test: epoc32/include/stdapis/openssl/ssl3.h@2fe1408b6811 (annotated)

williamr@2	1	/* ssl/ssl3.h */
williamr@2	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
williamr@2	3	* All rights reserved.
williamr@2	4	*
williamr@2	5	* This package is an SSL implementation written
williamr@2	6	* by Eric Young (eay@cryptsoft.com).
williamr@2	7	* The implementation was written so as to conform with Netscapes SSL.
williamr@2	8	*
williamr@2	9	* This library is free for commercial and non-commercial use as long as
williamr@2	10	* the following conditions are aheared to. The following conditions
williamr@2	11	* apply to all code found in this distribution, be it the RC4, RSA,
williamr@2	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
williamr@2	13	* included with this distribution is covered by the same copyright terms
williamr@2	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
williamr@2	15	*
williamr@2	16	* Copyright remains Eric Young's, and as such any Copyright notices in
williamr@2	17	* the code are not to be removed.
williamr@2	18	* If this package is used in a product, Eric Young should be given attribution
williamr@2	19	* as the author of the parts of the library used.
williamr@2	20	* This can be in the form of a textual message at program startup or
williamr@2	21	* in documentation (online or textual) provided with the package.
williamr@2	22	*
williamr@2	23	* Redistribution and use in source and binary forms, with or without
williamr@2	24	* modification, are permitted provided that the following conditions
williamr@2	25	* are met:
williamr@2	26	* 1. Redistributions of source code must retain the copyright
williamr@2	27	* notice, this list of conditions and the following disclaimer.
williamr@2	28	* 2. Redistributions in binary form must reproduce the above copyright
williamr@2	29	* notice, this list of conditions and the following disclaimer in the
williamr@2	30	* documentation and/or other materials provided with the distribution.
williamr@2	31	* 3. All advertising materials mentioning features or use of this software
williamr@2	32	* must display the following acknowledgement:
williamr@2	33	* "This product includes cryptographic software written by
williamr@2	34	* Eric Young (eay@cryptsoft.com)"
williamr@2	35	* The word 'cryptographic' can be left out if the rouines from the library
williamr@2	36	* being used are not cryptographic related :-).
williamr@2	37	* 4. If you include any Windows specific code (or a derivative thereof) from
williamr@2	38	* the apps directory (application code) you must include an acknowledgement:
williamr@2	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
williamr@2	40	*
williamr@2	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
williamr@2	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
williamr@2	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
williamr@2	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
williamr@2	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
williamr@2	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
williamr@2	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
williamr@2	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
williamr@2	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
williamr@2	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
williamr@2	51	* SUCH DAMAGE.
williamr@2	52	*
williamr@2	53	* The licence and distribution terms for any publically available version or
williamr@2	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
williamr@2	55	* copied and put under another distribution licence
williamr@2	56	* [including the GNU Public Licence.]
williamr@2	57	*/
williamr@2	58	/* ====================================================================
williamr@2	59	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
williamr@2	60	*
williamr@2	61	* Redistribution and use in source and binary forms, with or without
williamr@2	62	* modification, are permitted provided that the following conditions
williamr@2	63	* are met:
williamr@2	64	*
williamr@2	65	* 1. Redistributions of source code must retain the above copyright
williamr@2	66	* notice, this list of conditions and the following disclaimer.
williamr@2	67	*
williamr@2	68	* 2. Redistributions in binary form must reproduce the above copyright
williamr@2	69	* notice, this list of conditions and the following disclaimer in
williamr@2	70	* the documentation and/or other materials provided with the
williamr@2	71	* distribution.
williamr@2	72	*
williamr@2	73	* 3. All advertising materials mentioning features or use of this
williamr@2	74	* software must display the following acknowledgment:
williamr@2	75	* "This product includes software developed by the OpenSSL Project
williamr@2	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
williamr@2	77	*
williamr@2	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
williamr@2	79	* endorse or promote products derived from this software without
williamr@2	80	* prior written permission. For written permission, please contact
williamr@2	81	* openssl-core@openssl.org.
williamr@2	82	*
williamr@2	83	* 5. Products derived from this software may not be called "OpenSSL"
williamr@2	84	* nor may "OpenSSL" appear in their names without prior written
williamr@2	85	* permission of the OpenSSL Project.
williamr@2	86	*
williamr@2	87	* 6. Redistributions of any form whatsoever must retain the following
williamr@2	88	* acknowledgment:
williamr@2	89	* "This product includes software developed by the OpenSSL Project
williamr@2	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
williamr@2	91	*
williamr@2	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
williamr@2	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
williamr@2	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
williamr@2	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
williamr@2	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
williamr@2	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
williamr@2	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
williamr@2	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
williamr@2	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
williamr@2	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
williamr@2	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
williamr@2	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
williamr@2	104	* ====================================================================
williamr@2	105	*
williamr@2	106	* This product includes cryptographic software written by Eric Young
williamr@2	107	* (eay@cryptsoft.com). This product includes software written by Tim
williamr@2	108	* Hudson (tjh@cryptsoft.com).
williamr@2	109	*
williamr@2	110	*/
williamr@2	111	/* ====================================================================
williamr@2	112	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
williamr@2	113	* ECC cipher suite support in OpenSSL originally developed by
williamr@2	114	* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
williamr@2	115	*/
williamr@2	116
williamr@2	117	#ifndef HEADER_SSL3_H
williamr@2	118	#define HEADER_SSL3_H
williamr@2	119
williamr@2	120	#ifndef OPENSSL_NO_COMP
williamr@2	121	#include <openssl/comp.h>
williamr@2	122	#endif
williamr@2	123	#include <openssl/buffer.h>
williamr@2	124	#include <openssl/evp.h>
williamr@2	125	#include <openssl/ssl.h>
williamr@2	126	#include <openssl/pq_compat.h>
williamr@2	127
williamr@2	128	#ifdef __cplusplus
williamr@2	129	extern "C" {
williamr@2	130	#endif
williamr@2	131
williamr@2	132	#define SSL3_CK_RSA_NULL_MD5 0x03000001
williamr@2	133	#define SSL3_CK_RSA_NULL_SHA 0x03000002
williamr@2	134	#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
williamr@2	135	#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
williamr@2	136	#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
williamr@2	137	#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
williamr@2	138	#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
williamr@2	139	#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
williamr@2	140	#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
williamr@2	141	#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
williamr@2	142
williamr@2	143	#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
williamr@2	144	#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
williamr@2	145	#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
williamr@2	146	#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
williamr@2	147	#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
williamr@2	148	#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
williamr@2	149
williamr@2	150	#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
williamr@2	151	#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
williamr@2	152	#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
williamr@2	153	#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
williamr@2	154	#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
williamr@2	155	#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
williamr@2	156
williamr@2	157	#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
williamr@2	158	#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
williamr@2	159	#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
williamr@2	160	#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
williamr@2	161	#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
williamr@2	162
williamr@2	163	#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
williamr@2	164	#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
williamr@2	165	#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
williamr@2	166	to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
williamr@2	167	of the ietf-tls list */
williamr@2	168	#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
williamr@2	169	#endif
williamr@2	170
williamr@2	171	/* VRS Additional Kerberos5 entries
williamr@2	172	*/
williamr@2	173	#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
williamr@2	174	#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
williamr@2	175	#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
williamr@2	176	#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
williamr@2	177	#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
williamr@2	178	#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
williamr@2	179	#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
williamr@2	180	#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
williamr@2	181
williamr@2	182	#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
williamr@2	183	#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
williamr@2	184	#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
williamr@2	185	#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
williamr@2	186	#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
williamr@2	187	#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
williamr@2	188
williamr@2	189	#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
williamr@2	190	#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
williamr@2	191	#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
williamr@2	192	#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
williamr@2	193	#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
williamr@2	194	#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
williamr@2	195	#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
williamr@2	196	#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
williamr@2	197	#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
williamr@2	198	#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
williamr@2	199
williamr@2	200	#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
williamr@2	201	#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
williamr@2	202	#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
williamr@2	203	#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
williamr@2	204	#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
williamr@2	205	#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
williamr@2	206
williamr@2	207	#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
williamr@2	208	#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
williamr@2	209	#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
williamr@2	210	#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
williamr@2	211	#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
williamr@2	212	#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
williamr@2	213
williamr@2	214	#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
williamr@2	215	#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
williamr@2	216	#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
williamr@2	217	#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
williamr@2	218	#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
williamr@2	219
williamr@2	220	#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
williamr@2	221	#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
williamr@2	222	#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
williamr@2	223
williamr@2	224	#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
williamr@2	225	#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
williamr@2	226	#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
williamr@2	227	#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
williamr@2	228	#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
williamr@2	229	#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
williamr@2	230	#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
williamr@2	231	#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
williamr@2	232
williamr@2	233	#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
williamr@2	234	#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
williamr@2	235	#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
williamr@2	236	#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
williamr@2	237	#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
williamr@2	238	#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
williamr@2	239
williamr@2	240	#define SSL3_SSL_SESSION_ID_LENGTH 32
williamr@2	241	#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
williamr@2	242
williamr@2	243	#define SSL3_MASTER_SECRET_SIZE 48
williamr@2	244	#define SSL3_RANDOM_SIZE 32
williamr@2	245	#define SSL3_SESSION_ID_SIZE 32
williamr@2	246	#define SSL3_RT_HEADER_LENGTH 5
williamr@2	247
williamr@2	248	/* Due to MS stuffing up, this can change.... */
williamr@2	249	#if defined(OPENSSL_SYS_WIN16) \|\| \
williamr@2	250	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
williamr@2	251	#define SSL3_RT_MAX_EXTRA (14000)
williamr@2	252	#else
williamr@2	253	#define SSL3_RT_MAX_EXTRA (16384)
williamr@2	254	#endif
williamr@2	255
williamr@2	256	#define SSL3_RT_MAX_PLAIN_LENGTH 16384
williamr@2	257	#ifdef OPENSSL_NO_COMP
williamr@2	258	#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
williamr@2	259	#else
williamr@2	260	#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
williamr@2	261	#endif
williamr@2	262	#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
williamr@2	263	#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
williamr@2	264	#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
williamr@2	265
williamr@2	266	#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
williamr@2	267	#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
williamr@2	268
williamr@2	269	#define SSL3_VERSION 0x0300
williamr@2	270	#define SSL3_VERSION_MAJOR 0x03
williamr@2	271	#define SSL3_VERSION_MINOR 0x00
williamr@2	272
williamr@2	273	#define SSL3_RT_CHANGE_CIPHER_SPEC 20
williamr@2	274	#define SSL3_RT_ALERT 21
williamr@2	275	#define SSL3_RT_HANDSHAKE 22
williamr@2	276	#define SSL3_RT_APPLICATION_DATA 23
williamr@2	277
williamr@2	278	#define SSL3_AL_WARNING 1
williamr@2	279	#define SSL3_AL_FATAL 2
williamr@2	280
williamr@2	281	#define SSL3_AD_CLOSE_NOTIFY 0
williamr@2	282	#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
williamr@2	283	#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
williamr@2	284	#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
williamr@2	285	#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
williamr@2	286	#define SSL3_AD_NO_CERTIFICATE 41
williamr@2	287	#define SSL3_AD_BAD_CERTIFICATE 42
williamr@2	288	#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
williamr@2	289	#define SSL3_AD_CERTIFICATE_REVOKED 44
williamr@2	290	#define SSL3_AD_CERTIFICATE_EXPIRED 45
williamr@2	291	#define SSL3_AD_CERTIFICATE_UNKNOWN 46
williamr@2	292	#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
williamr@2	293
williamr@2	294	typedef struct ssl3_record_st
williamr@2	295	{
williamr@2	296	/r / int type; /* type of record */
williamr@2	297	/rw/ unsigned int length; /* How many bytes available */
williamr@2	298	/r / unsigned int off; /* read/write offset into 'buf' */
williamr@2	299	/rw/ unsigned char data; / pointer to the record data */
williamr@2	300	/rw/ unsigned char input; / where the decode bytes are */
williamr@2	301	/r / unsigned char comp; / only used with decompression - malloc()ed */
williamr@2	302	/r / unsigned long epoch; /* epoch number, needed by DTLS1 */
williamr@2	303	/r / PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */
williamr@2	304	} SSL3_RECORD;
williamr@2	305
williamr@2	306	typedef struct ssl3_buffer_st
williamr@2	307	{
williamr@2	308	unsigned char buf; / at least SSL3_RT_MAX_PACKET_SIZE bytes,
williamr@2	309	* see ssl3_setup_buffers() */
williamr@2	310	size_t len; /* buffer size */
williamr@2	311	int offset; /* where to 'copy from' */
williamr@2	312	int left; /* how many bytes left */
williamr@2	313	} SSL3_BUFFER;
williamr@2	314
williamr@2	315	#define SSL3_CT_RSA_SIGN 1
williamr@2	316	#define SSL3_CT_DSS_SIGN 2
williamr@2	317	#define SSL3_CT_RSA_FIXED_DH 3
williamr@2	318	#define SSL3_CT_DSS_FIXED_DH 4
williamr@2	319	#define SSL3_CT_RSA_EPHEMERAL_DH 5
williamr@2	320	#define SSL3_CT_DSS_EPHEMERAL_DH 6
williamr@2	321	#define SSL3_CT_FORTEZZA_DMS 20
williamr@2	322	/* SSL3_CT_NUMBER is used to size arrays and it must be large
williamr@2	323	* enough to contain all of the cert types defined either for
williamr@2	324	* SSLv3 and TLSv1.
williamr@2	325	*/
williamr@2	326	#define SSL3_CT_NUMBER 7
williamr@2	327
williamr@2	328
williamr@2	329	#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
williamr@2	330	#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
williamr@2	331	#define SSL3_FLAGS_POP_BUFFER 0x0004
williamr@2	332	#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
williamr@2	333
williamr@2	334	typedef struct ssl3_state_st
williamr@2	335	{
williamr@2	336	long flags;
williamr@2	337	int delay_buf_pop_ret;
williamr@2	338
williamr@2	339	unsigned char read_sequence[8];
williamr@2	340	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
williamr@2	341	unsigned char write_sequence[8];
williamr@2	342	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
williamr@2	343
williamr@2	344	unsigned char server_random[SSL3_RANDOM_SIZE];
williamr@2	345	unsigned char client_random[SSL3_RANDOM_SIZE];
williamr@2	346
williamr@2	347	/* flags for countermeasure against known-IV weakness */
williamr@2	348	int need_empty_fragments;
williamr@2	349	int empty_fragment_done;
williamr@2	350
williamr@2	351	SSL3_BUFFER rbuf; /* read IO goes into here */
williamr@2	352	SSL3_BUFFER wbuf; /* write IO goes into here */
williamr@2	353
williamr@2	354	SSL3_RECORD rrec; /* each decoded record goes in here */
williamr@2	355	SSL3_RECORD wrec; /* goes out from here */
williamr@2	356
williamr@2	357	/* storage for Alert/Handshake protocol data received but not
williamr@2	358	* yet processed by ssl3_read_bytes: */
williamr@2	359	unsigned char alert_fragment[2];
williamr@2	360	unsigned int alert_fragment_len;
williamr@2	361	unsigned char handshake_fragment[4];
williamr@2	362	unsigned int handshake_fragment_len;
williamr@2	363
williamr@2	364	/* partial write - check the numbers match */
williamr@2	365	unsigned int wnum; /* number of bytes sent so far */
williamr@2	366	int wpend_tot; /* number bytes written */
williamr@2	367	int wpend_type;
williamr@2	368	int wpend_ret; /* number of bytes submitted */
williamr@2	369	const unsigned char *wpend_buf;
williamr@2	370
williamr@2	371	/* used during startup, digest all incoming/outgoing packets */
williamr@2	372	EVP_MD_CTX finish_dgst1;
williamr@2	373	EVP_MD_CTX finish_dgst2;
williamr@2	374
williamr@2	375	/* this is set whenerver we see a change_cipher_spec message
williamr@2	376	* come in when we are not looking for one */
williamr@2	377	int change_cipher_spec;
williamr@2	378
williamr@2	379	int warn_alert;
williamr@2	380	int fatal_alert;
williamr@2	381	/* we allow one fatal and one warning alert to be outstanding,
williamr@2	382	* send close alert via the warning alert */
williamr@2	383	int alert_dispatch;
williamr@2	384	unsigned char send_alert[2];
williamr@2	385
williamr@2	386	/* This flag is set when we should renegotiate ASAP, basically when
williamr@2	387	* there is no more data in the read or write buffers */
williamr@2	388	int renegotiate;
williamr@2	389	int total_renegotiations;
williamr@2	390	int num_renegotiations;
williamr@2	391
williamr@2	392	int in_read_app_data;
williamr@2	393
williamr@2	394	struct {
williamr@2	395	/* actually only needs to be 16+20 */
williamr@2	396	unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
williamr@2	397
williamr@2	398	/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
williamr@2	399	unsigned char finish_md[EVP_MAX_MD_SIZE*2];
williamr@2	400	int finish_md_len;
williamr@2	401	unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
williamr@2	402	int peer_finish_md_len;
williamr@2	403
williamr@2	404	unsigned long message_size;
williamr@2	405	int message_type;
williamr@2	406
williamr@2	407	/* used to hold the new cipher we are going to use */
williamr@2	408	SSL_CIPHER *new_cipher;
williamr@2	409	#ifndef OPENSSL_NO_DH
williamr@2	410	DH *dh;
williamr@2	411	#endif
williamr@2	412
williamr@2	413	#ifndef OPENSSL_NO_ECDH
williamr@2	414	EC_KEY ecdh; / holds short lived ECDH key */
williamr@2	415	#endif
williamr@2	416
williamr@2	417	/* used when SSL_ST_FLUSH_DATA is entered */
williamr@2	418	int next_state;
williamr@2	419
williamr@2	420	int reuse_message;
williamr@2	421
williamr@2	422	/* used for certificate requests */
williamr@2	423	int cert_req;
williamr@2	424	int ctype_num;
williamr@2	425	char ctype[SSL3_CT_NUMBER];
williamr@2	426	STACK_OF(X509_NAME) *ca_names;
williamr@2	427
williamr@2	428	int use_rsa_tmp;
williamr@2	429
williamr@2	430	int key_block_length;
williamr@2	431	unsigned char *key_block;
williamr@2	432
williamr@2	433	const EVP_CIPHER *new_sym_enc;
williamr@2	434	const EVP_MD *new_hash;
williamr@2	435	#ifndef OPENSSL_NO_COMP
williamr@2	436	const SSL_COMP *new_compression;
williamr@2	437	#else
williamr@2	438	char *new_compression;
williamr@2	439	#endif
williamr@2	440	int cert_request;
williamr@2	441	} tmp;
williamr@2	442
williamr@2	443	} SSL3_STATE;
williamr@2	444
williamr@2	445
williamr@2	446	/* SSLv3 */
williamr@2	447	/client /
williamr@2	448	/* extra state */
williamr@2	449	#define SSL3_ST_CW_FLUSH (0x100\|SSL_ST_CONNECT)
williamr@2	450	/* write to server */
williamr@2	451	#define SSL3_ST_CW_CLNT_HELLO_A (0x110\|SSL_ST_CONNECT)
williamr@2	452	#define SSL3_ST_CW_CLNT_HELLO_B (0x111\|SSL_ST_CONNECT)
williamr@2	453	/* read from server */
williamr@2	454	#define SSL3_ST_CR_SRVR_HELLO_A (0x120\|SSL_ST_CONNECT)
williamr@2	455	#define SSL3_ST_CR_SRVR_HELLO_B (0x121\|SSL_ST_CONNECT)
williamr@2	456	#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126\|SSL_ST_CONNECT)
williamr@2	457	#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127\|SSL_ST_CONNECT)
williamr@2	458	#define SSL3_ST_CR_CERT_A (0x130\|SSL_ST_CONNECT)
williamr@2	459	#define SSL3_ST_CR_CERT_B (0x131\|SSL_ST_CONNECT)
williamr@2	460	#define SSL3_ST_CR_KEY_EXCH_A (0x140\|SSL_ST_CONNECT)
williamr@2	461	#define SSL3_ST_CR_KEY_EXCH_B (0x141\|SSL_ST_CONNECT)
williamr@2	462	#define SSL3_ST_CR_CERT_REQ_A (0x150\|SSL_ST_CONNECT)
williamr@2	463	#define SSL3_ST_CR_CERT_REQ_B (0x151\|SSL_ST_CONNECT)
williamr@2	464	#define SSL3_ST_CR_SRVR_DONE_A (0x160\|SSL_ST_CONNECT)
williamr@2	465	#define SSL3_ST_CR_SRVR_DONE_B (0x161\|SSL_ST_CONNECT)
williamr@2	466	/* write to server */
williamr@2	467	#define SSL3_ST_CW_CERT_A (0x170\|SSL_ST_CONNECT)
williamr@2	468	#define SSL3_ST_CW_CERT_B (0x171\|SSL_ST_CONNECT)
williamr@2	469	#define SSL3_ST_CW_CERT_C (0x172\|SSL_ST_CONNECT)
williamr@2	470	#define SSL3_ST_CW_CERT_D (0x173\|SSL_ST_CONNECT)
williamr@2	471	#define SSL3_ST_CW_KEY_EXCH_A (0x180\|SSL_ST_CONNECT)
williamr@2	472	#define SSL3_ST_CW_KEY_EXCH_B (0x181\|SSL_ST_CONNECT)
williamr@2	473	#define SSL3_ST_CW_CERT_VRFY_A (0x190\|SSL_ST_CONNECT)
williamr@2	474	#define SSL3_ST_CW_CERT_VRFY_B (0x191\|SSL_ST_CONNECT)
williamr@2	475	#define SSL3_ST_CW_CHANGE_A (0x1A0\|SSL_ST_CONNECT)
williamr@2	476	#define SSL3_ST_CW_CHANGE_B (0x1A1\|SSL_ST_CONNECT)
williamr@2	477	#define SSL3_ST_CW_FINISHED_A (0x1B0\|SSL_ST_CONNECT)
williamr@2	478	#define SSL3_ST_CW_FINISHED_B (0x1B1\|SSL_ST_CONNECT)
williamr@2	479	/* read from server */
williamr@2	480	#define SSL3_ST_CR_CHANGE_A (0x1C0\|SSL_ST_CONNECT)
williamr@2	481	#define SSL3_ST_CR_CHANGE_B (0x1C1\|SSL_ST_CONNECT)
williamr@2	482	#define SSL3_ST_CR_FINISHED_A (0x1D0\|SSL_ST_CONNECT)
williamr@2	483	#define SSL3_ST_CR_FINISHED_B (0x1D1\|SSL_ST_CONNECT)
williamr@2	484	#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0\|SSL_ST_CONNECT)
williamr@2	485	#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1\|SSL_ST_CONNECT)
williamr@2	486
williamr@2	487	/* server */
williamr@2	488	/* extra state */
williamr@2	489	#define SSL3_ST_SW_FLUSH (0x100\|SSL_ST_ACCEPT)
williamr@2	490	/* read from client */
williamr@2	491	/* Do not change the number values, they do matter */
williamr@2	492	#define SSL3_ST_SR_CLNT_HELLO_A (0x110\|SSL_ST_ACCEPT)
williamr@2	493	#define SSL3_ST_SR_CLNT_HELLO_B (0x111\|SSL_ST_ACCEPT)
williamr@2	494	#define SSL3_ST_SR_CLNT_HELLO_C (0x112\|SSL_ST_ACCEPT)
williamr@2	495	/* write to client */
williamr@2	496	#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113\|SSL_ST_ACCEPT)
williamr@2	497	#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114\|SSL_ST_ACCEPT)
williamr@2	498	#define SSL3_ST_SW_HELLO_REQ_A (0x120\|SSL_ST_ACCEPT)
williamr@2	499	#define SSL3_ST_SW_HELLO_REQ_B (0x121\|SSL_ST_ACCEPT)
williamr@2	500	#define SSL3_ST_SW_HELLO_REQ_C (0x122\|SSL_ST_ACCEPT)
williamr@2	501	#define SSL3_ST_SW_SRVR_HELLO_A (0x130\|SSL_ST_ACCEPT)
williamr@2	502	#define SSL3_ST_SW_SRVR_HELLO_B (0x131\|SSL_ST_ACCEPT)
williamr@2	503	#define SSL3_ST_SW_CERT_A (0x140\|SSL_ST_ACCEPT)
williamr@2	504	#define SSL3_ST_SW_CERT_B (0x141\|SSL_ST_ACCEPT)
williamr@2	505	#define SSL3_ST_SW_KEY_EXCH_A (0x150\|SSL_ST_ACCEPT)
williamr@2	506	#define SSL3_ST_SW_KEY_EXCH_B (0x151\|SSL_ST_ACCEPT)
williamr@2	507	#define SSL3_ST_SW_CERT_REQ_A (0x160\|SSL_ST_ACCEPT)
williamr@2	508	#define SSL3_ST_SW_CERT_REQ_B (0x161\|SSL_ST_ACCEPT)
williamr@2	509	#define SSL3_ST_SW_SRVR_DONE_A (0x170\|SSL_ST_ACCEPT)
williamr@2	510	#define SSL3_ST_SW_SRVR_DONE_B (0x171\|SSL_ST_ACCEPT)
williamr@2	511	/* read from client */
williamr@2	512	#define SSL3_ST_SR_CERT_A (0x180\|SSL_ST_ACCEPT)
williamr@2	513	#define SSL3_ST_SR_CERT_B (0x181\|SSL_ST_ACCEPT)
williamr@2	514	#define SSL3_ST_SR_KEY_EXCH_A (0x190\|SSL_ST_ACCEPT)
williamr@2	515	#define SSL3_ST_SR_KEY_EXCH_B (0x191\|SSL_ST_ACCEPT)
williamr@2	516	#define SSL3_ST_SR_CERT_VRFY_A (0x1A0\|SSL_ST_ACCEPT)
williamr@2	517	#define SSL3_ST_SR_CERT_VRFY_B (0x1A1\|SSL_ST_ACCEPT)
williamr@2	518	#define SSL3_ST_SR_CHANGE_A (0x1B0\|SSL_ST_ACCEPT)
williamr@2	519	#define SSL3_ST_SR_CHANGE_B (0x1B1\|SSL_ST_ACCEPT)
williamr@2	520	#define SSL3_ST_SR_FINISHED_A (0x1C0\|SSL_ST_ACCEPT)
williamr@2	521	#define SSL3_ST_SR_FINISHED_B (0x1C1\|SSL_ST_ACCEPT)
williamr@2	522	/* write to client */
williamr@2	523	#define SSL3_ST_SW_CHANGE_A (0x1D0\|SSL_ST_ACCEPT)
williamr@2	524	#define SSL3_ST_SW_CHANGE_B (0x1D1\|SSL_ST_ACCEPT)
williamr@2	525	#define SSL3_ST_SW_FINISHED_A (0x1E0\|SSL_ST_ACCEPT)
williamr@2	526	#define SSL3_ST_SW_FINISHED_B (0x1E1\|SSL_ST_ACCEPT)
williamr@2	527	#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0\|SSL_ST_ACCEPT)
williamr@2	528	#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1\|SSL_ST_ACCEPT)
williamr@2	529
williamr@2	530	#define SSL3_MT_HELLO_REQUEST 0
williamr@2	531	#define SSL3_MT_CLIENT_HELLO 1
williamr@2	532	#define SSL3_MT_SERVER_HELLO 2
williamr@2	533	#define SSL3_MT_NEWSESSION_TICKET 4
williamr@2	534	#define SSL3_MT_CERTIFICATE 11
williamr@2	535	#define SSL3_MT_SERVER_KEY_EXCHANGE 12
williamr@2	536	#define SSL3_MT_CERTIFICATE_REQUEST 13
williamr@2	537	#define SSL3_MT_SERVER_DONE 14
williamr@2	538	#define SSL3_MT_CERTIFICATE_VERIFY 15
williamr@2	539	#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
williamr@2	540	#define SSL3_MT_FINISHED 20
williamr@2	541	#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
williamr@2	542
williamr@2	543
williamr@2	544	#define SSL3_MT_CCS 1
williamr@2	545
williamr@2	546	/* These are used when changing over to a new cipher */
williamr@2	547	#define SSL3_CC_READ 0x01
williamr@2	548	#define SSL3_CC_WRITE 0x02
williamr@2	549	#define SSL3_CC_CLIENT 0x10
williamr@2	550	#define SSL3_CC_SERVER 0x20
williamr@2	551	#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT\|SSL3_CC_WRITE)
williamr@2	552	#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER\|SSL3_CC_READ)
williamr@2	553	#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT\|SSL3_CC_READ)
williamr@2	554	#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER\|SSL3_CC_WRITE)
williamr@2	555
williamr@2	556	#ifdef __cplusplus
williamr@2	557	}
williamr@2	558	#endif
williamr@2	559	#endif
williamr@2	560

author	William Roberts <williamr@symbian.org>
	Tue, 16 Mar 2010 16:12:26 +0000
branch	Symbian2
changeset 2	2fe1408b6811
parent 0	061f57f2323e
permissions	-rw-r--r--