SSL/TLS record tracing code (backport from HEAD).

[oweals/openssl.git] / ssl / ssl3.h
diff --git a/ssl/ssl3.h b/ssl/ssl3.h

index badf89d3d9b3aaf481ff6301c955c6a220bb2d8a..d2a5208824933baca05a0163809d017f6dc6cbcf 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -324,6 +324,23 @@ extern "C" {
  #define SSL3_RT_APPLICATION_DATA       23
  #define TLS1_RT_HEARTBEAT              24
  
+/* Pseudo content types to indicate additional parameters */
+#define TLS1_RT_CRYPTO                 0x1000
+#define TLS1_RT_CRYPTO_PREMASTER       (TLS1_RT_CRYPTO | 0x1)
+#define TLS1_RT_CRYPTO_CLIENT_RANDOM   (TLS1_RT_CRYPTO | 0x2)
+#define TLS1_RT_CRYPTO_SERVER_RANDOM   (TLS1_RT_CRYPTO | 0x3)
+#define TLS1_RT_CRYPTO_MASTER          (TLS1_RT_CRYPTO | 0x4)
+
+#define TLS1_RT_CRYPTO_READ            0x0000
+#define TLS1_RT_CRYPTO_WRITE           0x0100
+#define TLS1_RT_CRYPTO_MAC             (TLS1_RT_CRYPTO | 0x5)
+#define TLS1_RT_CRYPTO_KEY             (TLS1_RT_CRYPTO | 0x6)
+#define TLS1_RT_CRYPTO_IV              (TLS1_RT_CRYPTO | 0x7)
+#define TLS1_RT_CRYPTO_FIXED_IV                (TLS1_RT_CRYPTO | 0x8)
+
+/* Pseudo content type for SSL/TLS header info */
+#define SSL3_RT_HEADER                 0x100
+
  #define SSL3_AL_WARNING                        1
  #define SSL3_AL_FATAL                  2
  
@@ -477,11 +494,6 @@ typedef struct ssl3_state_st
         void *server_opaque_prf_input;
         size_t server_opaque_prf_input_len;
  
-#ifndef OPENSSL_NO_NEXTPROTONEG
-       /* Set if we saw the Next Protocol Negotiation extension from our peer. */
-       int next_proto_neg_seen;
-#endif
-
         struct  {
                 /* actually only needs to be 16+20 */
                 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
@@ -539,6 +551,27 @@ typedef struct ssl3_state_st
          unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
          unsigned char previous_server_finished_len;
          int send_connection_binding; /* TODOEKR */
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+       int next_proto_neg_seen;
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+       /* tlsext_authz_client_types contains an array of supported authz
+        * types, as advertised by the client. The array is sorted and
+        * does not contain any duplicates. */
+       unsigned char *tlsext_authz_client_types;
+       size_t tlsext_authz_client_types_len;
+       /* tlsext_authz_promised_to_client is true iff we're a server and we
+        * echoed the client's supplemental data extension and therefore must
+        * send a supplemental data handshake message. */
+       char tlsext_authz_promised_to_client;
+       /* tlsext_authz_server_promised is true iff we're a client and the
+        * server echoed our server_authz extension and therefore must send us
+        * a supplemental data handshake message. */
+       char tlsext_authz_server_promised;
+#endif
         } SSL3_STATE;
  
  #endif
@@ -567,6 +600,8 @@ typedef struct ssl3_state_st
  #define SSL3_ST_CR_CERT_REQ_B          (0x151|SSL_ST_CONNECT)
  #define SSL3_ST_CR_SRVR_DONE_A         (0x160|SSL_ST_CONNECT)
  #define SSL3_ST_CR_SRVR_DONE_B         (0x161|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SUPPLEMENTAL_DATA_A (0x210|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SUPPLEMENTAL_DATA_B  (0x211|SSL_ST_CONNECT)
  /* write to server */
  #define SSL3_ST_CW_CERT_A              (0x170|SSL_ST_CONNECT)
  #define SSL3_ST_CW_CERT_B              (0x171|SSL_ST_CONNECT)
@@ -578,8 +613,10 @@ typedef struct ssl3_state_st
  #define SSL3_ST_CW_CERT_VRFY_B         (0x191|SSL_ST_CONNECT)
  #define SSL3_ST_CW_CHANGE_A            (0x1A0|SSL_ST_CONNECT)
  #define SSL3_ST_CW_CHANGE_B            (0x1A1|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
  #define SSL3_ST_CW_NEXT_PROTO_A                (0x200|SSL_ST_CONNECT)
  #define SSL3_ST_CW_NEXT_PROTO_B                (0x201|SSL_ST_CONNECT)
+#endif
  #define SSL3_ST_CW_FINISHED_A          (0x1B0|SSL_ST_CONNECT)
  #define SSL3_ST_CW_FINISHED_B          (0x1B1|SSL_ST_CONNECT)
  /* read from server */
@@ -629,8 +666,10 @@ typedef struct ssl3_state_st
  #define SSL3_ST_SR_CERT_VRFY_B         (0x1A1|SSL_ST_ACCEPT)
  #define SSL3_ST_SR_CHANGE_A            (0x1B0|SSL_ST_ACCEPT)
  #define SSL3_ST_SR_CHANGE_B            (0x1B1|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
  #define SSL3_ST_SR_NEXT_PROTO_A                (0x210|SSL_ST_ACCEPT)
  #define SSL3_ST_SR_NEXT_PROTO_B                (0x211|SSL_ST_ACCEPT)
+#endif
  #define SSL3_ST_SR_FINISHED_A          (0x1C0|SSL_ST_ACCEPT)
  #define SSL3_ST_SR_FINISHED_B          (0x1C1|SSL_ST_ACCEPT)
  /* write to client */
@@ -642,6 +681,8 @@ typedef struct ssl3_state_st
  #define SSL3_ST_SW_SESSION_TICKET_B    (0x1F1|SSL_ST_ACCEPT)
  #define SSL3_ST_SW_CERT_STATUS_A       (0x200|SSL_ST_ACCEPT)
  #define SSL3_ST_SW_CERT_STATUS_B       (0x201|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x220|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x221|SSL_ST_ACCEPT)
  
  #define SSL3_MT_HELLO_REQUEST                  0
  #define SSL3_MT_CLIENT_HELLO                   1
@@ -655,7 +696,10 @@ typedef struct ssl3_state_st
  #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
  #define SSL3_MT_FINISHED                       20
  #define SSL3_MT_CERTIFICATE_STATUS             22
+#define SSL3_MT_SUPPLEMENTAL_DATA              23
+#ifndef OPENSSL_NO_NEXTPROTONEG
  #define SSL3_MT_NEXT_PROTO                     67
+#endif
  #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
  
  
@@ -675,4 +719,3 @@ typedef struct ssl3_state_st
  }
  #endif
  #endif
-