ssl3.h

Go to the documentation of this file.
00001 /* ssl/ssl3.h */
00002 /* Copyright (C) 1995-1998 Eric Young ([email protected])
00003  * All rights reserved.
00004  *
00005  * This package is an SSL implementation written
00006  * by Eric Young ([email protected]).
00007  * The implementation was written so as to conform with Netscapes SSL.
00008  * 
00009  * This library is free for commercial and non-commercial use as long as
00010  * the following conditions are aheared to.  The following conditions
00011  * apply to all code found in this distribution, be it the RC4, RSA,
00012  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
00013  * included with this distribution is covered by the same copyright terms
00014  * except that the holder is Tim Hudson ([email protected]).
00015  * 
00016  * Copyright remains Eric Young's, and as such any Copyright notices in
00017  * the code are not to be removed.
00018  * If this package is used in a product, Eric Young should be given attribution
00019  * as the author of the parts of the library used.
00020  * This can be in the form of a textual message at program startup or
00021  * in documentation (online or textual) provided with the package.
00022  * 
00023  * Redistribution and use in source and binary forms, with or without
00024  * modification, are permitted provided that the following conditions
00025  * are met:
00026  * 1. Redistributions of source code must retain the copyright
00027  *    notice, this list of conditions and the following disclaimer.
00028  * 2. Redistributions in binary form must reproduce the above copyright
00029  *    notice, this list of conditions and the following disclaimer in the
00030  *    documentation and/or other materials provided with the distribution.
00031  * 3. All advertising materials mentioning features or use of this software
00032  *    must display the following acknowledgement:
00033  *    "This product includes cryptographic software written by
00034  *     Eric Young ([email protected])"
00035  *    The word 'cryptographic' can be left out if the rouines from the library
00036  *    being used are not cryptographic related :-).
00037  * 4. If you include any Windows specific code (or a derivative thereof) from 
00038  *    the apps directory (application code) you must include an acknowledgement:
00039  *    "This product includes software written by Tim Hudson ([email protected])"
00040  * 
00041  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
00042  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00043  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00044  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
00045  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
00046  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
00047  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00048  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
00049  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
00050  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
00051  * SUCH DAMAGE.
00052  * 
00053  * The licence and distribution terms for any publically available version or
00054  * derivative of this code cannot be changed.  i.e. this code cannot simply be
00055  * copied and put under another distribution licence
00056  * [including the GNU Public Licence.]
00057  */
00058 /* ====================================================================
00059  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
00060  *
00061  * Redistribution and use in source and binary forms, with or without
00062  * modification, are permitted provided that the following conditions
00063  * are met:
00064  *
00065  * 1. Redistributions of source code must retain the above copyright
00066  *    notice, this list of conditions and the following disclaimer. 
00067  *
00068  * 2. Redistributions in binary form must reproduce the above copyright
00069  *    notice, this list of conditions and the following disclaimer in
00070  *    the documentation and/or other materials provided with the
00071  *    distribution.
00072  *
00073  * 3. All advertising materials mentioning features or use of this
00074  *    software must display the following acknowledgment:
00075  *    "This product includes software developed by the OpenSSL Project
00076  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
00077  *
00078  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
00079  *    endorse or promote products derived from this software without
00080  *    prior written permission. For written permission, please contact
00081  *    [email protected]
00082  *
00083  * 5. Products derived from this software may not be called "OpenSSL"
00084  *    nor may "OpenSSL" appear in their names without prior written
00085  *    permission of the OpenSSL Project.
00086  *
00087  * 6. Redistributions of any form whatsoever must retain the following
00088  *    acknowledgment:
00089  *    "This product includes software developed by the OpenSSL Project
00090  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
00091  *
00092  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
00093  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00094  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
00095  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
00096  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00097  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
00098  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
00099  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
00101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
00103  * OF THE POSSIBILITY OF SUCH DAMAGE.
00104  * ====================================================================
00105  *
00106  * This product includes cryptographic software written by Eric Young
00107  * ([email protected]).  This product includes software written by Tim
00108  * Hudson ([email protected]).
00109  *
00110  */
00111 /* ====================================================================
00112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
00113  * ECC cipher suite support in OpenSSL originally developed by 
00114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
00115  */
00116 
00117 #ifndef HEADER_SSL3_H 
00118 #define HEADER_SSL3_H 
00119 
00120 #ifndef OPENSSL_NO_COMP
00121 #include <openssl/comp.h>
00122 #endif
00123 #include <openssl/buffer.h>
00124 #include <openssl/evp.h>
00125 #include <openssl/ssl.h>
00126 #include <openssl/pq_compat.h>
00127 
00128 #ifdef  __cplusplus
00129 extern "C" {
00130 #endif
00131 
00132 #define SSL3_CK_RSA_NULL_MD5                    0x03000001
00133 #define SSL3_CK_RSA_NULL_SHA                    0x03000002
00134 #define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
00135 #define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
00136 #define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
00137 #define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
00138 #define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
00139 #define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
00140 #define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
00141 #define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
00142 
00143 #define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
00144 #define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
00145 #define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
00146 #define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
00147 #define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
00148 #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
00149 
00150 #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          0x03000011
00151 #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          0x03000012
00152 #define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        0x03000013
00153 #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          0x03000014
00154 #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          0x03000015
00155 #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        0x03000016
00156 
00157 #define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
00158 #define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
00159 #define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
00160 #define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
00161 #define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
00162 
00163 #define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
00164 #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
00165 #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
00166          to remove according to David Hopwood <[email protected]>
00167          of the ietf-tls list */
00168 #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
00169 #endif
00170 
00171 /*    VRS Additional Kerberos5 entries
00172  */
00173 #define SSL3_CK_KRB5_DES_64_CBC_SHA             0x0300001E
00174 #define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x0300001F
00175 #define SSL3_CK_KRB5_RC4_128_SHA                0x03000020
00176 #define SSL3_CK_KRB5_IDEA_128_CBC_SHA           0x03000021
00177 #define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000022
00178 #define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000023
00179 #define SSL3_CK_KRB5_RC4_128_MD5                0x03000024
00180 #define SSL3_CK_KRB5_IDEA_128_CBC_MD5           0x03000025
00181 
00182 #define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000026
00183 #define SSL3_CK_KRB5_RC2_40_CBC_SHA             0x03000027
00184 #define SSL3_CK_KRB5_RC4_40_SHA                 0x03000028
00185 #define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000029
00186 #define SSL3_CK_KRB5_RC2_40_CBC_MD5             0x0300002A
00187 #define SSL3_CK_KRB5_RC4_40_MD5                 0x0300002B
00188 
00189 #define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
00190 #define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
00191 #define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
00192 #define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
00193 #define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
00194 #define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
00195 #define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
00196 #define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
00197 #define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
00198 #define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
00199 
00200 #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
00201 #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
00202 #define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
00203 #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
00204 #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
00205 #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
00206 
00207 #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
00208 #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
00209 #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
00210 #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
00211 #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
00212 #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
00213 
00214 #define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
00215 #define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
00216 #define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
00217 #define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
00218 #define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
00219 
00220 #define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
00221 #define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
00222 #define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
00223 
00224 #define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
00225 #define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
00226 #define SSL3_TXT_KRB5_RC4_128_SHA               "KRB5-RC4-SHA"
00227 #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA          "KRB5-IDEA-CBC-SHA"
00228 #define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
00229 #define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
00230 #define SSL3_TXT_KRB5_RC4_128_MD5               "KRB5-RC4-MD5"
00231 #define SSL3_TXT_KRB5_IDEA_128_CBC_MD5          "KRB5-IDEA-CBC-MD5"
00232 
00233 #define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
00234 #define SSL3_TXT_KRB5_RC2_40_CBC_SHA            "EXP-KRB5-RC2-CBC-SHA"
00235 #define SSL3_TXT_KRB5_RC4_40_SHA                "EXP-KRB5-RC4-SHA"
00236 #define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
00237 #define SSL3_TXT_KRB5_RC2_40_CBC_MD5            "EXP-KRB5-RC2-CBC-MD5"
00238 #define SSL3_TXT_KRB5_RC4_40_MD5                "EXP-KRB5-RC4-MD5"
00239 
00240 #define SSL3_SSL_SESSION_ID_LENGTH              32
00241 #define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
00242 
00243 #define SSL3_MASTER_SECRET_SIZE                 48
00244 #define SSL3_RANDOM_SIZE                        32
00245 #define SSL3_SESSION_ID_SIZE                    32
00246 #define SSL3_RT_HEADER_LENGTH                   5
00247 
00248 /* Due to MS stuffing up, this can change.... */
00249 #if defined(OPENSSL_SYS_WIN16) || \
00250         (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
00251 #define SSL3_RT_MAX_EXTRA                       (14000)
00252 #else
00253 #define SSL3_RT_MAX_EXTRA                       (16384)
00254 #endif
00255 
00256 #define SSL3_RT_MAX_PLAIN_LENGTH                16384
00257 #ifdef OPENSSL_NO_COMP
00258 #define SSL3_RT_MAX_COMPRESSED_LENGTH   SSL3_RT_MAX_PLAIN_LENGTH
00259 #else
00260 #define SSL3_RT_MAX_COMPRESSED_LENGTH   (1024+SSL3_RT_MAX_PLAIN_LENGTH)
00261 #endif
00262 #define SSL3_RT_MAX_ENCRYPTED_LENGTH    (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
00263 #define SSL3_RT_MAX_PACKET_SIZE         (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
00264 #define SSL3_RT_MAX_DATA_SIZE                   (1024*1024)
00265 
00266 #define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
00267 #define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
00268 
00269 #define SSL3_VERSION                    0x0300
00270 #define SSL3_VERSION_MAJOR              0x03
00271 #define SSL3_VERSION_MINOR              0x00
00272 
00273 #define SSL3_RT_CHANGE_CIPHER_SPEC      20
00274 #define SSL3_RT_ALERT                   21
00275 #define SSL3_RT_HANDSHAKE               22
00276 #define SSL3_RT_APPLICATION_DATA        23
00277 
00278 #define SSL3_AL_WARNING                 1
00279 #define SSL3_AL_FATAL                   2
00280 
00281 #define SSL3_AD_CLOSE_NOTIFY             0
00282 #define SSL3_AD_UNEXPECTED_MESSAGE      10      /* fatal */
00283 #define SSL3_AD_BAD_RECORD_MAC          20      /* fatal */
00284 #define SSL3_AD_DECOMPRESSION_FAILURE   30      /* fatal */
00285 #define SSL3_AD_HANDSHAKE_FAILURE       40      /* fatal */
00286 #define SSL3_AD_NO_CERTIFICATE          41
00287 #define SSL3_AD_BAD_CERTIFICATE         42
00288 #define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
00289 #define SSL3_AD_CERTIFICATE_REVOKED     44
00290 #define SSL3_AD_CERTIFICATE_EXPIRED     45
00291 #define SSL3_AD_CERTIFICATE_UNKNOWN     46
00292 #define SSL3_AD_ILLEGAL_PARAMETER       47      /* fatal */
00293 
00294 typedef struct ssl3_record_st
00295         {
00296 /*r */  int type;               /* type of record */
00297 /*rw*/  unsigned int length;    /* How many bytes available */
00298 /*r */  unsigned int off;       /* read/write offset into 'buf' */
00299 /*rw*/  unsigned char *data;    /* pointer to the record data */
00300 /*rw*/  unsigned char *input;   /* where the decode bytes are */
00301 /*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
00302 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
00303 /*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
00304         } SSL3_RECORD;
00305 
00306 typedef struct ssl3_buffer_st
00307         {
00308         unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
00309                                  * see ssl3_setup_buffers() */
00310         size_t len;             /* buffer size */
00311         int offset;             /* where to 'copy from' */
00312         int left;               /* how many bytes left */
00313         } SSL3_BUFFER;
00314 
00315 #define SSL3_CT_RSA_SIGN                        1
00316 #define SSL3_CT_DSS_SIGN                        2
00317 #define SSL3_CT_RSA_FIXED_DH                    3
00318 #define SSL3_CT_DSS_FIXED_DH                    4
00319 #define SSL3_CT_RSA_EPHEMERAL_DH                5
00320 #define SSL3_CT_DSS_EPHEMERAL_DH                6
00321 #define SSL3_CT_FORTEZZA_DMS                    20
00322 /* SSL3_CT_NUMBER is used to size arrays and it must be large
00323  * enough to contain all of the cert types defined either for
00324  * SSLv3 and TLSv1.
00325  */
00326 #define SSL3_CT_NUMBER                  7
00327 
00328 
00329 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
00330 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
00331 #define SSL3_FLAGS_POP_BUFFER                   0x0004
00332 #define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
00333 
00334 typedef struct ssl3_state_st
00335         {
00336         long flags;
00337         int delay_buf_pop_ret;
00338 
00339         unsigned char read_sequence[8];
00340         unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
00341         unsigned char write_sequence[8];
00342         unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
00343 
00344         unsigned char server_random[SSL3_RANDOM_SIZE];
00345         unsigned char client_random[SSL3_RANDOM_SIZE];
00346 
00347         /* flags for countermeasure against known-IV weakness */
00348         int need_empty_fragments;
00349         int empty_fragment_done;
00350 
00351         SSL3_BUFFER rbuf;       /* read IO goes into here */
00352         SSL3_BUFFER wbuf;       /* write IO goes into here */
00353 
00354         SSL3_RECORD rrec;       /* each decoded record goes in here */
00355         SSL3_RECORD wrec;       /* goes out from here */
00356 
00357         /* storage for Alert/Handshake protocol data received but not
00358          * yet processed by ssl3_read_bytes: */
00359         unsigned char alert_fragment[2];
00360         unsigned int alert_fragment_len;
00361         unsigned char handshake_fragment[4];
00362         unsigned int handshake_fragment_len;
00363 
00364         /* partial write - check the numbers match */
00365         unsigned int wnum;      /* number of bytes sent so far */
00366         int wpend_tot;          /* number bytes written */
00367         int wpend_type;
00368         int wpend_ret;          /* number of bytes submitted */
00369         const unsigned char *wpend_buf;
00370 
00371         /* used during startup, digest all incoming/outgoing packets */
00372         EVP_MD_CTX finish_dgst1;
00373         EVP_MD_CTX finish_dgst2;
00374 
00375         /* this is set whenerver we see a change_cipher_spec message
00376          * come in when we are not looking for one */
00377         int change_cipher_spec;
00378 
00379         int warn_alert;
00380         int fatal_alert;
00381         /* we allow one fatal and one warning alert to be outstanding,
00382          * send close alert via the warning alert */
00383         int alert_dispatch;
00384         unsigned char send_alert[2];
00385 
00386         /* This flag is set when we should renegotiate ASAP, basically when
00387          * there is no more data in the read or write buffers */
00388         int renegotiate;
00389         int total_renegotiations;
00390         int num_renegotiations;
00391 
00392         int in_read_app_data;
00393 
00394         struct  {
00395                 /* actually only needs to be 16+20 */
00396                 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
00397 
00398                 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
00399                 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
00400                 int finish_md_len;
00401                 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
00402                 int peer_finish_md_len;
00403                 
00404                 unsigned long message_size;
00405                 int message_type;
00406 
00407                 /* used to hold the new cipher we are going to use */
00408                 SSL_CIPHER *new_cipher;
00409 #ifndef OPENSSL_NO_DH
00410                 DH *dh;
00411 #endif
00412 
00413 #ifndef OPENSSL_NO_ECDH
00414                 EC_KEY *ecdh; /* holds short lived ECDH key */
00415 #endif
00416 
00417                 /* used when SSL_ST_FLUSH_DATA is entered */
00418                 int next_state;                 
00419 
00420                 int reuse_message;
00421 
00422                 /* used for certificate requests */
00423                 int cert_req;
00424                 int ctype_num;
00425                 char ctype[SSL3_CT_NUMBER];
00426                 STACK_OF(X509_NAME) *ca_names;
00427 
00428                 int use_rsa_tmp;
00429 
00430                 int key_block_length;
00431                 unsigned char *key_block;
00432 
00433                 const EVP_CIPHER *new_sym_enc;
00434                 const EVP_MD *new_hash;
00435 #ifndef OPENSSL_NO_COMP
00436                 const SSL_COMP *new_compression;
00437 #else
00438                 char *new_compression;
00439 #endif
00440                 int cert_request;
00441                 } tmp;
00442 
00443         } SSL3_STATE;
00444 
00445 
00446 /* SSLv3 */
00447 /*client */
00448 /* extra state */
00449 #define SSL3_ST_CW_FLUSH                (0x100|SSL_ST_CONNECT)
00450 /* write to server */
00451 #define SSL3_ST_CW_CLNT_HELLO_A         (0x110|SSL_ST_CONNECT)
00452 #define SSL3_ST_CW_CLNT_HELLO_B         (0x111|SSL_ST_CONNECT)
00453 /* read from server */
00454 #define SSL3_ST_CR_SRVR_HELLO_A         (0x120|SSL_ST_CONNECT)
00455 #define SSL3_ST_CR_SRVR_HELLO_B         (0x121|SSL_ST_CONNECT)
00456 #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
00457 #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
00458 #define SSL3_ST_CR_CERT_A               (0x130|SSL_ST_CONNECT)
00459 #define SSL3_ST_CR_CERT_B               (0x131|SSL_ST_CONNECT)
00460 #define SSL3_ST_CR_KEY_EXCH_A           (0x140|SSL_ST_CONNECT)
00461 #define SSL3_ST_CR_KEY_EXCH_B           (0x141|SSL_ST_CONNECT)
00462 #define SSL3_ST_CR_CERT_REQ_A           (0x150|SSL_ST_CONNECT)
00463 #define SSL3_ST_CR_CERT_REQ_B           (0x151|SSL_ST_CONNECT)
00464 #define SSL3_ST_CR_SRVR_DONE_A          (0x160|SSL_ST_CONNECT)
00465 #define SSL3_ST_CR_SRVR_DONE_B          (0x161|SSL_ST_CONNECT)
00466 /* write to server */
00467 #define SSL3_ST_CW_CERT_A               (0x170|SSL_ST_CONNECT)
00468 #define SSL3_ST_CW_CERT_B               (0x171|SSL_ST_CONNECT)
00469 #define SSL3_ST_CW_CERT_C               (0x172|SSL_ST_CONNECT)
00470 #define SSL3_ST_CW_CERT_D               (0x173|SSL_ST_CONNECT)
00471 #define SSL3_ST_CW_KEY_EXCH_A           (0x180|SSL_ST_CONNECT)
00472 #define SSL3_ST_CW_KEY_EXCH_B           (0x181|SSL_ST_CONNECT)
00473 #define SSL3_ST_CW_CERT_VRFY_A          (0x190|SSL_ST_CONNECT)
00474 #define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
00475 #define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
00476 #define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
00477 #define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
00478 #define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
00479 /* read from server */
00480 #define SSL3_ST_CR_CHANGE_A             (0x1C0|SSL_ST_CONNECT)
00481 #define SSL3_ST_CR_CHANGE_B             (0x1C1|SSL_ST_CONNECT)
00482 #define SSL3_ST_CR_FINISHED_A           (0x1D0|SSL_ST_CONNECT)
00483 #define SSL3_ST_CR_FINISHED_B           (0x1D1|SSL_ST_CONNECT)
00484 
00485 /* server */
00486 /* extra state */
00487 #define SSL3_ST_SW_FLUSH                (0x100|SSL_ST_ACCEPT)
00488 /* read from client */
00489 /* Do not change the number values, they do matter */
00490 #define SSL3_ST_SR_CLNT_HELLO_A         (0x110|SSL_ST_ACCEPT)
00491 #define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
00492 #define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
00493 /* write to client */
00494 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
00495 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
00496 #define SSL3_ST_SW_HELLO_REQ_A          (0x120|SSL_ST_ACCEPT)
00497 #define SSL3_ST_SW_HELLO_REQ_B          (0x121|SSL_ST_ACCEPT)
00498 #define SSL3_ST_SW_HELLO_REQ_C          (0x122|SSL_ST_ACCEPT)
00499 #define SSL3_ST_SW_SRVR_HELLO_A         (0x130|SSL_ST_ACCEPT)
00500 #define SSL3_ST_SW_SRVR_HELLO_B         (0x131|SSL_ST_ACCEPT)
00501 #define SSL3_ST_SW_CERT_A               (0x140|SSL_ST_ACCEPT)
00502 #define SSL3_ST_SW_CERT_B               (0x141|SSL_ST_ACCEPT)
00503 #define SSL3_ST_SW_KEY_EXCH_A           (0x150|SSL_ST_ACCEPT)
00504 #define SSL3_ST_SW_KEY_EXCH_B           (0x151|SSL_ST_ACCEPT)
00505 #define SSL3_ST_SW_CERT_REQ_A           (0x160|SSL_ST_ACCEPT)
00506 #define SSL3_ST_SW_CERT_REQ_B           (0x161|SSL_ST_ACCEPT)
00507 #define SSL3_ST_SW_SRVR_DONE_A          (0x170|SSL_ST_ACCEPT)
00508 #define SSL3_ST_SW_SRVR_DONE_B          (0x171|SSL_ST_ACCEPT)
00509 /* read from client */
00510 #define SSL3_ST_SR_CERT_A               (0x180|SSL_ST_ACCEPT)
00511 #define SSL3_ST_SR_CERT_B               (0x181|SSL_ST_ACCEPT)
00512 #define SSL3_ST_SR_KEY_EXCH_A           (0x190|SSL_ST_ACCEPT)
00513 #define SSL3_ST_SR_KEY_EXCH_B           (0x191|SSL_ST_ACCEPT)
00514 #define SSL3_ST_SR_CERT_VRFY_A          (0x1A0|SSL_ST_ACCEPT)
00515 #define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
00516 #define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
00517 #define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
00518 #define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
00519 #define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
00520 /* write to client */
00521 #define SSL3_ST_SW_CHANGE_A             (0x1D0|SSL_ST_ACCEPT)
00522 #define SSL3_ST_SW_CHANGE_B             (0x1D1|SSL_ST_ACCEPT)
00523 #define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
00524 #define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
00525 
00526 #define SSL3_MT_HELLO_REQUEST                   0
00527 #define SSL3_MT_CLIENT_HELLO                    1
00528 #define SSL3_MT_SERVER_HELLO                    2
00529 #define SSL3_MT_CERTIFICATE                     11
00530 #define SSL3_MT_SERVER_KEY_EXCHANGE             12
00531 #define SSL3_MT_CERTIFICATE_REQUEST             13
00532 #define SSL3_MT_SERVER_DONE                     14
00533 #define SSL3_MT_CERTIFICATE_VERIFY              15
00534 #define SSL3_MT_CLIENT_KEY_EXCHANGE             16
00535 #define SSL3_MT_FINISHED                        20
00536 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
00537 
00538 
00539 #define SSL3_MT_CCS                             1
00540 
00541 /* These are used when changing over to a new cipher */
00542 #define SSL3_CC_READ            0x01
00543 #define SSL3_CC_WRITE           0x02
00544 #define SSL3_CC_CLIENT          0x10
00545 #define SSL3_CC_SERVER          0x20
00546 #define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)  
00547 #define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
00548 #define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
00549 #define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
00550 
00551 #ifdef  __cplusplus
00552 }
00553 #endif
00554 #endif
00555 

Copyright © Nokia Corporation 2001-2008
Back to top