epoc32/include/stdapis/openssl/ssl3.h
author William Roberts <williamr@symbian.org>
Wed, 31 Mar 2010 12:33:34 +0100
branchSymbian3
changeset 4 837f303aceeb
parent 0 061f57f2323e
permissions -rw-r--r--
Current Symbian^3 public API header files (from PDK 3.0.h)
This is the epoc32/include tree with the "platform" subtrees removed, and
all but a selected few mbg and rsg files removed.
williamr@2
     1
/* ssl/ssl3.h */
williamr@2
     2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
williamr@2
     3
 * All rights reserved.
williamr@2
     4
 *
williamr@2
     5
 * This package is an SSL implementation written
williamr@2
     6
 * by Eric Young (eay@cryptsoft.com).
williamr@2
     7
 * The implementation was written so as to conform with Netscapes SSL.
williamr@2
     8
 * 
williamr@2
     9
 * This library is free for commercial and non-commercial use as long as
williamr@2
    10
 * the following conditions are aheared to.  The following conditions
williamr@2
    11
 * apply to all code found in this distribution, be it the RC4, RSA,
williamr@2
    12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
williamr@2
    13
 * included with this distribution is covered by the same copyright terms
williamr@2
    14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
williamr@2
    15
 * 
williamr@2
    16
 * Copyright remains Eric Young's, and as such any Copyright notices in
williamr@2
    17
 * the code are not to be removed.
williamr@2
    18
 * If this package is used in a product, Eric Young should be given attribution
williamr@2
    19
 * as the author of the parts of the library used.
williamr@2
    20
 * This can be in the form of a textual message at program startup or
williamr@2
    21
 * in documentation (online or textual) provided with the package.
williamr@2
    22
 * 
williamr@2
    23
 * Redistribution and use in source and binary forms, with or without
williamr@2
    24
 * modification, are permitted provided that the following conditions
williamr@2
    25
 * are met:
williamr@2
    26
 * 1. Redistributions of source code must retain the copyright
williamr@2
    27
 *    notice, this list of conditions and the following disclaimer.
williamr@2
    28
 * 2. Redistributions in binary form must reproduce the above copyright
williamr@2
    29
 *    notice, this list of conditions and the following disclaimer in the
williamr@2
    30
 *    documentation and/or other materials provided with the distribution.
williamr@2
    31
 * 3. All advertising materials mentioning features or use of this software
williamr@2
    32
 *    must display the following acknowledgement:
williamr@2
    33
 *    "This product includes cryptographic software written by
williamr@2
    34
 *     Eric Young (eay@cryptsoft.com)"
williamr@2
    35
 *    The word 'cryptographic' can be left out if the rouines from the library
williamr@2
    36
 *    being used are not cryptographic related :-).
williamr@2
    37
 * 4. If you include any Windows specific code (or a derivative thereof) from 
williamr@2
    38
 *    the apps directory (application code) you must include an acknowledgement:
williamr@2
    39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
williamr@2
    40
 * 
williamr@2
    41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
williamr@2
    42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
williamr@2
    43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
williamr@2
    44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
williamr@2
    45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
williamr@2
    46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
williamr@2
    47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
williamr@2
    48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
williamr@2
    49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
williamr@2
    50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
williamr@2
    51
 * SUCH DAMAGE.
williamr@2
    52
 * 
williamr@2
    53
 * The licence and distribution terms for any publically available version or
williamr@2
    54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
williamr@2
    55
 * copied and put under another distribution licence
williamr@2
    56
 * [including the GNU Public Licence.]
williamr@2
    57
 */
williamr@2
    58
/* ====================================================================
williamr@2
    59
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
williamr@2
    60
 *
williamr@2
    61
 * Redistribution and use in source and binary forms, with or without
williamr@2
    62
 * modification, are permitted provided that the following conditions
williamr@2
    63
 * are met:
williamr@2
    64
 *
williamr@2
    65
 * 1. Redistributions of source code must retain the above copyright
williamr@2
    66
 *    notice, this list of conditions and the following disclaimer. 
williamr@2
    67
 *
williamr@2
    68
 * 2. Redistributions in binary form must reproduce the above copyright
williamr@2
    69
 *    notice, this list of conditions and the following disclaimer in
williamr@2
    70
 *    the documentation and/or other materials provided with the
williamr@2
    71
 *    distribution.
williamr@2
    72
 *
williamr@2
    73
 * 3. All advertising materials mentioning features or use of this
williamr@2
    74
 *    software must display the following acknowledgment:
williamr@2
    75
 *    "This product includes software developed by the OpenSSL Project
williamr@2
    76
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
williamr@2
    77
 *
williamr@2
    78
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
williamr@2
    79
 *    endorse or promote products derived from this software without
williamr@2
    80
 *    prior written permission. For written permission, please contact
williamr@2
    81
 *    openssl-core@openssl.org.
williamr@2
    82
 *
williamr@2
    83
 * 5. Products derived from this software may not be called "OpenSSL"
williamr@2
    84
 *    nor may "OpenSSL" appear in their names without prior written
williamr@2
    85
 *    permission of the OpenSSL Project.
williamr@2
    86
 *
williamr@2
    87
 * 6. Redistributions of any form whatsoever must retain the following
williamr@2
    88
 *    acknowledgment:
williamr@2
    89
 *    "This product includes software developed by the OpenSSL Project
williamr@2
    90
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
williamr@2
    91
 *
williamr@2
    92
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
williamr@2
    93
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
williamr@2
    94
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
williamr@2
    95
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
williamr@2
    96
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
williamr@2
    97
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
williamr@2
    98
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
williamr@2
    99
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
williamr@2
   100
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
williamr@2
   101
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
williamr@2
   102
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
williamr@2
   103
 * OF THE POSSIBILITY OF SUCH DAMAGE.
williamr@2
   104
 * ====================================================================
williamr@2
   105
 *
williamr@2
   106
 * This product includes cryptographic software written by Eric Young
williamr@2
   107
 * (eay@cryptsoft.com).  This product includes software written by Tim
williamr@2
   108
 * Hudson (tjh@cryptsoft.com).
williamr@2
   109
 *
williamr@2
   110
 */
williamr@2
   111
/* ====================================================================
williamr@2
   112
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
williamr@2
   113
 * ECC cipher suite support in OpenSSL originally developed by 
williamr@2
   114
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
williamr@2
   115
 */
williamr@2
   116
williamr@2
   117
#ifndef HEADER_SSL3_H 
williamr@2
   118
#define HEADER_SSL3_H 
williamr@2
   119
williamr@2
   120
#ifndef OPENSSL_NO_COMP
williamr@2
   121
#include <openssl/comp.h>
williamr@2
   122
#endif
williamr@2
   123
#include <openssl/buffer.h>
williamr@2
   124
#include <openssl/evp.h>
williamr@2
   125
#include <openssl/ssl.h>
williamr@2
   126
#include <openssl/pq_compat.h>
williamr@2
   127
williamr@2
   128
#ifdef  __cplusplus
williamr@2
   129
extern "C" {
williamr@2
   130
#endif
williamr@2
   131
williamr@2
   132
#define SSL3_CK_RSA_NULL_MD5			0x03000001
williamr@2
   133
#define SSL3_CK_RSA_NULL_SHA			0x03000002
williamr@2
   134
#define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
williamr@2
   135
#define SSL3_CK_RSA_RC4_128_MD5			0x03000004
williamr@2
   136
#define SSL3_CK_RSA_RC4_128_SHA			0x03000005
williamr@2
   137
#define SSL3_CK_RSA_RC2_40_MD5			0x03000006
williamr@2
   138
#define SSL3_CK_RSA_IDEA_128_SHA		0x03000007
williamr@2
   139
#define SSL3_CK_RSA_DES_40_CBC_SHA		0x03000008
williamr@2
   140
#define SSL3_CK_RSA_DES_64_CBC_SHA		0x03000009
williamr@2
   141
#define SSL3_CK_RSA_DES_192_CBC3_SHA		0x0300000A
williamr@2
   142
williamr@2
   143
#define SSL3_CK_DH_DSS_DES_40_CBC_SHA		0x0300000B
williamr@2
   144
#define SSL3_CK_DH_DSS_DES_64_CBC_SHA		0x0300000C
williamr@2
   145
#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 	0x0300000D
williamr@2
   146
#define SSL3_CK_DH_RSA_DES_40_CBC_SHA		0x0300000E
williamr@2
   147
#define SSL3_CK_DH_RSA_DES_64_CBC_SHA		0x0300000F
williamr@2
   148
#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 	0x03000010
williamr@2
   149
williamr@2
   150
#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA		0x03000011
williamr@2
   151
#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA		0x03000012
williamr@2
   152
#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA	0x03000013
williamr@2
   153
#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA		0x03000014
williamr@2
   154
#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA		0x03000015
williamr@2
   155
#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA	0x03000016
williamr@2
   156
williamr@2
   157
#define SSL3_CK_ADH_RC4_40_MD5			0x03000017
williamr@2
   158
#define SSL3_CK_ADH_RC4_128_MD5			0x03000018
williamr@2
   159
#define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019
williamr@2
   160
#define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A
williamr@2
   161
#define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B
williamr@2
   162
williamr@2
   163
#define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
williamr@2
   164
#define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
williamr@2
   165
#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
williamr@2
   166
	 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
williamr@2
   167
	 of the ietf-tls list */
williamr@2
   168
#define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E
williamr@2
   169
#endif
williamr@2
   170
williamr@2
   171
/*    VRS Additional Kerberos5 entries
williamr@2
   172
 */
williamr@2
   173
#define SSL3_CK_KRB5_DES_64_CBC_SHA		0x0300001E
williamr@2
   174
#define SSL3_CK_KRB5_DES_192_CBC3_SHA		0x0300001F
williamr@2
   175
#define SSL3_CK_KRB5_RC4_128_SHA		0x03000020
williamr@2
   176
#define SSL3_CK_KRB5_IDEA_128_CBC_SHA	       	0x03000021
williamr@2
   177
#define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000022
williamr@2
   178
#define SSL3_CK_KRB5_DES_192_CBC3_MD5       	0x03000023
williamr@2
   179
#define SSL3_CK_KRB5_RC4_128_MD5	       	0x03000024
williamr@2
   180
#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 		0x03000025
williamr@2
   181
williamr@2
   182
#define SSL3_CK_KRB5_DES_40_CBC_SHA 		0x03000026
williamr@2
   183
#define SSL3_CK_KRB5_RC2_40_CBC_SHA 		0x03000027
williamr@2
   184
#define SSL3_CK_KRB5_RC4_40_SHA	 		0x03000028
williamr@2
   185
#define SSL3_CK_KRB5_DES_40_CBC_MD5 		0x03000029
williamr@2
   186
#define SSL3_CK_KRB5_RC2_40_CBC_MD5 		0x0300002A
williamr@2
   187
#define SSL3_CK_KRB5_RC4_40_MD5	 		0x0300002B
williamr@2
   188
williamr@2
   189
#define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
williamr@2
   190
#define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
williamr@2
   191
#define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"
williamr@2
   192
#define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"
williamr@2
   193
#define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"
williamr@2
   194
#define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"
williamr@2
   195
#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"
williamr@2
   196
#define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"
williamr@2
   197
#define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"
williamr@2
   198
#define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"
williamr@2
   199
williamr@2
   200
#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA		"EXP-DH-DSS-DES-CBC-SHA"
williamr@2
   201
#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA		"DH-DSS-DES-CBC-SHA"
williamr@2
   202
#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 	"DH-DSS-DES-CBC3-SHA"
williamr@2
   203
#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA		"EXP-DH-RSA-DES-CBC-SHA"
williamr@2
   204
#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA		"DH-RSA-DES-CBC-SHA"
williamr@2
   205
#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 	"DH-RSA-DES-CBC3-SHA"
williamr@2
   206
williamr@2
   207
#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"
williamr@2
   208
#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"
williamr@2
   209
#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"
williamr@2
   210
#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"
williamr@2
   211
#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"
williamr@2
   212
#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"
williamr@2
   213
williamr@2
   214
#define SSL3_TXT_ADH_RC4_40_MD5			"EXP-ADH-RC4-MD5"
williamr@2
   215
#define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"
williamr@2
   216
#define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"
williamr@2
   217
#define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"
williamr@2
   218
#define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"
williamr@2
   219
williamr@2
   220
#define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"
williamr@2
   221
#define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
williamr@2
   222
#define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"
williamr@2
   223
williamr@2
   224
#define SSL3_TXT_KRB5_DES_64_CBC_SHA		"KRB5-DES-CBC-SHA"
williamr@2
   225
#define SSL3_TXT_KRB5_DES_192_CBC3_SHA		"KRB5-DES-CBC3-SHA"
williamr@2
   226
#define SSL3_TXT_KRB5_RC4_128_SHA		"KRB5-RC4-SHA"
williamr@2
   227
#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA	       	"KRB5-IDEA-CBC-SHA"
williamr@2
   228
#define SSL3_TXT_KRB5_DES_64_CBC_MD5       	"KRB5-DES-CBC-MD5"
williamr@2
   229
#define SSL3_TXT_KRB5_DES_192_CBC3_MD5       	"KRB5-DES-CBC3-MD5"
williamr@2
   230
#define SSL3_TXT_KRB5_RC4_128_MD5		"KRB5-RC4-MD5"
williamr@2
   231
#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 		"KRB5-IDEA-CBC-MD5"
williamr@2
   232
williamr@2
   233
#define SSL3_TXT_KRB5_DES_40_CBC_SHA 		"EXP-KRB5-DES-CBC-SHA"
williamr@2
   234
#define SSL3_TXT_KRB5_RC2_40_CBC_SHA 		"EXP-KRB5-RC2-CBC-SHA"
williamr@2
   235
#define SSL3_TXT_KRB5_RC4_40_SHA	 	"EXP-KRB5-RC4-SHA"
williamr@2
   236
#define SSL3_TXT_KRB5_DES_40_CBC_MD5 		"EXP-KRB5-DES-CBC-MD5"
williamr@2
   237
#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 		"EXP-KRB5-RC2-CBC-MD5"
williamr@2
   238
#define SSL3_TXT_KRB5_RC4_40_MD5	 	"EXP-KRB5-RC4-MD5"
williamr@2
   239
williamr@2
   240
#define SSL3_SSL_SESSION_ID_LENGTH		32
williamr@2
   241
#define SSL3_MAX_SSL_SESSION_ID_LENGTH		32
williamr@2
   242
williamr@2
   243
#define SSL3_MASTER_SECRET_SIZE			48
williamr@2
   244
#define SSL3_RANDOM_SIZE			32
williamr@2
   245
#define SSL3_SESSION_ID_SIZE			32
williamr@2
   246
#define SSL3_RT_HEADER_LENGTH			5
williamr@2
   247
williamr@2
   248
/* Due to MS stuffing up, this can change.... */
williamr@2
   249
#if defined(OPENSSL_SYS_WIN16) || \
williamr@2
   250
	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
williamr@2
   251
#define SSL3_RT_MAX_EXTRA			(14000)
williamr@2
   252
#else
williamr@2
   253
#define SSL3_RT_MAX_EXTRA			(16384)
williamr@2
   254
#endif
williamr@2
   255
williamr@2
   256
#define SSL3_RT_MAX_PLAIN_LENGTH		16384
williamr@2
   257
#ifdef OPENSSL_NO_COMP
williamr@2
   258
#define SSL3_RT_MAX_COMPRESSED_LENGTH	SSL3_RT_MAX_PLAIN_LENGTH
williamr@2
   259
#else
williamr@2
   260
#define SSL3_RT_MAX_COMPRESSED_LENGTH	(1024+SSL3_RT_MAX_PLAIN_LENGTH)
williamr@2
   261
#endif
williamr@2
   262
#define SSL3_RT_MAX_ENCRYPTED_LENGTH	(1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
williamr@2
   263
#define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
williamr@2
   264
#define SSL3_RT_MAX_DATA_SIZE			(1024*1024)
williamr@2
   265
williamr@2
   266
#define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"
williamr@2
   267
#define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"
williamr@2
   268
williamr@2
   269
#define SSL3_VERSION			0x0300
williamr@2
   270
#define SSL3_VERSION_MAJOR		0x03
williamr@2
   271
#define SSL3_VERSION_MINOR		0x00
williamr@2
   272
williamr@2
   273
#define SSL3_RT_CHANGE_CIPHER_SPEC	20
williamr@2
   274
#define SSL3_RT_ALERT			21
williamr@2
   275
#define SSL3_RT_HANDSHAKE		22
williamr@2
   276
#define SSL3_RT_APPLICATION_DATA	23
williamr@2
   277
williamr@2
   278
#define SSL3_AL_WARNING			1
williamr@2
   279
#define SSL3_AL_FATAL			2
williamr@2
   280
williamr@2
   281
#define SSL3_AD_CLOSE_NOTIFY		 0
williamr@2
   282
#define SSL3_AD_UNEXPECTED_MESSAGE	10	/* fatal */
williamr@2
   283
#define SSL3_AD_BAD_RECORD_MAC		20	/* fatal */
williamr@2
   284
#define SSL3_AD_DECOMPRESSION_FAILURE	30	/* fatal */
williamr@2
   285
#define SSL3_AD_HANDSHAKE_FAILURE	40	/* fatal */
williamr@2
   286
#define SSL3_AD_NO_CERTIFICATE		41
williamr@2
   287
#define SSL3_AD_BAD_CERTIFICATE		42
williamr@2
   288
#define SSL3_AD_UNSUPPORTED_CERTIFICATE	43
williamr@2
   289
#define SSL3_AD_CERTIFICATE_REVOKED	44
williamr@2
   290
#define SSL3_AD_CERTIFICATE_EXPIRED	45
williamr@2
   291
#define SSL3_AD_CERTIFICATE_UNKNOWN	46
williamr@2
   292
#define SSL3_AD_ILLEGAL_PARAMETER	47	/* fatal */
williamr@2
   293
williamr@2
   294
typedef struct ssl3_record_st
williamr@2
   295
	{
williamr@2
   296
/*r */	int type;               /* type of record */
williamr@2
   297
/*rw*/	unsigned int length;    /* How many bytes available */
williamr@2
   298
/*r */	unsigned int off;       /* read/write offset into 'buf' */
williamr@2
   299
/*rw*/	unsigned char *data;    /* pointer to the record data */
williamr@2
   300
/*rw*/	unsigned char *input;   /* where the decode bytes are */
williamr@2
   301
/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
williamr@2
   302
/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
williamr@2
   303
/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
williamr@2
   304
	} SSL3_RECORD;
williamr@2
   305
williamr@2
   306
typedef struct ssl3_buffer_st
williamr@2
   307
	{
williamr@2
   308
	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
williamr@2
   309
	                         * see ssl3_setup_buffers() */
williamr@2
   310
	size_t len;             /* buffer size */
williamr@2
   311
	int offset;             /* where to 'copy from' */
williamr@2
   312
	int left;               /* how many bytes left */
williamr@2
   313
	} SSL3_BUFFER;
williamr@2
   314
williamr@2
   315
#define SSL3_CT_RSA_SIGN			1
williamr@2
   316
#define SSL3_CT_DSS_SIGN			2
williamr@2
   317
#define SSL3_CT_RSA_FIXED_DH			3
williamr@2
   318
#define SSL3_CT_DSS_FIXED_DH			4
williamr@2
   319
#define SSL3_CT_RSA_EPHEMERAL_DH		5
williamr@2
   320
#define SSL3_CT_DSS_EPHEMERAL_DH		6
williamr@2
   321
#define SSL3_CT_FORTEZZA_DMS			20
williamr@2
   322
/* SSL3_CT_NUMBER is used to size arrays and it must be large
williamr@2
   323
 * enough to contain all of the cert types defined either for
williamr@2
   324
 * SSLv3 and TLSv1.
williamr@2
   325
 */
williamr@2
   326
#define SSL3_CT_NUMBER			7
williamr@2
   327
williamr@2
   328
williamr@2
   329
#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
williamr@2
   330
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
williamr@2
   331
#define SSL3_FLAGS_POP_BUFFER			0x0004
williamr@2
   332
#define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
williamr@2
   333
williamr@2
   334
typedef struct ssl3_state_st
williamr@2
   335
	{
williamr@2
   336
	long flags;
williamr@2
   337
	int delay_buf_pop_ret;
williamr@2
   338
williamr@2
   339
	unsigned char read_sequence[8];
williamr@2
   340
	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
williamr@2
   341
	unsigned char write_sequence[8];
williamr@2
   342
	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
williamr@2
   343
williamr@2
   344
	unsigned char server_random[SSL3_RANDOM_SIZE];
williamr@2
   345
	unsigned char client_random[SSL3_RANDOM_SIZE];
williamr@2
   346
williamr@2
   347
	/* flags for countermeasure against known-IV weakness */
williamr@2
   348
	int need_empty_fragments;
williamr@2
   349
	int empty_fragment_done;
williamr@2
   350
williamr@2
   351
	SSL3_BUFFER rbuf;	/* read IO goes into here */
williamr@2
   352
	SSL3_BUFFER wbuf;	/* write IO goes into here */
williamr@2
   353
williamr@2
   354
	SSL3_RECORD rrec;	/* each decoded record goes in here */
williamr@2
   355
	SSL3_RECORD wrec;	/* goes out from here */
williamr@2
   356
williamr@2
   357
	/* storage for Alert/Handshake protocol data received but not
williamr@2
   358
	 * yet processed by ssl3_read_bytes: */
williamr@2
   359
	unsigned char alert_fragment[2];
williamr@2
   360
	unsigned int alert_fragment_len;
williamr@2
   361
	unsigned char handshake_fragment[4];
williamr@2
   362
	unsigned int handshake_fragment_len;
williamr@2
   363
williamr@2
   364
	/* partial write - check the numbers match */
williamr@2
   365
	unsigned int wnum;	/* number of bytes sent so far */
williamr@2
   366
	int wpend_tot;		/* number bytes written */
williamr@2
   367
	int wpend_type;
williamr@2
   368
	int wpend_ret;		/* number of bytes submitted */
williamr@2
   369
	const unsigned char *wpend_buf;
williamr@2
   370
williamr@2
   371
	/* used during startup, digest all incoming/outgoing packets */
williamr@2
   372
	EVP_MD_CTX finish_dgst1;
williamr@2
   373
	EVP_MD_CTX finish_dgst2;
williamr@2
   374
williamr@2
   375
	/* this is set whenerver we see a change_cipher_spec message
williamr@2
   376
	 * come in when we are not looking for one */
williamr@2
   377
	int change_cipher_spec;
williamr@2
   378
williamr@2
   379
	int warn_alert;
williamr@2
   380
	int fatal_alert;
williamr@2
   381
	/* we allow one fatal and one warning alert to be outstanding,
williamr@2
   382
	 * send close alert via the warning alert */
williamr@2
   383
	int alert_dispatch;
williamr@2
   384
	unsigned char send_alert[2];
williamr@2
   385
williamr@2
   386
	/* This flag is set when we should renegotiate ASAP, basically when
williamr@2
   387
	 * there is no more data in the read or write buffers */
williamr@2
   388
	int renegotiate;
williamr@2
   389
	int total_renegotiations;
williamr@2
   390
	int num_renegotiations;
williamr@2
   391
williamr@2
   392
	int in_read_app_data;
williamr@2
   393
williamr@2
   394
	struct	{
williamr@2
   395
		/* actually only needs to be 16+20 */
williamr@2
   396
		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
williamr@2
   397
williamr@2
   398
		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
williamr@2
   399
		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
williamr@2
   400
		int finish_md_len;
williamr@2
   401
		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
williamr@2
   402
		int peer_finish_md_len;
williamr@2
   403
		
williamr@2
   404
		unsigned long message_size;
williamr@2
   405
		int message_type;
williamr@2
   406
williamr@2
   407
		/* used to hold the new cipher we are going to use */
williamr@2
   408
		SSL_CIPHER *new_cipher;
williamr@2
   409
#ifndef OPENSSL_NO_DH
williamr@2
   410
		DH *dh;
williamr@2
   411
#endif
williamr@2
   412
williamr@2
   413
#ifndef OPENSSL_NO_ECDH
williamr@2
   414
		EC_KEY *ecdh; /* holds short lived ECDH key */
williamr@2
   415
#endif
williamr@2
   416
williamr@2
   417
		/* used when SSL_ST_FLUSH_DATA is entered */
williamr@2
   418
		int next_state;			
williamr@2
   419
williamr@2
   420
		int reuse_message;
williamr@2
   421
williamr@2
   422
		/* used for certificate requests */
williamr@2
   423
		int cert_req;
williamr@2
   424
		int ctype_num;
williamr@2
   425
		char ctype[SSL3_CT_NUMBER];
williamr@2
   426
		STACK_OF(X509_NAME) *ca_names;
williamr@2
   427
williamr@2
   428
		int use_rsa_tmp;
williamr@2
   429
williamr@2
   430
		int key_block_length;
williamr@2
   431
		unsigned char *key_block;
williamr@2
   432
williamr@2
   433
		const EVP_CIPHER *new_sym_enc;
williamr@2
   434
		const EVP_MD *new_hash;
williamr@2
   435
#ifndef OPENSSL_NO_COMP
williamr@2
   436
		const SSL_COMP *new_compression;
williamr@2
   437
#else
williamr@2
   438
		char *new_compression;
williamr@2
   439
#endif
williamr@2
   440
		int cert_request;
williamr@2
   441
		} tmp;
williamr@2
   442
williamr@2
   443
	} SSL3_STATE;
williamr@2
   444
williamr@2
   445
williamr@2
   446
/* SSLv3 */
williamr@2
   447
/*client */
williamr@2
   448
/* extra state */
williamr@2
   449
#define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)
williamr@2
   450
/* write to server */
williamr@2
   451
#define SSL3_ST_CW_CLNT_HELLO_A		(0x110|SSL_ST_CONNECT)
williamr@2
   452
#define SSL3_ST_CW_CLNT_HELLO_B		(0x111|SSL_ST_CONNECT)
williamr@2
   453
/* read from server */
williamr@2
   454
#define SSL3_ST_CR_SRVR_HELLO_A		(0x120|SSL_ST_CONNECT)
williamr@2
   455
#define SSL3_ST_CR_SRVR_HELLO_B		(0x121|SSL_ST_CONNECT)
williamr@2
   456
#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
williamr@2
   457
#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
williamr@2
   458
#define SSL3_ST_CR_CERT_A		(0x130|SSL_ST_CONNECT)
williamr@2
   459
#define SSL3_ST_CR_CERT_B		(0x131|SSL_ST_CONNECT)
williamr@2
   460
#define SSL3_ST_CR_KEY_EXCH_A		(0x140|SSL_ST_CONNECT)
williamr@2
   461
#define SSL3_ST_CR_KEY_EXCH_B		(0x141|SSL_ST_CONNECT)
williamr@2
   462
#define SSL3_ST_CR_CERT_REQ_A		(0x150|SSL_ST_CONNECT)
williamr@2
   463
#define SSL3_ST_CR_CERT_REQ_B		(0x151|SSL_ST_CONNECT)
williamr@2
   464
#define SSL3_ST_CR_SRVR_DONE_A		(0x160|SSL_ST_CONNECT)
williamr@2
   465
#define SSL3_ST_CR_SRVR_DONE_B		(0x161|SSL_ST_CONNECT)
williamr@2
   466
/* write to server */
williamr@2
   467
#define SSL3_ST_CW_CERT_A		(0x170|SSL_ST_CONNECT)
williamr@2
   468
#define SSL3_ST_CW_CERT_B		(0x171|SSL_ST_CONNECT)
williamr@2
   469
#define SSL3_ST_CW_CERT_C		(0x172|SSL_ST_CONNECT)
williamr@2
   470
#define SSL3_ST_CW_CERT_D		(0x173|SSL_ST_CONNECT)
williamr@2
   471
#define SSL3_ST_CW_KEY_EXCH_A		(0x180|SSL_ST_CONNECT)
williamr@2
   472
#define SSL3_ST_CW_KEY_EXCH_B		(0x181|SSL_ST_CONNECT)
williamr@2
   473
#define SSL3_ST_CW_CERT_VRFY_A		(0x190|SSL_ST_CONNECT)
williamr@2
   474
#define SSL3_ST_CW_CERT_VRFY_B		(0x191|SSL_ST_CONNECT)
williamr@2
   475
#define SSL3_ST_CW_CHANGE_A		(0x1A0|SSL_ST_CONNECT)
williamr@2
   476
#define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)
williamr@2
   477
#define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
williamr@2
   478
#define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
williamr@2
   479
/* read from server */
williamr@2
   480
#define SSL3_ST_CR_CHANGE_A		(0x1C0|SSL_ST_CONNECT)
williamr@2
   481
#define SSL3_ST_CR_CHANGE_B		(0x1C1|SSL_ST_CONNECT)
williamr@2
   482
#define SSL3_ST_CR_FINISHED_A		(0x1D0|SSL_ST_CONNECT)
williamr@2
   483
#define SSL3_ST_CR_FINISHED_B		(0x1D1|SSL_ST_CONNECT)
williamr@2
   484
#define SSL3_ST_CR_SESSION_TICKET_A	(0x1E0|SSL_ST_CONNECT)
williamr@2
   485
#define SSL3_ST_CR_SESSION_TICKET_B	(0x1E1|SSL_ST_CONNECT)
williamr@2
   486
williamr@2
   487
/* server */
williamr@2
   488
/* extra state */
williamr@2
   489
#define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
williamr@2
   490
/* read from client */
williamr@2
   491
/* Do not change the number values, they do matter */
williamr@2
   492
#define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
williamr@2
   493
#define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
williamr@2
   494
#define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
williamr@2
   495
/* write to client */
williamr@2
   496
#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
williamr@2
   497
#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
williamr@2
   498
#define SSL3_ST_SW_HELLO_REQ_A		(0x120|SSL_ST_ACCEPT)
williamr@2
   499
#define SSL3_ST_SW_HELLO_REQ_B		(0x121|SSL_ST_ACCEPT)
williamr@2
   500
#define SSL3_ST_SW_HELLO_REQ_C		(0x122|SSL_ST_ACCEPT)
williamr@2
   501
#define SSL3_ST_SW_SRVR_HELLO_A		(0x130|SSL_ST_ACCEPT)
williamr@2
   502
#define SSL3_ST_SW_SRVR_HELLO_B		(0x131|SSL_ST_ACCEPT)
williamr@2
   503
#define SSL3_ST_SW_CERT_A		(0x140|SSL_ST_ACCEPT)
williamr@2
   504
#define SSL3_ST_SW_CERT_B		(0x141|SSL_ST_ACCEPT)
williamr@2
   505
#define SSL3_ST_SW_KEY_EXCH_A		(0x150|SSL_ST_ACCEPT)
williamr@2
   506
#define SSL3_ST_SW_KEY_EXCH_B		(0x151|SSL_ST_ACCEPT)
williamr@2
   507
#define SSL3_ST_SW_CERT_REQ_A		(0x160|SSL_ST_ACCEPT)
williamr@2
   508
#define SSL3_ST_SW_CERT_REQ_B		(0x161|SSL_ST_ACCEPT)
williamr@2
   509
#define SSL3_ST_SW_SRVR_DONE_A		(0x170|SSL_ST_ACCEPT)
williamr@2
   510
#define SSL3_ST_SW_SRVR_DONE_B		(0x171|SSL_ST_ACCEPT)
williamr@2
   511
/* read from client */
williamr@2
   512
#define SSL3_ST_SR_CERT_A		(0x180|SSL_ST_ACCEPT)
williamr@2
   513
#define SSL3_ST_SR_CERT_B		(0x181|SSL_ST_ACCEPT)
williamr@2
   514
#define SSL3_ST_SR_KEY_EXCH_A		(0x190|SSL_ST_ACCEPT)
williamr@2
   515
#define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)
williamr@2
   516
#define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)
williamr@2
   517
#define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)
williamr@2
   518
#define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)
williamr@2
   519
#define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)
williamr@2
   520
#define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
williamr@2
   521
#define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
williamr@2
   522
/* write to client */
williamr@2
   523
#define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)
williamr@2
   524
#define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)
williamr@2
   525
#define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)
williamr@2
   526
#define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)
williamr@2
   527
#define SSL3_ST_SW_SESSION_TICKET_A	(0x1F0|SSL_ST_ACCEPT)
williamr@2
   528
#define SSL3_ST_SW_SESSION_TICKET_B	(0x1F1|SSL_ST_ACCEPT)
williamr@2
   529
williamr@2
   530
#define SSL3_MT_HELLO_REQUEST			0
williamr@2
   531
#define SSL3_MT_CLIENT_HELLO			1
williamr@2
   532
#define SSL3_MT_SERVER_HELLO			2
williamr@2
   533
#define	SSL3_MT_NEWSESSION_TICKET		4
williamr@2
   534
#define SSL3_MT_CERTIFICATE			11
williamr@2
   535
#define SSL3_MT_SERVER_KEY_EXCHANGE		12
williamr@2
   536
#define SSL3_MT_CERTIFICATE_REQUEST		13
williamr@2
   537
#define SSL3_MT_SERVER_DONE			14
williamr@2
   538
#define SSL3_MT_CERTIFICATE_VERIFY		15
williamr@2
   539
#define SSL3_MT_CLIENT_KEY_EXCHANGE		16
williamr@2
   540
#define SSL3_MT_FINISHED			20
williamr@2
   541
#define DTLS1_MT_HELLO_VERIFY_REQUEST    3
williamr@2
   542
williamr@2
   543
williamr@2
   544
#define SSL3_MT_CCS				1
williamr@2
   545
williamr@2
   546
/* These are used when changing over to a new cipher */
williamr@2
   547
#define SSL3_CC_READ		0x01
williamr@2
   548
#define SSL3_CC_WRITE		0x02
williamr@2
   549
#define SSL3_CC_CLIENT		0x10
williamr@2
   550
#define SSL3_CC_SERVER		0x20
williamr@2
   551
#define SSL3_CHANGE_CIPHER_CLIENT_WRITE	(SSL3_CC_CLIENT|SSL3_CC_WRITE)	
williamr@2
   552
#define SSL3_CHANGE_CIPHER_SERVER_READ	(SSL3_CC_SERVER|SSL3_CC_READ)
williamr@2
   553
#define SSL3_CHANGE_CIPHER_CLIENT_READ	(SSL3_CC_CLIENT|SSL3_CC_READ)
williamr@2
   554
#define SSL3_CHANGE_CIPHER_SERVER_WRITE	(SSL3_CC_SERVER|SSL3_CC_WRITE)
williamr@2
   555
williamr@2
   556
#ifdef  __cplusplus
williamr@2
   557
}
williamr@2
   558
#endif
williamr@2
   559
#endif
williamr@2
   560