Make libssl opaque. Move all structures that were previously protected by
OPENSSL_NO_SSL_INTERN into internal header files. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
204
ssl/ssl3.h
204
ssl/ssl3.h
@@ -380,62 +380,6 @@ extern "C" {
|
||||
# define TLS1_HB_REQUEST 1
|
||||
# define TLS1_HB_RESPONSE 2
|
||||
|
||||
# ifndef OPENSSL_NO_SSL_INTERN
|
||||
|
||||
typedef struct ssl3_record_st {
|
||||
/* type of record */
|
||||
/*
|
||||
* r
|
||||
*/ int type;
|
||||
/* How many bytes available */
|
||||
/*
|
||||
* rw
|
||||
*/ unsigned int length;
|
||||
/*
|
||||
* How many bytes were available before padding was removed? This is used
|
||||
* to implement the MAC check in constant time for CBC records.
|
||||
*/
|
||||
/*
|
||||
* rw
|
||||
*/ unsigned int orig_len;
|
||||
/* read/write offset into 'buf' */
|
||||
/*
|
||||
* r
|
||||
*/ unsigned int off;
|
||||
/* pointer to the record data */
|
||||
/*
|
||||
* rw
|
||||
*/ unsigned char *data;
|
||||
/* where the decode bytes are */
|
||||
/*
|
||||
* rw
|
||||
*/ unsigned char *input;
|
||||
/* only used with decompression - malloc()ed */
|
||||
/*
|
||||
* r
|
||||
*/ unsigned char *comp;
|
||||
/* epoch number, needed by DTLS1 */
|
||||
/*
|
||||
* r
|
||||
*/ unsigned long epoch;
|
||||
/* sequence number, needed by DTLS1 */
|
||||
/*
|
||||
* r
|
||||
*/ unsigned char seq_num[8];
|
||||
} SSL3_RECORD;
|
||||
|
||||
typedef struct ssl3_buffer_st {
|
||||
/* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
|
||||
unsigned char *buf;
|
||||
/* buffer size */
|
||||
size_t len;
|
||||
/* where to 'copy from' */
|
||||
int offset;
|
||||
/* how many bytes left */
|
||||
int left;
|
||||
} SSL3_BUFFER;
|
||||
|
||||
# endif
|
||||
|
||||
# define SSL3_CT_RSA_SIGN 1
|
||||
# define SSL3_CT_DSS_SIGN 2
|
||||
@@ -465,154 +409,6 @@ typedef struct ssl3_buffer_st {
|
||||
/* Set if we encrypt then mac instead of usual mac then encrypt */
|
||||
# define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0100
|
||||
|
||||
# ifndef OPENSSL_NO_SSL_INTERN
|
||||
|
||||
typedef struct ssl3_state_st {
|
||||
long flags;
|
||||
int delay_buf_pop_ret;
|
||||
unsigned char read_sequence[8];
|
||||
int read_mac_secret_size;
|
||||
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
|
||||
unsigned char write_sequence[8];
|
||||
int write_mac_secret_size;
|
||||
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
|
||||
unsigned char server_random[SSL3_RANDOM_SIZE];
|
||||
unsigned char client_random[SSL3_RANDOM_SIZE];
|
||||
/* flags for countermeasure against known-IV weakness */
|
||||
int need_empty_fragments;
|
||||
int empty_fragment_done;
|
||||
/* The value of 'extra' when the buffers were initialized */
|
||||
int init_extra;
|
||||
SSL3_BUFFER rbuf; /* read IO goes into here */
|
||||
SSL3_BUFFER wbuf; /* write IO goes into here */
|
||||
SSL3_RECORD rrec; /* each decoded record goes in here */
|
||||
SSL3_RECORD wrec; /* goes out from here */
|
||||
/*
|
||||
* storage for Alert/Handshake protocol data received but not yet
|
||||
* processed by ssl3_read_bytes:
|
||||
*/
|
||||
unsigned char alert_fragment[2];
|
||||
unsigned int alert_fragment_len;
|
||||
unsigned char handshake_fragment[4];
|
||||
unsigned int handshake_fragment_len;
|
||||
/* partial write - check the numbers match */
|
||||
unsigned int wnum; /* number of bytes sent so far */
|
||||
int wpend_tot; /* number bytes written */
|
||||
int wpend_type;
|
||||
int wpend_ret; /* number of bytes submitted */
|
||||
const unsigned char *wpend_buf;
|
||||
/* used during startup, digest all incoming/outgoing packets */
|
||||
BIO *handshake_buffer;
|
||||
/*
|
||||
* When set of handshake digests is determined, buffer is hashed and
|
||||
* freed and MD_CTX-es for all required digests are stored in this array
|
||||
*/
|
||||
EVP_MD_CTX **handshake_dgst;
|
||||
/*
|
||||
* Set whenever an expected ChangeCipherSpec message is processed.
|
||||
* Unset when the peer's Finished message is received.
|
||||
* Unexpected ChangeCipherSpec messages trigger a fatal alert.
|
||||
*/
|
||||
int change_cipher_spec;
|
||||
int warn_alert;
|
||||
int fatal_alert;
|
||||
/*
|
||||
* we allow one fatal and one warning alert to be outstanding, send close
|
||||
* alert via the warning alert
|
||||
*/
|
||||
int alert_dispatch;
|
||||
unsigned char send_alert[2];
|
||||
/*
|
||||
* This flag is set when we should renegotiate ASAP, basically when there
|
||||
* is no more data in the read or write buffers
|
||||
*/
|
||||
int renegotiate;
|
||||
int total_renegotiations;
|
||||
int num_renegotiations;
|
||||
int in_read_app_data;
|
||||
struct {
|
||||
/* actually only needs to be 16+20 */
|
||||
unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
|
||||
/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
|
||||
unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
|
||||
int finish_md_len;
|
||||
unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
|
||||
int peer_finish_md_len;
|
||||
unsigned long message_size;
|
||||
int message_type;
|
||||
/* used to hold the new cipher we are going to use */
|
||||
const SSL_CIPHER *new_cipher;
|
||||
# ifndef OPENSSL_NO_DH
|
||||
DH *dh;
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ECDH
|
||||
EC_KEY *ecdh; /* holds short lived ECDH key */
|
||||
# endif
|
||||
/* used when SSL_ST_FLUSH_DATA is entered */
|
||||
int next_state;
|
||||
int reuse_message;
|
||||
/* used for certificate requests */
|
||||
int cert_req;
|
||||
int ctype_num;
|
||||
char ctype[SSL3_CT_NUMBER];
|
||||
STACK_OF(X509_NAME) *ca_names;
|
||||
int use_rsa_tmp;
|
||||
int key_block_length;
|
||||
unsigned char *key_block;
|
||||
const EVP_CIPHER *new_sym_enc;
|
||||
const EVP_MD *new_hash;
|
||||
int new_mac_pkey_type;
|
||||
int new_mac_secret_size;
|
||||
# ifndef OPENSSL_NO_COMP
|
||||
const SSL_COMP *new_compression;
|
||||
# else
|
||||
char *new_compression;
|
||||
# endif
|
||||
int cert_request;
|
||||
} tmp;
|
||||
|
||||
/* Connection binding to prevent renegotiation attacks */
|
||||
unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
|
||||
unsigned char previous_client_finished_len;
|
||||
unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
|
||||
unsigned char previous_server_finished_len;
|
||||
int send_connection_binding; /* TODOEKR */
|
||||
|
||||
# ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/*
|
||||
* Set if we saw the Next Protocol Negotiation extension from our peer.
|
||||
*/
|
||||
int next_proto_neg_seen;
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_TLSEXT
|
||||
|
||||
/*
|
||||
* ALPN information (we are in the process of transitioning from NPN to
|
||||
* ALPN.)
|
||||
*/
|
||||
|
||||
/*
|
||||
* In a server these point to the selected ALPN protocol after the
|
||||
* ClientHello has been processed. In a client these contain the protocol
|
||||
* that the server selected once the ServerHello has been processed.
|
||||
*/
|
||||
unsigned char *alpn_selected;
|
||||
unsigned alpn_selected_len;
|
||||
|
||||
# ifndef OPENSSL_NO_EC
|
||||
/*
|
||||
* This is set to true if we believe that this is a version of Safari
|
||||
* running on OS X 10.6 or newer. We wish to know this because Safari on
|
||||
* 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
|
||||
*/
|
||||
char is_probably_safari;
|
||||
# endif /* !OPENSSL_NO_EC */
|
||||
|
||||
# endif /* !OPENSSL_NO_TLSEXT */
|
||||
} SSL3_STATE;
|
||||
|
||||
# endif
|
||||
|
||||
/* SSLv3 */
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user