summaryrefslogtreecommitdiffstats
path: root/src/include/openssl/ssl.h
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2015-07-24 21:10:53 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2015-07-24 21:10:53 +0000
commitdc35386c92b2c545de07d711009d3e8f7e25db00 (patch)
tree4d210b442e8e6742e9b0ff9dca4fc158c1a6a03e /src/include/openssl/ssl.h
parentffd8e0a5b40ce124e6dce4cb7546a26680d33d16 (diff)
parent07f4f42347557420f105a72d9a93bc8ee88a3dc5 (diff)
downloadexternal_boringssl-dc35386c92b2c545de07d711009d3e8f7e25db00.zip
external_boringssl-dc35386c92b2c545de07d711009d3e8f7e25db00.tar.gz
external_boringssl-dc35386c92b2c545de07d711009d3e8f7e25db00.tar.bz2
am 07f4f423: Merge changes Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533
* commit '07f4f42347557420f105a72d9a93bc8ee88a3dc5': Handle RDRAND failures. dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key. Fix for CVE-2015-1789. Fixes for CVE-2015-1791.
Diffstat (limited to 'src/include/openssl/ssl.h')
-rw-r--r--src/include/openssl/ssl.h45
1 files changed, 30 insertions, 15 deletions
diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
index 217dbaf..2735e15 100644
--- a/src/include/openssl/ssl.h
+++ b/src/include/openssl/ssl.h
@@ -517,6 +517,10 @@ OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl);
OPENSSL_EXPORT int SSL_get_tls_unique(const SSL *ssl, uint8_t *out,
size_t *out_len, size_t max_out);
+/* SSL_initial_handshake_complete returns one if the initial handshake has
+ * completed and zero otherwise. */
+OPENSSL_EXPORT int SSL_initial_handshake_complete(const SSL *ssl);
+
/* Underdocumented functions.
*
@@ -646,7 +650,12 @@ struct ssl_session_st {
* disable session caching and tickets. */
int not_resumable;
- /* The cert is the certificate used to establish this connection */
+ /* The cert is the certificate used to establish this connection
+ *
+ * TODO(davidben): Remove this field. It is not serialized as part of the
+ * session, but some APIs access it. Certificate-related fields, where not
+ * redundant with |peer|, should be added to the session. Others should
+ * probably not be retained across resumptions. */
struct sess_cert_st /* SESS_CERT */ *sess_cert;
/* This is the cert for the other end. On clients, it will be the same as
@@ -1963,31 +1972,34 @@ OPENSSL_EXPORT int SSL_has_matching_session_id(const SSL *ssl,
OPENSSL_EXPORT int SSL_SESSION_to_bytes(SSL_SESSION *in, uint8_t **out_data,
size_t *out_len);
-/* SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the session ID
- * which is not necessary in a session ticket. */
+/* SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the session
+ * identification information, namely the session ID and ticket. */
OPENSSL_EXPORT int SSL_SESSION_to_bytes_for_ticket(SSL_SESSION *in,
uint8_t **out_data,
size_t *out_len);
+/* SSL_SESSION_from_bytes parses |in_len| bytes from |in| as an SSL_SESSION. It
+ * returns a newly-allocated |SSL_SESSION| on success or NULL on error. */
+OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes(const uint8_t *in,
+ size_t in_len);
+
/* Deprecated: i2d_SSL_SESSION serializes |in| to the bytes pointed to by
* |*pp|. On success, it returns the number of bytes written and advances |*pp|
* by that many bytes. On failure, it returns -1. If |pp| is NULL, no bytes are
* written and only the length is returned.
*
- * Use SSL_SESSION_to_bytes instead. */
+ * Use |SSL_SESSION_to_bytes| instead. */
OPENSSL_EXPORT int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp);
-/* d2i_SSL_SESSION deserializes a serialized buffer contained in the |length|
- * bytes pointed to by |*pp|. It returns the new SSL_SESSION and advances |*pp|
- * by the number of bytes consumed on success and NULL on failure. If |a| is
- * NULL, the caller takes ownership of the new session and must call
- * |SSL_SESSION_free| when done.
+/* Deprecated: d2i_SSL_SESSION parses a serialized session from the |length|
+ * bytes pointed to by |*pp|. It returns the new |SSL_SESSION| and advances
+ * |*pp| by the number of bytes consumed on success and NULL on failure. The
+ * caller takes ownership of the new session and must call |SSL_SESSION_free|
+ * when done.
*
- * If |a| and |*a| are not NULL, the SSL_SESSION at |*a| is overridden with the
- * deserialized session rather than allocating a new one. In addition, |a| is
- * not NULL, but |*a| is, |*a| is set to the new SSL_SESSION.
+ * If |a| is non-NULL, |*a| is released and set the new |SSL_SESSION|.
*
- * Passing a value other than NULL to |a| is deprecated. */
+ * Use |SSL_SESSION_from_bytes| instead. */
OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp,
long length);
@@ -2621,8 +2633,8 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_F_SSL_use_psk_identity_hint 147
#define SSL_F_SSL_write 148
#define SSL_F_d2i_SSL_SESSION 149
-#define SSL_F_d2i_SSL_SESSION_get_octet_string 150
-#define SSL_F_d2i_SSL_SESSION_get_string 151
+#define SSL_F_SSL_SESSION_parse_octet_string 150
+#define SSL_F_SSL_SESSION_parse_string 151
#define SSL_F_do_ssl3_write 152
#define SSL_F_dtls1_accept 153
#define SSL_F_dtls1_buffer_record 154
@@ -2747,6 +2759,9 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_F_SSL_AEAD_CTX_open 277
#define SSL_F_SSL_AEAD_CTX_seal 278
#define SSL_F_dtls1_seal_record 279
+#define SSL_F_SSL_SESSION_from_bytes 280
+#define SSL_F_SSL_SESSION_parse 281
+#define SSL_F_ssl3_check_certificate_for_cipher 282
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101
#define SSL_R_BAD_ALERT 102