diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2021-10-15 16:48:48 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2021-10-15 16:48:48 +0000 |
| commit | c45cdb632d6b2032363c6d74aa0b044b744b7134 (patch) | |
| tree | 227882f33a621fec14a884871e3be1d43d488cd3 /lib/libssl/ssl_locl.h | |
| parent | 1962f7440266854ff99ccbcccdb8901d4a390f3b (diff) | |
Move various structs from ssl.h/tls1.h to ssl_locl.h.
These were already under LIBRESSL_INTERNAL hence no ABI change.
ok tb@
Diffstat (limited to 'lib/libssl/ssl_locl.h')
| -rw-r--r-- | lib/libssl/ssl_locl.h | 127 |
1 files changed, 126 insertions, 1 deletions
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 7ff3e0713dc..f102c2fc95c 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.358 2021/08/30 19:25:43 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.359 2021/10/15 16:48:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -361,6 +361,11 @@ __BEGIN_HIDDEN_DECLS #define EXPLICIT_CHAR2_CURVE_TYPE 2 #define NAMED_CURVE_TYPE 3 +struct ssl_comp_st { + int id; + const char *name; +}; + struct ssl_cipher_st { int valid; const char *name; /* text name */ @@ -611,6 +616,14 @@ typedef struct ssl_handshake_st { SSL_HANDSHAKE_TLS13 tls13; } SSL_HANDSHAKE; +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; + +/* TLS Session Ticket extension struct. */ +struct tls_session_ticket_ext_st { + unsigned short length; + void *data; +}; + struct tls12_key_block; struct tls12_key_block *tls12_key_block_new(void); @@ -832,6 +845,44 @@ typedef struct ssl_ctx_internal_st { uint16_t *tlsext_supportedgroups; /* our list */ } SSL_CTX_INTERNAL; +struct ssl_ctx_st { + const SSL_METHOD *method; + + STACK_OF(SSL_CIPHER) *cipher_list; + + struct x509_store_st /* X509_STORE */ *cert_store; + + /* If timeout is not 0, it is the default timeout value set + * when SSL_new() is called. This has been put in to make + * life easier to set things up */ + long session_timeout; + + int references; + + /* Default values to use in SSL structures follow (these are copied by SSL_new) */ + + STACK_OF(X509) *extra_certs; + + int verify_mode; + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + X509_VERIFY_PARAM *param; + + /* + * XXX + * default_passwd_cb used by python and openvpn, need to keep it until we + * add an accessor + */ + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; + + struct ssl_ctx_internal_st *internal; +}; + typedef struct ssl_internal_st { struct tls13_ctx *tls13; @@ -973,6 +1024,80 @@ typedef struct ssl_internal_st { int empty_record_count; } SSL_INTERNAL; +struct ssl_st { + /* protocol version + * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) + */ + int version; + + const SSL_METHOD *method; /* SSLv3 */ + + /* There are 2 BIO's even though they are normally both the + * same. This is so data can be read and written to different + * handlers */ + + BIO *rbio; /* used by SSL_read */ + BIO *wbio; /* used by SSL_write */ + BIO *bbio; /* used during session-id reuse to concatenate + * messages */ + int server; /* are we the server side? - mostly used by SSL_clear*/ + + struct ssl3_state_st *s3; /* SSLv3 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ + + X509_VERIFY_PARAM *param; + + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list; + + /* This is used to hold the server certificate used */ + struct cert_st /* CERT */ *cert; + + /* the session_id_context is used to ensure sessions are only reused + * in the appropriate context */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + + /* Used in SSL2 and SSL3 */ + int verify_mode; /* 0 don't care about verify failure. + * 1 fail if verify fails */ + int error; /* error bytes to be written */ + int error_code; /* actual code */ + + SSL_CTX *ctx; + + long verify_result; + + int references; + + int client_version; /* what was passed, used for + * SSLv3/TLS rollback check */ + + unsigned int max_send_fragment; + + char *tlsext_hostname; + + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + + SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ +#define session_ctx initial_ctx + + /* + * XXX really should be internal, but is + * touched unnaturally by wpa-supplicant + * and freeradius and other perversions + */ + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + EVP_MD_CTX *read_hash; /* used for mac generation */ + + struct ssl_internal_st *internal; +}; + typedef struct ssl3_record_internal_st { int type; /* type of record */ unsigned int length; /* How many bytes available */ |