#ifndef HEADER_SSL3_H
#define HEADER_SSL3_H
+#ifndef OPENSSL_NO_COMP
+#include <openssl/comp.h>
+#endif
#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>
#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
+/* VRS Additional Kerberos5 entries
+ */
+#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000021
+#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000022
+#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x03000023
+#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000024
+#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x03000025
+#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000026
+
+#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
+#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
+
#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
#define SSL3_RT_HEADER_LENGTH 5
/* Due to MS stuffing up, this can change.... */
-#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
+#if defined(OPENSSL_SYS_WIN16) || \
+ (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
#define SSL3_RT_MAX_EXTRA (14000)
#else
#define SSL3_RT_MAX_EXTRA (16384)
#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
-/* the states that a SSL3_RECORD can be in
- * For SSL_read it goes
- * rbuf->ENCODED -> read
- * ENCODED -> we need to decode everything - call decode_record
- */
-
-#define SSL3_RS_BLANK 1
-#define SSL3_RS_DATA
-
-#define SSL3_RS_ENCODED 2
-#define SSL3_RS_READ_MORE 3
-#define SSL3_RS_WRITE_MORE
-#define SSL3_RS_PLAIN 3
-#define SSL3_RS_PART_READ 4
-#define SSL3_RS_PART_WRITE 5
-
#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
typedef struct ssl3_record_st
{
-/*r */ int type; /* type of record */
-/* */ /*int state;*/ /* any data in it? */
-/*rw*/ unsigned int length; /* How many bytes available */
-/*r */ unsigned int off; /* read/write offset into 'buf' */
-/*rw*/ unsigned char *data; /* pointer to the record data */
-/*rw*/ unsigned char *input; /* where the decode bytes are */
-/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
+/*r */ int type; /* type of record */
+/*rw*/ unsigned int length; /* How many bytes available */
+/*r */ unsigned int off; /* read/write offset into 'buf' */
+/*rw*/ unsigned char *data; /* pointer to the record data */
+/*rw*/ unsigned char *input; /* where the decode bytes are */
+/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
} SSL3_RECORD;
typedef struct ssl3_buffer_st
{
-/*r */ int total; /* used in non-blocking writes */
-/*r */ int wanted; /* how many more bytes we need */
-/*rw*/ int left; /* how many bytes left */
-/*rw*/ int offset; /* where to 'copy from' */
-/*rw*/ unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes */
+ unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes (more if
+ * SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */
+ int offset; /* where to 'copy from' */
+ int left; /* how many bytes left */
} SSL3_BUFFER;
#define SSL3_CT_RSA_SIGN 1
#define SSL3_FLAGS_POP_BUFFER 0x0004
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
-#if 0
-#define AD_CLOSE_NOTIFY 0
-#define AD_UNEXPECTED_MESSAGE 1
-#define AD_BAD_RECORD_MAC 2
-#define AD_DECRYPTION_FAILED 3
-#define AD_RECORD_OVERFLOW 4
-#define AD_DECOMPRESSION_FAILURE 5 /* fatal */
-#define AD_HANDSHAKE_FAILURE 6 /* fatal */
-#define AD_NO_CERTIFICATE 7 /* Not under TLS */
-#define AD_BAD_CERTIFICATE 8
-#define AD_UNSUPPORTED_CERTIFICATE 9
-#define AD_CERTIFICATE_REVOKED 10
-#define AD_CERTIFICATE_EXPIRED 11
-#define AD_CERTIFICATE_UNKNOWN 12
-#define AD_ILLEGAL_PARAMETER 13 /* fatal */
-#define AD_UNKNOWN_CA 14 /* fatal */
-#define AD_ACCESS_DENIED 15 /* fatal */
-#define AD_DECODE_ERROR 16 /* fatal */
-#define AD_DECRYPT_ERROR 17
-#define AD_EXPORT_RESTRICION 18 /* fatal */
-#define AD_PROTOCOL_VERSION 19 /* fatal */
-#define AD_INSUFFICIENT_SECURITY 20 /* fatal */
-#define AD_INTERNAL_ERROR 21 /* fatal */
-#define AD_USER_CANCLED 22
-#define AD_NO_RENEGOTIATION 23
-#endif
-
-typedef struct ssl3_ctx_st
+typedef struct ssl3_state_st
{
long flags;
int delay_buf_pop_ret;
SSL3_BUFFER rbuf; /* read IO goes into here */
SSL3_BUFFER wbuf; /* write IO goes into here */
+
SSL3_RECORD rrec; /* each decoded record goes in here */
SSL3_RECORD wrec; /* goes out from here */
- /* Used by ssl3_read_n to point
- * to input data packet */
+
+ /* storage for Alert/Handshake protocol data received but not
+ * yet processed by ssl3_read_bytes: */
+ unsigned char alert_fragment[2];
+ unsigned int alert_fragment_len;
+ unsigned char handshake_fragment[4];
+ unsigned int handshake_fragment_len;
/* partial write - check the numbers match */
unsigned int wnum; /* number of bytes sent so far */
int warn_alert;
int fatal_alert;
- /* we alow one fatal and one warning alert to be outstanding,
+ /* we allow one fatal and one warning alert to be outstanding,
* send close alert via the warning alert */
int alert_dispatch;
unsigned char send_alert[2];
int in_read_app_data;
struct {
- /* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
+ /* actually only needs to be 16+20 */
+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+
+ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+ int finish_md_len;
+ unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
+ int peer_finish_md_len;
unsigned long message_size;
int message_type;
/* used to hold the new cipher we are going to use */
SSL_CIPHER *new_cipher;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
DH *dh;
#endif
/* used when SSL_ST_FLUSH_DATA is entered */
const EVP_CIPHER *new_sym_enc;
const EVP_MD *new_hash;
-#ifdef HEADER_COMP_H
+#ifndef OPENSSL_NO_COMP
const SSL_COMP *new_compression;
#else
char *new_compression;
int cert_request;
} tmp;
- } SSL3_CTX;
+ } SSL3_STATE;
/* SSLv3 */
/*client */
#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_MS_SGC (0x113|SSL_ST_ACCEPT)
/* write to client */
#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
-#define SSL3_MT_CLIENT_REQUEST 0
+#define SSL3_MT_HELLO_REQUEST 0
#define SSL3_MT_CLIENT_HELLO 1
#define SSL3_MT_SERVER_HELLO 2
#define SSL3_MT_CERTIFICATE 11