|
Eneboo - Documentación para desarrolladores
|
src/libdigidoc/openssl/include/openssl/ssl3.h
Ir a la documentación de este archivo.
00001 /* ssl/ssl3.h */ 00002 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 00003 * All rights reserved. 00004 * 00005 * This package is an SSL implementation written 00006 * by Eric Young (eay@cryptsoft.com). 00007 * The implementation was written so as to conform with Netscapes SSL. 00008 * 00009 * This library is free for commercial and non-commercial use as long as 00010 * the following conditions are aheared to. The following conditions 00011 * apply to all code found in this distribution, be it the RC4, RSA, 00012 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 00013 * included with this distribution is covered by the same copyright terms 00014 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 00015 * 00016 * Copyright remains Eric Young's, and as such any Copyright notices in 00017 * the code are not to be removed. 00018 * If this package is used in a product, Eric Young should be given attribution 00019 * as the author of the parts of the library used. 00020 * This can be in the form of a textual message at program startup or 00021 * in documentation (online or textual) provided with the package. 00022 * 00023 * Redistribution and use in source and binary forms, with or without 00024 * modification, are permitted provided that the following conditions 00025 * are met: 00026 * 1. Redistributions of source code must retain the copyright 00027 * notice, this list of conditions and the following disclaimer. 00028 * 2. Redistributions in binary form must reproduce the above copyright 00029 * notice, this list of conditions and the following disclaimer in the 00030 * documentation and/or other materials provided with the distribution. 00031 * 3. All advertising materials mentioning features or use of this software 00032 * must display the following acknowledgement: 00033 * "This product includes cryptographic software written by 00034 * Eric Young (eay@cryptsoft.com)" 00035 * The word 'cryptographic' can be left out if the rouines from the library 00036 * being used are not cryptographic related :-). 00037 * 4. If you include any Windows specific code (or a derivative thereof) from 00038 * the apps directory (application code) you must include an acknowledgement: 00039 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 00040 * 00041 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 00042 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00043 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00044 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 00045 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00046 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 00047 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00048 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 00049 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 00050 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 00051 * SUCH DAMAGE. 00052 * 00053 * The licence and distribution terms for any publically available version or 00054 * derivative of this code cannot be changed. i.e. this code cannot simply be 00055 * copied and put under another distribution licence 00056 * [including the GNU Public Licence.] 00057 */ 00058 /* ==================================================================== 00059 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 00060 * 00061 * Redistribution and use in source and binary forms, with or without 00062 * modification, are permitted provided that the following conditions 00063 * are met: 00064 * 00065 * 1. Redistributions of source code must retain the above copyright 00066 * notice, this list of conditions and the following disclaimer. 00067 * 00068 * 2. Redistributions in binary form must reproduce the above copyright 00069 * notice, this list of conditions and the following disclaimer in 00070 * the documentation and/or other materials provided with the 00071 * distribution. 00072 * 00073 * 3. All advertising materials mentioning features or use of this 00074 * software must display the following acknowledgment: 00075 * "This product includes software developed by the OpenSSL Project 00076 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 00077 * 00078 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 00079 * endorse or promote products derived from this software without 00080 * prior written permission. For written permission, please contact 00081 * openssl-core@openssl.org. 00082 * 00083 * 5. Products derived from this software may not be called "OpenSSL" 00084 * nor may "OpenSSL" appear in their names without prior written 00085 * permission of the OpenSSL Project. 00086 * 00087 * 6. Redistributions of any form whatsoever must retain the following 00088 * acknowledgment: 00089 * "This product includes software developed by the OpenSSL Project 00090 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 00091 * 00092 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 00093 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00094 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 00095 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 00096 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00097 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 00098 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 00099 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 00101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 00102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 00103 * OF THE POSSIBILITY OF SUCH DAMAGE. 00104 * ==================================================================== 00105 * 00106 * This product includes cryptographic software written by Eric Young 00107 * (eay@cryptsoft.com). This product includes software written by Tim 00108 * Hudson (tjh@cryptsoft.com). 00109 * 00110 */ 00111 /* ==================================================================== 00112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 00113 * ECC cipher suite support in OpenSSL originally developed by 00114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 00115 */ 00116 00117 #ifndef HEADER_SSL3_H 00118 #define HEADER_SSL3_H 00119 00120 #ifndef OPENSSL_NO_COMP 00121 #include <openssl/comp.h> 00122 #endif 00123 #include <openssl/buffer.h> 00124 #include <openssl/evp.h> 00125 #include <openssl/ssl.h> 00126 #include <openssl/pq_compat.h> 00127 00128 #ifdef __cplusplus 00129 extern "C" { 00130 #endif 00131 00132 /* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ 00133 #define SSL3_CK_SCSV 0x030000FF 00134 00135 #define SSL3_CK_RSA_NULL_MD5 0x03000001 00136 #define SSL3_CK_RSA_NULL_SHA 0x03000002 00137 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 00138 #define SSL3_CK_RSA_RC4_128_MD5 0x03000004 00139 #define SSL3_CK_RSA_RC4_128_SHA 0x03000005 00140 #define SSL3_CK_RSA_RC2_40_MD5 0x03000006 00141 #define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 00142 #define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 00143 #define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 00144 #define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A 00145 00146 #define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B 00147 #define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C 00148 #define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D 00149 #define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E 00150 #define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F 00151 #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 00152 00153 #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 00154 #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 00155 #define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 00156 #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 00157 #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 00158 #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 00159 00160 #define SSL3_CK_ADH_RC4_40_MD5 0x03000017 00161 #define SSL3_CK_ADH_RC4_128_MD5 0x03000018 00162 #define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 00163 #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A 00164 #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B 00165 00166 #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C 00167 #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D 00168 #if 0 /* Because it clashes with KRB5, is never used any more, and is safe 00169 to remove according to David Hopwood <david.hopwood@zetnet.co.uk> 00170 of the ietf-tls list */ 00171 #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E 00172 #endif 00173 00174 /* VRS Additional Kerberos5 entries 00175 */ 00176 #define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E 00177 #define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F 00178 #define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 00179 #define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 00180 #define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 00181 #define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 00182 #define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 00183 #define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 00184 00185 #define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 00186 #define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 00187 #define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 00188 #define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 00189 #define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A 00190 #define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B 00191 00192 #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" 00193 #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" 00194 #define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" 00195 #define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" 00196 #define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" 00197 #define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" 00198 #define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" 00199 #define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" 00200 #define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" 00201 #define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" 00202 00203 #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" 00204 #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" 00205 #define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" 00206 #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" 00207 #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" 00208 #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" 00209 00210 #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" 00211 #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" 00212 #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" 00213 #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" 00214 #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" 00215 #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" 00216 00217 #define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" 00218 #define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" 00219 #define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" 00220 #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" 00221 #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" 00222 00223 #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" 00224 #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" 00225 #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" 00226 00227 #define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" 00228 #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" 00229 #define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" 00230 #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" 00231 #define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" 00232 #define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" 00233 #define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" 00234 #define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" 00235 00236 #define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" 00237 #define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" 00238 #define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" 00239 #define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" 00240 #define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" 00241 #define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" 00242 00243 #define SSL3_SSL_SESSION_ID_LENGTH 32 00244 #define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 00245 00246 #define SSL3_MASTER_SECRET_SIZE 48 00247 #define SSL3_RANDOM_SIZE 32 00248 #define SSL3_SESSION_ID_SIZE 32 00249 #define SSL3_RT_HEADER_LENGTH 5 00250 00251 /* Due to MS stuffing up, this can change.... */ 00252 #if defined(OPENSSL_SYS_WIN16) || \ 00253 (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) 00254 #define SSL3_RT_MAX_EXTRA (14000) 00255 #else 00256 #define SSL3_RT_MAX_EXTRA (16384) 00257 #endif 00258 00259 #define SSL3_RT_MAX_PLAIN_LENGTH 16384 00260 #ifdef OPENSSL_NO_COMP 00261 #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH 00262 #else 00263 #define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) 00264 #endif 00265 #define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) 00266 #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) 00267 #define SSL3_RT_MAX_DATA_SIZE (1024*1024) 00268 00269 #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" 00270 #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" 00271 00272 #define SSL3_VERSION 0x0300 00273 #define SSL3_VERSION_MAJOR 0x03 00274 #define SSL3_VERSION_MINOR 0x00 00275 00276 #define SSL3_RT_CHANGE_CIPHER_SPEC 20 00277 #define SSL3_RT_ALERT 21 00278 #define SSL3_RT_HANDSHAKE 22 00279 #define SSL3_RT_APPLICATION_DATA 23 00280 00281 #define SSL3_AL_WARNING 1 00282 #define SSL3_AL_FATAL 2 00283 00284 #define SSL3_AD_CLOSE_NOTIFY 0 00285 #define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ 00286 #define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ 00287 #define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ 00288 #define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ 00289 #define SSL3_AD_NO_CERTIFICATE 41 00290 #define SSL3_AD_BAD_CERTIFICATE 42 00291 #define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 00292 #define SSL3_AD_CERTIFICATE_REVOKED 44 00293 #define SSL3_AD_CERTIFICATE_EXPIRED 45 00294 #define SSL3_AD_CERTIFICATE_UNKNOWN 46 00295 #define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ 00296 00297 typedef struct ssl3_record_st 00298 { 00299 /*r */ int type; /* type of record */ 00300 /*rw*/ unsigned int length; /* How many bytes available */ 00301 /*r */ unsigned int off; /* read/write offset into 'buf' */ 00302 /*rw*/ unsigned char *data; /* pointer to the record data */ 00303 /*rw*/ unsigned char *input; /* where the decode bytes are */ 00304 /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ 00305 /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ 00306 /*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ 00307 } SSL3_RECORD; 00308 00309 typedef struct ssl3_buffer_st 00310 { 00311 unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, 00312 * see ssl3_setup_buffers() */ 00313 size_t len; /* buffer size */ 00314 int offset; /* where to 'copy from' */ 00315 int left; /* how many bytes left */ 00316 } SSL3_BUFFER; 00317 00318 #define SSL3_CT_RSA_SIGN 1 00319 #define SSL3_CT_DSS_SIGN 2 00320 #define SSL3_CT_RSA_FIXED_DH 3 00321 #define SSL3_CT_DSS_FIXED_DH 4 00322 #define SSL3_CT_RSA_EPHEMERAL_DH 5 00323 #define SSL3_CT_DSS_EPHEMERAL_DH 6 00324 #define SSL3_CT_FORTEZZA_DMS 20 00325 /* SSL3_CT_NUMBER is used to size arrays and it must be large 00326 * enough to contain all of the cert types defined either for 00327 * SSLv3 and TLSv1. 00328 */ 00329 #define SSL3_CT_NUMBER 7 00330 00331 00332 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 00333 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 00334 #define SSL3_FLAGS_POP_BUFFER 0x0004 00335 #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 00336 00337 typedef struct ssl3_state_st 00338 { 00339 long flags; 00340 int delay_buf_pop_ret; 00341 00342 unsigned char read_sequence[8]; 00343 unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; 00344 unsigned char write_sequence[8]; 00345 unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; 00346 00347 unsigned char server_random[SSL3_RANDOM_SIZE]; 00348 unsigned char client_random[SSL3_RANDOM_SIZE]; 00349 00350 /* flags for countermeasure against known-IV weakness */ 00351 int need_empty_fragments; 00352 int empty_fragment_done; 00353 00354 SSL3_BUFFER rbuf; /* read IO goes into here */ 00355 SSL3_BUFFER wbuf; /* write IO goes into here */ 00356 00357 SSL3_RECORD rrec; /* each decoded record goes in here */ 00358 SSL3_RECORD wrec; /* goes out from here */ 00359 00360 /* storage for Alert/Handshake protocol data received but not 00361 * yet processed by ssl3_read_bytes: */ 00362 unsigned char alert_fragment[2]; 00363 unsigned int alert_fragment_len; 00364 unsigned char handshake_fragment[4]; 00365 unsigned int handshake_fragment_len; 00366 00367 /* partial write - check the numbers match */ 00368 unsigned int wnum; /* number of bytes sent so far */ 00369 int wpend_tot; /* number bytes written */ 00370 int wpend_type; 00371 int wpend_ret; /* number of bytes submitted */ 00372 const unsigned char *wpend_buf; 00373 00374 /* used during startup, digest all incoming/outgoing packets */ 00375 EVP_MD_CTX finish_dgst1; 00376 EVP_MD_CTX finish_dgst2; 00377 00378 /* this is set whenerver we see a change_cipher_spec message 00379 * come in when we are not looking for one */ 00380 int change_cipher_spec; 00381 00382 int warn_alert; 00383 int fatal_alert; 00384 /* we allow one fatal and one warning alert to be outstanding, 00385 * send close alert via the warning alert */ 00386 int alert_dispatch; 00387 unsigned char send_alert[2]; 00388 00389 /* This flag is set when we should renegotiate ASAP, basically when 00390 * there is no more data in the read or write buffers */ 00391 int renegotiate; 00392 int total_renegotiations; 00393 int num_renegotiations; 00394 00395 int in_read_app_data; 00396 00397 struct { 00398 /* actually only needs to be 16+20 */ 00399 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; 00400 00401 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ 00402 unsigned char finish_md[EVP_MAX_MD_SIZE*2]; 00403 int finish_md_len; 00404 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; 00405 int peer_finish_md_len; 00406 00407 unsigned long message_size; 00408 int message_type; 00409 00410 /* used to hold the new cipher we are going to use */ 00411 SSL_CIPHER *new_cipher; 00412 #ifndef OPENSSL_NO_DH 00413 DH *dh; 00414 #endif 00415 00416 #ifndef OPENSSL_NO_ECDH 00417 EC_KEY *ecdh; /* holds short lived ECDH key */ 00418 #endif 00419 00420 /* used when SSL_ST_FLUSH_DATA is entered */ 00421 int next_state; 00422 00423 int reuse_message; 00424 00425 /* used for certificate requests */ 00426 int cert_req; 00427 int ctype_num; 00428 char ctype[SSL3_CT_NUMBER]; 00429 STACK_OF(X509_NAME) *ca_names; 00430 00431 int use_rsa_tmp; 00432 00433 int key_block_length; 00434 unsigned char *key_block; 00435 00436 const EVP_CIPHER *new_sym_enc; 00437 const EVP_MD *new_hash; 00438 #ifndef OPENSSL_NO_COMP 00439 const SSL_COMP *new_compression; 00440 #else 00441 char *new_compression; 00442 #endif 00443 int cert_request; 00444 } tmp; 00445 00446 /* Connection binding to prevent renegotiation attacks */ 00447 unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; 00448 unsigned char previous_client_finished_len; 00449 unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; 00450 unsigned char previous_server_finished_len; 00451 int send_connection_binding; /* TODOEKR */ 00452 } SSL3_STATE; 00453 00454 00455 /* SSLv3 */ 00456 /*client */ 00457 /* extra state */ 00458 #define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) 00459 /* write to server */ 00460 #define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) 00461 #define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) 00462 /* read from server */ 00463 #define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) 00464 #define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) 00465 #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) 00466 #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) 00467 #define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) 00468 #define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) 00469 #define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) 00470 #define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) 00471 #define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) 00472 #define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) 00473 #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) 00474 #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) 00475 /* write to server */ 00476 #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) 00477 #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) 00478 #define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) 00479 #define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) 00480 #define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) 00481 #define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) 00482 #define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) 00483 #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) 00484 #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) 00485 #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) 00486 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) 00487 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) 00488 /* read from server */ 00489 #define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) 00490 #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) 00491 #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) 00492 #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) 00493 #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) 00494 #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) 00495 #define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) 00496 #define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) 00497 00498 /* server */ 00499 /* extra state */ 00500 #define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) 00501 /* read from client */ 00502 /* Do not change the number values, they do matter */ 00503 #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) 00504 #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) 00505 #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) 00506 /* write to client */ 00507 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) 00508 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) 00509 #define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) 00510 #define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) 00511 #define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) 00512 #define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) 00513 #define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) 00514 #define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) 00515 #define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) 00516 #define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) 00517 #define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) 00518 #define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) 00519 #define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) 00520 #define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) 00521 #define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) 00522 /* read from client */ 00523 #define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) 00524 #define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) 00525 #define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) 00526 #define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) 00527 #define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) 00528 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) 00529 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) 00530 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) 00531 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) 00532 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) 00533 /* write to client */ 00534 #define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) 00535 #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) 00536 #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) 00537 #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) 00538 #define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) 00539 #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) 00540 #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) 00541 #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) 00542 00543 #define SSL3_MT_HELLO_REQUEST 0 00544 #define SSL3_MT_CLIENT_HELLO 1 00545 #define SSL3_MT_SERVER_HELLO 2 00546 #define SSL3_MT_NEWSESSION_TICKET 4 00547 #define SSL3_MT_CERTIFICATE 11 00548 #define SSL3_MT_SERVER_KEY_EXCHANGE 12 00549 #define SSL3_MT_CERTIFICATE_REQUEST 13 00550 #define SSL3_MT_SERVER_DONE 14 00551 #define SSL3_MT_CERTIFICATE_VERIFY 15 00552 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 00553 #define SSL3_MT_FINISHED 20 00554 #define SSL3_MT_CERTIFICATE_STATUS 22 00555 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 00556 00557 00558 #define SSL3_MT_CCS 1 00559 00560 /* These are used when changing over to a new cipher */ 00561 #define SSL3_CC_READ 0x01 00562 #define SSL3_CC_WRITE 0x02 00563 #define SSL3_CC_CLIENT 0x10 00564 #define SSL3_CC_SERVER 0x20 00565 #define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) 00566 #define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) 00567 #define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) 00568 #define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) 00569 00570 #ifdef __cplusplus 00571 } 00572 #endif 00573 #endif 00574
