Home | History | Annotate | Download | only in ssl
      1 /* ssl/ssl_locl.h */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 /* ====================================================================
     59  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
     60  *
     61  * Redistribution and use in source and binary forms, with or without
     62  * modification, are permitted provided that the following conditions
     63  * are met:
     64  *
     65  * 1. Redistributions of source code must retain the above copyright
     66  *    notice, this list of conditions and the following disclaimer.
     67  *
     68  * 2. Redistributions in binary form must reproduce the above copyright
     69  *    notice, this list of conditions and the following disclaimer in
     70  *    the documentation and/or other materials provided with the
     71  *    distribution.
     72  *
     73  * 3. All advertising materials mentioning features or use of this
     74  *    software must display the following acknowledgment:
     75  *    "This product includes software developed by the OpenSSL Project
     76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     77  *
     78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     79  *    endorse or promote products derived from this software without
     80  *    prior written permission. For written permission, please contact
     81  *    openssl-core (at) openssl.org.
     82  *
     83  * 5. Products derived from this software may not be called "OpenSSL"
     84  *    nor may "OpenSSL" appear in their names without prior written
     85  *    permission of the OpenSSL Project.
     86  *
     87  * 6. Redistributions of any form whatsoever must retain the following
     88  *    acknowledgment:
     89  *    "This product includes software developed by the OpenSSL Project
     90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     91  *
     92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    103  * OF THE POSSIBILITY OF SUCH DAMAGE.
    104  * ====================================================================
    105  *
    106  * This product includes cryptographic software written by Eric Young
    107  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    108  * Hudson (tjh (at) cryptsoft.com).
    109  *
    110  */
    111 /* ====================================================================
    112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
    113  * ECC cipher suite support in OpenSSL originally developed by
    114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
    115  */
    116 
    117 #ifndef HEADER_SSL_LOCL_H
    118 #define HEADER_SSL_LOCL_H
    119 #include <stdlib.h>
    120 #include <time.h>
    121 #include <string.h>
    122 #include <errno.h>
    123 
    124 #include "e_os.h"
    125 
    126 #include <openssl/buffer.h>
    127 #ifndef OPENSSL_NO_COMP
    128 #include <openssl/comp.h>
    129 #endif
    130 #include <openssl/bio.h>
    131 #include <openssl/stack.h>
    132 #ifndef OPENSSL_NO_RSA
    133 #include <openssl/rsa.h>
    134 #endif
    135 #ifndef OPENSSL_NO_DSA
    136 #include <openssl/dsa.h>
    137 #endif
    138 #include <openssl/err.h>
    139 #include <openssl/ssl.h>
    140 #include <openssl/symhacks.h>
    141 
    142 #ifdef OPENSSL_BUILD_SHLIBSSL
    143 # undef OPENSSL_EXTERN
    144 # define OPENSSL_EXTERN OPENSSL_EXPORT
    145 #endif
    146 
    147 #define PKCS1_CHECK
    148 
    149 #define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \
    150 			 l|=(((unsigned long)(*((c)++)))<< 8), \
    151 			 l|=(((unsigned long)(*((c)++)))<<16), \
    152 			 l|=(((unsigned long)(*((c)++)))<<24))
    153 
    154 /* NOTE - c is not incremented as per c2l */
    155 #define c2ln(c,l1,l2,n)	{ \
    156 			c+=n; \
    157 			l1=l2=0; \
    158 			switch (n) { \
    159 			case 8: l2 =((unsigned long)(*(--(c))))<<24; \
    160 			case 7: l2|=((unsigned long)(*(--(c))))<<16; \
    161 			case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
    162 			case 5: l2|=((unsigned long)(*(--(c))));     \
    163 			case 4: l1 =((unsigned long)(*(--(c))))<<24; \
    164 			case 3: l1|=((unsigned long)(*(--(c))))<<16; \
    165 			case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
    166 			case 1: l1|=((unsigned long)(*(--(c))));     \
    167 				} \
    168 			}
    169 
    170 #define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
    171 			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
    172 			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
    173 			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
    174 
    175 #define n2l(c,l)	(l =((unsigned long)(*((c)++)))<<24, \
    176 			 l|=((unsigned long)(*((c)++)))<<16, \
    177 			 l|=((unsigned long)(*((c)++)))<< 8, \
    178 			 l|=((unsigned long)(*((c)++))))
    179 
    180 #define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
    181 			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
    182 			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
    183 			 *((c)++)=(unsigned char)(((l)    )&0xff))
    184 
    185 #define l2n6(l,c)	(*((c)++)=(unsigned char)(((l)>>40)&0xff), \
    186 			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
    187 			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
    188 			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
    189 			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
    190 			 *((c)++)=(unsigned char)(((l)    )&0xff))
    191 
    192 #define n2l6(c,l)	(l =((BN_ULLONG)(*((c)++)))<<40, \
    193 			 l|=((BN_ULLONG)(*((c)++)))<<32, \
    194 			 l|=((BN_ULLONG)(*((c)++)))<<24, \
    195 			 l|=((BN_ULLONG)(*((c)++)))<<16, \
    196 			 l|=((BN_ULLONG)(*((c)++)))<< 8, \
    197 			 l|=((BN_ULLONG)(*((c)++))))
    198 
    199 /* NOTE - c is not incremented as per l2c */
    200 #define l2cn(l1,l2,c,n)	{ \
    201 			c+=n; \
    202 			switch (n) { \
    203 			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
    204 			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
    205 			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
    206 			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
    207 			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
    208 			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
    209 			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
    210 			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
    211 				} \
    212 			}
    213 
    214 #define n2s(c,s)	((s=(((unsigned int)(c[0]))<< 8)| \
    215 			    (((unsigned int)(c[1]))    )),c+=2)
    216 #define s2n(s,c)	((c[0]=(unsigned char)(((s)>> 8)&0xff), \
    217 			  c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
    218 
    219 #define n2l3(c,l)	((l =(((unsigned long)(c[0]))<<16)| \
    220 			     (((unsigned long)(c[1]))<< 8)| \
    221 			     (((unsigned long)(c[2]))    )),c+=3)
    222 
    223 #define l2n3(l,c)	((c[0]=(unsigned char)(((l)>>16)&0xff), \
    224 			  c[1]=(unsigned char)(((l)>> 8)&0xff), \
    225 			  c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
    226 
    227 /* LOCAL STUFF */
    228 
    229 #define SSL_DECRYPT	0
    230 #define SSL_ENCRYPT	1
    231 
    232 #define TWO_BYTE_BIT	0x80
    233 #define SEC_ESC_BIT	0x40
    234 #define TWO_BYTE_MASK	0x7fff
    235 #define THREE_BYTE_MASK	0x3fff
    236 
    237 #define INC32(a)	((a)=((a)+1)&0xffffffffL)
    238 #define DEC32(a)	((a)=((a)-1)&0xffffffffL)
    239 #define MAX_MAC_SIZE	20 /* up from 16 for SSLv3 */
    240 
    241 /*
    242  * Define the Bitmasks for SSL_CIPHER.algorithms.
    243  * This bits are used packed as dense as possible. If new methods/ciphers
    244  * etc will be added, the bits a likely to change, so this information
    245  * is for internal library use only, even though SSL_CIPHER.algorithms
    246  * can be publicly accessed.
    247  * Use the according functions for cipher management instead.
    248  *
    249  * The bit mask handling in the selection and sorting scheme in
    250  * ssl_create_cipher_list() has only limited capabilities, reflecting
    251  * that the different entities within are mutually exclusive:
    252  * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
    253  */
    254 #define SSL_MKEY_MASK		0x000000FFL
    255 #define SSL_kRSA		0x00000001L /* RSA key exchange */
    256 #define SSL_kDHr		0x00000002L /* DH cert RSA CA cert */
    257 #define SSL_kDHd		0x00000004L /* DH cert DSA CA cert */
    258 #define SSL_kFZA		0x00000008L
    259 #define SSL_kEDH		0x00000010L /* tmp DH key no DH cert */
    260 #define SSL_kKRB5		0x00000020L /* Kerberos5 key exchange */
    261 #define SSL_kECDH               0x00000040L /* ECDH w/ long-term keys */
    262 #define SSL_kECDHE              0x00000080L /* ephemeral ECDH */
    263 #define SSL_EDH			(SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
    264 
    265 #define SSL_AUTH_MASK		0x00007F00L
    266 #define SSL_aRSA		0x00000100L /* Authenticate with RSA */
    267 #define SSL_aDSS 		0x00000200L /* Authenticate with DSS */
    268 #define SSL_DSS 		SSL_aDSS
    269 #define SSL_aFZA 		0x00000400L
    270 #define SSL_aNULL 		0x00000800L /* no Authenticate, ADH */
    271 #define SSL_aDH 		0x00001000L /* no Authenticate, ADH */
    272 #define SSL_aKRB5               0x00002000L /* Authenticate with KRB5 */
    273 #define SSL_aECDSA              0x00004000L /* Authenticate with ECDSA */
    274 
    275 #define SSL_NULL		(SSL_eNULL)
    276 #define SSL_ADH			(SSL_kEDH|SSL_aNULL)
    277 #define SSL_RSA			(SSL_kRSA|SSL_aRSA)
    278 #define SSL_DH			(SSL_kDHr|SSL_kDHd|SSL_kEDH)
    279 #define SSL_ECDH		(SSL_kECDH|SSL_kECDHE)
    280 #define SSL_FZA			(SSL_aFZA|SSL_kFZA|SSL_eFZA)
    281 #define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
    282 
    283 #define SSL_ENC_MASK		0x1C3F8000L
    284 #define SSL_DES			0x00008000L
    285 #define SSL_3DES		0x00010000L
    286 #define SSL_RC4			0x00020000L
    287 #define SSL_RC2			0x00040000L
    288 #define SSL_IDEA		0x00080000L
    289 #define SSL_eFZA		0x00100000L
    290 #define SSL_eNULL		0x00200000L
    291 #define SSL_AES			0x04000000L
    292 #define SSL_CAMELLIA		0x08000000L
    293 #define SSL_SEED          	0x10000000L
    294 
    295 #define SSL_MAC_MASK		0x00c00000L
    296 #define SSL_MD5			0x00400000L
    297 #define SSL_SHA1		0x00800000L
    298 #define SSL_SHA			(SSL_SHA1)
    299 
    300 #define SSL_SSL_MASK		0x03000000L
    301 #define SSL_SSLV2		0x01000000L
    302 #define SSL_SSLV3		0x02000000L
    303 #define SSL_TLSV1		SSL_SSLV3	/* for now */
    304 
    305 /* we have used 1fffffff - 3 bits left to go. */
    306 
    307 /*
    308  * Export and cipher strength information. For each cipher we have to decide
    309  * whether it is exportable or not. This information is likely to change
    310  * over time, since the export control rules are no static technical issue.
    311  *
    312  * Independent of the export flag the cipher strength is sorted into classes.
    313  * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
    314  * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
    315  * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
    316  * since SSL_EXP64 could be similar to SSL_LOW.
    317  * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
    318  * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
    319  * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
    320  * be possible.
    321  */
    322 #define SSL_EXP_MASK		0x00000003L
    323 #define SSL_NOT_EXP		0x00000001L
    324 #define SSL_EXPORT		0x00000002L
    325 
    326 #define SSL_STRONG_MASK		0x000000fcL
    327 #define SSL_STRONG_NONE		0x00000004L
    328 #define SSL_EXP40		0x00000008L
    329 #define SSL_MICRO		(SSL_EXP40)
    330 #define SSL_EXP56		0x00000010L
    331 #define SSL_MINI		(SSL_EXP56)
    332 #define SSL_LOW			0x00000020L
    333 #define SSL_MEDIUM		0x00000040L
    334 #define SSL_HIGH		0x00000080L
    335 #define SSL_FIPS		0x00000100L
    336 
    337 /* we have used 000001ff - 23 bits left to go */
    338 
    339 /*
    340  * Macros to check the export status and cipher strength for export ciphers.
    341  * Even though the macros for EXPORT and EXPORT40/56 have similar names,
    342  * their meaning is different:
    343  * *_EXPORT macros check the 'exportable' status.
    344  * *_EXPORT40/56 macros are used to check whether a certain cipher strength
    345  *          is given.
    346  * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
    347  * algorithm structure element to be passed (algorithms, algo_strength) and no
    348  * typechecking can be done as they are all of type unsigned long, their
    349  * direct usage is discouraged.
    350  * Use the SSL_C_* macros instead.
    351  */
    352 #define SSL_IS_EXPORT(a)	((a)&SSL_EXPORT)
    353 #define SSL_IS_EXPORT56(a)	((a)&SSL_EXP56)
    354 #define SSL_IS_EXPORT40(a)	((a)&SSL_EXP40)
    355 #define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algo_strength)
    356 #define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algo_strength)
    357 #define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algo_strength)
    358 
    359 #define SSL_EXPORT_KEYLENGTH(a,s)	(SSL_IS_EXPORT40(s) ? 5 : \
    360 				 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
    361 #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
    362 #define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithms, \
    363 				(c)->algo_strength)
    364 #define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
    365 
    366 
    367 #define SSL_ALL			0xffffffffL
    368 #define SSL_ALL_CIPHERS		(SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
    369 				SSL_MAC_MASK)
    370 #define SSL_ALL_STRENGTHS	(SSL_EXP_MASK|SSL_STRONG_MASK)
    371 
    372 /* Mostly for SSLv3 */
    373 #define SSL_PKEY_RSA_ENC	0
    374 #define SSL_PKEY_RSA_SIGN	1
    375 #define SSL_PKEY_DSA_SIGN	2
    376 #define SSL_PKEY_DH_RSA		3
    377 #define SSL_PKEY_DH_DSA		4
    378 #define SSL_PKEY_ECC            5
    379 #define SSL_PKEY_NUM		6
    380 
    381 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
    382  * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
    383  * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
    384  * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
    385  * SSL_aRSA <- RSA_ENC | RSA_SIGN
    386  * SSL_aDSS <- DSA_SIGN
    387  */
    388 
    389 /*
    390 #define CERT_INVALID		0
    391 #define CERT_PUBLIC_KEY		1
    392 #define CERT_PRIVATE_KEY	2
    393 */
    394 
    395 #ifndef OPENSSL_NO_EC
    396 /* From ECC-TLS draft, used in encoding the curve type in
    397  * ECParameters
    398  */
    399 #define EXPLICIT_PRIME_CURVE_TYPE  1
    400 #define EXPLICIT_CHAR2_CURVE_TYPE  2
    401 #define NAMED_CURVE_TYPE           3
    402 #endif  /* OPENSSL_NO_EC */
    403 
    404 typedef struct cert_pkey_st
    405 	{
    406 	X509 *x509;
    407 	EVP_PKEY *privatekey;
    408 	} CERT_PKEY;
    409 
    410 typedef struct cert_st
    411 	{
    412 	/* Current active set */
    413 	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
    414 			 * Probably it would make more sense to store
    415 			 * an index, not a pointer. */
    416 
    417 	/* The following masks are for the key and auth
    418 	 * algorithms that are supported by the certs below */
    419 	int valid;
    420 	unsigned long mask;
    421 	unsigned long export_mask;
    422 #ifndef OPENSSL_NO_RSA
    423 	RSA *rsa_tmp;
    424 	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
    425 #endif
    426 #ifndef OPENSSL_NO_DH
    427 	DH *dh_tmp;
    428 	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
    429 #endif
    430 #ifndef OPENSSL_NO_ECDH
    431 	EC_KEY *ecdh_tmp;
    432 	/* Callback for generating ephemeral ECDH keys */
    433 	EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
    434 #endif
    435 
    436 	CERT_PKEY pkeys[SSL_PKEY_NUM];
    437 
    438 	int references; /* >1 only if SSL_copy_session_id is used */
    439 	} CERT;
    440 
    441 
    442 typedef struct sess_cert_st
    443 	{
    444 	STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
    445 
    446 	/* The 'peer_...' members are used only by clients. */
    447 	int peer_cert_type;
    448 
    449 	CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
    450 	CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
    451 	/* Obviously we don't have the private keys of these,
    452 	 * so maybe we shouldn't even use the CERT_PKEY type here. */
    453 
    454 #ifndef OPENSSL_NO_RSA
    455 	RSA *peer_rsa_tmp; /* not used for SSL 2 */
    456 #endif
    457 #ifndef OPENSSL_NO_DH
    458 	DH *peer_dh_tmp; /* not used for SSL 2 */
    459 #endif
    460 #ifndef OPENSSL_NO_ECDH
    461 	EC_KEY *peer_ecdh_tmp;
    462 #endif
    463 
    464 	int references; /* actually always 1 at the moment */
    465 	} SESS_CERT;
    466 
    467 
    468 /*#define MAC_DEBUG	*/
    469 
    470 /*#define ERR_DEBUG	*/
    471 /*#define ABORT_DEBUG	*/
    472 /*#define PKT_DEBUG 1   */
    473 /*#define DES_DEBUG	*/
    474 /*#define DES_OFB_DEBUG	*/
    475 /*#define SSL_DEBUG	*/
    476 /*#define RSA_DEBUG	*/
    477 /*#define IDEA_DEBUG	*/
    478 
    479 #define FP_ICC  (int (*)(const void *,const void *))
    480 #define ssl_put_cipher_by_char(ssl,ciph,ptr) \
    481 		((ssl)->method->put_cipher_by_char((ciph),(ptr)))
    482 #define ssl_get_cipher_by_char(ssl,ptr) \
    483 		((ssl)->method->get_cipher_by_char(ptr))
    484 
    485 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
    486  * It is a bit of a mess of functions, but hell, think of it as
    487  * an opaque structure :-) */
    488 typedef struct ssl3_enc_method
    489 	{
    490 	int (*enc)(SSL *, int);
    491 	int (*mac)(SSL *, unsigned char *, int);
    492 	int (*setup_key_block)(SSL *);
    493 	int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
    494 	int (*change_cipher_state)(SSL *, int);
    495 	int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
    496 	int finish_mac_length;
    497 	int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
    498 	const char *client_finished_label;
    499 	int client_finished_label_len;
    500 	const char *server_finished_label;
    501 	int server_finished_label_len;
    502 	int (*alert_value)(int);
    503 	} SSL3_ENC_METHOD;
    504 
    505 #ifndef OPENSSL_NO_COMP
    506 /* Used for holding the relevant compression methods loaded into SSL_CTX */
    507 typedef struct ssl3_comp_st
    508 	{
    509 	int comp_id;	/* The identifier byte for this compression type */
    510 	char *name;	/* Text name used for the compression type */
    511 	COMP_METHOD *method; /* The method :-) */
    512 	} SSL3_COMP;
    513 #endif
    514 
    515 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
    516 OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
    517 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
    518 
    519 
    520 SSL_METHOD *ssl_bad_method(int ver);
    521 SSL_METHOD *sslv2_base_method(void);
    522 SSL_METHOD *sslv23_base_method(void);
    523 SSL_METHOD *sslv3_base_method(void);
    524 
    525 extern SSL3_ENC_METHOD TLSv1_enc_data;
    526 extern SSL3_ENC_METHOD SSLv3_enc_data;
    527 extern SSL3_ENC_METHOD DTLSv1_enc_data;
    528 
    529 #define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
    530 SSL_METHOD *func_name(void)  \
    531 	{ \
    532 	static SSL_METHOD func_name##_data= { \
    533 		TLS1_VERSION, \
    534 		tls1_new, \
    535 		tls1_clear, \
    536 		tls1_free, \
    537 		s_accept, \
    538 		s_connect, \
    539 		ssl3_read, \
    540 		ssl3_peek, \
    541 		ssl3_write, \
    542 		ssl3_shutdown, \
    543 		ssl3_renegotiate, \
    544 		ssl3_renegotiate_check, \
    545 		ssl3_get_message, \
    546 		ssl3_read_bytes, \
    547 		ssl3_write_bytes, \
    548 		ssl3_dispatch_alert, \
    549 		ssl3_ctrl, \
    550 		ssl3_ctx_ctrl, \
    551 		ssl3_get_cipher_by_char, \
    552 		ssl3_put_cipher_by_char, \
    553 		ssl3_pending, \
    554 		ssl3_num_ciphers, \
    555 		ssl3_get_cipher, \
    556 		s_get_meth, \
    557 		tls1_default_timeout, \
    558 		&TLSv1_enc_data, \
    559 		ssl_undefined_void_function, \
    560 		ssl3_callback_ctrl, \
    561 		ssl3_ctx_callback_ctrl, \
    562 	}; \
    563 	return &func_name##_data; \
    564 	}
    565 
    566 #define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
    567 SSL_METHOD *func_name(void)  \
    568 	{ \
    569 	static SSL_METHOD func_name##_data= { \
    570 		SSL3_VERSION, \
    571 		ssl3_new, \
    572 		ssl3_clear, \
    573 		ssl3_free, \
    574 		s_accept, \
    575 		s_connect, \
    576 		ssl3_read, \
    577 		ssl3_peek, \
    578 		ssl3_write, \
    579 		ssl3_shutdown, \
    580 		ssl3_renegotiate, \
    581 		ssl3_renegotiate_check, \
    582 		ssl3_get_message, \
    583 		ssl3_read_bytes, \
    584 		ssl3_write_bytes, \
    585 		ssl3_dispatch_alert, \
    586 		ssl3_ctrl, \
    587 		ssl3_ctx_ctrl, \
    588 		ssl3_get_cipher_by_char, \
    589 		ssl3_put_cipher_by_char, \
    590 		ssl3_pending, \
    591 		ssl3_num_ciphers, \
    592 		ssl3_get_cipher, \
    593 		s_get_meth, \
    594 		ssl3_default_timeout, \
    595 		&SSLv3_enc_data, \
    596 		ssl_undefined_void_function, \
    597 		ssl3_callback_ctrl, \
    598 		ssl3_ctx_callback_ctrl, \
    599 	}; \
    600 	return &func_name##_data; \
    601 	}
    602 
    603 #define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
    604 SSL_METHOD *func_name(void)  \
    605 	{ \
    606 	static SSL_METHOD func_name##_data= { \
    607 	TLS1_VERSION, \
    608 	tls1_new, \
    609 	tls1_clear, \
    610 	tls1_free, \
    611 	s_accept, \
    612 	s_connect, \
    613 	ssl23_read, \
    614 	ssl23_peek, \
    615 	ssl23_write, \
    616 	ssl_undefined_function, \
    617 	ssl_undefined_function, \
    618 	ssl_ok, \
    619 	ssl3_get_message, \
    620 	ssl3_read_bytes, \
    621 	ssl3_write_bytes, \
    622 	ssl3_dispatch_alert, \
    623 	ssl3_ctrl, \
    624 	ssl3_ctx_ctrl, \
    625 	ssl23_get_cipher_by_char, \
    626 	ssl23_put_cipher_by_char, \
    627 	ssl_undefined_const_function, \
    628 	ssl23_num_ciphers, \
    629 	ssl23_get_cipher, \
    630 	s_get_meth, \
    631 	ssl23_default_timeout, \
    632 	&ssl3_undef_enc_method, \
    633 	ssl_undefined_void_function, \
    634 	ssl3_callback_ctrl, \
    635 	ssl3_ctx_callback_ctrl, \
    636 	}; \
    637 	return &func_name##_data; \
    638 	}
    639 
    640 #define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
    641 SSL_METHOD *func_name(void)  \
    642 	{ \
    643 	static SSL_METHOD func_name##_data= { \
    644 		SSL2_VERSION, \
    645 		ssl2_new,	/* local */ \
    646 		ssl2_clear,	/* local */ \
    647 		ssl2_free,	/* local */ \
    648 		s_accept, \
    649 		s_connect, \
    650 		ssl2_read, \
    651 		ssl2_peek, \
    652 		ssl2_write, \
    653 		ssl2_shutdown, \
    654 		ssl_ok,	/* NULL - renegotiate */ \
    655 		ssl_ok,	/* NULL - check renegotiate */ \
    656 		NULL, /* NULL - ssl_get_message */ \
    657 		NULL, /* NULL - ssl_get_record */ \
    658 		NULL, /* NULL - ssl_write_bytes */ \
    659 		NULL, /* NULL - dispatch_alert */ \
    660 		ssl2_ctrl,	/* local */ \
    661 		ssl2_ctx_ctrl,	/* local */ \
    662 		ssl2_get_cipher_by_char, \
    663 		ssl2_put_cipher_by_char, \
    664 		ssl2_pending, \
    665 		ssl2_num_ciphers, \
    666 		ssl2_get_cipher, \
    667 		s_get_meth, \
    668 		ssl2_default_timeout, \
    669 		&ssl3_undef_enc_method, \
    670 		ssl_undefined_void_function, \
    671 		ssl2_callback_ctrl,	/* local */ \
    672 		ssl2_ctx_callback_ctrl,	/* local */ \
    673 	}; \
    674 	return &func_name##_data; \
    675 	}
    676 
    677 #define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
    678 SSL_METHOD *func_name(void)  \
    679 	{ \
    680 	static SSL_METHOD func_name##_data= { \
    681 		DTLS1_VERSION, \
    682 		dtls1_new, \
    683 		dtls1_clear, \
    684 		dtls1_free, \
    685 		s_accept, \
    686 		s_connect, \
    687 		ssl3_read, \
    688 		ssl3_peek, \
    689 		ssl3_write, \
    690 		ssl3_shutdown, \
    691 		ssl3_renegotiate, \
    692 		ssl3_renegotiate_check, \
    693 		dtls1_get_message, \
    694 		dtls1_read_bytes, \
    695 		dtls1_write_app_data_bytes, \
    696 		dtls1_dispatch_alert, \
    697 		dtls1_ctrl, \
    698 		ssl3_ctx_ctrl, \
    699 		ssl3_get_cipher_by_char, \
    700 		ssl3_put_cipher_by_char, \
    701 		ssl3_pending, \
    702 		ssl3_num_ciphers, \
    703 		dtls1_get_cipher, \
    704 		s_get_meth, \
    705 		dtls1_default_timeout, \
    706 		&DTLSv1_enc_data, \
    707 		ssl_undefined_void_function, \
    708 		ssl3_callback_ctrl, \
    709 		ssl3_ctx_callback_ctrl, \
    710 	}; \
    711 	return &func_name##_data; \
    712 	}
    713 
    714 void ssl_clear_cipher_ctx(SSL *s);
    715 int ssl_clear_bad_session(SSL *s);
    716 CERT *ssl_cert_new(void);
    717 CERT *ssl_cert_dup(CERT *cert);
    718 int ssl_cert_inst(CERT **o);
    719 void ssl_cert_free(CERT *c);
    720 SESS_CERT *ssl_sess_cert_new(void);
    721 void ssl_sess_cert_free(SESS_CERT *sc);
    722 int ssl_set_peer_cert_type(SESS_CERT *c, int type);
    723 int ssl_get_new_session(SSL *s, int session);
    724 int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
    725 int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
    726 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
    727 			const SSL_CIPHER * const *bp);
    728 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
    729 					       STACK_OF(SSL_CIPHER) **skp);
    730 int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
    731                              int (*put_cb)(const SSL_CIPHER *, unsigned char *));
    732 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
    733 					     STACK_OF(SSL_CIPHER) **pref,
    734 					     STACK_OF(SSL_CIPHER) **sorted,
    735 					     const char *rule_str);
    736 void ssl_update_cache(SSL *s, int mode);
    737 int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
    738 		       const EVP_MD **md,SSL_COMP **comp);
    739 int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
    740 int ssl_undefined_function(SSL *s);
    741 int ssl_undefined_void_function(void);
    742 int ssl_undefined_const_function(const SSL *s);
    743 X509 *ssl_get_server_send_cert(SSL *);
    744 EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
    745 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
    746 void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
    747 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
    748 int ssl_verify_alarm_type(long type);
    749 void ssl_load_ciphers(void);
    750 
    751 int ssl2_enc_init(SSL *s, int client);
    752 int ssl2_generate_key_material(SSL *s);
    753 void ssl2_enc(SSL *s,int send_data);
    754 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
    755 SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
    756 int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
    757 int ssl2_part_read(SSL *s, unsigned long f, int i);
    758 int ssl2_do_write(SSL *s);
    759 int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
    760 void ssl2_return_error(SSL *s,int reason);
    761 void ssl2_write_error(SSL *s);
    762 int ssl2_num_ciphers(void);
    763 SSL_CIPHER *ssl2_get_cipher(unsigned int u);
    764 int	ssl2_new(SSL *s);
    765 void	ssl2_free(SSL *s);
    766 int	ssl2_accept(SSL *s);
    767 int	ssl2_connect(SSL *s);
    768 int	ssl2_read(SSL *s, void *buf, int len);
    769 int	ssl2_peek(SSL *s, void *buf, int len);
    770 int	ssl2_write(SSL *s, const void *buf, int len);
    771 int	ssl2_shutdown(SSL *s);
    772 void	ssl2_clear(SSL *s);
    773 long	ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
    774 long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
    775 long	ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
    776 long	ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
    777 int	ssl2_pending(const SSL *s);
    778 long	ssl2_default_timeout(void );
    779 
    780 SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
    781 int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
    782 void ssl3_init_finished_mac(SSL *s);
    783 int ssl3_send_server_certificate(SSL *s);
    784 int ssl3_send_newsession_ticket(SSL *s);
    785 int ssl3_send_cert_status(SSL *s);
    786 int ssl3_get_finished(SSL *s,int state_a,int state_b);
    787 int ssl3_setup_key_block(SSL *s);
    788 int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
    789 int ssl3_change_cipher_state(SSL *s,int which);
    790 void ssl3_cleanup_key_block(SSL *s);
    791 int ssl3_do_write(SSL *s,int type);
    792 int ssl3_send_alert(SSL *s,int level, int desc);
    793 int ssl3_generate_master_secret(SSL *s, unsigned char *out,
    794 	unsigned char *p, int len);
    795 int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
    796 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
    797 int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
    798 int ssl3_num_ciphers(void);
    799 SSL_CIPHER *ssl3_get_cipher(unsigned int u);
    800 int ssl3_renegotiate(SSL *ssl);
    801 int ssl3_renegotiate_check(SSL *ssl);
    802 int ssl3_dispatch_alert(SSL *s);
    803 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
    804 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
    805 int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
    806 	const char *sender, int slen,unsigned char *p);
    807 int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
    808 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
    809 int ssl3_enc(SSL *s, int send_data);
    810 int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
    811 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
    812 SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
    813 			       STACK_OF(SSL_CIPHER) *srvr);
    814 int	ssl3_setup_buffers(SSL *s);
    815 int	ssl3_new(SSL *s);
    816 void	ssl3_free(SSL *s);
    817 int	ssl3_accept(SSL *s);
    818 int	ssl3_connect(SSL *s);
    819 int	ssl3_read(SSL *s, void *buf, int len);
    820 int	ssl3_peek(SSL *s, void *buf, int len);
    821 int	ssl3_write(SSL *s, const void *buf, int len);
    822 int	ssl3_shutdown(SSL *s);
    823 void	ssl3_clear(SSL *s);
    824 long	ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
    825 long	ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
    826 long	ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
    827 long	ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
    828 int	ssl3_pending(const SSL *s);
    829 
    830 void ssl3_record_sequence_update(unsigned char *seq);
    831 int ssl3_do_change_cipher_spec(SSL *ssl);
    832 long ssl3_default_timeout(void );
    833 
    834 int ssl23_num_ciphers(void );
    835 SSL_CIPHER *ssl23_get_cipher(unsigned int u);
    836 int ssl23_read(SSL *s, void *buf, int len);
    837 int ssl23_peek(SSL *s, void *buf, int len);
    838 int ssl23_write(SSL *s, const void *buf, int len);
    839 int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
    840 SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
    841 long ssl23_default_timeout(void );
    842 
    843 long tls1_default_timeout(void);
    844 int dtls1_do_write(SSL *s,int type);
    845 int ssl3_read_n(SSL *s, int n, int max, int extend);
    846 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
    847 int ssl3_do_compress(SSL *ssl);
    848 int ssl3_do_uncompress(SSL *ssl);
    849 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
    850 	unsigned int len);
    851 unsigned char *dtls1_set_message_header(SSL *s,
    852 	unsigned char *p, unsigned char mt,	unsigned long len,
    853 	unsigned long frag_off, unsigned long frag_len);
    854 
    855 int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
    856 int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
    857 
    858 int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
    859 int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
    860 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
    861 int dtls1_read_failed(SSL *s, int code);
    862 int dtls1_buffer_message(SSL *s, int ccs);
    863 int dtls1_retransmit_message(SSL *s, unsigned short seq,
    864 	unsigned long frag_off, int *found);
    865 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
    866 int dtls1_retransmit_buffered_messages(SSL *s);
    867 void dtls1_clear_record_buffer(SSL *s);
    868 void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
    869 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
    870 void dtls1_reset_seq_numbers(SSL *s, int rw);
    871 long dtls1_default_timeout(void);
    872 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
    873 int dtls1_handle_timeout(SSL *s);
    874 SSL_CIPHER *dtls1_get_cipher(unsigned int u);
    875 void dtls1_start_timer(SSL *s);
    876 void dtls1_stop_timer(SSL *s);
    877 int dtls1_is_timer_expired(SSL *s);
    878 void dtls1_double_timeout(SSL *s);
    879 int dtls1_send_newsession_ticket(SSL *s);
    880 
    881 
    882 /* some client-only functions */
    883 int ssl3_client_hello(SSL *s);
    884 int ssl3_get_server_hello(SSL *s);
    885 int ssl3_get_certificate_request(SSL *s);
    886 int ssl3_get_new_session_ticket(SSL *s);
    887 int ssl3_get_cert_status(SSL *s);
    888 int ssl3_get_server_done(SSL *s);
    889 int ssl3_send_client_verify(SSL *s);
    890 int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
    891 int ssl3_send_client_certificate(SSL *s);
    892 int ssl3_send_client_key_exchange(SSL *s);
    893 int ssl3_get_key_exchange(SSL *s);
    894 int ssl3_get_server_certificate(SSL *s);
    895 int ssl3_check_cert_and_algorithm(SSL *s);
    896 #ifndef OPENSSL_NO_TLSEXT
    897 int ssl3_check_finished(SSL *s);
    898 #endif
    899 
    900 int dtls1_client_hello(SSL *s);
    901 int dtls1_send_client_certificate(SSL *s);
    902 int dtls1_send_client_key_exchange(SSL *s);
    903 int dtls1_send_client_verify(SSL *s);
    904 
    905 /* some server-only functions */
    906 int ssl3_get_client_hello(SSL *s);
    907 int ssl3_send_server_hello(SSL *s);
    908 int ssl3_send_hello_request(SSL *s);
    909 int ssl3_send_server_key_exchange(SSL *s);
    910 int ssl3_send_certificate_request(SSL *s);
    911 int ssl3_send_server_done(SSL *s);
    912 int ssl3_check_client_hello(SSL *s);
    913 int ssl3_get_client_certificate(SSL *s);
    914 int ssl3_get_client_key_exchange(SSL *s);
    915 int ssl3_get_cert_verify(SSL *s);
    916 
    917 int dtls1_send_hello_request(SSL *s);
    918 int dtls1_send_server_hello(SSL *s);
    919 int dtls1_send_server_certificate(SSL *s);
    920 int dtls1_send_server_key_exchange(SSL *s);
    921 int dtls1_send_certificate_request(SSL *s);
    922 int dtls1_send_server_done(SSL *s);
    923 
    924 
    925 
    926 int ssl23_accept(SSL *s);
    927 int ssl23_connect(SSL *s);
    928 int ssl23_read_bytes(SSL *s, int n);
    929 int ssl23_write_bytes(SSL *s);
    930 
    931 int tls1_new(SSL *s);
    932 void tls1_free(SSL *s);
    933 void tls1_clear(SSL *s);
    934 long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
    935 long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
    936 SSL_METHOD *tlsv1_base_method(void );
    937 
    938 int dtls1_new(SSL *s);
    939 int	dtls1_accept(SSL *s);
    940 int	dtls1_connect(SSL *s);
    941 void dtls1_free(SSL *s);
    942 void dtls1_clear(SSL *s);
    943 long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
    944 SSL_METHOD *dtlsv1_base_method(void );
    945 
    946 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
    947 int dtls1_get_record(SSL *s);
    948 int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
    949 	unsigned int len, int create_empty_fragement);
    950 int dtls1_dispatch_alert(SSL *s);
    951 int dtls1_enc(SSL *s, int snd);
    952 
    953 int ssl_init_wbio_buffer(SSL *s, int push);
    954 void ssl_free_wbio_buffer(SSL *s);
    955 
    956 int tls1_change_cipher_state(SSL *s, int which);
    957 int tls1_setup_key_block(SSL *s);
    958 int tls1_enc(SSL *s, int snd);
    959 int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
    960 	const char *str, int slen, unsigned char *p);
    961 int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
    962 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
    963 int tls1_generate_master_secret(SSL *s, unsigned char *out,
    964 	unsigned char *p, int len);
    965 int tls1_alert_code(int code);
    966 int ssl3_alert_code(int code);
    967 int ssl_ok(SSL *s);
    968 
    969 int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
    970 
    971 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
    972 
    973 #ifndef OPENSSL_NO_TLSEXT
    974 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
    975 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
    976 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
    977 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
    978 int ssl_prepare_clienthello_tlsext(SSL *s);
    979 int ssl_prepare_serverhello_tlsext(SSL *s);
    980 int ssl_check_clienthello_tlsext(SSL *s);
    981 int ssl_check_serverhello_tlsext(SSL *s);
    982 
    983 #ifdef OPENSSL_NO_SHA256
    984 #define tlsext_tick_md	EVP_sha1
    985 #else
    986 #define tlsext_tick_md	EVP_sha256
    987 #endif
    988 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
    989 				const unsigned char *limit, SSL_SESSION **ret);
    990 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
    991 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
    992 
    993 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
    994 					int maxlen);
    995 int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
    996 					  int *al);
    997 int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
    998 					int maxlen);
    999 int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
   1000 					  int *al);
   1001 #endif
   1002 
   1003 #endif
   1004