lib/gnutls_int.h

   1 /*
   2  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
   3  * 2009, 2010 Free Software Foundation, Inc.
   4  *
   5  * Author: Nikos Mavrogiannopoulos
   6  *
   7  * This file is part of GNUTLS.
   8  *
   9  * The GNUTLS library is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation; either version 2.1 of
  12  * the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  22  * USA
  23  *
  24  */
  25
  26 #ifndef GNUTLS_INT_H
  27 # define GNUTLS_INT_H
  28
  29 #ifdef HAVE_CONFIG_H
  30 # include <config.h>
  31 #endif
  32
  33 #include <stddef.h>
  34 #include <string.h>
  35 #include <stdlib.h>
  36 #include <stdio.h>
  37 #include <ctype.h>
  38 #include <limits.h>
  39 #include <stdint.h>
  40
  41 #ifdef NO_SSIZE_T
  42 # define HAVE_SSIZE_T
  43 typedef int ssize_t;
  44 #endif
  45
  46 #include <sys/types.h>
  47 #include <unistd.h>
  48 #include <sys/stat.h>
  49 #include <sys/socket.h>
  50 #include <time.h>
  51
  52 /* some systems had problems with long long int, thus,
  53  * it is not used.
  54  */
  55 typedef struct
  56 {
  57   unsigned char i[8];
  58 } uint64;
  59
  60 #include <gnutls/gnutls.h>
  61
  62 /*
  63  * They are not needed any more. You can simply enable
  64  * the gnutls_log callback to get error descriptions.
  65
  66 #define BUFFERS_DEBUG
  67 #define WRITE_DEBUG
  68 #define READ_DEBUG
  69 #define HANDSHAKE_DEBUG // Prints some information on handshake
  70 #define COMPRESSION_DEBUG
  71 #define DEBUG
  72 */
  73
  74 /* The size of a handshake message should not
  75  * be larger than this value.
  76  */
  77 #define MAX_HANDSHAKE_PACKET_SIZE 48*1024
  78
  79 #define TLS_MAX_SESSION_ID_SIZE 32
  80
  81 /* The maximum digest size of hash algorithms.
  82  */
  83 #define MAX_HASH_SIZE 64
  84 #define MAX_CIPHER_BLOCK_SIZE 16
  85 #define MAX_CIPHER_KEY_SIZE 32
  86
  87 #define MAX_SRP_USERNAME 128
  88 #define MAX_SERVER_NAME_SIZE 128
  89 #define MAX_SESSION_TICKET_SIZE 65535
  90
  91 #define SESSION_TICKET_KEY_NAME_SIZE 16
  92 #define SESSION_TICKET_KEY_SIZE 16
  93 #define SESSION_TICKET_IV_SIZE 16
  94 #define SESSION_TICKET_MAC_SECRET_SIZE 32
  95
  96 /* we can receive up to MAX_EXT_TYPES extensions.
  97  */
  98 #define MAX_EXT_TYPES 64
  99
 100 /* The initial size of the receive
 101  * buffer size. This will grow if larger
 102  * packets are received.
 103  */
 104 #define INITIAL_RECV_BUFFER_SIZE 256
 105
 106 /* the default for TCP */
 107 #define DEFAULT_LOWAT 1
 108
 109 /* expire time for resuming sessions */
 110 #define DEFAULT_EXPIRE_TIME 3600
 111
 112 /* the maximum size of encrypted packets */
 113 #define DEFAULT_MAX_RECORD_SIZE 16384
 114 #define RECORD_HEADER_SIZE 5
 115 #define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size
 116 #define MAX_RECORD_RECV_SIZE (size_t)session->security_parameters.max_record_recv_size
 117 #define MAX_PAD_SIZE 255
 118 #define EXTRA_COMP_SIZE 2048
 119 #define MAX_RECORD_OVERHEAD MAX_PAD_SIZE+EXTRA_COMP_SIZE
 120 #define MAX_RECV_SIZE MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE
 121
 122 #define HANDSHAKE_HEADER_SIZE 4
 123
 124 /* defaults for verification functions
 125  */
 126 #define DEFAULT_VERIFY_DEPTH 32
 127 #define DEFAULT_VERIFY_BITS 16*1024
 128
 129 #include <gnutls_mem.h>
 130
 131 #define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
 132
 133 #define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
 134 #define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
 135 #define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)
 136
 137 #define HASH2MAC(x) ((gnutls_mac_algorithm_t)x)
 138
 139 #define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
 140 #define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
 141
 142 typedef unsigned char opaque;
 143 typedef struct
 144 {
 145   opaque pint[3];
 146 } uint24;
 147
 148 #include <gnutls_mpi.h>
 149
 150 typedef enum change_cipher_spec_t
 151 { GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1
 152 } change_cipher_spec_t;
 153
 154 typedef enum handshake_state_t
 155 { STATE0 = 0, STATE1, STATE2,
 156   STATE3, STATE4, STATE5,
 157   STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21,
 158   STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50,
 159   STATE60 = 60, STATE61, STATE62, STATE70, STATE71
 160 } handshake_state_t;
 161
 162 #include <gnutls_str.h>
 163
 164 /* This is the maximum number of algorithms (ciphers or macs etc).
 165  * keep it synced with GNUTLS_MAX_ALGORITHM_NUM in gnutls.h
 166  */
 167 #define MAX_ALGOS 16
 168
 169 #define MAX_CIPHERSUITES 256
 170
 171 typedef enum extensions_t
 172 { GNUTLS_EXTENSION_SERVER_NAME = 0,
 173   GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
 174   GNUTLS_EXTENSION_CERT_TYPE = 9,
 175 #ifdef ENABLE_OPRFI
 176   GNUTLS_EXTENSION_OPAQUE_PRF_INPUT = ENABLE_OPRFI,
 177 #endif
 178   GNUTLS_EXTENSION_SRP = 12,
 179   GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
 180   GNUTLS_EXTENSION_SESSION_TICKET = 35,
 181   GNUTLS_EXTENSION_INNER_APPLICATION = 37703,
 182   GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281,  /* aka: 0xff01 */
 183 } extensions_t;
 184
 185 typedef enum
 186 { CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
 187
 188 typedef enum valid_session_t
 189 { VALID_TRUE, VALID_FALSE } valid_session_t;
 190 typedef enum resumable_session_t
 191 { RESUME_TRUE,
 192   RESUME_FALSE
 193 } resumable_session_t;
 194
 195 /* Record Protocol */
 196 typedef enum content_type_t
 197 {
 198   GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
 199   GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
 200   GNUTLS_INNER_APPLICATION = 24
 201 } content_type_t;
 202
 203 #define GNUTLS_PK_ANY (gnutls_pk_algorithm_t)-1
 204 #define GNUTLS_PK_NONE (gnutls_pk_algorithm_t)-2
 205
 206 typedef enum
 207 {
 208   HANDSHAKE_MAC_TYPE_10 = 1,
 209   HANDSHAKE_MAC_TYPE_12
 210 } handshake_mac_type_t;
 211
 212 /* Store & Retrieve functions defines:
 213  */
 214
 215 typedef struct auth_cred_st
 216 {
 217   gnutls_credentials_type_t algorithm;
 218
 219   /* the type of credentials depends on algorithm
 220    */
 221   void *credentials;
 222   struct auth_cred_st *next;
 223 } auth_cred_st;
 224
 225 struct gnutls_key_st
 226 {
 227   /* For DH KX */
 228   gnutls_datum_t key;
 229   bigint_t KEY;
 230   bigint_t client_Y;
 231   bigint_t client_g;
 232   bigint_t client_p;
 233   bigint_t dh_secret;
 234   /* for SRP */
 235   bigint_t A;
 236   bigint_t B;
 237   bigint_t u;
 238   bigint_t b;
 239   bigint_t a;
 240   bigint_t x;
 241   /* RSA: e, m
 242    */
 243   bigint_t rsa[2];
 244
 245   /* this is used to hold the peers authentication data
 246    */
 247   /* auth_info_t structures SHOULD NOT contain malloced
 248    * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
 249    * Rememember that this should be calloced!
 250    */
 251   void *auth_info;
 252   gnutls_credentials_type_t auth_info_type;
 253   int auth_info_size;           /* needed in order to store to db for restoring
 254                                  */
 255   uint8_t crypt_algo;
 256
 257   auth_cred_st *cred;           /* used to specify keys/certificates etc */
 258
 259   int certificate_requested;
 260   /* some ciphersuites use this
 261    * to provide client authentication.
 262    * 1 if client auth was requested
 263    * by the peer, 0 otherwise
 264    *** In case of a server this
 265    * holds 1 if we should wait
 266    * for a client certificate verify
 267    */
 268 };
 269 typedef struct gnutls_key_st *gnutls_key_st;
 270
 271
 272 /* STATE (cont) */
 273
 274 #include <gnutls_hash_int.h>
 275 #include <gnutls_cipher_int.h>
 276 #include <gnutls_compress.h>
 277 #include <gnutls_cert.h>
 278
 279 typedef struct
 280 {
 281   uint8_t suite[2];
 282 } cipher_suite_st;
 283
 284 typedef struct
 285 {
 286   uint8_t hash_algorithm;
 287   uint8_t sign_algorithm;       /* pk algorithm actually */
 288 } sign_algorithm_st;
 289
 290 /* This structure holds parameters got from TLS extension
 291  * mechanism. (some extensions may hold parameters in auth_info_t
 292  * structures also - see SRP).
 293  */
 294
 295 typedef struct
 296 {
 297   opaque name[MAX_SERVER_NAME_SIZE];
 298   unsigned name_length;
 299   gnutls_server_name_type_t type;
 300 } server_name_st;
 301
 302 #define MAX_SERVER_NAME_EXTENSIONS 3
 303 #define MAX_SIGNATURE_ALGORITHMS 16
 304
 305 struct gnutls_session_ticket_key_st
 306 {
 307   opaque key_name[SESSION_TICKET_KEY_NAME_SIZE];
 308   opaque key[SESSION_TICKET_KEY_SIZE];
 309   opaque mac_secret[SESSION_TICKET_MAC_SECRET_SIZE];
 310 };
 311
 312 #define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
 313
 314 /* If you want the extension data to be kept across resuming sessions
 315  * then modify CPY_EXTENSIONS in gnutls_constate.c
 316  */
 317 typedef struct
 318 {
 319   server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
 320   /* limit server_name extensions */
 321   unsigned server_names_size;
 322
 323   opaque srp_username[MAX_SRP_USERNAME + 1];
 324
 325   /* TLS 1.2 signature algorithms */
 326   gnutls_sign_algorithm_t sign_algorithms[MAX_SIGNATURE_ALGORITHMS];
 327   uint16_t sign_algorithms_size;
 328
 329   /* TLS/IA data. */
 330   int gnutls_ia_enable, gnutls_ia_peer_enable;
 331   int gnutls_ia_allowskip, gnutls_ia_peer_allowskip;
 332
 333   /* Used by extensions that enable supplemental data. */
 334   int do_recv_supplemental, do_send_supplemental;
 335
 336   opaque *session_ticket;
 337   uint16_t session_ticket_len;
 338
 339   /*** Those below do not get copied when resuming session
 340    ***/
 341
 342   /* Opaque PRF input. */
 343   opaque *oprfi_client;
 344   uint16_t oprfi_client_len;
 345   opaque *oprfi_server;
 346   uint16_t oprfi_server_len;
 347
 348   /* Safe renegotiation. */
 349   uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE];
 350   size_t client_verify_data_len;
 351   uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE];
 352   size_t server_verify_data_len;
 353   uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2];  /* max signal is 72 bytes in s->c sslv3 */
 354   size_t ri_extension_data_len;
 355
 356 } tls_ext_st;
 357
 358 /* auth_info_t structures now MAY contain malloced
 359  * elements.
 360  */
 361
 362 /* This structure and auth_info_t, are stored in the resume database,
 363  * and are restored, in case of resume.
 364  * Holds all the required parameters to resume the current
 365  * session.
 366  */
 367
 368 /* if you add anything in Security_Parameters struct, then
 369  * also modify CPY_COMMON in gnutls_constate.c.
 370  */
 371
 372 /* Note that the security parameters structure is set up after the
 373  * handshake has finished. The only value you may depend on while
 374  * the handshake is in progress is the cipher suite value.
 375  */
 376 typedef struct
 377 {
 378   gnutls_connection_end_t entity;
 379   gnutls_kx_algorithm_t kx_algorithm;
 380   /* we've got separate write/read bulk/macs because
 381    * there is a time in handshake where the peer has
 382    * null cipher and we don't
 383    */
 384   gnutls_cipher_algorithm_t read_bulk_cipher_algorithm;
 385   gnutls_mac_algorithm_t read_mac_algorithm;
 386   gnutls_compression_method_t read_compression_algorithm;
 387
 388   gnutls_cipher_algorithm_t write_bulk_cipher_algorithm;
 389   gnutls_mac_algorithm_t write_mac_algorithm;
 390   gnutls_compression_method_t write_compression_algorithm;
 391   handshake_mac_type_t handshake_mac_handle_type;       /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */
 392
 393   /* this is the ciphersuite we are going to use
 394    * moved here from internals in order to be restored
 395    * on resume;
 396    */
 397   cipher_suite_st current_cipher_suite;
 398   opaque master_secret[GNUTLS_MASTER_SIZE];
 399   opaque client_random[GNUTLS_RANDOM_SIZE];
 400   opaque server_random[GNUTLS_RANDOM_SIZE];
 401   opaque session_id[TLS_MAX_SESSION_ID_SIZE];
 402   uint8_t session_id_size;
 403   time_t timestamp;
 404   tls_ext_st extensions;
 405
 406   /* The send size is the one requested by the programmer.
 407    * The recv size is the one negotiated with the peer.
 408    */
 409   uint16_t max_record_send_size;
 410   uint16_t max_record_recv_size;
 411   /* holds the negotiated certificate type */
 412   gnutls_certificate_type_t cert_type;
 413   gnutls_protocol_t version;    /* moved here */
 414
 415   /* For TLS/IA.  XXX: Move to IA credential? */
 416   opaque inner_secret[GNUTLS_MASTER_SIZE];
 417 } security_parameters_st;
 418
 419 /* This structure holds the generated keys
 420  */
 421 typedef struct
 422 {
 423   gnutls_datum_t server_write_mac_secret;
 424   gnutls_datum_t client_write_mac_secret;
 425   gnutls_datum_t server_write_IV;
 426   gnutls_datum_t client_write_IV;
 427   gnutls_datum_t server_write_key;
 428   gnutls_datum_t client_write_key;
 429   int generated_keys;           /* zero if keys have not
 430                                  * been generated. Non zero
 431                                  * otherwise.
 432                                  */
 433 } cipher_specs_st;
 434
 435
 436 typedef struct
 437 {
 438   cipher_hd_st write_cipher_state;
 439   cipher_hd_st read_cipher_state;
 440   comp_hd_t read_compression_state;
 441   comp_hd_t write_compression_state;
 442   gnutls_datum_t read_mac_secret;
 443   gnutls_datum_t write_mac_secret;
 444   uint64 read_sequence_number;
 445   uint64 write_sequence_number;
 446 } conn_stat_st;
 447
 448 typedef struct
 449 {
 450   unsigned int priority[MAX_ALGOS];
 451   unsigned int algorithms;
 452 } priority_st;
 453
 454 /* For the external api */
 455 struct gnutls_priority_st
 456 {
 457   priority_st cipher;
 458   priority_st mac;
 459   priority_st kx;
 460   priority_st compression;
 461   priority_st protocol;
 462   priority_st cert_type;
 463   priority_st sign_algo;
 464
 465   /* to disable record padding */
 466   int no_padding:1;
 467   int unsafe_renegotiation:1;
 468   int initial_safe_renegotiation:1;
 469   int disable_safe_renegotiation:1;
 470   int ssl3_record_version;
 471   int additional_verify_flags;
 472 };
 473
 474
 475 /* DH and RSA parameters types.
 476  */
 477 typedef struct gnutls_dh_params_int
 478 {
 479   /* [0] is the prime, [1] is the generator.
 480    */
 481   bigint_t params[2];
 482 } dh_params_st;
 483
 484 typedef struct
 485 {
 486   gnutls_dh_params_t dh_params;
 487   int free_dh_params;
 488   gnutls_rsa_params_t rsa_params;
 489   int free_rsa_params;
 490 } internal_params_st;
 491
 492
 493
 494 typedef struct
 495 {
 496   opaque header[HANDSHAKE_HEADER_SIZE];
 497   /* this holds the number of bytes in the handshake_header[] */
 498   size_t header_size;
 499   /* this holds the length of the handshake packet */
 500   size_t packet_length;
 501   gnutls_handshake_description_t recv_type;
 502 } handshake_header_buffer_st;
 503
 504
 505 typedef struct
 506 {
 507   gnutls_buffer application_data_buffer;        /* holds data to be delivered to application layer */
 508   gnutls_buffer handshake_hash_buffer;  /* used to keep the last received handshake
 509                                          * message */
 510   union
 511   {
 512     struct
 513     {
 514       digest_hd_st sha;         /* hash of the handshake messages */
 515       digest_hd_st md5;         /* hash of the handshake messages */
 516     } tls10;
 517     struct
 518     {
 519       digest_hd_st sha1;        /* hash of the handshake messages for TLS 1.2+ */
 520       digest_hd_st sha256;      /* hash of the handshake messages for TLS 1.2+ */
 521     } tls12;
 522   } handshake_mac_handle;
 523   int handshake_mac_handle_init;        /* 1 when the previous union and type were initialized */
 524
 525   gnutls_buffer handshake_data_buffer;  /* this is a buffer that holds the current handshake message */
 526   gnutls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */
 527   resumable_session_t resumable;        /* TRUE or FALSE - if we can resume that session */
 528   handshake_state_t handshake_state;    /* holds
 529                                          * a number which indicates where
 530                                          * the handshake procedure has been
 531                                          * interrupted. If it is 0 then
 532                                          * no interruption has happened.
 533                                          */
 534
 535   valid_session_t valid_connection;     /* true or FALSE - if this session is valid */
 536
 537   int may_not_read;             /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
 538                                  */
 539   int may_not_write;
 540   int read_eof;                 /* non-zero if we have received a closure alert. */
 541
 542   int last_alert;               /* last alert received */
 543
 544   /* The last handshake messages sent or received.
 545    */
 546   int last_handshake_in;
 547   int last_handshake_out;
 548
 549   /* this is the compression method we are going to use */
 550   gnutls_compression_method_t compression_method;
 551
 552   /* priorities */
 553   struct gnutls_priority_st priorities;
 554
 555   /* resumed session */
 556   resumable_session_t resumed;  /* RESUME_TRUE or FALSE - if we are resuming a session */
 557   security_parameters_st resumed_security_parameters;
 558
 559   /* sockets internals */
 560   int lowat;
 561
 562   /* These buffers are used in the handshake
 563    * protocol only. freed using _gnutls_handshake_io_buffer_clear();
 564    */
 565   gnutls_buffer handshake_send_buffer;
 566   size_t handshake_send_buffer_prev_size;
 567   content_type_t handshake_send_buffer_type;
 568   gnutls_handshake_description_t handshake_send_buffer_htype;
 569   content_type_t handshake_recv_buffer_type;
 570   gnutls_handshake_description_t handshake_recv_buffer_htype;
 571   gnutls_buffer handshake_recv_buffer;
 572
 573   /* this buffer holds a record packet -mostly used for
 574    * non blocking IO.
 575    */
 576   gnutls_buffer record_recv_buffer;
 577   gnutls_buffer record_send_buffer;     /* holds cached data
 578                                          * for the gnutls_io_write_buffered()
 579                                          * function.
 580                                          */
 581   size_t record_send_buffer_prev_size;  /* holds the
 582                                          * data written in the previous runs.
 583                                          */
 584   size_t record_send_buffer_user_size;  /* holds the
 585                                          * size of the user specified data to
 586                                          * send.
 587                                          */
 588
 589   /* 0 if no peeked data was kept, 1 otherwise.
 590    */
 591   int have_peeked_data;
 592
 593   int expire_time;              /* after expire_time seconds this session will expire */
 594   struct mod_auth_st_int *auth_struct;  /* used in handshake packets and KX algorithms */
 595   int v2_hello;                 /* 0 if the client hello is v3+.
 596                                  * non-zero if we got a v2 hello.
 597                                  */
 598   /* keeps the headers of the handshake packet
 599    */
 600   handshake_header_buffer_st handshake_header_buffer;
 601
 602   /* this is the highest version available
 603    * to the peer. (advertized version).
 604    * This is obtained by the Handshake Client Hello
 605    * message. (some implementations read the Record version)
 606    */
 607   uint8_t adv_version_major;
 608   uint8_t adv_version_minor;
 609
 610   /* if this is non zero a certificate request message
 611    * will be sent to the client. - only if the ciphersuite
 612    * supports it.
 613    */
 614   int send_cert_req;
 615
 616   /* bits to use for DHE and DHA
 617    * use _gnutls_dh_get_prime_bits() and gnutls_dh_set_prime_bits()
 618    * to access it.
 619    */
 620   uint16_t dh_prime_bits;
 621
 622   size_t max_handshake_data_buffer_size;
 623
 624   /* PUSH & PULL functions.
 625    */
 626   gnutls_pull_func _gnutls_pull_func;
 627   gnutls_push_func _gnutls_push_func;
 628   /* Holds the first argument of PUSH and PULL
 629    * functions;
 630    */
 631   gnutls_transport_ptr_t transport_recv_ptr;
 632   gnutls_transport_ptr_t transport_send_ptr;
 633
 634   /* STORE & RETRIEVE functions. Only used if other
 635    * backend than gdbm is used.
 636    */
 637   gnutls_db_store_func db_store_func;
 638   gnutls_db_retr_func db_retrieve_func;
 639   gnutls_db_remove_func db_remove_func;
 640   void *db_ptr;
 641
 642   /* post client hello callback (server side only)
 643    */
 644   gnutls_handshake_post_client_hello_func user_hello_func;
 645
 646   /* Holds the record size requested by the
 647    * user.
 648    */
 649   uint16_t proposed_record_size;
 650
 651   /* holds the selected certificate and key.
 652    * use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
 653    * to change them.
 654    */
 655   gnutls_cert *selected_cert_list;
 656   int selected_cert_list_length;
 657   gnutls_privkey *selected_key;
 658   int selected_need_free;
 659
 660   /* holds the extensions we sent to the peer
 661    * (in case of a client)
 662    */
 663   uint16_t extensions_sent[MAX_EXT_TYPES];
 664   uint16_t extensions_sent_size;
 665
 666   /* is 0 if we are to send the whole PGP key, or non zero
 667    * if the fingerprint is to be sent.
 668    */
 669   int pgp_fingerprint;
 670
 671   /* This holds the default version that our first
 672    * record packet will have. */
 673   opaque default_record_version[2];
 674
 675   int cbc_protection_hack;
 676
 677   void *user_ptr;
 678
 679   int enable_private;           /* non zero to
 680                                  * enable cipher suites
 681                                  * which have 0xFF status.
 682                                  */
 683
 684   /* Holds 0 if the last called function was interrupted while
 685    * receiving, and non zero otherwise.
 686    */
 687   int direction;
 688
 689   /* This callback will be used (if set) to receive an
 690    * openpgp key. (if the peer sends a fingerprint)
 691    */
 692   gnutls_openpgp_recv_key_func openpgp_recv_key_func;
 693
 694   /* If non zero the server will not advertize the CA's he
 695    * trusts (do not send an RDN sequence).
 696    */
 697   int ignore_rdn_sequence;
 698
 699   /* This is used to set an arbitary version in the RSA
 700    * PMS secret. Can be used by clients to test whether the
 701    * server checks that version. (** only used in gnutls-cli-debug)
 702    */
 703   opaque rsa_pms_version[2];
 704
 705   char *srp_username;
 706   char *srp_password;
 707
 708   /* Here we cache the DH or RSA parameters got from the
 709    * credentials structure, or from a callback. That is to
 710    * minimize external calls.
 711    */
 712   internal_params_st params;
 713
 714   /* This buffer is used by the record recv functions,
 715    * as a temporary store buffer.
 716    */
 717   gnutls_datum_t recv_buffer;
 718
 719   /* To avoid using global variables, and especially on Windows where
 720    * the application may use a different errno variable than GnuTLS,
 721    * it is possible to use gnutls_transport_set_errno to set a
 722    * session-specific errno variable in the user-replaceable push/pull
 723    * functions.  This value is used by the send/recv functions.  (The
 724    * strange name of this variable is because 'errno' is typically
 725    * #define'd.)
 726    */
 727   int errnum;
 728
 729   /* Function used to perform public-key signing operation during
 730      handshake.  Used by gnutls_sig.c:_gnutls_tls_sign(), see also
 731      gnutls_sign_callback_set(). */
 732   gnutls_sign_func sign_func;
 733   void *sign_func_userdata;
 734
 735   /* Callback to extract TLS Finished message. */
 736   gnutls_finished_callback_func finished_func;
 737
 738   /* minimum bits to allow for SRP
 739    * use gnutls_srp_set_prime_bits() to adjust it.
 740    */
 741   uint16_t srp_prime_bits;
 742
 743   int session_ticket_enable, session_ticket_renew;
 744
 745   int safe_renegotiation_received:1;
 746   int initial_negotiation_completed:1;
 747   int connection_using_safe_renegotiation:1;
 748
 749   /* Oprfi */
 750   gnutls_oprfi_callback_func oprfi_cb;
 751   const void *oprfi_userdata;
 752
 753   /* Session Ticket */
 754   struct gnutls_session_ticket_key_st *session_ticket_key;
 755   opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
 756
 757   /* If you add anything here, check _gnutls_handshake_internal_state_clear().
 758    */
 759 } internals_st;
 760
 761 struct gnutls_session_int
 762 {
 763   security_parameters_st security_parameters;
 764   cipher_specs_st cipher_specs;
 765   conn_stat_st connection_state;
 766   internals_st internals;
 767   gnutls_key_st key;
 768 };
 769
 770
 771
 772 /* functions
 773  */
 774 void _gnutls_set_current_version (gnutls_session_t session,
 775                                   gnutls_protocol_t version);
 776 void _gnutls_free_auth_info (gnutls_session_t session);
 777
 778 /* These two macros return the advertized TLS version of
 779  * the peer.
 780  */
 781 #define _gnutls_get_adv_version_major( session) \
 782         session->internals.adv_version_major
 783
 784 #define _gnutls_get_adv_version_minor( session) \
 785         session->internals.adv_version_minor
 786
 787 #define set_adv_version( session, major, minor) \
 788         session->internals.adv_version_major = major; \
 789         session->internals.adv_version_minor = minor
 790
 791 void _gnutls_set_adv_version (gnutls_session_t, gnutls_protocol_t);
 792 gnutls_protocol_t _gnutls_get_adv_version (gnutls_session_t);
 793
 794 int _gnutls_is_secure_mem_null (const void *);
 795
 796 #endif /* GNUTLS_INT_H */