ssl3.h revision 264331
119370Spst/* ssl/ssl3.h */ 2130803Smarcel/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3130803Smarcel * All rights reserved. 4130803Smarcel * 5130803Smarcel * This package is an SSL implementation written 619370Spst * by Eric Young (eay@cryptsoft.com). 719370Spst * The implementation was written so as to conform with Netscapes SSL. 819370Spst * 998944Sobrien * This library is free for commercial and non-commercial use as long as 1019370Spst * the following conditions are aheared to. The following conditions 1198944Sobrien * apply to all code found in this distribution, be it the RC4, RSA, 1298944Sobrien * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1398944Sobrien * included with this distribution is covered by the same copyright terms 1498944Sobrien * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1519370Spst * 1698944Sobrien * Copyright remains Eric Young's, and as such any Copyright notices in 1798944Sobrien * the code are not to be removed. 1898944Sobrien * If this package is used in a product, Eric Young should be given attribution 1998944Sobrien * as the author of the parts of the library used. 2019370Spst * This can be in the form of a textual message at program startup or 2198944Sobrien * in documentation (online or textual) provided with the package. 2298944Sobrien * 2398944Sobrien * Redistribution and use in source and binary forms, with or without 2498944Sobrien * modification, are permitted provided that the following conditions 2519370Spst * are met: 2619370Spst * 1. Redistributions of source code must retain the copyright 2719370Spst * notice, this list of conditions and the following disclaimer. 2819370Spst * 2. Redistributions in binary form must reproduce the above copyright 2919370Spst * notice, this list of conditions and the following disclaimer in the 3019370Spst * documentation and/or other materials provided with the distribution. 3119370Spst * 3. All advertising materials mentioning features or use of this software 3219370Spst * must display the following acknowledgement: 3319370Spst * "This product includes cryptographic software written by 3419370Spst * Eric Young (eay@cryptsoft.com)" 3519370Spst * The word 'cryptographic' can be left out if the rouines from the library 3619370Spst * being used are not cryptographic related :-). 3719370Spst * 4. If you include any Windows specific code (or a derivative thereof) from 3819370Spst * the apps directory (application code) you must include an acknowledgement: 3919370Spst * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4019370Spst * 4119370Spst * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4219370Spst * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4319370Spst * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4419370Spst * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4519370Spst * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4698944Sobrien * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47130803Smarcel * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4819370Spst * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4998944Sobrien * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5019370Spst * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5198944Sobrien * SUCH DAMAGE. 5219370Spst * 5398944Sobrien * The licence and distribution terms for any publically available version or 5419370Spst * derivative of this code cannot be changed. i.e. this code cannot simply be 5598944Sobrien * copied and put under another distribution licence 5619370Spst * [including the GNU Public Licence.] 5798944Sobrien */ 5819370Spst/* ==================================================================== 5998944Sobrien * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 6019370Spst * 6198944Sobrien * Redistribution and use in source and binary forms, with or without 6219370Spst * modification, are permitted provided that the following conditions 6398944Sobrien * are met: 6419370Spst * 6598944Sobrien * 1. Redistributions of source code must retain the above copyright 6619370Spst * notice, this list of conditions and the following disclaimer. 6798944Sobrien * 6819370Spst * 2. Redistributions in binary form must reproduce the above copyright 6998944Sobrien * notice, this list of conditions and the following disclaimer in 7019370Spst * the documentation and/or other materials provided with the 7198944Sobrien * distribution. 7219370Spst * 7398944Sobrien * 3. All advertising materials mentioning features or use of this 7419370Spst * software must display the following acknowledgment: 7598944Sobrien * "This product includes software developed by the OpenSSL Project 7619370Spst * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 7798944Sobrien * 7846283Sdfr * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 7998944Sobrien * endorse or promote products derived from this software without 8046283Sdfr * prior written permission. For written permission, please contact 8198944Sobrien * openssl-core@openssl.org. 8246283Sdfr * 8398944Sobrien * 5. Products derived from this software may not be called "OpenSSL" 8446283Sdfr * nor may "OpenSSL" appear in their names without prior written 8598944Sobrien * permission of the OpenSSL Project. 8646283Sdfr * 8798944Sobrien * 6. Redistributions of any form whatsoever must retain the following 8846283Sdfr * acknowledgment: 8998944Sobrien * "This product includes software developed by the OpenSSL Project 9098944Sobrien * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 9198944Sobrien * 9246283Sdfr * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 9398944Sobrien * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 9498944Sobrien * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 9598944Sobrien * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 9698944Sobrien * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 9798944Sobrien * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 9898944Sobrien * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 9998944Sobrien * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 10098944Sobrien * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 10198944Sobrien * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 10298944Sobrien * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 10398944Sobrien * OF THE POSSIBILITY OF SUCH DAMAGE. 104130803Smarcel * ==================================================================== 105130803Smarcel * 10619370Spst * This product includes cryptographic software written by Eric Young 10719370Spst * (eay@cryptsoft.com). This product includes software written by Tim 10898944Sobrien * Hudson (tjh@cryptsoft.com). 10919370Spst * 11098944Sobrien */ 11198944Sobrien/* ==================================================================== 11298944Sobrien * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 11319370Spst * ECC cipher suite support in OpenSSL originally developed by 11419370Spst * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 11519370Spst */ 11619370Spst 11719370Spst#ifndef HEADER_SSL3_H 11898944Sobrien#define HEADER_SSL3_H 11998944Sobrien 12019370Spst#ifndef OPENSSL_NO_COMP 12119370Spst#include <openssl/comp.h> 12219370Spst#endif 12319370Spst#include <openssl/buffer.h> 12419370Spst#include <openssl/evp.h> 12519370Spst#include <openssl/ssl.h> 12619370Spst 12719370Spst#ifdef __cplusplus 12819370Spstextern "C" { 12919370Spst#endif 13019370Spst 13119370Spst/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ 13219370Spst#define SSL3_CK_SCSV 0x030000FF 13319370Spst 13419370Spst#define SSL3_CK_RSA_NULL_MD5 0x03000001 13519370Spst#define SSL3_CK_RSA_NULL_SHA 0x03000002 13619370Spst#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 13719370Spst#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 13819370Spst#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 13919370Spst#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 14019370Spst#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 14119370Spst#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 14219370Spst#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 14319370Spst#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A 14419370Spst 14519370Spst#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B 14619370Spst#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C 14798944Sobrien#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D 14819370Spst#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E 14919370Spst#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F 15019370Spst#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 15119370Spst 15298944Sobrien#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 15398944Sobrien#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 15419370Spst#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 15519370Spst#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 15619370Spst#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 15719370Spst#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 15819370Spst 15919370Spst#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 16098944Sobrien#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 16119370Spst#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 16298944Sobrien#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A 16319370Spst#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B 16498944Sobrien 16598944Sobrien#if 0 16698944Sobrien #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C 16798944Sobrien #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D 16898944Sobrien #if 0 /* Because it clashes with KRB5, is never used any more, and is safe 16919370Spst to remove according to David Hopwood <david.hopwood@zetnet.co.uk> 17019370Spst of the ietf-tls list */ 17119370Spst #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E 17219370Spst #endif 17398944Sobrien#endif 17419370Spst 17519370Spst/* VRS Additional Kerberos5 entries 17619370Spst */ 17719370Spst#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E 17819370Spst#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F 17919370Spst#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 18019370Spst#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 18198944Sobrien#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 18219370Spst#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 18319370Spst#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 18419370Spst#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 18519370Spst 18619370Spst#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 18719370Spst#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 18819370Spst#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 18919370Spst#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 19019370Spst#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A 19119370Spst#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B 19219370Spst 19319370Spst#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" 19419370Spst#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" 19598944Sobrien#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" 19698944Sobrien#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" 19719370Spst#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" 19819370Spst#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" 19919370Spst#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" 20019370Spst#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" 20198944Sobrien#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" 20219370Spst#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" 20319370Spst 20419370Spst#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" 20519370Spst#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" 20698944Sobrien#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" 20798944Sobrien#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" 208130803Smarcel#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" 20998944Sobrien#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" 21098944Sobrien 21198944Sobrien#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" 21298944Sobrien#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" 21398944Sobrien#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" 21498944Sobrien#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" 21598944Sobrien#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" 21698944Sobrien#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" 21798944Sobrien 21898944Sobrien#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" 21998944Sobrien#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" 22098944Sobrien#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" 22198944Sobrien#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" 22298944Sobrien#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" 22398944Sobrien 22498944Sobrien#if 0 22598944Sobrien #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" 22698944Sobrien #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" 22798944Sobrien #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" 22898944Sobrien#endif 22998944Sobrien 23098944Sobrien#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" 23198944Sobrien#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" 23219370Spst#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" 23319370Spst#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" 23419370Spst#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" 23519370Spst#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" 23698944Sobrien#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" 23798944Sobrien#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" 23898944Sobrien 23998944Sobrien#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" 24019370Spst#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" 24119370Spst#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" 24219370Spst#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" 24319370Spst#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" 24419370Spst#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" 24598944Sobrien 24619370Spst#define SSL3_SSL_SESSION_ID_LENGTH 32 24798944Sobrien#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 24898944Sobrien 24998944Sobrien#define SSL3_MASTER_SECRET_SIZE 48 25019370Spst#define SSL3_RANDOM_SIZE 32 25119370Spst#define SSL3_SESSION_ID_SIZE 32 25219370Spst#define SSL3_RT_HEADER_LENGTH 5 25319370Spst 25498944Sobrien#ifndef SSL3_ALIGN_PAYLOAD 25519370Spst /* Some will argue that this increases memory footprint, but it's 256130803Smarcel * not actually true. Point is that malloc has to return at least 25798944Sobrien * 64-bit aligned pointers, meaning that allocating 5 bytes wastes 25819370Spst * 3 bytes in either case. Suggested pre-gaping simply moves these 25919370Spst * wasted bytes from the end of allocated region to its front, 26098944Sobrien * but makes data payload aligned, which improves performance:-) */ 261130803Smarcel# define SSL3_ALIGN_PAYLOAD 8 26298944Sobrien#else 26319370Spst# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0 26419370Spst# error "insane SSL3_ALIGN_PAYLOAD" 26598944Sobrien# undef SSL3_ALIGN_PAYLOAD 266130803Smarcel# endif 26798944Sobrien#endif 26819370Spst 26919370Spst/* This is the maximum MAC (digest) size used by the SSL library. 27098944Sobrien * Currently maximum of 20 is used by SHA1, but we reserve for 271130803Smarcel * future extension for 512-bit hashes. 27298944Sobrien */ 27319370Spst 27498944Sobrien#define SSL3_RT_MAX_MD_SIZE 64 27519370Spst 27698944Sobrien/* Maximum block size used in all ciphersuites. Currently 16 for AES. 27719370Spst */ 27898944Sobrien 27998944Sobrien#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 28098944Sobrien 28198944Sobrien#define SSL3_RT_MAX_EXTRA (16384) 28298944Sobrien 28398944Sobrien/* Maximum plaintext length: defined by SSL/TLS standards */ 28498944Sobrien#define SSL3_RT_MAX_PLAIN_LENGTH 16384 28519370Spst/* Maximum compression overhead: defined by SSL/TLS standards */ 28619370Spst#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 28719370Spst 28819370Spst/* The standards give a maximum encryption overhead of 1024 bytes. 28919370Spst * In practice the value is lower than this. The overhead is the maximum 29098944Sobrien * number of padding bytes (256) plus the mac size. 29119370Spst */ 29219370Spst#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) 29398944Sobrien 29498944Sobrien/* OpenSSL currently only uses a padding length of at most one block so 29598944Sobrien * the send overhead is smaller. 29619370Spst */ 29719370Spst 29819370Spst#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ 29919370Spst (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) 30098944Sobrien 30119370Spst/* If compression isn't used don't include the compression overhead */ 302130803Smarcel 30398944Sobrien#ifdef OPENSSL_NO_COMP 30419370Spst#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH 30519370Spst#else 30698944Sobrien#define SSL3_RT_MAX_COMPRESSED_LENGTH \ 307130803Smarcel (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) 30898944Sobrien#endif 30919370Spst#define SSL3_RT_MAX_ENCRYPTED_LENGTH \ 31019370Spst (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) 31198944Sobrien#define SSL3_RT_MAX_PACKET_SIZE \ 312130803Smarcel (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) 31398944Sobrien 31419370Spst#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" 31519370Spst#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" 31698944Sobrien 317130803Smarcel#define SSL3_VERSION 0x0300 31898944Sobrien#define SSL3_VERSION_MAJOR 0x03 31919370Spst#define SSL3_VERSION_MINOR 0x00 32098944Sobrien 32119370Spst#define SSL3_RT_CHANGE_CIPHER_SPEC 20 32298944Sobrien#define SSL3_RT_ALERT 21 32319370Spst#define SSL3_RT_HANDSHAKE 22 32498944Sobrien#define SSL3_RT_APPLICATION_DATA 23 32598944Sobrien#define TLS1_RT_HEARTBEAT 24 32698944Sobrien 32798944Sobrien#define SSL3_AL_WARNING 1 32898944Sobrien#define SSL3_AL_FATAL 2 32998944Sobrien 33098944Sobrien#define SSL3_AD_CLOSE_NOTIFY 0 33198944Sobrien#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ 33298944Sobrien#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ 33398944Sobrien#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ 33498944Sobrien#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ 33598944Sobrien#define SSL3_AD_NO_CERTIFICATE 41 33698944Sobrien#define SSL3_AD_BAD_CERTIFICATE 42 33798944Sobrien#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 33898944Sobrien#define SSL3_AD_CERTIFICATE_REVOKED 44 33998944Sobrien#define SSL3_AD_CERTIFICATE_EXPIRED 45 34098944Sobrien#define SSL3_AD_CERTIFICATE_UNKNOWN 46 34198944Sobrien#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ 34298944Sobrien 34398944Sobrien#define TLS1_HB_REQUEST 1 34498944Sobrien#define TLS1_HB_RESPONSE 2 34598944Sobrien 34698944Sobrien#ifndef OPENSSL_NO_SSL_INTERN 347130803Smarcel 34898944Sobrientypedef struct ssl3_record_st 34998944Sobrien { 35098944Sobrien/*r */ int type; /* type of record */ 35119370Spst/*rw*/ unsigned int length; /* How many bytes available */ 352130803Smarcel/*r */ unsigned int off; /* read/write offset into 'buf' */ 35398944Sobrien/*rw*/ unsigned char *data; /* pointer to the record data */ 35498944Sobrien/*rw*/ unsigned char *input; /* where the decode bytes are */ 35598944Sobrien/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ 35698944Sobrien/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ 357130803Smarcel/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ 35898944Sobrien } SSL3_RECORD; 35998944Sobrien 36098944Sobrientypedef struct ssl3_buffer_st 36198944Sobrien { 36298944Sobrien unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, 36398944Sobrien * see ssl3_setup_buffers() */ 36498944Sobrien size_t len; /* buffer size */ 36598944Sobrien int offset; /* where to 'copy from' */ 36698944Sobrien int left; /* how many bytes left */ 36798944Sobrien } SSL3_BUFFER; 36898944Sobrien 36998944Sobrien#endif 37098944Sobrien 37119370Spst#define SSL3_CT_RSA_SIGN 1 37219370Spst#define SSL3_CT_DSS_SIGN 2 37398944Sobrien#define SSL3_CT_RSA_FIXED_DH 3 37419370Spst#define SSL3_CT_DSS_FIXED_DH 4 37519370Spst#define SSL3_CT_RSA_EPHEMERAL_DH 5 37619370Spst#define SSL3_CT_DSS_EPHEMERAL_DH 6 37719370Spst#define SSL3_CT_FORTEZZA_DMS 20 37898944Sobrien/* SSL3_CT_NUMBER is used to size arrays and it must be large 37919370Spst * enough to contain all of the cert types defined either for 38019370Spst * SSLv3 and TLSv1. 38119370Spst */ 38219370Spst#define SSL3_CT_NUMBER 9 38319370Spst 38419370Spst 38519370Spst#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 38619370Spst#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 38798944Sobrien#define SSL3_FLAGS_POP_BUFFER 0x0004 38898944Sobrien#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 38998944Sobrien#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 39098944Sobrien#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 39198944Sobrien 39298944Sobrien/* SSL3_FLAGS_SGC_RESTART_DONE is set when we 39319370Spst * restart a handshake because of MS SGC and so prevents us 39419370Spst * from restarting the handshake in a loop. It's reset on a 39546283Sdfr * renegotiation, so effectively limits the client to one restart 39619370Spst * per negotiation. This limits the possibility of a DDoS 39746283Sdfr * attack where the client handshakes in a loop using SGC to 39898944Sobrien * restart. Servers which permit renegotiation can still be 39919370Spst * effected, but we can't prevent that. 40019370Spst */ 40146283Sdfr#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 40219370Spst 40346283Sdfr#ifndef OPENSSL_NO_SSL_INTERN 40446283Sdfr 40598944Sobrientypedef struct ssl3_state_st 40698944Sobrien { 40798944Sobrien long flags; 40898944Sobrien int delay_buf_pop_ret; 40998944Sobrien 41098944Sobrien unsigned char read_sequence[8]; 41198944Sobrien int read_mac_secret_size; 41298944Sobrien unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; 41398944Sobrien unsigned char write_sequence[8]; 41419370Spst int write_mac_secret_size; 41546283Sdfr unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; 41646283Sdfr 41719370Spst unsigned char server_random[SSL3_RANDOM_SIZE]; 41819370Spst unsigned char client_random[SSL3_RANDOM_SIZE]; 41919370Spst 42019370Spst /* flags for countermeasure against known-IV weakness */ 42119370Spst int need_empty_fragments; 42298944Sobrien int empty_fragment_done; 42319370Spst 42498944Sobrien /* The value of 'extra' when the buffers were initialized */ 42519370Spst int init_extra; 42698944Sobrien 42798944Sobrien SSL3_BUFFER rbuf; /* read IO goes into here */ 42898944Sobrien SSL3_BUFFER wbuf; /* write IO goes into here */ 42998944Sobrien 43019370Spst SSL3_RECORD rrec; /* each decoded record goes in here */ 43198944Sobrien SSL3_RECORD wrec; /* goes out from here */ 43219370Spst 43319370Spst /* storage for Alert/Handshake protocol data received but not 43419370Spst * yet processed by ssl3_read_bytes: */ 43598944Sobrien unsigned char alert_fragment[2]; 43619370Spst unsigned int alert_fragment_len; 43798944Sobrien unsigned char handshake_fragment[4]; 43819370Spst unsigned int handshake_fragment_len; 43998944Sobrien 44098944Sobrien /* partial write - check the numbers match */ 44198944Sobrien unsigned int wnum; /* number of bytes sent so far */ 44298944Sobrien int wpend_tot; /* number bytes written */ 44319370Spst int wpend_type; 44498944Sobrien int wpend_ret; /* number of bytes submitted */ 44598944Sobrien const unsigned char *wpend_buf; 44698944Sobrien 44719370Spst /* used during startup, digest all incoming/outgoing packets */ 44819370Spst BIO *handshake_buffer; 44998944Sobrien /* When set of handshake digests is determined, buffer is hashed 45019370Spst * and freed and MD_CTX-es for all required digests are stored in 45119370Spst * this array */ 45298944Sobrien EVP_MD_CTX **handshake_dgst; 45319370Spst /* this is set whenerver we see a change_cipher_spec message 45419370Spst * come in when we are not looking for one */ 45598944Sobrien int change_cipher_spec; 45619370Spst 45798944Sobrien int warn_alert; 45819370Spst int fatal_alert; 45998944Sobrien /* we allow one fatal and one warning alert to be outstanding, 46019370Spst * send close alert via the warning alert */ 46119370Spst int alert_dispatch; 46219370Spst unsigned char send_alert[2]; 46398944Sobrien 46419370Spst /* This flag is set when we should renegotiate ASAP, basically when 46598944Sobrien * there is no more data in the read or write buffers */ 46619370Spst int renegotiate; 46798944Sobrien int total_renegotiations; 46898944Sobrien int num_renegotiations; 46919370Spst 47098944Sobrien int in_read_app_data; 47198944Sobrien 47298944Sobrien /* Opaque PRF input as used for the current handshake. 47319370Spst * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined 47419370Spst * (otherwise, they are merely present to improve binary compatibility) */ 47598944Sobrien void *client_opaque_prf_input; 47619370Spst size_t client_opaque_prf_input_len; 47719370Spst void *server_opaque_prf_input; 47898944Sobrien size_t server_opaque_prf_input_len; 47919370Spst 48019370Spst struct { 48198944Sobrien /* actually only needs to be 16+20 */ 48219370Spst unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; 48398944Sobrien 48498944Sobrien /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ 48598944Sobrien unsigned char finish_md[EVP_MAX_MD_SIZE*2]; 48698944Sobrien int finish_md_len; 48798944Sobrien unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; 48898944Sobrien int peer_finish_md_len; 48998944Sobrien 49098944Sobrien unsigned long message_size; 491130803Smarcel int message_type; 49298944Sobrien 49398944Sobrien /* used to hold the new cipher we are going to use */ 49498944Sobrien const SSL_CIPHER *new_cipher; 49598944Sobrien#ifndef OPENSSL_NO_DH 49698944Sobrien DH *dh; 49798944Sobrien#endif 49898944Sobrien 49998944Sobrien#ifndef OPENSSL_NO_ECDH 50098944Sobrien EC_KEY *ecdh; /* holds short lived ECDH key */ 50198944Sobrien#endif 50298944Sobrien 50398944Sobrien /* used when SSL_ST_FLUSH_DATA is entered */ 50498944Sobrien int next_state; 50598944Sobrien 50698944Sobrien int reuse_message; 50798944Sobrien 50819370Spst /* used for certificate requests */ 50919370Spst int cert_req; 51098944Sobrien int ctype_num; 51198944Sobrien char ctype[SSL3_CT_NUMBER]; 51219370Spst STACK_OF(X509_NAME) *ca_names; 51319370Spst 51419370Spst int use_rsa_tmp; 51519370Spst 51619370Spst int key_block_length; 51719370Spst unsigned char *key_block; 51898944Sobrien 51919370Spst const EVP_CIPHER *new_sym_enc; 52019370Spst const EVP_MD *new_hash; 52119370Spst int new_mac_pkey_type; 52219370Spst int new_mac_secret_size; 52319370Spst#ifndef OPENSSL_NO_COMP 52498944Sobrien const SSL_COMP *new_compression; 52598944Sobrien#else 52619370Spst char *new_compression; 52719370Spst#endif 52819370Spst int cert_request; 52998944Sobrien } tmp; 53098944Sobrien 53198944Sobrien /* Connection binding to prevent renegotiation attacks */ 53298944Sobrien unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; 53398944Sobrien unsigned char previous_client_finished_len; 53498944Sobrien unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; 53519370Spst unsigned char previous_server_finished_len; 53619370Spst int send_connection_binding; /* TODOEKR */ 53719370Spst 53819370Spst#ifndef OPENSSL_NO_NEXTPROTONEG 53919370Spst /* Set if we saw the Next Protocol Negotiation extension from our peer. */ 54098944Sobrien int next_proto_neg_seen; 54119370Spst#endif 54219370Spst 54398944Sobrien#ifndef OPENSSL_NO_TLSEXT 54419370Spst#ifndef OPENSSL_NO_EC 54598944Sobrien /* This is set to true if we believe that this is a version of Safari 54698944Sobrien * running on OS X 10.6 or newer. We wish to know this because Safari 54798944Sobrien * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ 54819370Spst char is_probably_safari; 54998944Sobrien#endif /* !OPENSSL_NO_EC */ 55098944Sobrien#endif /* !OPENSSL_NO_TLSEXT */ 55119370Spst } SSL3_STATE; 55298944Sobrien 55398944Sobrien#endif 55498944Sobrien 55598944Sobrien/* SSLv3 */ 556130803Smarcel/*client */ 55798944Sobrien/* extra state */ 55898944Sobrien#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) 55998944Sobrien#ifndef OPENSSL_NO_SCTP 56098944Sobrien#define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) 56198944Sobrien#define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) 56298944Sobrien#endif 56398944Sobrien/* write to server */ 56498944Sobrien#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) 56598944Sobrien#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) 56698944Sobrien/* read from server */ 56798944Sobrien#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) 56898944Sobrien#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) 56919370Spst#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) 57098944Sobrien#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) 57119370Spst#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) 57298944Sobrien#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) 57398944Sobrien#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) 57419370Spst#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) 57598944Sobrien#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) 57698944Sobrien#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) 57798944Sobrien#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) 57819370Spst#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) 57919370Spst/* write to server */ 58098944Sobrien#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) 58198944Sobrien#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) 58219370Spst#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) 58319370Spst#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) 58419370Spst#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) 58519370Spst#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) 58619370Spst#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) 58719370Spst#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) 58819370Spst#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) 58998944Sobrien#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) 59019370Spst#ifndef OPENSSL_NO_NEXTPROTONEG 59198944Sobrien#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) 59219370Spst#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) 59398944Sobrien#endif 59498944Sobrien#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) 59598944Sobrien#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) 59698944Sobrien/* read from server */ 59798944Sobrien#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) 59898944Sobrien#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) 59919370Spst#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) 60019370Spst#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) 601130803Smarcel#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) 60219370Spst#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) 60319370Spst#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) 604130803Smarcel#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) 60519370Spst 606130803Smarcel/* server */ 60719370Spst/* extra state */ 60819370Spst#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) 60998944Sobrien#ifndef OPENSSL_NO_SCTP 61098944Sobrien#define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) 61198944Sobrien#define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) 61298944Sobrien#endif 61398944Sobrien/* read from client */ 614130803Smarcel/* Do not change the number values, they do matter */ 61598944Sobrien#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) 61698944Sobrien#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) 61798944Sobrien#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) 61898944Sobrien/* write to client */ 61998944Sobrien#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) 62098944Sobrien#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) 62198944Sobrien#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) 62298944Sobrien#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) 62398944Sobrien#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) 62498944Sobrien#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) 62598944Sobrien#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) 62698944Sobrien#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) 62798944Sobrien#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) 62898944Sobrien#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) 62998944Sobrien#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) 63098944Sobrien#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) 63198944Sobrien#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) 63298944Sobrien#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) 63398944Sobrien#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) 63498944Sobrien/* read from client */ 63598944Sobrien#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) 63698944Sobrien#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) 63798944Sobrien#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) 63898944Sobrien#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) 63998944Sobrien#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) 64098944Sobrien#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) 64198944Sobrien#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) 64298944Sobrien#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) 64398944Sobrien#ifndef OPENSSL_NO_NEXTPROTONEG 64498944Sobrien#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) 64598944Sobrien#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) 64698944Sobrien#endif 64798944Sobrien#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) 64898944Sobrien#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) 64998944Sobrien/* write to client */ 65098944Sobrien#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) 65198944Sobrien#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) 65298944Sobrien#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) 653130803Smarcel#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) 65498944Sobrien#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) 65598944Sobrien#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) 65698944Sobrien#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) 65798944Sobrien#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) 65898944Sobrien 65998944Sobrien#define SSL3_MT_HELLO_REQUEST 0 66098944Sobrien#define SSL3_MT_CLIENT_HELLO 1 66198944Sobrien#define SSL3_MT_SERVER_HELLO 2 66298944Sobrien#define SSL3_MT_NEWSESSION_TICKET 4 66398944Sobrien#define SSL3_MT_CERTIFICATE 11 66498944Sobrien#define SSL3_MT_SERVER_KEY_EXCHANGE 12 66598944Sobrien#define SSL3_MT_CERTIFICATE_REQUEST 13 66698944Sobrien#define SSL3_MT_SERVER_DONE 14 66798944Sobrien#define SSL3_MT_CERTIFICATE_VERIFY 15 66898944Sobrien#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 66998944Sobrien#define SSL3_MT_FINISHED 20 67098944Sobrien#define SSL3_MT_CERTIFICATE_STATUS 22 67198944Sobrien#ifndef OPENSSL_NO_NEXTPROTONEG 67298944Sobrien#define SSL3_MT_NEXT_PROTO 67 67398944Sobrien#endif 67498944Sobrien#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 675130803Smarcel 67698944Sobrien 67719370Spst#define SSL3_MT_CCS 1 67819370Spst 67919370Spst/* These are used when changing over to a new cipher */ 68098944Sobrien#define SSL3_CC_READ 0x01 68119370Spst#define SSL3_CC_WRITE 0x02 68298944Sobrien#define SSL3_CC_CLIENT 0x10 68319370Spst#define SSL3_CC_SERVER 0x20 68498944Sobrien#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) 68598944Sobrien#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) 68698944Sobrien#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) 68798944Sobrien#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) 68898944Sobrien 68998944Sobrien#ifdef __cplusplus 69019370Spst} 69119370Spst#endif 69219370Spst#endif 69319370Spst 69498944Sobrien