1: /* ssl/ssl_locl.h */ 2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3: * All rights reserved. 4: * 5: * This package is an SSL implementation written 6: * by Eric Young (eay@cryptsoft.com). 7: * The implementation was written so as to conform with Netscapes SSL. 8: * 9: * This library is free for commercial and non-commercial use as long as 10: * the following conditions are aheared to. The following conditions 11: * apply to all code found in this distribution, be it the RC4, RSA, 12: * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13: * included with this distribution is covered by the same copyright terms 14: * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15: * 16: * Copyright remains Eric Young's, and as such any Copyright notices in 17: * the code are not to be removed. 18: * If this package is used in a product, Eric Young should be given attribution 19: * as the author of the parts of the library used. 20: * This can be in the form of a textual message at program startup or 21: * in documentation (online or textual) provided with the package. 22: * 23: * Redistribution and use in source and binary forms, with or without 24: * modification, are permitted provided that the following conditions 25: * are met: 26: * 1. Redistributions of source code must retain the copyright 27: * notice, this list of conditions and the following disclaimer. 28: * 2. Redistributions in binary form must reproduce the above copyright 29: * notice, this list of conditions and the following disclaimer in the 30: * documentation and/or other materials provided with the distribution. 31: * 3. All advertising materials mentioning features or use of this software 32: * must display the following acknowledgement: 33: * "This product includes cryptographic software written by 34: * Eric Young (eay@cryptsoft.com)" 35: * The word 'cryptographic' can be left out if the rouines from the library 36: * being used are not cryptographic related :-). 37: * 4. If you include any Windows specific code (or a derivative thereof) from 38: * the apps directory (application code) you must include an acknowledgement: 39: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40: * 41: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51: * SUCH DAMAGE. 52: * 53: * The licence and distribution terms for any publically available version or 54: * derivative of this code cannot be changed. i.e. this code cannot simply be 55: * copied and put under another distribution licence 56: * [including the GNU Public Licence.] 57: */ 58: /* ==================================================================== 59: * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 60: * 61: * Redistribution and use in source and binary forms, with or without 62: * modification, are permitted provided that the following conditions 63: * are met: 64: * 65: * 1. Redistributions of source code must retain the above copyright 66: * notice, this list of conditions and the following disclaimer. 67: * 68: * 2. Redistributions in binary form must reproduce the above copyright 69: * notice, this list of conditions and the following disclaimer in 70: * the documentation and/or other materials provided with the 71: * distribution. 72: * 73: * 3. All advertising materials mentioning features or use of this 74: * software must display the following acknowledgment: 75: * "This product includes software developed by the OpenSSL Project 76: * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77: * 78: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79: * endorse or promote products derived from this software without 80: * prior written permission. For written permission, please contact 81: * openssl-core@openssl.org. 82: * 83: * 5. Products derived from this software may not be called "OpenSSL" 84: * nor may "OpenSSL" appear in their names without prior written 85: * permission of the OpenSSL Project. 86: * 87: * 6. Redistributions of any form whatsoever must retain the following 88: * acknowledgment: 89: * "This product includes software developed by the OpenSSL Project 90: * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91: * 92: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103: * OF THE POSSIBILITY OF SUCH DAMAGE. 104: * ==================================================================== 105: * 106: * This product includes cryptographic software written by Eric Young 107: * (eay@cryptsoft.com). This product includes software written by Tim 108: * Hudson (tjh@cryptsoft.com). 109: * 110: */ 111: /* ==================================================================== 112: * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113: * ECC cipher suite support in OpenSSL originally developed by 114: * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115: */ 116: 117: #ifndef HEADER_SSL_LOCL_H 118: #define HEADER_SSL_LOCL_H 119: #include <stdlib.h> 120: #include <time.h> 121: #include <string.h> 122: #include <errno.h> 123: 124: #include "e_os.h" 125: 126: #include <openssl/buffer.h> 127: #include <openssl/comp.h> 128: #include <openssl/bio.h> 129: #include <openssl/stack.h> 130: #ifndef OPENSSL_NO_RSA 131: #include <openssl/rsa.h> 132: #endif 133: #ifndef OPENSSL_NO_DSA 134: #include <openssl/dsa.h> 135: #endif 136: #include <openssl/err.h> 137: #include <openssl/ssl.h> 138: #include <openssl/symhacks.h> 139: 140: #ifdef OPENSSL_BUILD_SHLIBSSL 141: # undef OPENSSL_EXTERN 142: # define OPENSSL_EXTERN OPENSSL_EXPORT 143: #endif 144: 145: #define PKCS1_CHECK 146: 147: #define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ 148: l|=(((unsigned long)(*((c)++)))<< 8), \ 149: l|=(((unsigned long)(*((c)++)))<<16), \ 150: l|=(((unsigned long)(*((c)++)))<<24)) 151: 152: /* NOTE - c is not incremented as per c2l */ 153: #define c2ln(c,l1,l2,n) { \ 154: c+=n; \ 155: l1=l2=0; \ 156: switch (n) { \ 157: case 8: l2 =((unsigned long)(*(--(c))))<<24; \ 158: case 7: l2|=((unsigned long)(*(--(c))))<<16; \ 159: case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ 160: case 5: l2|=((unsigned long)(*(--(c)))); \ 161: case 4: l1 =((unsigned long)(*(--(c))))<<24; \ 162: case 3: l1|=((unsigned long)(*(--(c))))<<16; \ 163: case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ 164: case 1: l1|=((unsigned long)(*(--(c)))); \ 165: } \ 166: } 167: 168: #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ 169: *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 170: *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 171: *((c)++)=(unsigned char)(((l)>>24)&0xff)) 172: 173: #define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ 174: l|=((unsigned long)(*((c)++)))<<16, \ 175: l|=((unsigned long)(*((c)++)))<< 8, \ 176: l|=((unsigned long)(*((c)++)))) 177: 178: #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ 179: *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 180: *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 181: *((c)++)=(unsigned char)(((l) )&0xff)) 182: 183: #define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \ 184: *((c)++)=(unsigned char)(((l)>>32)&0xff), \ 185: *((c)++)=(unsigned char)(((l)>>24)&0xff), \ 186: *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 187: *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 188: *((c)++)=(unsigned char)(((l) )&0xff)) 189: 190: #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ 191: l|=((BN_ULLONG)(*((c)++)))<<32, \ 192: l|=((BN_ULLONG)(*((c)++)))<<24, \ 193: l|=((BN_ULLONG)(*((c)++)))<<16, \ 194: l|=((BN_ULLONG)(*((c)++)))<< 8, \ 195: l|=((BN_ULLONG)(*((c)++)))) 196: 197: /* NOTE - c is not incremented as per l2c */ 198: #define l2cn(l1,l2,c,n) { \ 199: c+=n; \ 200: switch (n) { \ 201: case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ 202: case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ 203: case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ 204: case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ 205: case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ 206: case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ 207: case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ 208: case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ 209: } \ 210: } 211: 212: #define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ 213: (((unsigned int)(c[1])) )),c+=2) 214: #define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ 215: c[1]=(unsigned char)(((s) )&0xff)),c+=2) 216: 217: #define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \ 218: (((unsigned long)(c[1]))<< 8)| \ 219: (((unsigned long)(c[2])) )),c+=3) 220: 221: #define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ 222: c[1]=(unsigned char)(((l)>> 8)&0xff), \ 223: c[2]=(unsigned char)(((l) )&0xff)),c+=3) 224: 225: /* LOCAL STUFF */ 226: 227: #define SSL_DECRYPT 0 228: #define SSL_ENCRYPT 1 229: 230: #define TWO_BYTE_BIT 0x80 231: #define SEC_ESC_BIT 0x40 232: #define TWO_BYTE_MASK 0x7fff 233: #define THREE_BYTE_MASK 0x3fff 234: 235: #define INC32(a) ((a)=((a)+1)&0xffffffffL) 236: #define DEC32(a) ((a)=((a)-1)&0xffffffffL) 237: #define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ 238: 239: /* 240: * Define the Bitmasks for SSL_CIPHER.algorithms. 241: * This bits are used packed as dense as possible. If new methods/ciphers 242: * etc will be added, the bits a likely to change, so this information 243: * is for internal library use only, even though SSL_CIPHER.algorithms 244: * can be publicly accessed. 245: * Use the according functions for cipher management instead. 246: * 247: * The bit mask handling in the selection and sorting scheme in 248: * ssl_create_cipher_list() has only limited capabilities, reflecting 249: * that the different entities within are mutually exclusive: 250: * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. 251: */ 252: #define SSL_MKEY_MASK 0x000000FFL 253: #define SSL_kRSA 0x00000001L /* RSA key exchange */ 254: #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ 255: #define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ 256: #define SSL_kFZA 0x00000008L 257: #define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ 258: #define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ 259: #define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */ 260: #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ 261: #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) 262: 263: #define SSL_AUTH_MASK 0x00007F00L 264: #define SSL_aRSA 0x00000100L /* Authenticate with RSA */ 265: #define SSL_aDSS 0x00000200L /* Authenticate with DSS */ 266: #define SSL_DSS SSL_aDSS 267: #define SSL_aFZA 0x00000400L 268: #define SSL_aNULL 0x00000800L /* no Authenticate, ADH */ 269: #define SSL_aDH 0x00001000L /* no Authenticate, ADH */ 270: #define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */ 271: #define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */ 272: 273: #define SSL_NULL (SSL_eNULL) 274: #define SSL_ADH (SSL_kEDH|SSL_aNULL) 275: #define SSL_RSA (SSL_kRSA|SSL_aRSA) 276: #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) 277: #define SSL_ECDH (SSL_kECDH|SSL_kECDHE) 278: #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) 279: #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) 280: 281: #define SSL_ENC_MASK 0x1C3F8000L 282: #define SSL_DES 0x00008000L 283: #define SSL_3DES 0x00010000L 284: #define SSL_RC4 0x00020000L 285: #define SSL_RC2 0x00040000L 286: #define SSL_IDEA 0x00080000L 287: #define SSL_eFZA 0x00100000L 288: #define SSL_eNULL 0x00200000L 289: #define SSL_AES 0x04000000L 290: #define SSL_CAMELLIA 0x08000000L 291: #define SSL_SEED 0x10000000L 292: 293: #define SSL_MAC_MASK 0x00c00000L 294: #define SSL_MD5 0x00400000L 295: #define SSL_SHA1 0x00800000L 296: #define SSL_SHA (SSL_SHA1) 297: 298: #define SSL_SSL_MASK 0x03000000L 299: #define SSL_SSLV2 0x01000000L 300: #define SSL_SSLV3 0x02000000L 301: #define SSL_TLSV1 SSL_SSLV3 /* for now */ 302: 303: /* we have used 1fffffff - 3 bits left to go. */ 304: 305: /* 306: * Export and cipher strength information. For each cipher we have to decide 307: * whether it is exportable or not. This information is likely to change 308: * over time, since the export control rules are no static technical issue. 309: * 310: * Independent of the export flag the cipher strength is sorted into classes. 311: * SSL_EXP40 was denoting the 40bit US export limit of past times, which now 312: * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change 313: * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, 314: * since SSL_EXP64 could be similar to SSL_LOW. 315: * For this reason SSL_MICRO and SSL_MINI macros are included to widen the 316: * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed 317: * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would 318: * be possible. 319: */ 320: #define SSL_EXP_MASK 0x00000003L 321: #define SSL_NOT_EXP 0x00000001L 322: #define SSL_EXPORT 0x00000002L 323: 324: #define SSL_STRONG_MASK 0x000000fcL 325: #define SSL_STRONG_NONE 0x00000004L 326: #define SSL_EXP40 0x00000008L 327: #define SSL_MICRO (SSL_EXP40) 328: #define SSL_EXP56 0x00000010L 329: #define SSL_MINI (SSL_EXP56) 330: #define SSL_LOW 0x00000020L 331: #define SSL_MEDIUM 0x00000040L 332: #define SSL_HIGH 0x00000080L 333: 334: /* we have used 000000ff - 24 bits left to go */ 335: 336: /* 337: * Macros to check the export status and cipher strength for export ciphers. 338: * Even though the macros for EXPORT and EXPORT40/56 have similar names, 339: * their meaning is different: 340: * *_EXPORT macros check the 'exportable' status. 341: * *_EXPORT40/56 macros are used to check whether a certain cipher strength 342: * is given. 343: * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct 344: * algorithm structure element to be passed (algorithms, algo_strength) and no 345: * typechecking can be done as they are all of type unsigned long, their 346: * direct usage is discouraged. 347: * Use the SSL_C_* macros instead. 348: */ 349: #define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) 350: #define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) 351: #define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) 352: #define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) 353: #define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) 354: #define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) 355: 356: #define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ 357: ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7) 358: #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) 359: #define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \ 360: (c)->algo_strength) 361: #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) 362: 363: 364: #define SSL_ALL 0xffffffffL 365: #define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\ 366: SSL_MAC_MASK) 367: #define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK) 368: 369: /* Mostly for SSLv3 */ 370: #define SSL_PKEY_RSA_ENC 0 371: #define SSL_PKEY_RSA_SIGN 1 372: #define SSL_PKEY_DSA_SIGN 2 373: #define SSL_PKEY_DH_RSA 3 374: #define SSL_PKEY_DH_DSA 4 375: #define SSL_PKEY_ECC 5 376: #define SSL_PKEY_NUM 6 377: 378: /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | 379: * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) 380: * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) 381: * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN 382: * SSL_aRSA <- RSA_ENC | RSA_SIGN 383: * SSL_aDSS <- DSA_SIGN 384: */ 385: 386: /* 387: #define CERT_INVALID 0 388: #define CERT_PUBLIC_KEY 1 389: #define CERT_PRIVATE_KEY 2 390: */ 391: 392: #ifndef OPENSSL_NO_EC 393: /* From ECC-TLS draft, used in encoding the curve type in 394: * ECParameters 395: */ 396: #define EXPLICIT_PRIME_CURVE_TYPE 1 397: #define EXPLICIT_CHAR2_CURVE_TYPE 2 398: #define NAMED_CURVE_TYPE 3 399: #endif /* OPENSSL_NO_EC */ 400: 401: typedef struct cert_pkey_st 402: { 403: X509 *x509; 404: EVP_PKEY *privatekey; 405: } CERT_PKEY; 406: 407: typedef struct cert_st 408: { 409: /* Current active set */ 410: CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array 411: * Probably it would make more sense to store 412: * an index, not a pointer. */ 413: 414: /* The following masks are for the key and auth 415: * algorithms that are supported by the certs below */ 416: int valid; 417: unsigned long mask; 418: unsigned long export_mask; 419: #ifndef OPENSSL_NO_RSA 420: RSA *rsa_tmp; 421: RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize); 422: #endif 423: #ifndef OPENSSL_NO_DH 424: DH *dh_tmp; 425: DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); 426: #endif 427: #ifndef OPENSSL_NO_ECDH 428: EC_KEY *ecdh_tmp; 429: /* Callback for generating ephemeral ECDH keys */ 430: EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize); 431: #endif 432: 433: CERT_PKEY pkeys[SSL_PKEY_NUM]; 434: 435: int references; /* >1 only if SSL_copy_session_id is used */ 436: } CERT; 437: 438: 439: typedef struct sess_cert_st 440: { 441: STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ 442: 443: /* The 'peer_...' members are used only by clients. */ 444: int peer_cert_type; 445: 446: CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ 447: CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; 448: /* Obviously we don't have the private keys of these, 449: * so maybe we shouldn't even use the CERT_PKEY type here. */ 450: 451: #ifndef OPENSSL_NO_RSA 452: RSA *peer_rsa_tmp; /* not used for SSL 2 */ 453: #endif 454: #ifndef OPENSSL_NO_DH 455: DH *peer_dh_tmp; /* not used for SSL 2 */ 456: #endif 457: #ifndef OPENSSL_NO_ECDH 458: EC_KEY *peer_ecdh_tmp; 459: #endif 460: 461: int references; /* actually always 1 at the moment */ 462: } SESS_CERT; 463: 464: 465: /*#define MAC_DEBUG */ 466: 467: /*#define ERR_DEBUG */ 468: /*#define ABORT_DEBUG */ 469: /*#define PKT_DEBUG 1 */ 470: /*#define DES_DEBUG */ 471: /*#define DES_OFB_DEBUG */ 472: /*#define SSL_DEBUG */ 473: /*#define RSA_DEBUG */ 474: /*#define IDEA_DEBUG */ 475: 476: #define FP_ICC (int (*)(const void *,const void *)) 477: #define ssl_put_cipher_by_char(ssl,ciph,ptr) \ 478: ((ssl)->method->put_cipher_by_char((ciph),(ptr))) 479: #define ssl_get_cipher_by_char(ssl,ptr) \ 480: ((ssl)->method->get_cipher_by_char(ptr)) 481: 482: /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff 483: * It is a bit of a mess of functions, but hell, think of it as 484: * an opaque structure :-) */ 485: typedef struct ssl3_enc_method 486: { 487: int (*enc)(SSL *, int); 488: int (*mac)(SSL *, unsigned char *, int); 489: int (*setup_key_block)(SSL *); 490: int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int); 491: int (*change_cipher_state)(SSL *, int); 492: int (*