Hide SSL struct.

BUG=6

Change-Id: I5383ad230f1fdc54f9536c9922bfbf991401a00c
Reviewed-on: https://boringssl-review.googlesource.com/13632
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-02-06 13:38:26 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 2f82a0e51b
commit 3f2611a98f
2 changed files with 165 additions and 165 deletions

View File

@ -4115,171 +4115,6 @@ struct ssl_ctx_st {
int freelist_max_len; int freelist_max_len;
}; };
typedef struct ssl_handshake_st SSL_HANDSHAKE;
struct ssl_st {
/* method is the method table corresponding to the current protocol (DTLS or
* TLS). */
const SSL_PROTOCOL_METHOD *method;
/* version is the protocol version. */
int version;
/* max_version is the maximum acceptable protocol version. Note this version
* is normalized in DTLS. */
uint16_t max_version;
/* min_version is the minimum acceptable protocol version. Note this version
* is normalized in DTLS. */
uint16_t min_version;
uint16_t max_send_fragment;
/* There are 2 BIO's even though they are normally both the same. This is so
* data can be read and written to different handlers */
BIO *rbio; /* used by SSL_read */
BIO *wbio; /* used by SSL_write */
int (*handshake_func)(SSL_HANDSHAKE *hs);
BUF_MEM *init_buf; /* buffer used during init */
/* init_msg is a pointer to the current handshake message body. */
const uint8_t *init_msg;
/* init_num is the length of the current handshake message body. */
uint32_t init_num;
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
/* callback that allows applications to peek at protocol messages */
void (*msg_callback)(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
X509_VERIFY_PARAM *param;
/* crypto */
struct ssl_cipher_preference_list_st *cipher_list;
/* session info */
/* client cert? */
/* This is used to hold the server certificate used */
struct cert_st /* CERT */ *cert;
/* This holds a variable that indicates what we were doing when a 0 or -1 is
* returned. This is needed for non-blocking IO so we know what request
* needs re-doing when in SSL_accept or SSL_connect */
int rwstate;
/* initial_timeout_duration_ms is the default DTLS timeout duration in
* milliseconds. It's used to initialize the timer any time it's restarted. */
unsigned initial_timeout_duration_ms;
/* the session_id_context is used to ensure sessions are only reused
* in the appropriate context */
uint8_t sid_ctx_length;
uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* session is the configured session to be offered by the client. This session
* is immutable. */
SSL_SESSION *session;
int (*verify_callback)(int ok,
X509_STORE_CTX *ctx); /* fail if callback returns 0 */
void (*info_callback)(const SSL *ssl, int type, int value);
/* Server-only: psk_identity_hint is the identity hint to send in
* PSK-based key exchanges. */
char *psk_identity_hint;
unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
uint8_t *psk, unsigned int max_psk_len);
unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
uint8_t *psk, unsigned int max_psk_len);
SSL_CTX *ctx;
/* extra application data */
CRYPTO_EX_DATA ex_data;
/* for server side, keep the list of CA_dn we can use */
STACK_OF(X509_NAME) *client_CA;
uint32_t options; /* protocol behaviour */
uint32_t mode; /* API behaviour */
uint32_t max_cert_list;
char *tlsext_hostname;
size_t supported_group_list_len;
uint16_t *supported_group_list; /* our list */
SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
/* srtp_profiles is the list of configured SRTP protection profiles for
* DTLS-SRTP. */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* srtp_profile is the selected SRTP protection profile for
* DTLS-SRTP. */
const SRTP_PROTECTION_PROFILE *srtp_profile;
/* The client's Channel ID private key. */
EVP_PKEY *tlsext_channel_id_private;
/* For a client, this contains the list of supported protocols in wire
* format. */
uint8_t *alpn_client_proto_list;
unsigned alpn_client_proto_list_len;
/* renegotiate_mode controls how peer renegotiation attempts are handled. */
enum ssl_renegotiate_mode_t renegotiate_mode;
/* verify_mode is a bitmask of |SSL_VERIFY_*| values. */
uint8_t verify_mode;
/* server is true iff the this SSL* is the server half. Note: before the SSL*
* is initialized by either SSL_set_accept_state or SSL_set_connect_state,
* the side is not determined. In this state, server is always false. */
unsigned server:1;
/* quiet_shutdown is true if the connection should not send a close_notify on
* shutdown. */
unsigned quiet_shutdown:1;
/* Enable signed certificate time stamps. Currently client only. */
unsigned signed_cert_timestamps_enabled:1;
/* ocsp_stapling_enabled is only used by client connections and indicates
* whether OCSP stapling will be requested. */
unsigned ocsp_stapling_enabled:1;
/* tlsext_channel_id_enabled is copied from the |SSL_CTX|. For a server,
* means that we'll accept Channel IDs from clients. For a client, means that
* we'll advertise support. */
unsigned tlsext_channel_id_enabled:1;
/* retain_only_sha256_of_client_certs is true if we should compute the SHA256
* hash of the peer's certificate and then discard it to save memory and
* session space. Only effective on the server side. */
unsigned retain_only_sha256_of_client_certs:1;
/* session_timeout is the default lifetime in seconds of the session
* created in this connection at TLS 1.2 and earlier. */
long session_timeout;
/* session_psk_dhe_timeout is the default lifetime in seconds of sessions
* created in this connection at TLS 1.3. */
long session_psk_dhe_timeout;
/* OCSP response to be sent to the client, if requested. */
CRYPTO_BUFFER *ocsp_response;
};
/* Nodejs compatibility section (hidden). /* Nodejs compatibility section (hidden).
* *

View File

@ -502,6 +502,8 @@ int ssl_public_key_verify(
/* Custom extensions */ /* Custom extensions */
typedef struct ssl_handshake_st SSL_HANDSHAKE;
/* ssl_custom_extension (a.k.a. SSL_CUSTOM_EXTENSION) is a structure that /* ssl_custom_extension (a.k.a. SSL_CUSTOM_EXTENSION) is a structure that
* contains information about custom-extension callbacks. */ * contains information about custom-extension callbacks. */
struct ssl_custom_extension { struct ssl_custom_extension {
@ -1683,6 +1685,169 @@ typedef struct dtls1_state_st {
unsigned timeout_duration_ms; unsigned timeout_duration_ms;
} DTLS1_STATE; } DTLS1_STATE;
struct ssl_st {
/* method is the method table corresponding to the current protocol (DTLS or
* TLS). */
const SSL_PROTOCOL_METHOD *method;
/* version is the protocol version. */
int version;
/* max_version is the maximum acceptable protocol version. Note this version
* is normalized in DTLS. */
uint16_t max_version;
/* min_version is the minimum acceptable protocol version. Note this version
* is normalized in DTLS. */
uint16_t min_version;
uint16_t max_send_fragment;
/* There are 2 BIO's even though they are normally both the same. This is so
* data can be read and written to different handlers */
BIO *rbio; /* used by SSL_read */
BIO *wbio; /* used by SSL_write */
int (*handshake_func)(SSL_HANDSHAKE *hs);
BUF_MEM *init_buf; /* buffer used during init */
/* init_msg is a pointer to the current handshake message body. */
const uint8_t *init_msg;
/* init_num is the length of the current handshake message body. */
uint32_t init_num;
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
/* callback that allows applications to peek at protocol messages */
void (*msg_callback)(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
X509_VERIFY_PARAM *param;
/* crypto */
struct ssl_cipher_preference_list_st *cipher_list;
/* session info */
/* client cert? */
/* This is used to hold the server certificate used */
struct cert_st /* CERT */ *cert;
/* This holds a variable that indicates what we were doing when a 0 or -1 is
* returned. This is needed for non-blocking IO so we know what request
* needs re-doing when in SSL_accept or SSL_connect */
int rwstate;
/* initial_timeout_duration_ms is the default DTLS timeout duration in
* milliseconds. It's used to initialize the timer any time it's restarted. */
unsigned initial_timeout_duration_ms;
/* the session_id_context is used to ensure sessions are only reused
* in the appropriate context */
uint8_t sid_ctx_length;
uint8_t sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* session is the configured session to be offered by the client. This session
* is immutable. */
SSL_SESSION *session;
int (*verify_callback)(int ok,
X509_STORE_CTX *ctx); /* fail if callback returns 0 */
void (*info_callback)(const SSL *ssl, int type, int value);
/* Server-only: psk_identity_hint is the identity hint to send in
* PSK-based key exchanges. */
char *psk_identity_hint;
unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
uint8_t *psk, unsigned int max_psk_len);
unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
uint8_t *psk, unsigned int max_psk_len);
SSL_CTX *ctx;
/* extra application data */
CRYPTO_EX_DATA ex_data;
/* for server side, keep the list of CA_dn we can use */
STACK_OF(X509_NAME) *client_CA;
uint32_t options; /* protocol behaviour */
uint32_t mode; /* API behaviour */
uint32_t max_cert_list;
char *tlsext_hostname;
size_t supported_group_list_len;
uint16_t *supported_group_list; /* our list */
SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
/* srtp_profiles is the list of configured SRTP protection profiles for
* DTLS-SRTP. */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* srtp_profile is the selected SRTP protection profile for
* DTLS-SRTP. */
const SRTP_PROTECTION_PROFILE *srtp_profile;
/* The client's Channel ID private key. */
EVP_PKEY *tlsext_channel_id_private;
/* For a client, this contains the list of supported protocols in wire
* format. */
uint8_t *alpn_client_proto_list;
unsigned alpn_client_proto_list_len;
/* renegotiate_mode controls how peer renegotiation attempts are handled. */
enum ssl_renegotiate_mode_t renegotiate_mode;
/* verify_mode is a bitmask of |SSL_VERIFY_*| values. */
uint8_t verify_mode;
/* server is true iff the this SSL* is the server half. Note: before the SSL*
* is initialized by either SSL_set_accept_state or SSL_set_connect_state,
* the side is not determined. In this state, server is always false. */
unsigned server:1;
/* quiet_shutdown is true if the connection should not send a close_notify on
* shutdown. */
unsigned quiet_shutdown:1;
/* Enable signed certificate time stamps. Currently client only. */
unsigned signed_cert_timestamps_enabled:1;
/* ocsp_stapling_enabled is only used by client connections and indicates
* whether OCSP stapling will be requested. */
unsigned ocsp_stapling_enabled:1;
/* tlsext_channel_id_enabled is copied from the |SSL_CTX|. For a server,
* means that we'll accept Channel IDs from clients. For a client, means that
* we'll advertise support. */
unsigned tlsext_channel_id_enabled:1;
/* retain_only_sha256_of_client_certs is true if we should compute the SHA256
* hash of the peer's certificate and then discard it to save memory and
* session space. Only effective on the server side. */
unsigned retain_only_sha256_of_client_certs:1;
/* session_timeout is the default lifetime in seconds of the session
* created in this connection at TLS 1.2 and earlier. */
long session_timeout;
/* session_psk_dhe_timeout is the default lifetime in seconds of sessions
* created in this connection at TLS 1.3. */
long session_psk_dhe_timeout;
/* OCSP response to be sent to the client, if requested. */
CRYPTO_BUFFER *ocsp_response;
};
extern const SSL3_ENC_METHOD TLSv1_enc_data; extern const SSL3_ENC_METHOD TLSv1_enc_data;
extern const SSL3_ENC_METHOD SSLv3_enc_data; extern const SSL3_ENC_METHOD SSLv3_enc_data;