X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fssl3.h;h=0528588aa9f3ecfbb96f0cb229ad7a9f5531ee18;hb=323f289c480b0a8eb15ed3be2befbcc0f86e8904;hp=9675ec2d7d1c6a5b12177cd7af66eb124dcdc752;hpb=eda1f21f1af8b6f77327e7b37573af9c1ba73726;p=oweals%2Fopenssl.git

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 9675ec2d7d..0528588aa9 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -1,5 +1,5 @@
 /* ssl/ssl3.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,7 +59,12 @@
 #ifndef HEADER_SSL3_H 
 #define HEADER_SSL3_H 
 
-#include "buffer.h"
+#ifndef OPENSSL_NO_COMP
+#include <openssl/comp.h>
+#endif
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -94,19 +99,35 @@ extern "C" {
 #define SSL3_CK_ADH_RC4_128_MD5			0x03000018
 #define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019
 #define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A
-#define SSL3_CK_ADH_DES_196_CBC_SHA		0x0300001B
+#define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B
 
 #define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
 #define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
 #define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E
 
+/*    VRS Additional Kerberos5 entries
+ */
+#define SSL3_CK_KRB5_DES_40_CBC_SHA       	0x03000021
+#define SSL3_CK_KRB5_DES_40_CBC_MD5       	0x03000022
+#define SSL3_CK_KRB5_DES_64_CBC_SHA       	0x03000023
+#define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000024
+#define SSL3_CK_KRB5_DES_192_CBC3_SHA 		0x03000025
+#define SSL3_CK_KRB5_DES_192_CBC3_MD5 		0x03000026
+
+#define SSL3_TXT_KRB5_DES_40_CBC_SHA  		"EXP-KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_40_CBC_MD5  		"EXP-KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_64_CBC_SHA  		"KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_64_CBC_MD5  		"KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_192_CBC3_SHA    	"KRB5-DES-CBC3-SHA"
+#define SSL3_TXT_KRB5_DES_192_CBC3_MD5    	"KRB5-DES-CBC3-MD5"
+
 #define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
 #define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
 #define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"
 #define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"
 #define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"
 #define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"
-#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-MD5"
+#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"
 #define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"
 #define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"
 #define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"
@@ -121,7 +142,7 @@ extern "C" {
 #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"
 #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"
 #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC"
+#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"
 #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"
 #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"
 
@@ -129,7 +150,7 @@ extern "C" {
 #define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"
 #define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"
 #define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_196_CBC_SHA		"ADH-DES-CBC3-SHA"
+#define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"
 
 #define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"
 #define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
@@ -144,7 +165,8 @@ extern "C" {
 #define SSL3_RT_HEADER_LENGTH			5
 
 /* Due to MS stuffing up, this can change.... */
-#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
+#if defined(OPENSSL_SYS_WIN16) || \
+	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
 #define SSL3_RT_MAX_EXTRA			(14000)
 #else
 #define SSL3_RT_MAX_EXTRA			(16384)
@@ -156,24 +178,8 @@ extern "C" {
 #define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 #define SSL3_RT_MAX_DATA_SIZE			(1024*1024)
 
-/* the states that a SSL3_RECORD can be in
- * For SSL_read it goes
- * rbuf->ENCODED	-> read 
- * ENCODED		-> we need to decode everything - call decode_record
- */
- 
-#define SSL3_RS_BLANK			1
-#define SSL3_RS_DATA
-
-#define SSL3_RS_ENCODED			2
-#define SSL3_RS_READ_MORE		3
-#define SSL3_RS_WRITE_MORE
-#define SSL3_RS_PLAIN			3
-#define SSL3_RS_PART_READ		4
-#define SSL3_RS_PART_WRITE		5
-
-#define SSL3_MD_CLIENT_FINISHED_CONST	0x43,0x4C,0x4E,0x54
-#define SSL3_MD_SERVER_FINISHED_CONST	0x53,0x52,0x56,0x52
+#define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"
+#define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"
 
 #define SSL3_VERSION			0x0300
 #define SSL3_VERSION_MAJOR		0x03
@@ -202,28 +208,22 @@ extern "C" {
 
 typedef struct ssl3_record_st
 	{
-/*r */	int type;		/* type of record */
-/*  */	/*int state;*/		/* any data in it? */
-/*rw*/	unsigned int length;	/* How many bytes available */
-/*r */	unsigned int off;	/* read/write offset into 'buf' */
-/*rw*/	unsigned char *data;	/* pointer to the record data */
-/*rw*/	unsigned char *input;	/* where the decode bytes are */
-/*rw*/	unsigned char *comp;	/* only used with decompression */
+/*r */	int type;               /* type of record */
+/*rw*/	unsigned int length;    /* How many bytes available */
+/*r */	unsigned int off;       /* read/write offset into 'buf' */
+/*rw*/	unsigned char *data;    /* pointer to the record data */
+/*rw*/	unsigned char *input;   /* where the decode bytes are */
+/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
 	} SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
 	{
-/*r */	int total;		/* used in non-blocking writes */
-/*r */	int wanted;		/* how many more bytes we need */
-/*rw*/	int left;		/* how many bytes left */
-/*rw*/	int offset;		/* where to 'copy from' */
-/*rw*/	unsigned char *buf;	/* SSL3_RT_MAX_PACKET_SIZE bytes */
+	unsigned char *buf;	/* SSL3_RT_MAX_PACKET_SIZE bytes (more if
+	                   	 * SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */
+	int offset;		/* where to 'copy from' */
+	int left;		/* how many bytes left */
 	} SSL3_BUFFER;
 
-typedef struct ssl3_compression_st {
-	int nothing;
-	} SSL3_COMPRESSION;
-
 #define SSL3_CT_RSA_SIGN			1
 #define SSL3_CT_DSS_SIGN			2
 #define SSL3_CT_RSA_FIXED_DH			3
@@ -236,8 +236,9 @@ typedef struct ssl3_compression_st {
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
 #define SSL3_FLAGS_POP_BUFFER			0x0004
+#define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
 
-typedef struct ssl3_ctx_st
+typedef struct ssl3_state_st
 	{
 	long flags;
 	int delay_buf_pop_ret;
@@ -252,17 +253,23 @@ typedef struct ssl3_ctx_st
 
 	SSL3_BUFFER rbuf;	/* read IO goes into here */
 	SSL3_BUFFER wbuf;	/* write IO goes into here */
+
 	SSL3_RECORD rrec;	/* each decoded record goes in here */
 	SSL3_RECORD wrec;	/* goes out from here */
-				/* Used by ssl3_read_n to point
-				 * to input data packet */
+
+	/* storage for Alert/Handshake protocol data received but not
+	 * yet processed by ssl3_read_bytes: */
+	unsigned char alert_fragment[2];
+	unsigned int alert_fragment_len;
+	unsigned char handshake_fragment[4];
+	unsigned int handshake_fragment_len;
 
 	/* partial write - check the numbers match */
 	unsigned int wnum;	/* number of bytes sent so far */
 	int wpend_tot;		/* number bytes written */
 	int wpend_type;
 	int wpend_ret;		/* number of bytes submitted */
-	char *wpend_buf;
+	const unsigned char *wpend_buf;
 
 	/* used during startup, digest all incoming/outgoing packets */
 	EVP_MD_CTX finish_dgst1;
@@ -274,22 +281,37 @@ typedef struct ssl3_ctx_st
 
 	int warn_alert;
 	int fatal_alert;
-	/* we alow one fatal and one warning alert to be outstanding,
+	/* we allow one fatal and one warning alert to be outstanding,
 	 * send close alert via the warning alert */
 	int alert_dispatch;
-	char send_alert[2];
+	unsigned char send_alert[2];
+
+	/* This flag is set when we should renegotiate ASAP, basically when
+	 * there is no more data in the read or write buffers */
+	int renegotiate;
+	int total_renegotiations;
+	int num_renegotiations;
+
+	int in_read_app_data;
 
 	struct	{
-		unsigned char finish_md1[EVP_MAX_MD_SIZE];
-		unsigned char finish_md2[EVP_MAX_MD_SIZE];
+		/* actually only needs to be 16+20 */
+		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+
+		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+		int finish_md_len;
+		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
+		int peer_finish_md_len;
 		
 		unsigned long message_size;
 		int message_type;
 
 		/* used to hold the new cipher we are going to use */
 		SSL_CIPHER *new_cipher;
+#ifndef OPENSSL_NO_DH
 		DH *dh;
-
+#endif
 		/* used when SSL_ST_FLUSH_DATA is entered */
 		int next_state;			
 
@@ -299,18 +321,24 @@ typedef struct ssl3_ctx_st
 		int cert_req;
 		int ctype_num;
 		char ctype[SSL3_CT_NUMBER];
-		STACK *ca_names;
+		STACK_OF(X509_NAME) *ca_names;
 
 		int use_rsa_tmp;
 
 		int key_block_length;
 		unsigned char *key_block;
 
-		EVP_CIPHER *new_sym_enc;
-		EVP_MD *new_hash;
-		SSL_COMPRESSION *new_compression;
+		const EVP_CIPHER *new_sym_enc;
+		const EVP_MD *new_hash;
+#ifndef OPENSSL_NO_COMP
+		const SSL_COMP *new_compression;
+#else
+		char *new_compression;
+#endif
+		int cert_request;
 		} tmp;
-	} SSL3_CTX;
+
+	} SSL3_STATE;
 
 /* SSLv3 */
 /*client */
@@ -353,6 +381,7 @@ typedef struct ssl3_ctx_st
 /* extra state */
 #define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
 /* read from client */
+/* Do not change the number values, they do matter */
 #define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
@@ -387,7 +416,7 @@ typedef struct ssl3_ctx_st
 #define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)
 
-#define SSL3_MT_CLIENT_REQUEST			0
+#define SSL3_MT_HELLO_REQUEST			0
 #define SSL3_MT_CLIENT_HELLO			1
 #define SSL3_MT_SERVER_HELLO			2
 #define SSL3_MT_CERTIFICATE			11