X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fssl_locl.h;h=cb72ba3294e53f20f7cea9f57945e1667ff44378;hb=2daceb0342c8ca3514f37796e7f983e232d63f2a;hp=8b0ea0ee71674be385e8cb5be0baa37bc654ff67;hpb=d18b716d259d6d3b68ff7f49d154b9158b98df65;p=oweals%2Fopenssl.git diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 8b0ea0ee71..cb72ba3294 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -466,14 +466,6 @@ #define NAMED_CURVE_TYPE 3 #endif /* OPENSSL_NO_EC */ -/* Values for valid_flags in CERT_PKEY structure */ -/* Certificate inconsistent with session, key missing etc */ -#define CERT_PKEY_INVALID 0x0 -/* Certificate can be used with this sesstion */ -#define CERT_PKEY_VALID 0x1 -/* Certificate can also be used for signing */ -#define CERT_PKEY_SIGN 0x2 - typedef struct cert_pkey_st { X509 *x509; @@ -497,6 +489,11 @@ typedef struct cert_pkey_st */ int valid_flags; } CERT_PKEY; +/* Retrieve Suite B flags */ +#define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) +/* Uses to check strict mode: suite B modes are always strict */ +#define SSL_CERT_FLAGS_CHECK_TLS_STRICT \ + (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT) typedef struct cert_st { @@ -918,11 +915,12 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted, - const char *rule_str); + const char *rule_str, CERT *c); void ssl_update_cache(SSL *s, int mode); int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp); -int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md); +int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md); +int ssl_cipher_get_cert_index(const SSL_CIPHER *c); int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain); int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain); int ssl_cert_add0_chain_cert(CERT *c, X509 *x); @@ -936,7 +934,7 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); int ssl_undefined_function(SSL *s); int ssl_undefined_void_function(void); int ssl_undefined_const_function(const SSL *s); -CERT_PKEY *ssl_get_server_send_pkey(SSL *); +CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length); EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); int ssl_cert_type(X509 *x,EVP_PKEY *pkey); @@ -1192,7 +1190,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str); -int tls1_check_ec_tmp_key(SSL *s); +int tls1_check_ec_tmp_key(SSL *s, unsigned long id); #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT @@ -1203,6 +1201,7 @@ int tls1_shared_list(SSL *s, unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n); +int ssl_check_clienthello_tlsext_late(SSL *s); int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n); int ssl_prepare_clienthello_tlsext(SSL *s); int ssl_prepare_serverhello_tlsext(SSL *s); @@ -1252,6 +1251,8 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, long ssl_get_algorithm2(SSL *s); int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs); +int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, + const unsigned char *sig, EVP_PKEY *pkey); void ssl_set_client_disabled(SSL *s); int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);