SSL3_ENC_METHOD will remain version-specific while SSL_METHOD will become protocol-specific. This finally removes all the version-specific portions of SSL_METHOD but the version tag itself. (SSL3_ENC_METHOD's version-specific bits themselves can probably be handled by tracking a canonicalized protocol version. It would simplify version comparisons anyway. The one catch is SSLv3 has a very different table. But that's a cleanup for future. Then again, perhaps a version-specific method table swap somewhere will be useful later for TLS 1.3.) Much of this commit was generated with sed invocation: s/method->ssl3_enc/enc_method/g Change-Id: I2b192507876aadd4f9310240687e562e56e6c0b1 Reviewed-on: https://boringssl-review.googlesource.com/2581 Reviewed-by: Adam Langley <agl@google.com>kris/onging/CECPQ3_patch15
@@ -345,7 +345,6 @@ struct ssl_method_st | |||
int (*ssl_pending)(const SSL *s); | |||
int (*num_ciphers)(void); | |||
const SSL_CIPHER *(*get_cipher)(unsigned ncipher); | |||
const SSL3_ENC_METHOD *ssl3_enc; /* Extra SSLv3/TLS stuff */ | |||
int (*ssl_version)(void); | |||
long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); | |||
long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); | |||
@@ -1168,7 +1167,16 @@ struct ssl_st | |||
/* version is the protocol version. */ | |||
int version; | |||
const SSL_METHOD *method; /* SSLv3 */ | |||
/* method is the method table corresponding to the current protocol | |||
* (DTLS or TLS). | |||
* | |||
* TODO(davidben): For now, it also corresponds to the protocol version, | |||
* but that will soon change. */ | |||
const SSL_METHOD *method; | |||
/* enc_method is the method table corresponding to the current protocol | |||
* version. */ | |||
const SSL3_ENC_METHOD *enc_method; | |||
/* There are 2 BIO's even though they are normally both the | |||
* same. This is so data can be read and written to different | |||
@@ -376,13 +376,13 @@ int dtls1_connect(SSL *s) | |||
s->init_num=0; | |||
s->session->cipher=s->s3->tmp.new_cipher; | |||
if (!s->method->ssl3_enc->setup_key_block(s)) | |||
if (!s->enc_method->setup_key_block(s)) | |||
{ | |||
ret= -1; | |||
goto end; | |||
} | |||
if (!s->method->ssl3_enc->change_cipher_state(s, | |||
if (!s->enc_method->change_cipher_state(s, | |||
SSL3_CHANGE_CIPHER_CLIENT_WRITE)) | |||
{ | |||
ret= -1; | |||
@@ -398,8 +398,8 @@ int dtls1_connect(SSL *s) | |||
dtls1_start_timer(s); | |||
ret=ssl3_send_finished(s, | |||
SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, | |||
s->method->ssl3_enc->client_finished_label, | |||
s->method->ssl3_enc->client_finished_label_len); | |||
s->enc_method->client_finished_label, | |||
s->enc_method->client_finished_label_len); | |||
if (ret <= 0) goto end; | |||
s->state=SSL3_ST_CW_FLUSH; | |||
@@ -58,11 +58,11 @@ | |||
#include "ssl_locl.h" | |||
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, DTLSv1_method, DTLSv1_enc_data) | |||
IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, DTLSv1_method) | |||
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_method, DTLSv1_2_enc_data) | |||
IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_method) | |||
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_method, DTLSv1_2_enc_data) | |||
IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_method) | |||
const SSL_METHOD *DTLSv1_2_server_method(void) | |||
{ | |||
@@ -404,7 +404,7 @@ dtls1_process_record(SSL *s) | |||
/* decrypt in place in 'rr->input' */ | |||
rr->data=rr->input; | |||
enc_err = s->method->ssl3_enc->enc(s,0); | |||
enc_err = s->enc_method->enc(s,0); | |||
/* enc_err is: | |||
* 0: (in non-constant time) if the record is publically invalid. | |||
* 1: if the padding is valid | |||
@@ -472,7 +472,7 @@ printf("\n"); | |||
mac = &rr->data[rr->length]; | |||
} | |||
i=s->method->ssl3_enc->mac(s,md,0 /* not send */); | |||
i=s->enc_method->mac(s,md,0 /* not send */); | |||
if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | |||
enc_err = -1; | |||
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) | |||
@@ -1368,7 +1368,7 @@ static int do_dtls1_write(SSL *s, int type, const unsigned char *buf, | |||
if (mac_size != 0) | |||
{ | |||
if(s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0) | |||
if(s->enc_method->mac(s,&(p[wr->length + eivlen]),1) < 0) | |||
goto err; | |||
wr->length+=mac_size; | |||
} | |||
@@ -1380,7 +1380,7 @@ static int do_dtls1_write(SSL *s, int type, const unsigned char *buf, | |||
if (eivlen) | |||
wr->length += eivlen; | |||
if (s->method->ssl3_enc->enc(s, 1) < 1) | |||
if (s->enc_method->enc(s, 1) < 1) | |||
goto err; | |||
/* record length after mac and block padding */ | |||
@@ -488,7 +488,7 @@ int dtls1_accept(SSL *s) | |||
case SSL3_ST_SW_CHANGE_B: | |||
s->session->cipher=s->s3->tmp.new_cipher; | |||
if (!s->method->ssl3_enc->setup_key_block(s)) | |||
if (!s->enc_method->setup_key_block(s)) | |||
{ ret= -1; goto end; } | |||
ret=dtls1_send_change_cipher_spec(s, | |||
@@ -499,7 +499,7 @@ int dtls1_accept(SSL *s) | |||
s->state=SSL3_ST_SW_FINISHED_A; | |||
s->init_num=0; | |||
if (!s->method->ssl3_enc->change_cipher_state(s, | |||
if (!s->enc_method->change_cipher_state(s, | |||
SSL3_CHANGE_CIPHER_SERVER_WRITE)) | |||
{ | |||
ret= -1; | |||
@@ -513,8 +513,8 @@ int dtls1_accept(SSL *s) | |||
case SSL3_ST_SW_FINISHED_B: | |||
ret=ssl3_send_finished(s, | |||
SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, | |||
s->method->ssl3_enc->server_finished_label, | |||
s->method->ssl3_enc->server_finished_label_len); | |||
s->enc_method->server_finished_label, | |||
s->enc_method->server_finished_label_len); | |||
if (ret <= 0) goto end; | |||
s->state=SSL3_ST_SW_FLUSH; | |||
if (s->hit) | |||
@@ -1,5 +1,5 @@ | |||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |||
* All rights reserved. | |||
* All rights reserved. | |||
* | |||
* This package is an SSL implementation written | |||
* by Eric Young (eay@cryptsoft.com). | |||
@@ -456,6 +456,8 @@ static int ssl23_get_server_hello(SSL *s) | |||
s->version = version; | |||
s->method = ssl3_get_method(version); | |||
assert(s->method != NULL); | |||
s->enc_method = ssl3_get_enc_method(s->version); | |||
assert(s->enc_method != NULL); | |||
if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) | |||
{ | |||
@@ -201,6 +201,8 @@ int ssl23_accept(SSL *s) | |||
s->state = SSL3_ST_SR_CLNT_HELLO_A; | |||
s->method = ssl3_get_method(s->version); | |||
assert(s->method != NULL); | |||
s->enc_method = ssl3_get_enc_method(s->version); | |||
assert(s->enc_method != NULL); | |||
s->handshake_func = s->method->ssl_accept; | |||
s->init_num = 0; | |||
@@ -162,7 +162,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | |||
{ | |||
p = ssl_handshake_start(s); | |||
i=s->method->ssl3_enc->final_finish_mac(s, | |||
i=s->enc_method->final_finish_mac(s, | |||
sender,slen,s->s3->tmp.finish_md); | |||
if (i == 0) | |||
return 0; | |||
@@ -215,16 +215,16 @@ static void ssl3_take_mac(SSL *s) | |||
return; | |||
if (s->state & SSL_ST_CONNECT) | |||
{ | |||
sender=s->method->ssl3_enc->server_finished_label; | |||
slen=s->method->ssl3_enc->server_finished_label_len; | |||
sender=s->enc_method->server_finished_label; | |||
slen=s->enc_method->server_finished_label_len; | |||
} | |||
else | |||
{ | |||
sender=s->method->ssl3_enc->client_finished_label; | |||
slen=s->method->ssl3_enc->client_finished_label_len; | |||
sender=s->enc_method->client_finished_label; | |||
slen=s->enc_method->client_finished_label_len; | |||
} | |||
s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, | |||
s->s3->tmp.peer_finish_md_len = s->enc_method->final_finish_mac(s, | |||
sender,slen,s->s3->tmp.peer_finish_md); | |||
} | |||
@@ -519,8 +519,8 @@ int ssl3_cert_verify_hash(SSL *s, uint8_t *out, size_t *out_len, const EVP_MD ** | |||
} | |||
else if (pkey->type == EVP_PKEY_RSA) | |||
{ | |||
if (s->method->ssl3_enc->cert_verify_mac(s, NID_md5, out) == 0 || | |||
s->method->ssl3_enc->cert_verify_mac(s, | |||
if (s->enc_method->cert_verify_mac(s, NID_md5, out) == 0 || | |||
s->enc_method->cert_verify_mac(s, | |||
NID_sha1, out + MD5_DIGEST_LENGTH) == 0) | |||
return 0; | |||
*out_len = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH; | |||
@@ -528,7 +528,7 @@ int ssl3_cert_verify_hash(SSL *s, uint8_t *out, size_t *out_len, const EVP_MD ** | |||
} | |||
else if (pkey->type == EVP_PKEY_EC) | |||
{ | |||
if (s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, out) == 0) | |||
if (s->enc_method->cert_verify_mac(s, NID_sha1, out) == 0) | |||
return 0; | |||
*out_len = SHA_DIGEST_LENGTH; | |||
*out_md = EVP_sha1(); | |||
@@ -381,13 +381,13 @@ int ssl3_connect(SSL *s) | |||
s->init_num=0; | |||
s->session->cipher=s->s3->tmp.new_cipher; | |||
if (!s->method->ssl3_enc->setup_key_block(s)) | |||
if (!s->enc_method->setup_key_block(s)) | |||
{ | |||
ret= -1; | |||
goto end; | |||
} | |||
if (!s->method->ssl3_enc->change_cipher_state(s, | |||
if (!s->enc_method->change_cipher_state(s, | |||
SSL3_CHANGE_CIPHER_CLIENT_WRITE)) | |||
{ | |||
ret= -1; | |||
@@ -417,8 +417,8 @@ int ssl3_connect(SSL *s) | |||
case SSL3_ST_CW_FINISHED_B: | |||
ret=ssl3_send_finished(s, | |||
SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, | |||
s->method->ssl3_enc->client_finished_label, | |||
s->method->ssl3_enc->client_finished_label_len); | |||
s->enc_method->client_finished_label, | |||
s->enc_method->client_finished_label_len); | |||
if (ret <= 0) goto end; | |||
s->state=SSL3_ST_CW_FLUSH; | |||
@@ -783,6 +783,8 @@ int ssl3_get_server_hello(SSL *s) | |||
s->version = server_version; | |||
s->method = ssl3_get_method(server_version); | |||
assert(s->method != NULL); | |||
s->enc_method = ssl3_get_enc_method(server_version); | |||
assert(s->enc_method != NULL); | |||
} | |||
if (server_version != s->version) | |||
@@ -2091,10 +2093,10 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
/* The message must be added to the finished hash before | |||
* calculating the master secret. */ | |||
s->method->ssl3_enc->add_to_finished_hash(s); | |||
s->enc_method->add_to_finished_hash(s); | |||
s->session->master_key_length = | |||
s->method->ssl3_enc->generate_master_secret(s, | |||
s->enc_method->generate_master_secret(s, | |||
s->session->master_key, | |||
pms, pms_len); | |||
if (s->session->master_key_length == 0) | |||
@@ -2108,7 +2110,7 @@ int ssl3_send_client_key_exchange(SSL *s) | |||
/* SSL3_ST_CW_KEY_EXCH_B */ | |||
/* The message has already been added to the finished hash. */ | |||
return s->method->ssl3_enc->do_write(s, dont_add_to_finished_hash); | |||
return s->enc_method->do_write(s, dont_add_to_finished_hash); | |||
err: | |||
BN_CTX_free(bn_ctx); | |||
@@ -2056,7 +2056,7 @@ long ssl_get_algorithm2(SSL *s) | |||
{ | |||
static const unsigned long kMask = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF; | |||
long alg2 = s->s3->tmp.new_cipher->algorithm2; | |||
if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF | |||
if (s->enc_method->enc_flags & SSL_ENC_FLAG_SHA256_PRF | |||
&& (alg2 & kMask) == kMask) | |||
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; | |||
return alg2; | |||
@@ -58,13 +58,13 @@ | |||
#include "ssl_locl.h" | |||
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method, TLSv1_2_enc_data) | |||
IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method) | |||
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method, TLSv1_1_enc_data) | |||
IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method) | |||
IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method, TLSv1_enc_data) | |||
IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method) | |||
IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_method, SSLv3_enc_data) | |||
IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_method) | |||
const SSL_METHOD *TLSv1_2_server_method(void) | |||
{ | |||
@@ -410,7 +410,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); | |||
/* decrypt in place in 'rr->input' */ | |||
rr->data=rr->input; | |||
enc_err = s->method->ssl3_enc->enc(s,0); | |||
enc_err = s->enc_method->enc(s,0); | |||
/* enc_err is: | |||
* 0: (in non-constant time) if the record is publically invalid. | |||
* 1: if the padding is valid | |||
@@ -477,7 +477,7 @@ printf("\n"); | |||
mac = &rr->data[rr->length]; | |||
} | |||
i=s->method->ssl3_enc->mac(s,md,0 /* not send */); | |||
i=s->enc_method->mac(s,md,0 /* not send */); | |||
if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) | |||
enc_err = -1; | |||
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) | |||
@@ -788,7 +788,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
if (mac_size != 0) | |||
{ | |||
if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0) | |||
if (s->enc_method->mac(s,&(p[wr->length + eivlen]),1) < 0) | |||
goto err; | |||
wr->length+=mac_size; | |||
} | |||
@@ -803,7 +803,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | |||
wr->length += eivlen; | |||
} | |||
if (s->method->ssl3_enc->enc(s, 1) < 1) | |||
if (s->enc_method->enc(s, 1) < 1) | |||
goto err; | |||
/* record length after mac and block padding */ | |||
@@ -1366,10 +1366,10 @@ int ssl3_do_change_cipher_spec(SSL *s) | |||
} | |||
s->session->cipher=s->s3->tmp.new_cipher; | |||
if (!s->method->ssl3_enc->setup_key_block(s)) return(0); | |||
if (!s->enc_method->setup_key_block(s)) return(0); | |||
} | |||
if (!s->method->ssl3_enc->change_cipher_state(s,i)) | |||
if (!s->enc_method->change_cipher_state(s,i)) | |||
return(0); | |||
return(1); | |||
@@ -1378,7 +1378,7 @@ int ssl3_do_change_cipher_spec(SSL *s) | |||
int ssl3_send_alert(SSL *s, int level, int desc) | |||
{ | |||
/* Map tls/ssl alert value to correct one */ | |||
desc=s->method->ssl3_enc->alert_value(desc); | |||
desc=s->enc_method->alert_value(desc); | |||
if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) | |||
desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ | |||
if (desc < 0) return -1; | |||
@@ -572,7 +572,7 @@ int ssl3_accept(SSL *s) | |||
case SSL3_ST_SW_CHANGE_B: | |||
s->session->cipher=s->s3->tmp.new_cipher; | |||
if (!s->method->ssl3_enc->setup_key_block(s)) | |||
if (!s->enc_method->setup_key_block(s)) | |||
{ ret= -1; goto end; } | |||
ret=ssl3_send_change_cipher_spec(s, | |||
@@ -582,7 +582,7 @@ int ssl3_accept(SSL *s) | |||
s->state=SSL3_ST_SW_FINISHED_A; | |||
s->init_num=0; | |||
if (!s->method->ssl3_enc->change_cipher_state(s, | |||
if (!s->enc_method->change_cipher_state(s, | |||
SSL3_CHANGE_CIPHER_SERVER_WRITE)) | |||
{ | |||
ret= -1; | |||
@@ -595,8 +595,8 @@ int ssl3_accept(SSL *s) | |||
case SSL3_ST_SW_FINISHED_B: | |||
ret=ssl3_send_finished(s, | |||
SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, | |||
s->method->ssl3_enc->server_finished_label, | |||
s->method->ssl3_enc->server_finished_label_len); | |||
s->enc_method->server_finished_label, | |||
s->enc_method->server_finished_label_len); | |||
if (ret <= 0) goto end; | |||
s->state = SSL3_ST_SW_FLUSH; | |||
if (s->hit) | |||
@@ -865,6 +865,8 @@ int ssl3_get_client_hello(SSL *s) | |||
s->version = version; | |||
s->method = ssl3_get_method(version); | |||
assert(s->method != NULL); | |||
s->enc_method = ssl3_get_enc_method(version); | |||
assert(s->enc_method != NULL); | |||
} | |||
} | |||
@@ -2051,7 +2053,7 @@ int ssl3_get_client_key_exchange(SSL *s) | |||
} | |||
/* Compute the master secret */ | |||
s->session->master_key_length = s->method->ssl3_enc | |||
s->session->master_key_length = s->enc_method | |||
->generate_master_secret(s, | |||
s->session->master_key, premaster_secret, premaster_secret_len); | |||
if (s->session->master_key_length == 0) | |||
@@ -338,6 +338,8 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
if (!s->method->ssl_new(s)) | |||
goto err; | |||
s->enc_method = ssl3_get_enc_method(s->version); | |||
assert(s->enc_method != NULL); | |||
s->references=1; | |||
@@ -1792,7 +1794,7 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | |||
if (s->version < TLS1_VERSION) | |||
return -1; | |||
return s->method->ssl3_enc->export_keying_material(s, out, olen, label, | |||
return s->enc_method->export_keying_material(s, out, olen, label, | |||
llen, p, plen, | |||
use_context); | |||
} | |||
@@ -3069,6 +3071,27 @@ const SSL_METHOD *ssl3_get_method(uint16_t version) | |||
} | |||
} | |||
const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version) | |||
{ | |||
switch (version) | |||
{ | |||
case SSL3_VERSION: | |||
return &SSLv3_enc_data; | |||
case TLS1_VERSION: | |||
return &TLSv1_enc_data; | |||
case TLS1_1_VERSION: | |||
return &TLSv1_1_enc_data; | |||
case TLS1_2_VERSION: | |||
return &TLSv1_2_enc_data; | |||
case DTLS1_VERSION: | |||
return &DTLSv1_enc_data; | |||
case DTLS1_2_VERSION: | |||
return &DTLSv1_2_enc_data; | |||
default: | |||
return NULL; | |||
} | |||
} | |||
uint16_t ssl3_get_max_server_version(const SSL *s) | |||
{ | |||
if (SSL_IS_DTLS(s)) | |||
@@ -366,20 +366,20 @@ | |||
/* we have used 000001ff - 23 bits left to go */ | |||
/* Check if an SSL structure is using DTLS */ | |||
#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) | |||
#define SSL_IS_DTLS(s) (s->enc_method->enc_flags & SSL_ENC_FLAG_DTLS) | |||
/* See if we need explicit IV */ | |||
#define SSL_USE_EXPLICIT_IV(s) \ | |||
(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) | |||
(s->enc_method->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) | |||
/* See if we use signature algorithms extension | |||
* and signature algorithm before signatures. | |||
*/ | |||
#define SSL_USE_SIGALGS(s) \ | |||
(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) | |||
(s->enc_method->enc_flags & SSL_ENC_FLAG_SIGALGS) | |||
/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: | |||
* may apply to others in future. | |||
*/ | |||
#define SSL_USE_TLS1_2_CIPHERS(s) \ | |||
(s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) | |||
(s->enc_method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) | |||
/* Determine if a client can use TLS 1.2 ciphersuites: can't rely on method | |||
* flags because it may not be set to correct version yet. | |||
*/ | |||
@@ -597,12 +597,12 @@ struct ssl3_enc_method | |||
void (*add_to_finished_hash)(SSL *s); | |||
}; | |||
#define SSL_HM_HEADER_LENGTH(s) s->method->ssl3_enc->hhlen | |||
#define SSL_HM_HEADER_LENGTH(s) s->enc_method->hhlen | |||
#define ssl_handshake_start(s) \ | |||
(((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen) | |||
(((unsigned char *)s->init_buf->data) + s->enc_method->hhlen) | |||
#define ssl_set_handshake_header(s, htype, len) \ | |||
s->method->ssl3_enc->set_handshake_header(s, htype, len) | |||
#define ssl_do_write(s) s->method->ssl3_enc->do_write(s, add_to_finished_hash) | |||
s->enc_method->set_handshake_header(s, htype, len) | |||
#define ssl_do_write(s) s->enc_method->do_write(s, add_to_finished_hash) | |||
/* Values for enc_flags */ | |||
@@ -644,7 +644,7 @@ extern const SSL3_ENC_METHOD SSLv3_enc_data; | |||
extern const SSL3_ENC_METHOD DTLSv1_enc_data; | |||
extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; | |||
#define IMPLEMENT_tls_meth_func(version, func_name, enc_data) \ | |||
#define IMPLEMENT_tls_meth_func(version, func_name) \ | |||
const SSL_METHOD *func_name(void) \ | |||
{ \ | |||
static const SSL_METHOD func_name##_data= { \ | |||
@@ -669,7 +669,6 @@ const SSL_METHOD *func_name(void) \ | |||
ssl3_pending, \ | |||
ssl3_num_ciphers, \ | |||
ssl3_get_cipher, \ | |||
&enc_data, \ | |||
ssl_undefined_void_function, \ | |||
ssl3_callback_ctrl, \ | |||
ssl3_ctx_callback_ctrl, \ | |||
@@ -702,7 +701,6 @@ const SSL_METHOD *func_name(void) \ | |||
ssl_undefined_const_function, \ | |||
ssl3_num_ciphers, \ | |||
ssl3_get_cipher, \ | |||
&TLSv1_2_enc_data, \ | |||
ssl_undefined_void_function, \ | |||
ssl3_callback_ctrl, \ | |||
ssl3_ctx_callback_ctrl, \ | |||
@@ -710,7 +708,7 @@ const SSL_METHOD *func_name(void) \ | |||
return &func_name##_data; \ | |||
} | |||
#define IMPLEMENT_dtls1_meth_func(version, func_name, enc_data) \ | |||
#define IMPLEMENT_dtls1_meth_func(version, func_name) \ | |||
const SSL_METHOD *func_name(void) \ | |||
{ \ | |||
static const SSL_METHOD func_name##_data= { \ | |||
@@ -735,7 +733,6 @@ const SSL_METHOD *func_name(void) \ | |||
ssl3_pending, \ | |||
ssl3_num_ciphers, \ | |||
dtls1_get_cipher, \ | |||
&enc_data, \ | |||
ssl_undefined_void_function, \ | |||
ssl3_callback_ctrl, \ | |||
ssl3_ctx_callback_ctrl, \ | |||
@@ -1076,6 +1073,10 @@ int ssl3_can_cutthrough(const SSL *s); | |||
* to |version|. */ | |||
const SSL_METHOD *ssl3_get_method(uint16_t version); | |||
/* ssl3_get_enc_method returns the SSL3_ENC_METHOD corresponding to | |||
* |version|. */ | |||
const SSL3_ENC_METHOD *ssl3_get_enc_method(uint16_t version); | |||
/* ssl3_get_max_server_version returns the maximum SSL/TLS version number | |||
* supported by |s| as a server, or zero if all versions are disabled. */ | |||
uint16_t ssl3_get_max_server_version(const SSL *s); | |||