1 /* $MirOS: src/lib/libssl/src/ssl/ssl3.h,v 1.3 2014/06/05 13:26:42 tg Exp $ */
2 
3 /* ssl/ssl3.h */
4 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5  * All rights reserved.
6  *
7  * This package is an SSL implementation written
8  * by Eric Young (eay@cryptsoft.com).
9  * The implementation was written so as to conform with Netscapes SSL.
10  *
11  * This library is free for commercial and non-commercial use as long as
12  * the following conditions are aheared to.  The following conditions
13  * apply to all code found in this distribution, be it the RC4, RSA,
14  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
15  * included with this distribution is covered by the same copyright terms
16  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17  *
18  * Copyright remains Eric Young's, and as such any Copyright notices in
19  * the code are not to be removed.
20  * If this package is used in a product, Eric Young should be given attribution
21  * as the author of the parts of the library used.
22  * This can be in the form of a textual message at program startup or
23  * in documentation (online or textual) provided with the package.
24  *
25  * Redistribution and use in source and binary forms, with or without
26  * modification, are permitted provided that the following conditions
27  * are met:
28  * 1. Redistributions of source code must retain the copyright
29  *    notice, this list of conditions and the following disclaimer.
30  * 2. Redistributions in binary form must reproduce the above copyright
31  *    notice, this list of conditions and the following disclaimer in the
32  *    documentation and/or other materials provided with the distribution.
33  * 3. All advertising materials mentioning features or use of this software
34  *    must display the following acknowledgement:
35  *    "This product includes cryptographic software written by
36  *     Eric Young (eay@cryptsoft.com)"
37  *    The word 'cryptographic' can be left out if the rouines from the library
38  *    being used are not cryptographic related :-).
39  * 4. If you include any Windows specific code (or a derivative thereof) from
40  *    the apps directory (application code) you must include an acknowledgement:
41  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
42  *
43  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
44  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53  * SUCH DAMAGE.
54  *
55  * The licence and distribution terms for any publically available version or
56  * derivative of this code cannot be changed.  i.e. this code cannot simply be
57  * copied and put under another distribution licence
58  * [including the GNU Public Licence.]
59  */
60 /* ====================================================================
61  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
62  *
63  * Redistribution and use in source and binary forms, with or without
64  * modification, are permitted provided that the following conditions
65  * are met:
66  *
67  * 1. Redistributions of source code must retain the above copyright
68  *    notice, this list of conditions and the following disclaimer.
69  *
70  * 2. Redistributions in binary form must reproduce the above copyright
71  *    notice, this list of conditions and the following disclaimer in
72  *    the documentation and/or other materials provided with the
73  *    distribution.
74  *
75  * 3. All advertising materials mentioning features or use of this
76  *    software must display the following acknowledgment:
77  *    "This product includes software developed by the OpenSSL Project
78  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
79  *
80  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
81  *    endorse or promote products derived from this software without
82  *    prior written permission. For written permission, please contact
83  *    openssl-core@openssl.org.
84  *
85  * 5. Products derived from this software may not be called "OpenSSL"
86  *    nor may "OpenSSL" appear in their names without prior written
87  *    permission of the OpenSSL Project.
88  *
89  * 6. Redistributions of any form whatsoever must retain the following
90  *    acknowledgment:
91  *    "This product includes software developed by the OpenSSL Project
92  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
93  *
94  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
95  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
96  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
97  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
98  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
99  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
100  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
101  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
102  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
103  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
104  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
105  * OF THE POSSIBILITY OF SUCH DAMAGE.
106  * ====================================================================
107  *
108  * This product includes cryptographic software written by Eric Young
109  * (eay@cryptsoft.com).  This product includes software written by Tim
110  * Hudson (tjh@cryptsoft.com).
111  *
112  */
113 
114 #ifndef HEADER_SSL3_H
115 #define HEADER_SSL3_H
116 
117 #ifndef OPENSSL_NO_COMP
118 #include <openssl/comp.h>
119 #endif
120 #include <openssl/buffer.h>
121 #include <openssl/evp.h>
122 #include <openssl/ssl.h>
123 
124 #ifdef  __cplusplus
125 extern "C" {
126 #endif
127 
128 #define SSL3_CK_RSA_NULL_MD5			0x03000001
129 #define SSL3_CK_RSA_NULL_SHA			0x03000002
130 #define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
131 #define SSL3_CK_RSA_RC4_128_MD5			0x03000004
132 #define SSL3_CK_RSA_RC4_128_SHA			0x03000005
133 #define SSL3_CK_RSA_RC2_40_MD5			0x03000006
134 #define SSL3_CK_RSA_IDEA_128_SHA		0x03000007
135 #define SSL3_CK_RSA_DES_40_CBC_SHA		0x03000008
136 #define SSL3_CK_RSA_DES_64_CBC_SHA		0x03000009
137 #define SSL3_CK_RSA_DES_192_CBC3_SHA		0x0300000A
138 
139 #define SSL3_CK_DH_DSS_DES_40_CBC_SHA		0x0300000B
140 #define SSL3_CK_DH_DSS_DES_64_CBC_SHA		0x0300000C
141 #define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 	0x0300000D
142 #define SSL3_CK_DH_RSA_DES_40_CBC_SHA		0x0300000E
143 #define SSL3_CK_DH_RSA_DES_64_CBC_SHA		0x0300000F
144 #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 	0x03000010
145 
146 #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA		0x03000011
147 #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA		0x03000012
148 #define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA	0x03000013
149 #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA		0x03000014
150 #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA		0x03000015
151 #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA	0x03000016
152 
153 #define SSL3_CK_ADH_RC4_40_MD5			0x03000017
154 #define SSL3_CK_ADH_RC4_128_MD5			0x03000018
155 #define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019
156 #define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A
157 #define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B
158 
159 #define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
160 #define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
161 #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
162 	 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
163 	 of the ietf-tls list */
164 #define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E
165 #endif
166 
167 /*    VRS Additional Kerberos5 entries
168  */
169 #define SSL3_CK_KRB5_DES_64_CBC_SHA		0x0300001E
170 #define SSL3_CK_KRB5_DES_192_CBC3_SHA		0x0300001F
171 #define SSL3_CK_KRB5_RC4_128_SHA		0x03000020
172 #define SSL3_CK_KRB5_IDEA_128_CBC_SHA	       	0x03000021
173 #define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000022
174 #define SSL3_CK_KRB5_DES_192_CBC3_MD5       	0x03000023
175 #define SSL3_CK_KRB5_RC4_128_MD5	       	0x03000024
176 #define SSL3_CK_KRB5_IDEA_128_CBC_MD5 		0x03000025
177 
178 #define SSL3_CK_KRB5_DES_40_CBC_SHA 		0x03000026
179 #define SSL3_CK_KRB5_RC2_40_CBC_SHA 		0x03000027
180 #define SSL3_CK_KRB5_RC4_40_SHA	 		0x03000028
181 #define SSL3_CK_KRB5_DES_40_CBC_MD5 		0x03000029
182 #define SSL3_CK_KRB5_RC2_40_CBC_MD5 		0x0300002A
183 #define SSL3_CK_KRB5_RC4_40_MD5	 		0x0300002B
184 
185 #define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
186 #define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
187 #define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"
188 #define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"
189 #define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"
190 #define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"
191 #define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"
192 #define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"
193 #define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"
194 #define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"
195 
196 #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA		"EXP-DH-DSS-DES-CBC-SHA"
197 #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA		"DH-DSS-DES-CBC-SHA"
198 #define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 	"DH-DSS-DES-CBC3-SHA"
199 #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA		"EXP-DH-RSA-DES-CBC-SHA"
200 #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA		"DH-RSA-DES-CBC-SHA"
201 #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 	"DH-RSA-DES-CBC3-SHA"
202 
203 #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"
204 #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"
205 #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"
206 #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"
207 #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"
208 #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"
209 
210 #define SSL3_TXT_ADH_RC4_40_MD5			"EXP-ADH-RC4-MD5"
211 #define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"
212 #define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"
213 #define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"
214 #define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"
215 
216 #define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"
217 #define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
218 #define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"
219 
220 #define SSL3_TXT_KRB5_DES_64_CBC_SHA		"KRB5-DES-CBC-SHA"
221 #define SSL3_TXT_KRB5_DES_192_CBC3_SHA		"KRB5-DES-CBC3-SHA"
222 #define SSL3_TXT_KRB5_RC4_128_SHA		"KRB5-RC4-SHA"
223 #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA	       	"KRB5-IDEA-CBC-SHA"
224 #define SSL3_TXT_KRB5_DES_64_CBC_MD5       	"KRB5-DES-CBC-MD5"
225 #define SSL3_TXT_KRB5_DES_192_CBC3_MD5       	"KRB5-DES-CBC3-MD5"
226 #define SSL3_TXT_KRB5_RC4_128_MD5		"KRB5-RC4-MD5"
227 #define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 		"KRB5-IDEA-CBC-MD5"
228 
229 #define SSL3_TXT_KRB5_DES_40_CBC_SHA 		"EXP-KRB5-DES-CBC-SHA"
230 #define SSL3_TXT_KRB5_RC2_40_CBC_SHA 		"EXP-KRB5-RC2-CBC-SHA"
231 #define SSL3_TXT_KRB5_RC4_40_SHA	 	"EXP-KRB5-RC4-SHA"
232 #define SSL3_TXT_KRB5_DES_40_CBC_MD5 		"EXP-KRB5-DES-CBC-MD5"
233 #define SSL3_TXT_KRB5_RC2_40_CBC_MD5 		"EXP-KRB5-RC2-CBC-MD5"
234 #define SSL3_TXT_KRB5_RC4_40_MD5	 	"EXP-KRB5-RC4-MD5"
235 
236 #define SSL3_SSL_SESSION_ID_LENGTH		32
237 #define SSL3_MAX_SSL_SESSION_ID_LENGTH		32
238 
239 #define SSL3_MASTER_SECRET_SIZE			48
240 #define SSL3_RANDOM_SIZE			32
241 #define SSL3_SESSION_ID_SIZE			32
242 #define SSL3_RT_HEADER_LENGTH			5
243 
244 /* Due to MS stuffing up, this can change.... */
245 #if defined(OPENSSL_SYS_WIN16) || \
246 	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
247 #define SSL3_RT_MAX_EXTRA			(14000)
248 #else
249 #define SSL3_RT_MAX_EXTRA			(16384)
250 #endif
251 
252 #define SSL3_RT_MAX_PLAIN_LENGTH		16384
253 #define SSL3_RT_MAX_COMPRESSED_LENGTH	(1024+SSL3_RT_MAX_PLAIN_LENGTH)
254 #define SSL3_RT_MAX_ENCRYPTED_LENGTH	(1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
255 #define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
256 #define SSL3_RT_MAX_DATA_SIZE			(1024*1024)
257 
258 #define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"
259 #define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"
260 
261 #define SSL3_VERSION			0x0300
262 #define SSL3_VERSION_MAJOR		0x03
263 #define SSL3_VERSION_MINOR		0x00
264 
265 #define SSL3_RT_CHANGE_CIPHER_SPEC	20
266 #define SSL3_RT_ALERT			21
267 #define SSL3_RT_HANDSHAKE		22
268 #define SSL3_RT_APPLICATION_DATA	23
269 
270 #define SSL3_AL_WARNING			1
271 #define SSL3_AL_FATAL			2
272 
273 #define SSL3_AD_CLOSE_NOTIFY		 0
274 #define SSL3_AD_UNEXPECTED_MESSAGE	10	/* fatal */
275 #define SSL3_AD_BAD_RECORD_MAC		20	/* fatal */
276 #define SSL3_AD_DECOMPRESSION_FAILURE	30	/* fatal */
277 #define SSL3_AD_HANDSHAKE_FAILURE	40	/* fatal */
278 #define SSL3_AD_NO_CERTIFICATE		41
279 #define SSL3_AD_BAD_CERTIFICATE		42
280 #define SSL3_AD_UNSUPPORTED_CERTIFICATE	43
281 #define SSL3_AD_CERTIFICATE_REVOKED	44
282 #define SSL3_AD_CERTIFICATE_EXPIRED	45
283 #define SSL3_AD_CERTIFICATE_UNKNOWN	46
284 #define SSL3_AD_ILLEGAL_PARAMETER	47	/* fatal */
285 
286 typedef struct ssl3_record_st
287 	{
288 /*r */	int type;               /* type of record */
289 /*rw*/	unsigned int length;    /* How many bytes available */
290 /*r */	unsigned int off;       /* read/write offset into 'buf' */
291 /*rw*/	unsigned char *data;    /* pointer to the record data */
292 /*rw*/	unsigned char *input;   /* where the decode bytes are */
293 /*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
294 	} SSL3_RECORD;
295 
296 typedef struct ssl3_buffer_st
297 	{
298 	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
299 	                         * see ssl3_setup_buffers() */
300 	size_t len;             /* buffer size */
301 	int offset;             /* where to 'copy from' */
302 	int left;               /* how many bytes left */
303 	} SSL3_BUFFER;
304 
305 #define SSL3_CT_RSA_SIGN			1
306 #define SSL3_CT_DSS_SIGN			2
307 #define SSL3_CT_RSA_FIXED_DH			3
308 #define SSL3_CT_DSS_FIXED_DH			4
309 #define SSL3_CT_RSA_EPHEMERAL_DH		5
310 #define SSL3_CT_DSS_EPHEMERAL_DH		6
311 #define SSL3_CT_FORTEZZA_DMS			20
312 #define SSL3_CT_NUMBER				7
313 
314 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS		0x0001
315 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED		0x0002
316 #define SSL3_FLAGS_POP_BUFFER				0x0004
317 #define TLS1_FLAGS_TLS_PADDING_BUG			0x0008
318 #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x0010
319 #define SSL3_FLAGS_CCS_OK			0x0080
320 
321 typedef struct ssl3_state_st
322 	{
323 	long flags;
324 	int delay_buf_pop_ret;
325 
326 	unsigned char read_sequence[8];
327 	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
328 	unsigned char write_sequence[8];
329 	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
330 
331 	unsigned char server_random[SSL3_RANDOM_SIZE];
332 	unsigned char client_random[SSL3_RANDOM_SIZE];
333 
334 	/* flags for countermeasure against known-IV weakness */
335 	int need_empty_fragments;
336 	int empty_fragment_done;
337 
338 	SSL3_BUFFER rbuf;	/* read IO goes into here */
339 	SSL3_BUFFER wbuf;	/* write IO goes into here */
340 
341 	SSL3_RECORD rrec;	/* each decoded record goes in here */
342 	SSL3_RECORD wrec;	/* goes out from here */
343 
344 	/* storage for Alert/Handshake protocol data received but not
345 	 * yet processed by ssl3_read_bytes: */
346 	unsigned char alert_fragment[2];
347 	unsigned int alert_fragment_len;
348 	unsigned char handshake_fragment[4];
349 	unsigned int handshake_fragment_len;
350 
351 	/* partial write - check the numbers match */
352 	unsigned int wnum;	/* number of bytes sent so far */
353 	int wpend_tot;		/* number bytes written */
354 	int wpend_type;
355 	int wpend_ret;		/* number of bytes submitted */
356 	const unsigned char *wpend_buf;
357 
358 	/* used during startup, digest all incoming/outgoing packets */
359 	EVP_MD_CTX finish_dgst1;
360 	EVP_MD_CTX finish_dgst2;
361 
362 	/* this is set whenerver we see a change_cipher_spec message
363 	 * come in when we are not looking for one */
364 	int change_cipher_spec;
365 
366 	int warn_alert;
367 	int fatal_alert;
368 	/* we allow one fatal and one warning alert to be outstanding,
369 	 * send close alert via the warning alert */
370 	int alert_dispatch;
371 	unsigned char send_alert[2];
372 
373 	/* This flag is set when we should renegotiate ASAP, basically when
374 	 * there is no more data in the read or write buffers */
375 	int renegotiate;
376 	int total_renegotiations;
377 	int num_renegotiations;
378 
379 	int in_read_app_data;
380 
381 	struct	{
382 		/* actually only needs to be 16+20 */
383 		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
384 
385 		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
386 		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
387 		int finish_md_len;
388 		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
389 		int peer_finish_md_len;
390 
391 		unsigned long message_size;
392 		int message_type;
393 
394 		/* used to hold the new cipher we are going to use */
395 		SSL_CIPHER *new_cipher;
396 #ifndef OPENSSL_NO_DH
397 		DH *dh;
398 #endif
399 		/* used when SSL_ST_FLUSH_DATA is entered */
400 		int next_state;
401 
402 		int reuse_message;
403 
404 		/* used for certificate requests */
405 		int cert_req;
406 		int ctype_num;
407 		char ctype[SSL3_CT_NUMBER];
408 		STACK_OF(X509_NAME) *ca_names;
409 
410 		int use_rsa_tmp;
411 
412 		int key_block_length;
413 		unsigned char *key_block;
414 
415 		const EVP_CIPHER *new_sym_enc;
416 		const EVP_MD *new_hash;
417 #ifndef OPENSSL_NO_COMP
418 		const SSL_COMP *new_compression;
419 #else
420 		char *new_compression;
421 #endif
422 		int cert_request;
423 		} tmp;
424 
425 	} SSL3_STATE;
426 
427 /* SSLv3 */
428 /*client */
429 /* extra state */
430 #define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)
431 /* write to server */
432 #define SSL3_ST_CW_CLNT_HELLO_A		(0x110|SSL_ST_CONNECT)
433 #define SSL3_ST_CW_CLNT_HELLO_B		(0x111|SSL_ST_CONNECT)
434 /* read from server */
435 #define SSL3_ST_CR_SRVR_HELLO_A		(0x120|SSL_ST_CONNECT)
436 #define SSL3_ST_CR_SRVR_HELLO_B		(0x121|SSL_ST_CONNECT)
437 #define SSL3_ST_CR_CERT_A		(0x130|SSL_ST_CONNECT)
438 #define SSL3_ST_CR_CERT_B		(0x131|SSL_ST_CONNECT)
439 #define SSL3_ST_CR_KEY_EXCH_A		(0x140|SSL_ST_CONNECT)
440 #define SSL3_ST_CR_KEY_EXCH_B		(0x141|SSL_ST_CONNECT)
441 #define SSL3_ST_CR_CERT_REQ_A		(0x150|SSL_ST_CONNECT)
442 #define SSL3_ST_CR_CERT_REQ_B		(0x151|SSL_ST_CONNECT)
443 #define SSL3_ST_CR_SRVR_DONE_A		(0x160|SSL_ST_CONNECT)
444 #define SSL3_ST_CR_SRVR_DONE_B		(0x161|SSL_ST_CONNECT)
445 /* write to server */
446 #define SSL3_ST_CW_CERT_A		(0x170|SSL_ST_CONNECT)
447 #define SSL3_ST_CW_CERT_B		(0x171|SSL_ST_CONNECT)
448 #define SSL3_ST_CW_CERT_C		(0x172|SSL_ST_CONNECT)
449 #define SSL3_ST_CW_CERT_D		(0x173|SSL_ST_CONNECT)
450 #define SSL3_ST_CW_KEY_EXCH_A		(0x180|SSL_ST_CONNECT)
451 #define SSL3_ST_CW_KEY_EXCH_B		(0x181|SSL_ST_CONNECT)
452 #define SSL3_ST_CW_CERT_VRFY_A		(0x190|SSL_ST_CONNECT)
453 #define SSL3_ST_CW_CERT_VRFY_B		(0x191|SSL_ST_CONNECT)
454 #define SSL3_ST_CW_CHANGE_A		(0x1A0|SSL_ST_CONNECT)
455 #define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)
456 #define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
457 #define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
458 /* read from server */
459 #define SSL3_ST_CR_CHANGE_A		(0x1C0|SSL_ST_CONNECT)
460 #define SSL3_ST_CR_CHANGE_B		(0x1C1|SSL_ST_CONNECT)
461 #define SSL3_ST_CR_FINISHED_A		(0x1D0|SSL_ST_CONNECT)
462 #define SSL3_ST_CR_FINISHED_B		(0x1D1|SSL_ST_CONNECT)
463 
464 /* server */
465 /* extra state */
466 #define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
467 /* read from client */
468 /* Do not change the number values, they do matter */
469 #define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
470 #define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
471 #define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
472 /* write to client */
473 #define SSL3_ST_SW_HELLO_REQ_A		(0x120|SSL_ST_ACCEPT)
474 #define SSL3_ST_SW_HELLO_REQ_B		(0x121|SSL_ST_ACCEPT)
475 #define SSL3_ST_SW_HELLO_REQ_C		(0x122|SSL_ST_ACCEPT)
476 #define SSL3_ST_SW_SRVR_HELLO_A		(0x130|SSL_ST_ACCEPT)
477 #define SSL3_ST_SW_SRVR_HELLO_B		(0x131|SSL_ST_ACCEPT)
478 #define SSL3_ST_SW_CERT_A		(0x140|SSL_ST_ACCEPT)
479 #define SSL3_ST_SW_CERT_B		(0x141|SSL_ST_ACCEPT)
480 #define SSL3_ST_SW_KEY_EXCH_A		(0x150|SSL_ST_ACCEPT)
481 #define SSL3_ST_SW_KEY_EXCH_B		(0x151|SSL_ST_ACCEPT)
482 #define SSL3_ST_SW_CERT_REQ_A		(0x160|SSL_ST_ACCEPT)
483 #define SSL3_ST_SW_CERT_REQ_B		(0x161|SSL_ST_ACCEPT)
484 #define SSL3_ST_SW_SRVR_DONE_A		(0x170|SSL_ST_ACCEPT)
485 #define SSL3_ST_SW_SRVR_DONE_B		(0x171|SSL_ST_ACCEPT)
486 /* read from client */
487 #define SSL3_ST_SR_CERT_A		(0x180|SSL_ST_ACCEPT)
488 #define SSL3_ST_SR_CERT_B		(0x181|SSL_ST_ACCEPT)
489 #define SSL3_ST_SR_KEY_EXCH_A		(0x190|SSL_ST_ACCEPT)
490 #define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)
491 #define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)
492 #define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)
493 #define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)
494 #define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)
495 #define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
496 #define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
497 /* write to client */
498 #define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)
499 #define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)
500 #define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)
501 #define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)
502 
503 #define SSL3_MT_HELLO_REQUEST			0
504 #define SSL3_MT_CLIENT_HELLO			1
505 #define SSL3_MT_SERVER_HELLO			2
506 #define SSL3_MT_CERTIFICATE			11
507 #define SSL3_MT_SERVER_KEY_EXCHANGE		12
508 #define SSL3_MT_CERTIFICATE_REQUEST		13
509 #define SSL3_MT_SERVER_DONE			14
510 #define SSL3_MT_CERTIFICATE_VERIFY		15
511 #define SSL3_MT_CLIENT_KEY_EXCHANGE		16
512 #define SSL3_MT_FINISHED			20
513 
514 #define SSL3_MT_CCS				1
515 
516 /* These are used when changing over to a new cipher */
517 #define SSL3_CC_READ		0x01
518 #define SSL3_CC_WRITE		0x02
519 #define SSL3_CC_CLIENT		0x10
520 #define SSL3_CC_SERVER		0x20
521 #define SSL3_CHANGE_CIPHER_CLIENT_WRITE	(SSL3_CC_CLIENT|SSL3_CC_WRITE)
522 #define SSL3_CHANGE_CIPHER_SERVER_READ	(SSL3_CC_SERVER|SSL3_CC_READ)
523 #define SSL3_CHANGE_CIPHER_CLIENT_READ	(SSL3_CC_CLIENT|SSL3_CC_READ)
524 #define SSL3_CHANGE_CIPHER_SERVER_WRITE	(SSL3_CC_SERVER|SSL3_CC_WRITE)
525 
526 #ifdef  __cplusplus
527 }
528 #endif
529 #endif
530 
531