Implement the Opaque PRF Input TLS extension

(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES.
author: Bodo Möller <bodo@openssl.org> 2007-09-21 06:54:24 +0000
committer: Bodo Möller <bodo@openssl.org> 2007-09-21 06:54:24 +0000
commit: 761772d7e19145fa9afb2a0c830ead69a33f3fa5 (patch)
tree: f6fbfed11e54a5286025bf235889cca1cb87d503 /ssl/ssl3.h
parent: 54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 0543cb287e..29cd3da860 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -443,6 +443,14 @@ typedef struct ssl3_state_st
 
 	int in_read_app_data;
 
+	/* Opaque PRF input as used for the current handshake.
+	 * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
+	 * (otherwise, they are merely present to improve binary compatibility) */
+	void *client_opaque_prf_input;
+	size_t client_opaque_prf_input_len;
+	void *server_opaque_prf_input;
+	size_t server_opaque_prf_input_len;
+
 	struct	{
 		/* actually only needs to be 16+20 */
 		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
author	Bodo Möller <bodo@openssl.org>	2007-09-21 06:54:24 +0000
committer	Bodo Möller <bodo@openssl.org>	2007-09-21 06:54:24 +0000
commit	761772d7e19145fa9afb2a0c830ead69a33f3fa5 (patch)
tree	f6fbfed11e54a5286025bf235889cca1cb87d503 /ssl/ssl3.h
parent	54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 (diff)