[thirdparty/openssl.git] / include / openssl / ssl3.h

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
/* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * ECC cipher suite support in OpenSSL originally developed by
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */

#ifndef HEADER_SSL3_H
# define HEADER_SSL3_H

# include <openssl/comp.h>
# include <openssl/buffer.h>
# include <openssl/evp.h>
# include <openssl/ssl.h>

#ifdef  __cplusplus
extern "C" {
#endif

/*
 * Signalling cipher suite value from RFC 5746
 * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
 */
# define SSL3_CK_SCSV                            0x030000FF

/*
 * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
 * (TLS_FALLBACK_SCSV)
 */
# define SSL3_CK_FALLBACK_SCSV                   0x03005600

# define SSL3_CK_RSA_NULL_MD5                    0x03000001
# define SSL3_CK_RSA_NULL_SHA                    0x03000002
# define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
# define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
# define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
# define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
# define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
# define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
# define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
# define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A

# define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
# define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
# define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
# define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010

# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA          0x03000011
# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          SSL3_CK_DHE_DSS_DES_40_CBC_SHA
# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA          0x03000012
# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          SSL3_CK_DHE_DSS_DES_64_CBC_SHA
# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA        0x03000013
# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA          0x03000014
# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          SSL3_CK_DHE_RSA_DES_40_CBC_SHA
# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA          0x03000015
# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          SSL3_CK_DHE_RSA_DES_64_CBC_SHA
# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA        0x03000016
# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        SSL3_CK_DHE_RSA_DES_192_CBC3_SHA

# define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
# define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
# define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
# define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
# define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B

# define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
# define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
# define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
# define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
# define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
# define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
# define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
# define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
# define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
# define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"

# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"

# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA         "EXP-DHE-DSS-DES-CBC-SHA"
# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA         "DHE-DSS-DES-CBC-SHA"
# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA       "DHE-DSS-DES-CBC3-SHA"
# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA         "EXP-DHE-RSA-DES-CBC-SHA"
# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA         "DHE-RSA-DES-CBC-SHA"
# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA       "DHE-RSA-DES-CBC3-SHA"

/*
 * This next block of six "EDH" labels is for backward compatibility with
 * older versions of OpenSSL.  New code should use the six "DHE" labels above
 * instead:
 */
# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"

# define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
# define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
# define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
# define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
# define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"

# define SSL3_SSL_SESSION_ID_LENGTH              32
# define SSL3_MAX_SSL_SESSION_ID_LENGTH          32

# define SSL3_MASTER_SECRET_SIZE                 48
# define SSL3_RANDOM_SIZE                        32
# define SSL3_SESSION_ID_SIZE                    32
# define SSL3_RT_HEADER_LENGTH                   5

# define SSL3_HM_HEADER_LENGTH                  4

# ifndef SSL3_ALIGN_PAYLOAD
 /*
  * Some will argue that this increases memory footprint, but it's not
  * actually true. Point is that malloc has to return at least 64-bit aligned
  * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
  * Suggested pre-gaping simply moves these wasted bytes from the end of
  * allocated region to its front, but makes data payload aligned, which
  * improves performance:-)
  */
#  define SSL3_ALIGN_PAYLOAD                     8
# else
#  if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
#   error "insane SSL3_ALIGN_PAYLOAD"
#   undef SSL3_ALIGN_PAYLOAD
#  endif
# endif

/*
 * This is the maximum MAC (digest) size used by the SSL library. Currently
 * maximum of 20 is used by SHA1, but we reserve for future extension for
 * 512-bit hashes.
 */

# define SSL3_RT_MAX_MD_SIZE                     64

/*
 * Maximum block size used in all ciphersuites. Currently 16 for AES.
 */

# define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16

# define SSL3_RT_MAX_EXTRA                       (16384)

/* Maximum plaintext length: defined by SSL/TLS standards */
# define SSL3_RT_MAX_PLAIN_LENGTH                16384
/* Maximum compression overhead: defined by SSL/TLS standards */
# define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024

/*
 * The standards give a maximum encryption overhead of 1024 bytes. In
 * practice the value is lower than this. The overhead is the maximum number
 * of padding bytes (256) plus the mac size.
 */
# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD  (256 + SSL3_RT_MAX_MD_SIZE)

/*
 * OpenSSL currently only uses a padding length of at most one block so the
 * send overhead is smaller.
 */

# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)

/* If compression isn't used don't include the compression overhead */

# ifdef OPENSSL_NO_COMP
#  define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
# else
#  define SSL3_RT_MAX_COMPRESSED_LENGTH   \
                (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
# endif
# define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
                (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
# define SSL3_RT_MAX_PACKET_SIZE         \
                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)

# define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
# define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"

# define SSL3_VERSION                    0x0300
# define SSL3_VERSION_MAJOR              0x03
# define SSL3_VERSION_MINOR              0x00

# define SSL3_RT_CHANGE_CIPHER_SPEC      20
# define SSL3_RT_ALERT                   21
# define SSL3_RT_HANDSHAKE               22
# define SSL3_RT_APPLICATION_DATA        23
# define DTLS1_RT_HEARTBEAT              24

/* Pseudo content types to indicate additional parameters */
# define TLS1_RT_CRYPTO                  0x1000
# define TLS1_RT_CRYPTO_PREMASTER        (TLS1_RT_CRYPTO | 0x1)
# define TLS1_RT_CRYPTO_CLIENT_RANDOM    (TLS1_RT_CRYPTO | 0x2)
# define TLS1_RT_CRYPTO_SERVER_RANDOM    (TLS1_RT_CRYPTO | 0x3)
# define TLS1_RT_CRYPTO_MASTER           (TLS1_RT_CRYPTO | 0x4)

# define TLS1_RT_CRYPTO_READ             0x0000
# define TLS1_RT_CRYPTO_WRITE            0x0100
# define TLS1_RT_CRYPTO_MAC              (TLS1_RT_CRYPTO | 0x5)
# define TLS1_RT_CRYPTO_KEY              (TLS1_RT_CRYPTO | 0x6)
# define TLS1_RT_CRYPTO_IV               (TLS1_RT_CRYPTO | 0x7)
# define TLS1_RT_CRYPTO_FIXED_IV         (TLS1_RT_CRYPTO | 0x8)

/* Pseudo content type for SSL/TLS header info */
# define SSL3_RT_HEADER                  0x100

# define SSL3_AL_WARNING                 1
# define SSL3_AL_FATAL                   2

# define SSL3_AD_CLOSE_NOTIFY             0
# define SSL3_AD_UNEXPECTED_MESSAGE      10/* fatal */
# define SSL3_AD_BAD_RECORD_MAC          20/* fatal */
# define SSL3_AD_DECOMPRESSION_FAILURE   30/* fatal */
# define SSL3_AD_HANDSHAKE_FAILURE       40/* fatal */
# define SSL3_AD_NO_CERTIFICATE          41
# define SSL3_AD_BAD_CERTIFICATE         42
# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
# define SSL3_AD_CERTIFICATE_REVOKED     44
# define SSL3_AD_CERTIFICATE_EXPIRED     45
# define SSL3_AD_CERTIFICATE_UNKNOWN     46
# define SSL3_AD_ILLEGAL_PARAMETER       47/* fatal */

# define TLS1_HB_REQUEST         1
# define TLS1_HB_RESPONSE        2


# define SSL3_CT_RSA_SIGN                        1
# define SSL3_CT_DSS_SIGN                        2
# define SSL3_CT_RSA_FIXED_DH                    3
# define SSL3_CT_DSS_FIXED_DH                    4
# define SSL3_CT_RSA_EPHEMERAL_DH                5
# define SSL3_CT_DSS_EPHEMERAL_DH                6
# define SSL3_CT_FORTEZZA_DMS                    20
/*
 * SSL3_CT_NUMBER is used to size arrays and it must be large enough to
 * contain all of the cert types defined either for SSLv3 and TLSv1.
 */
# define SSL3_CT_NUMBER                  9

# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001

/* Removed from OpenSSL 1.1.0 */
# define TLS1_FLAGS_TLS_PADDING_BUG              0x0

# define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010

/* Set if we encrypt then mac instead of usual mac then encrypt */
# define TLS1_FLAGS_ENCRYPT_THEN_MAC             0x0100

/* Set if extended master secret extension received from peer */
# define TLS1_FLAGS_RECEIVED_EXTMS               0x0200

# define SSL3_MT_HELLO_REQUEST                   0
# define SSL3_MT_CLIENT_HELLO                    1
# define SSL3_MT_SERVER_HELLO                    2
# define SSL3_MT_NEWSESSION_TICKET               4
# define SSL3_MT_CERTIFICATE                     11
# define SSL3_MT_SERVER_KEY_EXCHANGE             12
# define SSL3_MT_CERTIFICATE_REQUEST             13
# define SSL3_MT_SERVER_DONE                     14
# define SSL3_MT_CERTIFICATE_VERIFY              15
# define SSL3_MT_CLIENT_KEY_EXCHANGE             16
# define SSL3_MT_FINISHED                        20
# define SSL3_MT_CERTIFICATE_STATUS              22
# ifndef OPENSSL_NO_NEXTPROTONEG
#  define SSL3_MT_NEXT_PROTO                      67
# endif
# define DTLS1_MT_HELLO_VERIFY_REQUEST    3

/* Dummy message type for handling CCS like a normal handshake message */
# define SSL3_MT_CHANGE_CIPHER_SPEC              0x0101

# define SSL3_MT_CCS                             1

/* These are used when changing over to a new cipher */
# define SSL3_CC_READ            0x01
# define SSL3_CC_WRITE           0x02
# define SSL3_CC_CLIENT          0x10
# define SSL3_CC_SERVER          0x20
# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
# define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
# define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)

#ifdef  __cplusplus
}
#endif
#endif
Commit	Line	Data
58964a49	1	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	2	* All rights reserved.
	3	*
	4	* This package is an SSL implementation written
	5	* by Eric Young (eay@cryptsoft.com).
	6	* The implementation was written so as to conform with Netscapes SSL.
0f113f3e	7	*
d02b48c6 RE	8	* This library is free for commercial and non-commercial use as long as
	9	* the following conditions are aheared to. The following conditions
	10	* apply to all code found in this distribution, be it the RC4, RSA,
	11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	12	* included with this distribution is covered by the same copyright terms
	13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e	14	*
d02b48c6 RE	15	* Copyright remains Eric Young's, and as such any Copyright notices in
	16	* the code are not to be removed.
	17	* If this package is used in a product, Eric Young should be given attribution
	18	* as the author of the parts of the library used.
	19	* This can be in the form of a textual message at program startup or
	20	* in documentation (online or textual) provided with the package.
0f113f3e	21	*
d02b48c6 RE	22	* Redistribution and use in source and binary forms, with or without
	23	* modification, are permitted provided that the following conditions
	24	* are met:
	25	* 1. Redistributions of source code must retain the copyright
	26	* notice, this list of conditions and the following disclaimer.
	27	* 2. Redistributions in binary form must reproduce the above copyright
	28	* notice, this list of conditions and the following disclaimer in the
	29	* documentation and/or other materials provided with the distribution.
	30	* 3. All advertising materials mentioning features or use of this software
	31	* must display the following acknowledgement:
	32	* "This product includes cryptographic software written by
	33	* Eric Young (eay@cryptsoft.com)"
	34	* The word 'cryptographic' can be left out if the rouines from the library
	35	* being used are not cryptographic related :-).
0f113f3e	36	* 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6 RE	37	* the apps directory (application code) you must include an acknowledgement:
d02b48c6 RE	38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e	39	*
d02b48c6 RE	40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	50	* SUCH DAMAGE.
0f113f3e	51	*
d02b48c6 RE	52	* The licence and distribution terms for any publically available version or
	53	* derivative of this code cannot be changed. i.e. this code cannot simply be
	54	* copied and put under another distribution licence
	55	* [including the GNU Public Licence.]
	56	*/
82b0bf0b BM	57	/* ====================================================================
	58	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
	59	*
	60	* Redistribution and use in source and binary forms, with or without
	61	* modification, are permitted provided that the following conditions
	62	* are met:
	63	*
	64	* 1. Redistributions of source code must retain the above copyright
0f113f3e	65	* notice, this list of conditions and the following disclaimer.
82b0bf0b BM	66	*
	67	* 2. Redistributions in binary form must reproduce the above copyright
	68	* notice, this list of conditions and the following disclaimer in
	69	* the documentation and/or other materials provided with the
	70	* distribution.
	71	*
	72	* 3. All advertising materials mentioning features or use of this
	73	* software must display the following acknowledgment:
	74	* "This product includes software developed by the OpenSSL Project
	75	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	76	*
	77	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	78	* endorse or promote products derived from this software without
	79	* prior written permission. For written permission, please contact
	80	* openssl-core@openssl.org.
	81	*
	82	* 5. Products derived from this software may not be called "OpenSSL"
	83	* nor may "OpenSSL" appear in their names without prior written
	84	* permission of the OpenSSL Project.
	85	*
	86	* 6. Redistributions of any form whatsoever must retain the following
	87	* acknowledgment:
	88	* "This product includes software developed by the OpenSSL Project
	89	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	90	*
	91	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	92	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	93	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	94	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	95	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	96	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	97	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	98	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	99	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	100	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	101	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	102	* OF THE POSSIBILITY OF SUCH DAMAGE.
	103	* ====================================================================
	104	*
	105	* This product includes cryptographic software written by Eric Young
	106	* (eay@cryptsoft.com). This product includes software written by Tim
	107	* Hudson (tjh@cryptsoft.com).
	108	*
	109	*/
ea262260 BM	110	/* ====================================================================
ea262260 BM	111	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
0f113f3e	112	* ECC cipher suite support in OpenSSL originally developed by
ea262260 BM	113	* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
ea262260 BM	114	*/
d02b48c6	115
0f113f3e MC	116	#ifndef HEADER_SSL3_H
0f113f3e MC	117	# define HEADER_SSL3_H
d02b48c6	118
3c27208f	119	# include <openssl/comp.h>
0f113f3e MC	120	# include <openssl/buffer.h>
	121	# include <openssl/evp.h>
	122	# include <openssl/ssl.h>
d02b48c6 RE	123
	124	#ifdef __cplusplus
	125	extern "C" {
	126	#endif
	127
0f113f3e MC	128	/*
	129	* Signalling cipher suite value from RFC 5746
	130	* (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
	131	*/
	132	# define SSL3_CK_SCSV 0x030000FF
d02b48c6	133
0f113f3e MC	134	/*
	135	* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
	136	* (TLS_FALLBACK_SCSV)
f9b3bff6	137	*/
0f113f3e MC	138	# define SSL3_CK_FALLBACK_SCSV 0x03005600
	139
	140	# define SSL3_CK_RSA_NULL_MD5 0x03000001
	141	# define SSL3_CK_RSA_NULL_SHA 0x03000002
	142	# define SSL3_CK_RSA_RC4_40_MD5 0x03000003
	143	# define SSL3_CK_RSA_RC4_128_MD5 0x03000004
	144	# define SSL3_CK_RSA_RC4_128_SHA 0x03000005
	145	# define SSL3_CK_RSA_RC2_40_MD5 0x03000006
	146	# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
	147	# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
	148	# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
	149	# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
	150
	151	# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
	152	# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
	153	# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
	154	# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
	155	# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
	156	# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
	157
	158	# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011
	159	# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA
	160	# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012
	161	# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA
	162	# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013
	163	# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
	164	# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014
	165	# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA
	166	# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015
	167	# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA
	168	# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016
	169	# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
	170
	171	# define SSL3_CK_ADH_RC4_40_MD5 0x03000017
	172	# define SSL3_CK_ADH_RC4_128_MD5 0x03000018
	173	# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
	174	# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
	175	# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
	176
0f113f3e MC	177	# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
	178	# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
	179	# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
	180	# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
	181	# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
	182	# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
	183	# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
	184	# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
	185	# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
	186	# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
	187
	188	# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
	189	# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
	190	# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
	191	# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
	192	# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
	193	# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
	194
	195	# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA"
	196	# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA"
	197	# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA"
	198	# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA"
	199	# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA"
	200	# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA"
d02b48c6	201
0f113f3e MC	202	/*
	203	* This next block of six "EDH" labels is for backward compatibility with
	204	* older versions of OpenSSL. New code should use the six "DHE" labels above
	205	* instead:
	206	*/
	207	# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
	208	# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
	209	# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
	210	# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
	211	# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
	212	# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
	213
	214	# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
	215	# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
	216	# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
	217	# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
	218	# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
	219
0f113f3e MC	220	# define SSL3_SSL_SESSION_ID_LENGTH 32
	221	# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
	222
	223	# define SSL3_MASTER_SECRET_SIZE 48
	224	# define SSL3_RANDOM_SIZE 32
	225	# define SSL3_SESSION_ID_SIZE 32
	226	# define SSL3_RT_HEADER_LENGTH 5
	227
	228	# define SSL3_HM_HEADER_LENGTH 4
	229
	230	# ifndef SSL3_ALIGN_PAYLOAD
	231	/*
	232	* Some will argue that this increases memory footprint, but it's not
	233	* actually true. Point is that malloc has to return at least 64-bit aligned
	234	* pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
	235	* Suggested pre-gaping simply moves these wasted bytes from the end of
	236	* allocated region to its front, but makes data payload aligned, which
	237	* improves performance:-)
	238	*/
	239	# define SSL3_ALIGN_PAYLOAD 8
	240	# else
	241	# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
	242	# error "insane SSL3_ALIGN_PAYLOAD"
	243	# undef SSL3_ALIGN_PAYLOAD
	244	# endif
a4d64c7f	245	# endif
a4d64c7f	246
0f113f3e MC	247	/*
	248	* This is the maximum MAC (digest) size used by the SSL library. Currently
	249	* maximum of 20 is used by SHA1, but we reserve for future extension for
	250	* 512-bit hashes.
566dda07 DSH	251	*/
566dda07 DSH	252
0f113f3e	253	# define SSL3_RT_MAX_MD_SIZE 64
566dda07	254
0f113f3e MC	255	/*
0f113f3e MC	256	* Maximum block size used in all ciphersuites. Currently 16 for AES.
566dda07 DSH	257	*/
566dda07 DSH	258
0f113f3e	259	# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
566dda07	260
0f113f3e	261	# define SSL3_RT_MAX_EXTRA (16384)
d02b48c6	262
566dda07	263	/* Maximum plaintext length: defined by SSL/TLS standards */
0f113f3e	264	# define SSL3_RT_MAX_PLAIN_LENGTH 16384
566dda07	265	/* Maximum compression overhead: defined by SSL/TLS standards */
0f113f3e	266	# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
566dda07	267
0f113f3e MC	268	/*
	269	* The standards give a maximum encryption overhead of 1024 bytes. In
	270	* practice the value is lower than this. The overhead is the maximum number
	271	* of padding bytes (256) plus the mac size.
566dda07	272	*/
0f113f3e	273	# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
566dda07	274
0f113f3e MC	275	/*
	276	* OpenSSL currently only uses a padding length of at most one block so the
	277	* send overhead is smaller.
566dda07 DSH	278	*/
566dda07 DSH	279
0f113f3e MC	280	# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
0f113f3e MC	281	(SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
566dda07 DSH	282
	283	/* If compression isn't used don't include the compression overhead */
	284
0f113f3e MC	285	# ifdef OPENSSL_NO_COMP
	286	# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
	287	# else
	288	# define SSL3_RT_MAX_COMPRESSED_LENGTH \
	289	(SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
	290	# endif
	291	# define SSL3_RT_MAX_ENCRYPTED_LENGTH \
	292	(SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
	293	# define SSL3_RT_MAX_PACKET_SIZE \
	294	(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
d02b48c6	295
0f113f3e MC	296	# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
0f113f3e MC	297	# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
d02b48c6	298
0f113f3e MC	299	# define SSL3_VERSION 0x0300
	300	# define SSL3_VERSION_MAJOR 0x03
	301	# define SSL3_VERSION_MINOR 0x00
d02b48c6	302
0f113f3e MC	303	# define SSL3_RT_CHANGE_CIPHER_SPEC 20
	304	# define SSL3_RT_ALERT 21
	305	# define SSL3_RT_HANDSHAKE 22
	306	# define SSL3_RT_APPLICATION_DATA 23
22e3dcb7	307	# define DTLS1_RT_HEARTBEAT 24
d02b48c6	308
1cf218bc	309	/* Pseudo content types to indicate additional parameters */
0f113f3e MC	310	# define TLS1_RT_CRYPTO 0x1000
	311	# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO \| 0x1)
	312	# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO \| 0x2)
	313	# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO \| 0x3)
	314	# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO \| 0x4)
	315
	316	# define TLS1_RT_CRYPTO_READ 0x0000
	317	# define TLS1_RT_CRYPTO_WRITE 0x0100
	318	# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO \| 0x5)
	319	# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO \| 0x6)
	320	# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO \| 0x7)
	321	# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO \| 0x8)
1cf218bc	322
36b5bb6f	323	/* Pseudo content type for SSL/TLS header info */
0f113f3e MC	324	# define SSL3_RT_HEADER 0x100
	325
	326	# define SSL3_AL_WARNING 1
	327	# define SSL3_AL_FATAL 2
	328
	329	# define SSL3_AD_CLOSE_NOTIFY 0
	330	# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */
	331	# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */
	332	# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */
	333	# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */
	334	# define SSL3_AD_NO_CERTIFICATE 41
	335	# define SSL3_AD_BAD_CERTIFICATE 42
	336	# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
	337	# define SSL3_AD_CERTIFICATE_REVOKED 44
	338	# define SSL3_AD_CERTIFICATE_EXPIRED 45
	339	# define SSL3_AD_CERTIFICATE_UNKNOWN 46
	340	# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */
	341
	342	# define TLS1_HB_REQUEST 1
	343	# define TLS1_HB_RESPONSE 2
	344
08557cf2	345
0f113f3e MC	346	# define SSL3_CT_RSA_SIGN 1
	347	# define SSL3_CT_DSS_SIGN 2
	348	# define SSL3_CT_RSA_FIXED_DH 3
	349	# define SSL3_CT_DSS_FIXED_DH 4
	350	# define SSL3_CT_RSA_EPHEMERAL_DH 5
	351	# define SSL3_CT_DSS_EPHEMERAL_DH 6
	352	# define SSL3_CT_FORTEZZA_DMS 20
	353	/*
	354	* SSL3_CT_NUMBER is used to size arrays and it must be large enough to
	355	* contain all of the cert types defined either for SSLv3 and TLSv1.
ea262260	356	*/
0f113f3e MC	357	# define SSL3_CT_NUMBER 9
	358
	359	# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
57787ac8	360
a8e4ac6a EK	361	/* Removed from OpenSSL 1.1.0 */
a8e4ac6a EK	362	# define TLS1_FLAGS_TLS_PADDING_BUG 0x0
57787ac8	363
0f113f3e	364	# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
e94a6c0e	365
5e3ff62c	366	/* Set if we encrypt then mac instead of usual mac then encrypt */
0f113f3e MC	367	# define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0100
0f113f3e MC	368
e7f0d921 DSH	369	/* Set if extended master secret extension received from peer */
e7f0d921 DSH	370	# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200
36d16f8e	371
0f113f3e MC	372	# define SSL3_MT_HELLO_REQUEST 0
	373	# define SSL3_MT_CLIENT_HELLO 1
	374	# define SSL3_MT_SERVER_HELLO 2
	375	# define SSL3_MT_NEWSESSION_TICKET 4
	376	# define SSL3_MT_CERTIFICATE 11
	377	# define SSL3_MT_SERVER_KEY_EXCHANGE 12
	378	# define SSL3_MT_CERTIFICATE_REQUEST 13
	379	# define SSL3_MT_SERVER_DONE 14
	380	# define SSL3_MT_CERTIFICATE_VERIFY 15
	381	# define SSL3_MT_CLIENT_KEY_EXCHANGE 16
	382	# define SSL3_MT_FINISHED 20
	383	# define SSL3_MT_CERTIFICATE_STATUS 22
	384	# ifndef OPENSSL_NO_NEXTPROTONEG
	385	# define SSL3_MT_NEXT_PROTO 67
	386	# endif
	387	# define DTLS1_MT_HELLO_VERIFY_REQUEST 3
d02b48c6	388
657da85e MC	389	/* Dummy message type for handling CCS like a normal handshake message */
	390	# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101
	391
0f113f3e	392	# define SSL3_MT_CCS 1
d02b48c6 RE	393
d02b48c6 RE	394	/* These are used when changing over to a new cipher */
0f113f3e MC	395	# define SSL3_CC_READ 0x01
	396	# define SSL3_CC_WRITE 0x02
	397	# define SSL3_CC_CLIENT 0x10
	398	# define SSL3_CC_SERVER 0x20
	399	# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT\|SSL3_CC_WRITE)
	400	# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER\|SSL3_CC_READ)
	401	# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT\|SSL3_CC_READ)
	402	# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER\|SSL3_CC_WRITE)
d02b48c6 RE	403
	404	#ifdef __cplusplus
	405	}
	406	#endif
	407	#endif