[thirdparty/openssl.git] / ssl / ssl3.h

/* ssl/ssl3.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#ifndef HEADER_SSL3_H 
#define HEADER_SSL3_H 

#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>

#ifdef  __cplusplus
extern "C" {
#endif

#define SSL3_CK_RSA_NULL_MD5			0x03000001
#define SSL3_CK_RSA_NULL_SHA			0x03000002
#define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
#define SSL3_CK_RSA_RC4_128_MD5			0x03000004
#define SSL3_CK_RSA_RC4_128_SHA			0x03000005
#define SSL3_CK_RSA_RC2_40_MD5			0x03000006
#define SSL3_CK_RSA_IDEA_128_SHA		0x03000007
#define SSL3_CK_RSA_DES_40_CBC_SHA		0x03000008
#define SSL3_CK_RSA_DES_64_CBC_SHA		0x03000009
#define SSL3_CK_RSA_DES_192_CBC3_SHA		0x0300000A

#define SSL3_CK_DH_DSS_DES_40_CBC_SHA		0x0300000B
#define SSL3_CK_DH_DSS_DES_64_CBC_SHA		0x0300000C
#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 	0x0300000D
#define SSL3_CK_DH_RSA_DES_40_CBC_SHA		0x0300000E
#define SSL3_CK_DH_RSA_DES_64_CBC_SHA		0x0300000F
#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 	0x03000010

#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA		0x03000011
#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA		0x03000012
#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA	0x03000013
#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA		0x03000014
#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA		0x03000015
#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA	0x03000016

#define SSL3_CK_ADH_RC4_40_MD5			0x03000017
#define SSL3_CK_ADH_RC4_128_MD5			0x03000018
#define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019
#define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A
#define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B

#define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
#define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
#define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E

#define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
#define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
#define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"
#define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"
#define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"
#define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"
#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"
#define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"
#define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"
#define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"

#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA		"EXP-DH-DSS-DES-CBC-SHA"
#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA		"DH-DSS-DES-CBC-SHA"
#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 	"DH-DSS-DES-CBC3-SHA"
#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA		"EXP-DH-RSA-DES-CBC-SHA"
#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA		"DH-RSA-DES-CBC-SHA"
#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 	"DH-RSA-DES-CBC3-SHA"

#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"
#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"
#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"
#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"
#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"
#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"

#define SSL3_TXT_ADH_RC4_40_MD5			"EXP-ADH-RC4-MD5"
#define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"
#define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"
#define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"
#define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"

#define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"
#define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
#define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"

#define SSL3_SSL_SESSION_ID_LENGTH		32
#define SSL3_MAX_SSL_SESSION_ID_LENGTH		32

#define SSL3_MASTER_SECRET_SIZE			48
#define SSL3_RANDOM_SIZE			32
#define SSL3_SESSION_ID_SIZE			32
#define SSL3_RT_HEADER_LENGTH			5

/* Due to MS stuffing up, this can change.... */
#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
#define SSL3_RT_MAX_EXTRA			(14000)
#else
#define SSL3_RT_MAX_EXTRA			(16384)
#endif

#define SSL3_RT_MAX_PLAIN_LENGTH		16384
#define SSL3_RT_MAX_COMPRESSED_LENGTH	(1024+SSL3_RT_MAX_PLAIN_LENGTH)
#define SSL3_RT_MAX_ENCRYPTED_LENGTH	(1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
#define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
#define SSL3_RT_MAX_DATA_SIZE			(1024*1024)

/* the states that a SSL3_RECORD can be in
 * For SSL_read it goes
 * rbuf->ENCODED	-> read 
 * ENCODED		-> we need to decode everything - call decode_record
 */
 
#define SSL3_RS_BLANK			1
#define SSL3_RS_DATA

#define SSL3_RS_ENCODED			2
#define SSL3_RS_READ_MORE		3
#define SSL3_RS_WRITE_MORE
#define SSL3_RS_PLAIN			3
#define SSL3_RS_PART_READ		4
#define SSL3_RS_PART_WRITE		5

#define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"
#define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"

#define SSL3_VERSION			0x0300
#define SSL3_VERSION_MAJOR		0x03
#define SSL3_VERSION_MINOR		0x00

#define SSL3_RT_CHANGE_CIPHER_SPEC	20
#define SSL3_RT_ALERT			21
#define SSL3_RT_HANDSHAKE		22
#define SSL3_RT_APPLICATION_DATA	23

#define SSL3_AL_WARNING			1
#define SSL3_AL_FATAL			2

#define SSL3_AD_CLOSE_NOTIFY		 0
#define SSL3_AD_UNEXPECTED_MESSAGE	10	/* fatal */
#define SSL3_AD_BAD_RECORD_MAC		20	/* fatal */
#define SSL3_AD_DECOMPRESSION_FAILURE	30	/* fatal */
#define SSL3_AD_HANDSHAKE_FAILURE	40	/* fatal */
#define SSL3_AD_NO_CERTIFICATE		41
#define SSL3_AD_BAD_CERTIFICATE		42
#define SSL3_AD_UNSUPPORTED_CERTIFICATE	43
#define SSL3_AD_CERTIFICATE_REVOKED	44
#define SSL3_AD_CERTIFICATE_EXPIRED	45
#define SSL3_AD_CERTIFICATE_UNKNOWN	46
#define SSL3_AD_ILLEGAL_PARAMETER	47	/* fatal */

typedef struct ssl3_record_st
	{
/*r */	int type;		/* type of record */
/*  */	/*int state;*/		/* any data in it? */
/*rw*/	unsigned int length;	/* How many bytes available */
/*r */	unsigned int off;	/* read/write offset into 'buf' */
/*rw*/	unsigned char *data;	/* pointer to the record data */
/*rw*/	unsigned char *input;	/* where the decode bytes are */
/*r */	unsigned char *comp;	/* only used with decompression - malloc()ed */
	} SSL3_RECORD;

typedef struct ssl3_buffer_st
	{
/*r */	int total;		/* used in non-blocking writes */
/*r */	int wanted;		/* how many more bytes we need */
/*rw*/	int left;		/* how many bytes left */
/*rw*/	int offset;		/* where to 'copy from' */
/*rw*/	unsigned char *buf;	/* SSL3_RT_MAX_PACKET_SIZE bytes */
	} SSL3_BUFFER;

#define SSL3_CT_RSA_SIGN			1
#define SSL3_CT_DSS_SIGN			2
#define SSL3_CT_RSA_FIXED_DH			3
#define SSL3_CT_DSS_FIXED_DH			4
#define SSL3_CT_RSA_EPHEMERAL_DH		5
#define SSL3_CT_DSS_EPHEMERAL_DH		6
#define SSL3_CT_FORTEZZA_DMS			20
#define SSL3_CT_NUMBER				7

#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
#define SSL3_FLAGS_POP_BUFFER			0x0004
#define TLS1_FLAGS_TLS_PADDING_BUG		0x0008

#if 0
#define AD_CLOSE_NOTIFY			0
#define AD_UNEXPECTED_MESSAGE		1
#define AD_BAD_RECORD_MAC		2
#define AD_DECRYPTION_FAILED		3
#define AD_RECORD_OVERFLOW		4
#define AD_DECOMPRESSION_FAILURE	5	/* fatal */
#define AD_HANDSHAKE_FAILURE		6	/* fatal */
#define AD_NO_CERTIFICATE		7	/* Not under TLS */
#define AD_BAD_CERTIFICATE		8
#define AD_UNSUPPORTED_CERTIFICATE	9
#define AD_CERTIFICATE_REVOKED		10	
#define AD_CERTIFICATE_EXPIRED		11
#define AD_CERTIFICATE_UNKNOWN		12
#define AD_ILLEGAL_PARAMETER		13	/* fatal */
#define AD_UNKNOWN_CA			14	/* fatal */
#define AD_ACCESS_DENIED		15	/* fatal */
#define AD_DECODE_ERROR			16	/* fatal */
#define AD_DECRYPT_ERROR		17
#define AD_EXPORT_RESTRICION		18	/* fatal */
#define AD_PROTOCOL_VERSION		19	/* fatal */
#define AD_INSUFFICIENT_SECURITY	20	/* fatal */
#define AD_INTERNAL_ERROR		21	/* fatal */
#define AD_USER_CANCLED			22
#define AD_NO_RENEGOTIATION		23
#endif

typedef struct ssl3_ctx_st
	{
	long flags;
	int delay_buf_pop_ret;

	unsigned char read_sequence[8];
	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
	unsigned char write_sequence[8];
	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];

	unsigned char server_random[SSL3_RANDOM_SIZE];
	unsigned char client_random[SSL3_RANDOM_SIZE];

	SSL3_BUFFER rbuf;	/* read IO goes into here */
	SSL3_BUFFER wbuf;	/* write IO goes into here */
	SSL3_RECORD rrec;	/* each decoded record goes in here */
	SSL3_RECORD wrec;	/* goes out from here */
				/* Used by ssl3_read_n to point
				 * to input data packet */

	/* partial write - check the numbers match */
	unsigned int wnum;	/* number of bytes sent so far */
	int wpend_tot;		/* number bytes written */
	int wpend_type;
	int wpend_ret;		/* number of bytes submitted */
	const unsigned char *wpend_buf;

	/* used during startup, digest all incoming/outgoing packets */
	EVP_MD_CTX finish_dgst1;
	EVP_MD_CTX finish_dgst2;

	/* this is set whenerver we see a change_cipher_spec message
	 * come in when we are not looking for one */
	int change_cipher_spec;

	int warn_alert;
	int fatal_alert;
	/* we alow one fatal and one warning alert to be outstanding,
	 * send close alert via the warning alert */
	int alert_dispatch;
	unsigned char send_alert[2];

	/* This flag is set when we should renegotiate ASAP, basically when
	 * there is no more data in the read or write buffers */
	int renegotiate;
	int total_renegotiations;
	int num_renegotiations;

	int in_read_app_data;

	struct	{
		/* actually only needs to be 16+20 */
		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];

		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
		unsigned char server_finish_md[EVP_MAX_MD_SIZE*2];
		int server_finish_md_len;
		unsigned char client_finish_md[EVP_MAX_MD_SIZE*2];
		int client_finish_md_len;
		
		unsigned long message_size;
		int message_type;

		/* used to hold the new cipher we are going to use */
		SSL_CIPHER *new_cipher;
#ifndef NO_DH
		DH *dh;
#endif
		/* used when SSL_ST_FLUSH_DATA is entered */
		int next_state;			

		int reuse_message;

		/* used for certificate requests */
		int cert_req;
		int ctype_num;
		char ctype[SSL3_CT_NUMBER];
		STACK_OF(X509_NAME) *ca_names;

		int use_rsa_tmp;

		int key_block_length;
		unsigned char *key_block;

		const EVP_CIPHER *new_sym_enc;
		const EVP_MD *new_hash;
#ifdef HEADER_COMP_H
		const SSL_COMP *new_compression;
#else
		char *new_compression;
#endif
		int cert_request;
		} tmp;

	} SSL3_CTX;

/* SSLv3 */
/*client */
/* extra state */
#define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)
/* write to server */
#define SSL3_ST_CW_CLNT_HELLO_A		(0x110|SSL_ST_CONNECT)
#define SSL3_ST_CW_CLNT_HELLO_B		(0x111|SSL_ST_CONNECT)
/* read from server */
#define SSL3_ST_CR_SRVR_HELLO_A		(0x120|SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_HELLO_B		(0x121|SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_A		(0x130|SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_B		(0x131|SSL_ST_CONNECT)
#define SSL3_ST_CR_KEY_EXCH_A		(0x140|SSL_ST_CONNECT)
#define SSL3_ST_CR_KEY_EXCH_B		(0x141|SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_REQ_A		(0x150|SSL_ST_CONNECT)
#define SSL3_ST_CR_CERT_REQ_B		(0x151|SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_DONE_A		(0x160|SSL_ST_CONNECT)
#define SSL3_ST_CR_SRVR_DONE_B		(0x161|SSL_ST_CONNECT)
/* write to server */
#define SSL3_ST_CW_CERT_A		(0x170|SSL_ST_CONNECT)
#define SSL3_ST_CW_CERT_B		(0x171|SSL_ST_CONNECT)
#define SSL3_ST_CW_CERT_C		(0x172|SSL_ST_CONNECT)
#define SSL3_ST_CW_CERT_D		(0x173|SSL_ST_CONNECT)
#define SSL3_ST_CW_KEY_EXCH_A		(0x180|SSL_ST_CONNECT)
#define SSL3_ST_CW_KEY_EXCH_B		(0x181|SSL_ST_CONNECT)
#define SSL3_ST_CW_CERT_VRFY_A		(0x190|SSL_ST_CONNECT)
#define SSL3_ST_CW_CERT_VRFY_B		(0x191|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_A		(0x1A0|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
/* read from server */
#define SSL3_ST_CR_CHANGE_A		(0x1C0|SSL_ST_CONNECT)
#define SSL3_ST_CR_CHANGE_B		(0x1C1|SSL_ST_CONNECT)
#define SSL3_ST_CR_FINISHED_A		(0x1D0|SSL_ST_CONNECT)
#define SSL3_ST_CR_FINISHED_B		(0x1D1|SSL_ST_CONNECT)

/* server */
/* extra state */
#define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
/* read from client */
/* Do not change the number values, they do matter */
#define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
#define SSL3_ST_SR_MS_SGC			(0x113|SSL_ST_ACCEPT)
/* write to client */
#define SSL3_ST_SW_HELLO_REQ_A		(0x120|SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_B		(0x121|SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_C		(0x122|SSL_ST_ACCEPT)
#define SSL3_ST_SW_SRVR_HELLO_A		(0x130|SSL_ST_ACCEPT)
#define SSL3_ST_SW_SRVR_HELLO_B		(0x131|SSL_ST_ACCEPT)
#define SSL3_ST_SW_CERT_A		(0x140|SSL_ST_ACCEPT)
#define SSL3_ST_SW_CERT_B		(0x141|SSL_ST_ACCEPT)
#define SSL3_ST_SW_KEY_EXCH_A		(0x150|SSL_ST_ACCEPT)
#define SSL3_ST_SW_KEY_EXCH_B		(0x151|SSL_ST_ACCEPT)
#define SSL3_ST_SW_CERT_REQ_A		(0x160|SSL_ST_ACCEPT)
#define SSL3_ST_SW_CERT_REQ_B		(0x161|SSL_ST_ACCEPT)
#define SSL3_ST_SW_SRVR_DONE_A		(0x170|SSL_ST_ACCEPT)
#define SSL3_ST_SW_SRVR_DONE_B		(0x171|SSL_ST_ACCEPT)
/* read from client */
#define SSL3_ST_SR_CERT_A		(0x180|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_B		(0x181|SSL_ST_ACCEPT)
#define SSL3_ST_SR_KEY_EXCH_A		(0x190|SSL_ST_ACCEPT)
#define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
/* write to client */
#define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)
#define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)
#define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)
#define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)

#define SSL3_MT_CLIENT_REQUEST			0
#define SSL3_MT_CLIENT_HELLO			1
#define SSL3_MT_SERVER_HELLO			2
#define SSL3_MT_CERTIFICATE			11
#define SSL3_MT_SERVER_KEY_EXCHANGE		12
#define SSL3_MT_CERTIFICATE_REQUEST		13
#define SSL3_MT_SERVER_DONE			14
#define SSL3_MT_CERTIFICATE_VERIFY		15
#define SSL3_MT_CLIENT_KEY_EXCHANGE		16
#define SSL3_MT_FINISHED			20

#define SSL3_MT_CCS				1

/* These are used when changing over to a new cipher */
#define SSL3_CC_READ		0x01
#define SSL3_CC_WRITE		0x02
#define SSL3_CC_CLIENT		0x10
#define SSL3_CC_SERVER		0x20
#define SSL3_CHANGE_CIPHER_CLIENT_WRITE	(SSL3_CC_CLIENT|SSL3_CC_WRITE)	
#define SSL3_CHANGE_CIPHER_SERVER_READ	(SSL3_CC_SERVER|SSL3_CC_READ)
#define SSL3_CHANGE_CIPHER_CLIENT_READ	(SSL3_CC_CLIENT|SSL3_CC_READ)
#define SSL3_CHANGE_CIPHER_SERVER_WRITE	(SSL3_CC_SERVER|SSL3_CC_WRITE)

#ifdef  __cplusplus
}
#endif
#endif
Commit	Line	Data
d02b48c6	1	/* ssl/ssl3.h */
58964a49	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#ifndef HEADER_SSL3_H
	60	#define HEADER_SSL3_H
	61
ec577822	62	#include <openssl/buffer.h>
0b86eb3e BM	63	#include <openssl/evp.h>
0b86eb3e BM	64	#include <openssl/ssl.h>
d02b48c6 RE	65
	66	#ifdef __cplusplus
	67	extern "C" {
	68	#endif
	69
	70	#define SSL3_CK_RSA_NULL_MD5 0x03000001
	71	#define SSL3_CK_RSA_NULL_SHA 0x03000002
	72	#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
	73	#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
	74	#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
	75	#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
	76	#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
	77	#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
	78	#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
	79	#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
	80
	81	#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
	82	#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
	83	#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
	84	#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
	85	#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
	86	#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
	87
	88	#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
	89	#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
	90	#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
	91	#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
	92	#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
	93	#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
	94
	95	#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
	96	#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
	97	#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
	98	#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
58964a49	99	#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
d02b48c6 RE	100
	101	#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
	102	#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
	103	#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
	104
	105	#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
	106	#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
	107	#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
	108	#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
	109	#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
	110	#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
58964a49	111	#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
d02b48c6 RE	112	#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
	113	#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
	114	#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
	115
	116	#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
	117	#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
	118	#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
	119	#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
	120	#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
	121	#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
	122
	123	#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
	124	#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
	125	#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
58964a49	126	#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
d02b48c6 RE	127	#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
	128	#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
	129
	130	#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
	131	#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
	132	#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
	133	#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
58964a49	134	#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
d02b48c6 RE	135
	136	#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
	137	#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
	138	#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
	139
	140	#define SSL3_SSL_SESSION_ID_LENGTH 32
	141	#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
	142
	143	#define SSL3_MASTER_SECRET_SIZE 48
	144	#define SSL3_RANDOM_SIZE 32
	145	#define SSL3_SESSION_ID_SIZE 32
	146	#define SSL3_RT_HEADER_LENGTH 5
	147
	148	/* Due to MS stuffing up, this can change.... */
	149	#if defined(WIN16) \|\| (defined(MSDOS) && !defined(WIN32))
	150	#define SSL3_RT_MAX_EXTRA (14000)
	151	#else
	152	#define SSL3_RT_MAX_EXTRA (16384)
	153	#endif
	154
	155	#define SSL3_RT_MAX_PLAIN_LENGTH 16384
	156	#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
	157	#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
	158	#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
	159	#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
	160
	161	/* the states that a SSL3_RECORD can be in
	162	* For SSL_read it goes
	163	* rbuf->ENCODED -> read
	164	* ENCODED -> we need to decode everything - call decode_record
	165	*/
	166
	167	#define SSL3_RS_BLANK 1
	168	#define SSL3_RS_DATA
	169
	170	#define SSL3_RS_ENCODED 2
	171	#define SSL3_RS_READ_MORE 3
	172	#define SSL3_RS_WRITE_MORE
	173	#define SSL3_RS_PLAIN 3
	174	#define SSL3_RS_PART_READ 4
	175	#define SSL3_RS_PART_WRITE 5
	176
c44f7540 BM	177	#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
c44f7540 BM	178	#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
d02b48c6 RE	179
	180	#define SSL3_VERSION 0x0300
	181	#define SSL3_VERSION_MAJOR 0x03
	182	#define SSL3_VERSION_MINOR 0x00
	183
	184	#define SSL3_RT_CHANGE_CIPHER_SPEC 20
	185	#define SSL3_RT_ALERT 21
	186	#define SSL3_RT_HANDSHAKE 22
	187	#define SSL3_RT_APPLICATION_DATA 23
	188
	189	#define SSL3_AL_WARNING 1
	190	#define SSL3_AL_FATAL 2
	191
	192	#define SSL3_AD_CLOSE_NOTIFY 0
	193	#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
	194	#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
	195	#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
	196	#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
	197	#define SSL3_AD_NO_CERTIFICATE 41
	198	#define SSL3_AD_BAD_CERTIFICATE 42
	199	#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
	200	#define SSL3_AD_CERTIFICATE_REVOKED 44
	201	#define SSL3_AD_CERTIFICATE_EXPIRED 45
	202	#define SSL3_AD_CERTIFICATE_UNKNOWN 46
	203	#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
	204
	205	typedef struct ssl3_record_st
	206	{
	207	/r / int type; /* type of record */
	208	/* / /int state;/ / any data in it? */
	209	/rw/ unsigned int length; /* How many bytes available */
	210	/r / unsigned int off; /* read/write offset into 'buf' */
	211	/rw/ unsigned char data; / pointer to the record data */
	212	/rw/ unsigned char input; / where the decode bytes are */
dfeab068	213	/r / unsigned char comp; / only used with decompression - malloc()ed */
d02b48c6 RE	214	} SSL3_RECORD;
	215
	216	typedef struct ssl3_buffer_st
	217	{
	218	/r / int total; /* used in non-blocking writes */
	219	/r / int wanted; /* how many more bytes we need */
	220	/rw/ int left; /* how many bytes left */
	221	/rw/ int offset; /* where to 'copy from' */
	222	/rw/ unsigned char buf; / SSL3_RT_MAX_PACKET_SIZE bytes */
	223	} SSL3_BUFFER;
	224
d02b48c6 RE	225	#define SSL3_CT_RSA_SIGN 1
	226	#define SSL3_CT_DSS_SIGN 2
	227	#define SSL3_CT_RSA_FIXED_DH 3
	228	#define SSL3_CT_DSS_FIXED_DH 4
	229	#define SSL3_CT_RSA_EPHEMERAL_DH 5
	230	#define SSL3_CT_DSS_EPHEMERAL_DH 6
	231	#define SSL3_CT_FORTEZZA_DMS 20
	232	#define SSL3_CT_NUMBER 7
	233
	234	#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
	235	#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
	236	#define SSL3_FLAGS_POP_BUFFER 0x0004
dfeab068	237	#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
58964a49 RE	238
	239	#if 0
	240	#define AD_CLOSE_NOTIFY 0
	241	#define AD_UNEXPECTED_MESSAGE 1
	242	#define AD_BAD_RECORD_MAC 2
	243	#define AD_DECRYPTION_FAILED 3
	244	#define AD_RECORD_OVERFLOW 4
	245	#define AD_DECOMPRESSION_FAILURE 5 /* fatal */
	246	#define AD_HANDSHAKE_FAILURE 6 /* fatal */
	247	#define AD_NO_CERTIFICATE 7 /* Not under TLS */
	248	#define AD_BAD_CERTIFICATE 8
	249	#define AD_UNSUPPORTED_CERTIFICATE 9
	250	#define AD_CERTIFICATE_REVOKED 10
	251	#define AD_CERTIFICATE_EXPIRED 11
	252	#define AD_CERTIFICATE_UNKNOWN 12
	253	#define AD_ILLEGAL_PARAMETER 13 /* fatal */
	254	#define AD_UNKNOWN_CA 14 /* fatal */
	255	#define AD_ACCESS_DENIED 15 /* fatal */
	256	#define AD_DECODE_ERROR 16 /* fatal */
	257	#define AD_DECRYPT_ERROR 17
	258	#define AD_EXPORT_RESTRICION 18 /* fatal */
	259	#define AD_PROTOCOL_VERSION 19 /* fatal */
	260	#define AD_INSUFFICIENT_SECURITY 20 /* fatal */
	261	#define AD_INTERNAL_ERROR 21 /* fatal */
	262	#define AD_USER_CANCLED 22
	263	#define AD_NO_RENEGOTIATION 23
	264	#endif
d02b48c6 RE	265
	266	typedef struct ssl3_ctx_st
	267	{
	268	long flags;
	269	int delay_buf_pop_ret;
	270
	271	unsigned char read_sequence[8];
	272	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
	273	unsigned char write_sequence[8];
	274	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
	275
	276	unsigned char server_random[SSL3_RANDOM_SIZE];
	277	unsigned char client_random[SSL3_RANDOM_SIZE];
	278
	279	SSL3_BUFFER rbuf; /* read IO goes into here */
	280	SSL3_BUFFER wbuf; /* write IO goes into here */
	281	SSL3_RECORD rrec; /* each decoded record goes in here */
	282	SSL3_RECORD wrec; /* goes out from here */
	283	/* Used by ssl3_read_n to point
	284	* to input data packet */
	285
	286	/* partial write - check the numbers match */
	287	unsigned int wnum; /* number of bytes sent so far */
	288	int wpend_tot; /* number bytes written */
	289	int wpend_type;
	290	int wpend_ret; /* number of bytes submitted */
61f5b6f3	291	const unsigned char *wpend_buf;
d02b48c6 RE	292
	293	/* used during startup, digest all incoming/outgoing packets */
	294	EVP_MD_CTX finish_dgst1;
	295	EVP_MD_CTX finish_dgst2;
	296
	297	/* this is set whenerver we see a change_cipher_spec message
	298	* come in when we are not looking for one */
	299	int change_cipher_spec;
	300
	301	int warn_alert;
	302	int fatal_alert;
	303	/* we alow one fatal and one warning alert to be outstanding,
	304	* send close alert via the warning alert */
	305	int alert_dispatch;
61f5b6f3	306	unsigned char send_alert[2];
d02b48c6	307
58964a49 RE	308	/* This flag is set when we should renegotiate ASAP, basically when
	309	* there is no more data in the read or write buffers */
	310	int renegotiate;
	311	int total_renegotiations;
	312	int num_renegotiations;
	313
	314	int in_read_app_data;
	315
d02b48c6	316	struct {
f2d9a32c BM	317	/* actually only needs to be 16+20 */
	318	unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
	319
	320	/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
	321	unsigned char server_finish_md[EVP_MAX_MD_SIZE*2];
	322	int server_finish_md_len;
	323	unsigned char client_finish_md[EVP_MAX_MD_SIZE*2];
	324	int client_finish_md_len;
d02b48c6 RE	325
	326	unsigned long message_size;
	327	int message_type;
	328
	329	/* used to hold the new cipher we are going to use */
	330	SSL_CIPHER *new_cipher;
79df9d62	331	#ifndef NO_DH
d02b48c6	332	DH *dh;
79df9d62	333	#endif
d02b48c6 RE	334	/* used when SSL_ST_FLUSH_DATA is entered */
	335	int next_state;
	336
	337	int reuse_message;
	338
	339	/* used for certificate requests */
	340	int cert_req;
	341	int ctype_num;
	342	char ctype[SSL3_CT_NUMBER];
f73e07cf	343	STACK_OF(X509_NAME) *ca_names;
d02b48c6 RE	344
	345	int use_rsa_tmp;
	346
	347	int key_block_length;
	348	unsigned char *key_block;
	349
e778802f BL	350	const EVP_CIPHER *new_sym_enc;
e778802f BL	351	const EVP_MD *new_hash;
dfeab068	352	#ifdef HEADER_COMP_H
e778802f	353	const SSL_COMP *new_compression;
dfeab068 RE	354	#else
	355	char *new_compression;
	356	#endif
58964a49	357	int cert_request;
d02b48c6	358	} tmp;
413c4f45	359
d02b48c6 RE	360	} SSL3_CTX;
	361
	362	/* SSLv3 */
	363	/client /
	364	/* extra state */
	365	#define SSL3_ST_CW_FLUSH (0x100\|SSL_ST_CONNECT)
	366	/* write to server */
	367	#define SSL3_ST_CW_CLNT_HELLO_A (0x110\|SSL_ST_CONNECT)
	368	#define SSL3_ST_CW_CLNT_HELLO_B (0x111\|SSL_ST_CONNECT)
	369	/* read from server */
	370	#define SSL3_ST_CR_SRVR_HELLO_A (0x120\|SSL_ST_CONNECT)
	371	#define SSL3_ST_CR_SRVR_HELLO_B (0x121\|SSL_ST_CONNECT)
	372	#define SSL3_ST_CR_CERT_A (0x130\|SSL_ST_CONNECT)
	373	#define SSL3_ST_CR_CERT_B (0x131\|SSL_ST_CONNECT)
	374	#define SSL3_ST_CR_KEY_EXCH_A (0x140\|SSL_ST_CONNECT)
	375	#define SSL3_ST_CR_KEY_EXCH_B (0x141\|SSL_ST_CONNECT)
	376	#define SSL3_ST_CR_CERT_REQ_A (0x150\|SSL_ST_CONNECT)
	377	#define SSL3_ST_CR_CERT_REQ_B (0x151\|SSL_ST_CONNECT)
	378	#define SSL3_ST_CR_SRVR_DONE_A (0x160\|SSL_ST_CONNECT)
	379	#define SSL3_ST_CR_SRVR_DONE_B (0x161\|SSL_ST_CONNECT)
	380	/* write to server */
	381	#define SSL3_ST_CW_CERT_A (0x170\|SSL_ST_CONNECT)
	382	#define SSL3_ST_CW_CERT_B (0x171\|SSL_ST_CONNECT)
	383	#define SSL3_ST_CW_CERT_C (0x172\|SSL_ST_CONNECT)
	384	#define SSL3_ST_CW_CERT_D (0x173\|SSL_ST_CONNECT)
	385	#define SSL3_ST_CW_KEY_EXCH_A (0x180\|SSL_ST_CONNECT)
	386	#define SSL3_ST_CW_KEY_EXCH_B (0x181\|SSL_ST_CONNECT)
	387	#define SSL3_ST_CW_CERT_VRFY_A (0x190\|SSL_ST_CONNECT)
	388	#define SSL3_ST_CW_CERT_VRFY_B (0x191\|SSL_ST_CONNECT)
	389	#define SSL3_ST_CW_CHANGE_A (0x1A0\|SSL_ST_CONNECT)
	390	#define SSL3_ST_CW_CHANGE_B (0x1A1\|SSL_ST_CONNECT)
	391	#define SSL3_ST_CW_FINISHED_A (0x1B0\|SSL_ST_CONNECT)
	392	#define SSL3_ST_CW_FINISHED_B (0x1B1\|SSL_ST_CONNECT)
	393	/* read from server */
	394	#define SSL3_ST_CR_CHANGE_A (0x1C0\|SSL_ST_CONNECT)
	395	#define SSL3_ST_CR_CHANGE_B (0x1C1\|SSL_ST_CONNECT)
	396	#define SSL3_ST_CR_FINISHED_A (0x1D0\|SSL_ST_CONNECT)
	397	#define SSL3_ST_CR_FINISHED_B (0x1D1\|SSL_ST_CONNECT)
	398
	399	/* server */
	400	/* extra state */
	401	#define SSL3_ST_SW_FLUSH (0x100\|SSL_ST_ACCEPT)
	402	/* read from client */
58964a49	403	/* Do not change the number values, they do matter */
d02b48c6 RE	404	#define SSL3_ST_SR_CLNT_HELLO_A (0x110\|SSL_ST_ACCEPT)
	405	#define SSL3_ST_SR_CLNT_HELLO_B (0x111\|SSL_ST_ACCEPT)
	406	#define SSL3_ST_SR_CLNT_HELLO_C (0x112\|SSL_ST_ACCEPT)
3d14b9d0	407	#define SSL3_ST_SR_MS_SGC (0x113\|SSL_ST_ACCEPT)
d02b48c6 RE	408	/* write to client */
	409	#define SSL3_ST_SW_HELLO_REQ_A (0x120\|SSL_ST_ACCEPT)
	410	#define SSL3_ST_SW_HELLO_REQ_B (0x121\|SSL_ST_ACCEPT)
	411	#define SSL3_ST_SW_HELLO_REQ_C (0x122\|SSL_ST_ACCEPT)
	412	#define SSL3_ST_SW_SRVR_HELLO_A (0x130\|SSL_ST_ACCEPT)
	413	#define SSL3_ST_SW_SRVR_HELLO_B (0x131\|SSL_ST_ACCEPT)
	414	#define SSL3_ST_SW_CERT_A (0x140\|SSL_ST_ACCEPT)
	415	#define SSL3_ST_SW_CERT_B (0x141\|SSL_ST_ACCEPT)
	416	#define SSL3_ST_SW_KEY_EXCH_A (0x150\|SSL_ST_ACCEPT)
	417	#define SSL3_ST_SW_KEY_EXCH_B (0x151\|SSL_ST_ACCEPT)
	418	#define SSL3_ST_SW_CERT_REQ_A (0x160\|SSL_ST_ACCEPT)
	419	#define SSL3_ST_SW_CERT_REQ_B (0x161\|SSL_ST_ACCEPT)
	420	#define SSL3_ST_SW_SRVR_DONE_A (0x170\|SSL_ST_ACCEPT)
	421	#define SSL3_ST_SW_SRVR_DONE_B (0x171\|SSL_ST_ACCEPT)
	422	/* read from client */
	423	#define SSL3_ST_SR_CERT_A (0x180\|SSL_ST_ACCEPT)
	424	#define SSL3_ST_SR_CERT_B (0x181\|SSL_ST_ACCEPT)
	425	#define SSL3_ST_SR_KEY_EXCH_A (0x190\|SSL_ST_ACCEPT)
	426	#define SSL3_ST_SR_KEY_EXCH_B (0x191\|SSL_ST_ACCEPT)
	427	#define SSL3_ST_SR_CERT_VRFY_A (0x1A0\|SSL_ST_ACCEPT)
	428	#define SSL3_ST_SR_CERT_VRFY_B (0x1A1\|SSL_ST_ACCEPT)
	429	#define SSL3_ST_SR_CHANGE_A (0x1B0\|SSL_ST_ACCEPT)
	430	#define SSL3_ST_SR_CHANGE_B (0x1B1\|SSL_ST_ACCEPT)
	431	#define SSL3_ST_SR_FINISHED_A (0x1C0\|SSL_ST_ACCEPT)
	432	#define SSL3_ST_SR_FINISHED_B (0x1C1\|SSL_ST_ACCEPT)
	433	/* write to client */
	434	#define SSL3_ST_SW_CHANGE_A (0x1D0\|SSL_ST_ACCEPT)
	435	#define SSL3_ST_SW_CHANGE_B (0x1D1\|SSL_ST_ACCEPT)
	436	#define SSL3_ST_SW_FINISHED_A (0x1E0\|SSL_ST_ACCEPT)
	437	#define SSL3_ST_SW_FINISHED_B (0x1E1\|SSL_ST_ACCEPT)
	438
	439	#define SSL3_MT_CLIENT_REQUEST 0
	440	#define SSL3_MT_CLIENT_HELLO 1
	441	#define SSL3_MT_SERVER_HELLO 2
	442	#define SSL3_MT_CERTIFICATE 11
	443	#define SSL3_MT_SERVER_KEY_EXCHANGE 12
	444	#define SSL3_MT_CERTIFICATE_REQUEST 13
	445	#define SSL3_MT_SERVER_DONE 14
	446	#define SSL3_MT_CERTIFICATE_VERIFY 15
	447	#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
	448	#define SSL3_MT_FINISHED 20
	449
	450	#define SSL3_MT_CCS 1
	451
	452	/* These are used when changing over to a new cipher */
	453	#define SSL3_CC_READ 0x01
	454	#define SSL3_CC_WRITE 0x02
	455	#define SSL3_CC_CLIENT 0x10
	456	#define SSL3_CC_SERVER 0x20
	457	#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT\|SSL3_CC_WRITE)
	458	#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER\|SSL3_CC_READ)
	459	#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT\|SSL3_CC_READ)
	460	#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER\|SSL3_CC_WRITE)
	461
	462	#ifdef __cplusplus
	463	}
	464	#endif
	465	#endif
	466