SENT      0x2
+
+typedef struct {
+       custom_ext_method *meths;
+       size_t meths_count;
+} custom_ext_methods;
+
  typedef struct cert_st
         {
         /* Current active set */
@@ -621,6 +650,10 @@ typedef struct cert_st
         unsigned char *ciphers_raw;
         size_t ciphers_rawlen;
  
+       /* Custom extension methods for server and client */
+       custom_ext_methods cli_ext;
+       custom_ext_methods srv_ext;
+
         int references; /* >1 only if SSL_copy_session_id is used */
         } CERT;
  
@@ -957,6 +990,16 @@ const SSL_METHOD *func_name(void)  \
         return &func_name##_data; \
         }
  
+struct openssl_ssl_test_functions
+       {
+       int (*p_ssl_init_wbio_buffer)(SSL *s, int push);
+       int (*p_ssl3_setup_buffers)(SSL *s);
+       int (*p_tls1_process_heartbeat)(SSL *s);
+       int (*p_dtls1_process_heartbeat)(SSL *s);
+       };
+
+#ifndef OPENSSL_UNIT_TEST
+
  void ssl_clear_cipher_ctx(SSL *s);
  int ssl_clear_bad_session(SSL *s);
  CERT *ssl_cert_new(void);
@@ -1264,21 +1307,14 @@ int tls1_shared_list(SSL *s,
                         const unsigned char *l1, size_t l1len,
                         const unsigned char *l2, size_t l2len,
                         int nmatch);
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit, int *al);
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit, int *al);
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);
  int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
  int ssl_check_clienthello_tlsext_late(SSL *s);
  int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);
  int ssl_prepare_clienthello_tlsext(SSL *s);
  int ssl_prepare_serverhello_tlsext(SSL *s);
  
-/* server only */
-int tls1_send_server_supplemental_data(SSL *s, int *skip);
-int tls1_get_client_supplemental_data(SSL *s);
-/* client only */
-int tls1_send_client_supplemental_data(SSL *s, int *skip);
-int tls1_get_server_supplemental_data(SSL *s);
-
  #ifndef OPENSSL_NO_HEARTBEATS
  int tls1_heartbeat(SSL *s);
  int dtls1_heartbeat(SSL *s);
@@ -1317,7 +1353,8 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
  int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                                           int *al);
  long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls1_process_sigalgs(SSL *s);
  size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
  int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
                                 const unsigned char *sig, EVP_PKEY *pkey);
@@ -1357,15 +1394,31 @@ void tls_fips_digest_extra(
         const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
         const unsigned char *data, size_t data_len, size_t orig_len);
  
-#ifndef OPENSSL_NO_DANE
+int srp_verify_server_param(SSL *s, int *al);
  
-typedef struct {
-       unsigned char *tlsa_record;
-       int tlsa_witness, tlsa_mask;
-       int (*get_issuer)(X509 **issuer,X509_STORE_CTX *ctx,X509 *x);
-       } TLSA_EX_DATA;
+/* t1_ext.c */
+
+void custom_ext_init(custom_ext_methods *meths);
+
+int custom_ext_parse(SSL *s, int server,
+                       unsigned int ext_type,
+                       const unsigned char *ext_data, 
+                       size_t ext_size,
+                       int *al);
+int custom_ext_add(SSL *s, int server,
+                       unsigned char **pret,
+                       unsigned char *limit,
+                       int *al);
+
+int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src);
+void custom_exts_free(custom_ext_methods *exts);
+
+#else
+
+#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
+#define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
+#define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
+#define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
  
-TLSA_EX_DATA *SSL_get_TLSA_ex_data(SSL *);
-int SSL_get_TLSA_ex_data_idx(void);
  #endif
  #endif