1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ssl/ssl3.h */ 2d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * All rights reserved. 4d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This package is an SSL implementation written 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * by Eric Young (eay@cryptsoft.com). 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The implementation was written so as to conform with Netscapes SSL. 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This library is free for commercial and non-commercial use as long as 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the following conditions are aheared to. The following conditions 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * apply to all code found in this distribution, be it the RC4, RSA, 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * included with this distribution is covered by the same copyright terms 14d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright remains Eric Young's, and as such any Copyright notices in 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the code are not to be removed. 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * If this package is used in a product, Eric Young should be given attribution 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * as the author of the parts of the library used. 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This can be in the form of a textual message at program startup or 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * in documentation (online or textual) provided with the package. 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the copyright 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer. 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in the 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * documentation and/or other materials provided with the distribution. 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this software 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * must display the following acknowledgement: 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes cryptographic software written by 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Eric Young (eay@cryptsoft.com)" 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The word 'cryptographic' can be left out if the rouines from the library 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * being used are not cryptographic related :-). 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. If you include any Windows specific code (or a derivative thereof) from 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the apps directory (application code) you must include an acknowledgement: 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SUCH DAMAGE. 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * The licence and distribution terms for any publically available version or 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * derivative of this code cannot be changed. i.e. this code cannot simply be 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * copied and put under another distribution licence 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * [including the GNU Public Licence.] 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright 66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer. 67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 69d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in 70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the documentation and/or other materials provided with the 71d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * distribution. 72d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 73d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this 74d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * software must display the following acknowledgment: 75d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 76d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 78d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * endorse or promote products derived from this software without 80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prior written permission. For written permission, please contact 81d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * openssl-core@openssl.org. 82d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 83d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL" 84d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * nor may "OpenSSL" appear in their names without prior written 85d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * permission of the OpenSSL Project. 86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 87d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following 88d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * acknowledgment: 89d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 92d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ==================================================================== 105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This product includes cryptographic software written by Eric Young 107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (eay@cryptsoft.com). This product includes software written by Tim 108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Hudson (tjh@cryptsoft.com). 109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ECC cipher suite support in OpenSSL originally developed by 114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 117d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifndef HEADER_SSL3_H 118d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define HEADER_SSL3_H 119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 120e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#include <openssl/aead.h> 121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/buf.h> 122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/evp.h> 123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/ssl.h> 124e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#include <openssl/type_check.h> 125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifdef __cplusplus 127d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyextern "C" { 128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif 129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 131d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Signalling cipher suite value: from RFC5746 */ 132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_SCSV 0x030000FF 133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Fallback signalling cipher suite value: not IANA assigned. 134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * See https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01 */ 135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_FALLBACK_SCSV 0x03005600 136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 137d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_NULL_MD5 0x03000001 138d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_NULL_SHA 0x03000002 139d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 140d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 141d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 142d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 143d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 144d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 145d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 146d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A 147d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 148d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B 149d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C 150d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D 151d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E 152d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F 153d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 154d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 155d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 156d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 157d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 158d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 159d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 160d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 161d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 162d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 163d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 164d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 165d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A 166d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B 167d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 168d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" 169d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" 170d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" 171d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" 172d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" 173d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" 174d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" 175d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" 176d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" 177d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" 178d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 179d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" 180d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" 181d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" 182d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" 183d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" 184d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" 185d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 186d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" 187d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" 188d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" 189d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" 190d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" 191d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" 192d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 193d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" 194d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" 195d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" 196d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" 197d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" 198d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 199d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_SSL_SESSION_ID_LENGTH 32 200d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 201d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 202d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MASTER_SECRET_SIZE 48 203d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RANDOM_SIZE 32 204d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_SESSION_ID_SIZE 32 205d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_HEADER_LENGTH 5 206d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 207d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_HM_HEADER_LENGTH 4 208d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 209d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifndef SSL3_ALIGN_PAYLOAD 210d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Some will argue that this increases memory footprint, but it's not actually 211d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * true. Point is that malloc has to return at least 64-bit aligned pointers, 212d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * meaning that allocating 5 bytes wastes 3 bytes in either case. Suggested 213d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * pre-gaping simply moves these wasted bytes from the end of allocated region 214d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * to its front, but makes data payload aligned, which improves performance. */ 215d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ALIGN_PAYLOAD 8 216d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#else 217d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#if (SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) != 0 218d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#error "insane SSL3_ALIGN_PAYLOAD" 219d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#undef SSL3_ALIGN_PAYLOAD 220d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif 221d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif 222d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 223d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* This is the maximum MAC (digest) size used by the SSL library. Currently 224d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * maximum of 20 is used by SHA1, but we reserve for future extension for 225d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 512-bit hashes. */ 226d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 227d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_MAX_MD_SIZE 64 228d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 229d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Maximum block size used in all ciphersuites. Currently 16 for AES. */ 230d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 231d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 232d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 233d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_MAX_EXTRA (16384) 234d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 235d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Maximum plaintext length: defined by SSL/TLS standards */ 236d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_MAX_PLAIN_LENGTH 16384 237d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Maximum compression overhead: defined by SSL/TLS standards */ 238d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 239d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 240d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* The standards give a maximum encryption overhead of 1024 bytes. In practice 241d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the value is lower than this. The overhead is the maximum number of padding 242e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * bytes (256) plus the mac size. 243e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * 244e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1 245e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger 246e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * than necessary and no true AEAD has variable overhead in TLS 1.2. */ 247d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) 248d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 249e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a 250e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * record. This does not include the record header. Some ciphers use explicit 251e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * nonces, so it includes both the AEAD overhead as well as the nonce. */ 252d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ 253e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley (EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH) 254e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 255e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam LangleyOPENSSL_COMPILE_ASSERT( 256e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley SSL3_RT_MAX_ENCRYPTED_OVERHEAD >= SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD, 257e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley max_overheads_are_consistent); 258d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 259e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley/* SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for 260e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the 261e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * compression overhead. */ 262e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH 263d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 264d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_MAX_ENCRYPTED_LENGTH \ 265d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH) 266d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_MAX_PACKET_SIZE \ 267d9e397b599b13d642138480a28c14db7a136bf0Adam Langley (SSL3_RT_MAX_ENCRYPTED_LENGTH + SSL3_RT_HEADER_LENGTH) 268d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 269d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" 270d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" 271d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 272d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_VERSION 0x0300 273d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_VERSION_MAJOR 0x03 274d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_VERSION_MINOR 0x00 275d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 276d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_CHANGE_CIPHER_SPEC 20 277d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_ALERT 21 278d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_HANDSHAKE 22 279d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_APPLICATION_DATA 23 280d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 281d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Pseudo content types to indicate additional parameters */ 282d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO 0x1000 283d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1) 284d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2) 285d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3) 286d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4) 287d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 288d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_READ 0x0000 289d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_WRITE 0x0100 290d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5) 291d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6) 292d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7) 293d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8) 294d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 295d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Pseudo content type for SSL/TLS header info */ 296d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_RT_HEADER 0x100 297d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 298d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AL_WARNING 1 299d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AL_FATAL 2 300d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 301d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_CLOSE_NOTIFY 0 302d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ 303d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ 304d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ 305d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ 306d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_NO_CERTIFICATE 41 307d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_BAD_CERTIFICATE 42 308d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 309d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_CERTIFICATE_REVOKED 44 310d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_CERTIFICATE_EXPIRED 45 311d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_CERTIFICATE_UNKNOWN 46 312d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ 313d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ 314d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 315d9e397b599b13d642138480a28c14db7a136bf0Adam Langleytypedef struct ssl3_record_st { 31653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* type is the record type. */ 31753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley uint8_t type; 31853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* length is the number of unconsumed bytes of |data|. */ 31953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley uint16_t length; 32053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* off is the number of consumed bytes of |data|. */ 32153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley uint16_t off; 32253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* data is a non-owning pointer to the record contents. The total length of 32353b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * the buffer is |off| + |length|. */ 32453b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley uint8_t *data; 32553b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* epoch, in DTLS, is the epoch number of the record. */ 32653b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley uint16_t epoch; 32753b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* seq_num, in DTLS, is the sequence number of the record. The top two bytes 32853b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * are always zero. 32953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * 33053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * TODO(davidben): This is confusing. They should include the epoch or the 33153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * field should be six bytes. */ 33253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley uint8_t seq_num[8]; 333d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} SSL3_RECORD; 334d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 335d9e397b599b13d642138480a28c14db7a136bf0Adam Langleytypedef struct ssl3_buffer_st { 336d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see 337d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ssl3_setup_buffers() */ 338d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t len; /* buffer size */ 339d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int offset; /* where to 'copy from' */ 340d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int left; /* how many bytes left */ 341d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} SSL3_BUFFER; 342d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 343d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CT_RSA_SIGN 1 344d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CT_DSS_SIGN 2 345d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CT_RSA_FIXED_DH 3 346d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CT_DSS_FIXED_DH 4 347d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CT_RSA_EPHEMERAL_DH 5 348d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CT_DSS_EPHEMERAL_DH 6 349d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CT_FORTEZZA_DMS 20 350d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 351d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 352d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* TODO(davidben): This flag can probably be merged into s3->change_cipher_spec 353d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * to something tri-state. (Normal / Expect CCS / Between CCS and Finished). */ 354d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_FLAGS_EXPECT_CCS 0x0080 355d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 356d9e397b599b13d642138480a28c14db7a136bf0Adam Langleytypedef struct ssl3_state_st { 357d9e397b599b13d642138480a28c14db7a136bf0Adam Langley long flags; 358d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 359d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t read_sequence[8]; 360d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int read_mac_secret_size; 361d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t read_mac_secret[EVP_MAX_MD_SIZE]; 362d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t write_sequence[8]; 363d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int write_mac_secret_size; 364d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t write_mac_secret[EVP_MAX_MD_SIZE]; 365d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 366d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t server_random[SSL3_RANDOM_SIZE]; 367d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t client_random[SSL3_RANDOM_SIZE]; 368d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 369d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* flags for countermeasure against known-IV weakness */ 370d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int need_record_splitting; 371d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 372d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* The value of 'extra' when the buffers were initialized */ 373d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int init_extra; 374d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 375d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* have_version is true if the connection's final version is known. Otherwise 376d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the version has not been negotiated yet. */ 377d9e397b599b13d642138480a28c14db7a136bf0Adam Langley char have_version; 378d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 37953b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley /* initial_handshake_complete is true if the initial handshake has 38053b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley * completed. */ 38153b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley char initial_handshake_complete; 38253b272a2813a0b11f107d77100ff8805ada8fbd2Adam Langley 383d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* sniff_buffer is used by the server in the initial handshake to read a 384d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * V2ClientHello before the record layer is initialized. */ 385d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BUF_MEM *sniff_buffer; 386d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t sniff_buffer_len; 387d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 388d9e397b599b13d642138480a28c14db7a136bf0Adam Langley SSL3_BUFFER rbuf; /* read IO goes into here */ 389d9e397b599b13d642138480a28c14db7a136bf0Adam Langley SSL3_BUFFER wbuf; /* write IO goes into here */ 390d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 391d9e397b599b13d642138480a28c14db7a136bf0Adam Langley SSL3_RECORD rrec; /* each decoded record goes in here */ 392d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 393d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* storage for Handshake protocol data received but not yet processed by 394d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ssl3_read_bytes: */ 395d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t handshake_fragment[4]; 396d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned int handshake_fragment_len; 397d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 398d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* partial write - check the numbers match */ 399d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned int wnum; /* number of bytes sent so far */ 400d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int wpend_tot; /* number bytes written */ 401d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int wpend_type; 402d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int wpend_ret; /* number of bytes submitted */ 403d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const uint8_t *wpend_buf; 404d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 405d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* used during startup, digest all incoming/outgoing packets */ 406d9e397b599b13d642138480a28c14db7a136bf0Adam Langley BIO *handshake_buffer; 407d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* When set of handshake digests is determined, buffer is hashed and freed 408d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * and MD_CTX-es for all required digests are stored in this array */ 409d9e397b599b13d642138480a28c14db7a136bf0Adam Langley EVP_MD_CTX **handshake_dgst; 410d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* this is set whenerver we see a change_cipher_spec message come in when we 411d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are not looking for one */ 412d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int change_cipher_spec; 413d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 414d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int warn_alert; 415d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int fatal_alert; 416d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* we allow one fatal and one warning alert to be outstanding, send close 417d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * alert via the warning alert */ 418d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int alert_dispatch; 419d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t send_alert[2]; 420d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 421d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int total_renegotiations; 422d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 423d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* State pertaining to the pending handshake. 424d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 425d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * TODO(davidben): State is current spread all over the place. Move 426d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * pending handshake state here so it can be managed separately from 427d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * established connection state in case of renegotiations. */ 428d9e397b599b13d642138480a28c14db7a136bf0Adam Langley struct { 429d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ 430d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t finish_md[EVP_MAX_MD_SIZE * 2]; 431d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int finish_md_len; 432d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t peer_finish_md[EVP_MAX_MD_SIZE * 2]; 433d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int peer_finish_md_len; 434d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 435d9e397b599b13d642138480a28c14db7a136bf0Adam Langley unsigned long message_size; 436d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int message_type; 437d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 438d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* used to hold the new cipher we are going to use */ 439d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const SSL_CIPHER *new_cipher; 440d9e397b599b13d642138480a28c14db7a136bf0Adam Langley DH *dh; 441d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 442d9e397b599b13d642138480a28c14db7a136bf0Adam Langley EC_KEY *ecdh; /* holds short lived ECDH key */ 443d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 444d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* used when SSL_ST_FLUSH_DATA is entered */ 445d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int next_state; 446d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 447d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int reuse_message; 448d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 449d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Client-only: cert_req determines if a client certificate is to be sent. 450d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This is 0 if no client Certificate message is to be sent, 1 if there is 451d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * a client certificate, and 2 to send an empty client Certificate 452d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * message. */ 453d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int cert_req; 454d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 455d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Client-only: ca_names contains the list of CAs received in a 456d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * CertificateRequest message. */ 457d9e397b599b13d642138480a28c14db7a136bf0Adam Langley STACK_OF(X509_NAME) *ca_names; 458d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 459d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Client-only: certificate_types contains the set of certificate types 460d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * received in a CertificateRequest message. */ 461d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *certificate_types; 462d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t num_certificate_types; 463d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 464d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int key_block_length; 465d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *key_block; 466d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 467d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const EVP_AEAD *new_aead; 468d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t new_mac_secret_len; 469d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t new_fixed_iv_len; 470d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t new_variable_iv_len; 471d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 472d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Server-only: cert_request is true if a client certificate was 473d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * requested. */ 474d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int cert_request; 475d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 476d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* certificate_status_expected is true if OCSP stapling was negotiated and 477d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the server is expected to send a CertificateStatus message. */ 478d9e397b599b13d642138480a28c14db7a136bf0Adam Langley char certificate_status_expected; 479d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 480d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* peer_ecpointformatlist contains the EC point formats advertised by the 481d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * peer. */ 482d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *peer_ecpointformatlist; 483d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t peer_ecpointformatlist_length; 484d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 485d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Server-only: peer_ellipticcurvelist contains the EC curve IDs advertised 486d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * by the peer. This is only set on the server's end. The server does not 487d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * advertise this extension to the client. */ 488d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint16_t *peer_ellipticcurvelist; 489d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t peer_ellipticcurvelist_length; 490d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 491d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* extended_master_secret indicates whether the extended master secret 492d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * computation is used in this handshake. Note that this is different from 493d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * whether it was used for the current session. If this is a resumption 494d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * handshake then EMS might be negotiated in the client and server hello 495d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * messages, but it doesn't matter if the session that's being resumed 496d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * didn't use it to create the master secret initially. */ 497d9e397b599b13d642138480a28c14db7a136bf0Adam Langley char extended_master_secret; 498d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 499d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Client-only: peer_psk_identity_hint is the psk_identity_hint sent by the 500d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * server when using a PSK key exchange. */ 501d9e397b599b13d642138480a28c14db7a136bf0Adam Langley char *peer_psk_identity_hint; 502d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 503d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* new_mac_secret_size is unused and exists only until wpa_supplicant can 504d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * be updated. It is only needed for EAP-FAST, which we don't support. */ 505d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t new_mac_secret_size; 506e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley 507e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley /* Client-only: in_false_start is one if there is a pending handshake in 508e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley * False Start. The client may write data at this point. */ 509e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley char in_false_start; 510d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } tmp; 511d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 512d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Connection binding to prevent renegotiation attacks */ 513d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t previous_client_finished[EVP_MAX_MD_SIZE]; 514d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t previous_client_finished_len; 515d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t previous_server_finished[EVP_MAX_MD_SIZE]; 516d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t previous_server_finished_len; 517d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int send_connection_binding; /* TODOEKR */ 518d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 519d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Set if we saw the Next Protocol Negotiation extension from our peer. */ 520d9e397b599b13d642138480a28c14db7a136bf0Adam Langley int next_proto_neg_seen; 521d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 522d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* ALPN information 523d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (we are in the process of transitioning from NPN to ALPN.) */ 524d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 525d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* In a server these point to the selected ALPN protocol after the 526d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ClientHello has been processed. In a client these contain the protocol 527d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * that the server selected once the ServerHello has been processed. */ 528d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t *alpn_selected; 529d9e397b599b13d642138480a28c14db7a136bf0Adam Langley size_t alpn_selected_len; 530d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 531d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* In a client, this means that the server supported Channel ID and that a 532d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Channel ID was sent. In a server it means that we echoed support for 533d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Channel IDs and that tlsext_channel_id will be valid after the 534d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * handshake. */ 535d9e397b599b13d642138480a28c14db7a136bf0Adam Langley char tlsext_channel_id_valid; 536d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* tlsext_channel_id_new means that the updated Channel ID extension was 537d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * negotiated. This is a temporary hack in the code to support both forms of 538d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Channel ID extension while we transition to the new format, which fixed a 539d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * security issue. */ 540d9e397b599b13d642138480a28c14db7a136bf0Adam Langley char tlsext_channel_id_new; 541d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* For a server: 542d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * If |tlsext_channel_id_valid| is true, then this contains the 543d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * verified Channel ID from the client: a P256 point, (x,y), where 544d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * each are big-endian values. */ 545d9e397b599b13d642138480a28c14db7a136bf0Adam Langley uint8_t tlsext_channel_id[64]; 546d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} SSL3_STATE; 547d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 548d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* SSLv3 */ 549d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* client */ 550d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* extra state */ 551d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_FLUSH (0x100 | SSL_ST_CONNECT) 552e9ada863a7b3e81f5d2b1e3bdd2305da902a87f5Adam Langley#define SSL3_ST_FALSE_START (0x101 | SSL_ST_CONNECT) 553d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* write to server */ 554d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CLNT_HELLO_A (0x110 | SSL_ST_CONNECT) 555d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CLNT_HELLO_B (0x111 | SSL_ST_CONNECT) 556d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* read from server */ 557d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_SRVR_HELLO_A (0x120 | SSL_ST_CONNECT) 558d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_SRVR_HELLO_B (0x121 | SSL_ST_CONNECT) 559d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126 | SSL_ST_CONNECT) 560d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127 | SSL_ST_CONNECT) 561d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_CERT_A (0x130 | SSL_ST_CONNECT) 562d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_CERT_B (0x131 | SSL_ST_CONNECT) 563d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_KEY_EXCH_A (0x140 | SSL_ST_CONNECT) 564d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_KEY_EXCH_B (0x141 | SSL_ST_CONNECT) 565d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_CERT_REQ_A (0x150 | SSL_ST_CONNECT) 566d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_CERT_REQ_B (0x151 | SSL_ST_CONNECT) 567d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_SRVR_DONE_A (0x160 | SSL_ST_CONNECT) 568d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_SRVR_DONE_B (0x161 | SSL_ST_CONNECT) 569d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* write to server */ 570d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CERT_A (0x170 | SSL_ST_CONNECT) 571d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CERT_B (0x171 | SSL_ST_CONNECT) 572d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CERT_C (0x172 | SSL_ST_CONNECT) 573d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CERT_D (0x173 | SSL_ST_CONNECT) 574d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_KEY_EXCH_A (0x180 | SSL_ST_CONNECT) 575d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_KEY_EXCH_B (0x181 | SSL_ST_CONNECT) 576d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CERT_VRFY_A (0x190 | SSL_ST_CONNECT) 577d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CERT_VRFY_B (0x191 | SSL_ST_CONNECT) 578d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CHANGE_A (0x1A0 | SSL_ST_CONNECT) 579d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CHANGE_B (0x1A1 | SSL_ST_CONNECT) 580d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_NEXT_PROTO_A (0x200 | SSL_ST_CONNECT) 581d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_NEXT_PROTO_B (0x201 | SSL_ST_CONNECT) 582d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CHANNEL_ID_A (0x220 | SSL_ST_CONNECT) 583d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_CHANNEL_ID_B (0x221 | SSL_ST_CONNECT) 584d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_FINISHED_A (0x1B0 | SSL_ST_CONNECT) 585d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CW_FINISHED_B (0x1B1 | SSL_ST_CONNECT) 586d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* read from server */ 587d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_CHANGE (0x1C0 | SSL_ST_CONNECT) 588d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_FINISHED_A (0x1D0 | SSL_ST_CONNECT) 589d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_FINISHED_B (0x1D1 | SSL_ST_CONNECT) 590d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0 | SSL_ST_CONNECT) 591d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1 | SSL_ST_CONNECT) 592d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_CERT_STATUS_A (0x1F0 | SSL_ST_CONNECT) 593d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_CR_CERT_STATUS_B (0x1F1 | SSL_ST_CONNECT) 594d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 595d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* server */ 596d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* extra state */ 597d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_FLUSH (0x100 | SSL_ST_ACCEPT) 598d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* read from client */ 599d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_INITIAL_BYTES (0x240 | SSL_ST_ACCEPT) 600d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_V2_CLIENT_HELLO (0x241 | SSL_ST_ACCEPT) 601d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Do not change the number values, they do matter */ 602d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CLNT_HELLO_A (0x110 | SSL_ST_ACCEPT) 603d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CLNT_HELLO_B (0x111 | SSL_ST_ACCEPT) 604d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CLNT_HELLO_C (0x112 | SSL_ST_ACCEPT) 605d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CLNT_HELLO_D (0x115 | SSL_ST_ACCEPT) 606d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* write to client */ 607d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_HELLO_REQ_A (0x120 | SSL_ST_ACCEPT) 608d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_HELLO_REQ_B (0x121 | SSL_ST_ACCEPT) 609d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_HELLO_REQ_C (0x122 | SSL_ST_ACCEPT) 610d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_SRVR_HELLO_A (0x130 | SSL_ST_ACCEPT) 611d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_SRVR_HELLO_B (0x131 | SSL_ST_ACCEPT) 612d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_CERT_A (0x140 | SSL_ST_ACCEPT) 613d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_CERT_B (0x141 | SSL_ST_ACCEPT) 614d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_KEY_EXCH_A (0x150 | SSL_ST_ACCEPT) 615d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_KEY_EXCH_B (0x151 | SSL_ST_ACCEPT) 616d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_CERT_REQ_A (0x160 | SSL_ST_ACCEPT) 617d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_CERT_REQ_B (0x161 | SSL_ST_ACCEPT) 618d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_SRVR_DONE_A (0x170 | SSL_ST_ACCEPT) 619d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_SRVR_DONE_B (0x171 | SSL_ST_ACCEPT) 620d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* read from client */ 621d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CERT_A (0x180 | SSL_ST_ACCEPT) 622d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CERT_B (0x181 | SSL_ST_ACCEPT) 623d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_KEY_EXCH_A (0x190 | SSL_ST_ACCEPT) 624d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_KEY_EXCH_B (0x191 | SSL_ST_ACCEPT) 625d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CERT_VRFY_A (0x1A0 | SSL_ST_ACCEPT) 626d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CERT_VRFY_B (0x1A1 | SSL_ST_ACCEPT) 627d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CHANGE (0x1B0 | SSL_ST_ACCEPT) 628d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_NEXT_PROTO_A (0x210 | SSL_ST_ACCEPT) 629d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_NEXT_PROTO_B (0x211 | SSL_ST_ACCEPT) 630d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CHANNEL_ID_A (0x230 | SSL_ST_ACCEPT) 631d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_CHANNEL_ID_B (0x231 | SSL_ST_ACCEPT) 632d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_FINISHED_A (0x1C0 | SSL_ST_ACCEPT) 633d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SR_FINISHED_B (0x1C1 | SSL_ST_ACCEPT) 634d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 635d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* write to client */ 636d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_CHANGE_A (0x1D0 | SSL_ST_ACCEPT) 637d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_CHANGE_B (0x1D1 | SSL_ST_ACCEPT) 638d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_FINISHED_A (0x1E0 | SSL_ST_ACCEPT) 639d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_FINISHED_B (0x1E1 | SSL_ST_ACCEPT) 640d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0 | SSL_ST_ACCEPT) 641d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1 | SSL_ST_ACCEPT) 642d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_CERT_STATUS_A (0x200 | SSL_ST_ACCEPT) 643d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_CERT_STATUS_B (0x201 | SSL_ST_ACCEPT) 644d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x220 | SSL_ST_ACCEPT) 645d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x221 | SSL_ST_ACCEPT) 646d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 647d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_HELLO_REQUEST 0 648d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_CLIENT_HELLO 1 649d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_SERVER_HELLO 2 650d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_NEWSESSION_TICKET 4 651d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_CERTIFICATE 11 652d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_SERVER_KEY_EXCHANGE 12 653d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_CERTIFICATE_REQUEST 13 654d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_SERVER_DONE 14 655d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_CERTIFICATE_VERIFY 15 656d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 657d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_FINISHED 20 658d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_CERTIFICATE_STATUS 22 659d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_SUPPLEMENTAL_DATA 23 660d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_NEXT_PROTO 67 661d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_ENCRYPTED_EXTENSIONS 203 662d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 663d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 664d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 665d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_MT_CCS 1 666d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 667d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* These are used when changing over to a new cipher */ 668d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CC_READ 0x01 669d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CC_WRITE 0x02 670d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CC_CLIENT 0x10 671d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CC_SERVER 0x20 672d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT | SSL3_CC_WRITE) 673d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER | SSL3_CC_READ) 674d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT | SSL3_CC_READ) 675d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER | SSL3_CC_WRITE) 676d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 677d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 678d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#ifdef __cplusplus 679d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 680d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif 681d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#endif 682