OpenSSL 0.9.7 stable 2002 05 08 merge

author: beck <> 2002-05-15 02:29:21 +0000
committer: beck <> 2002-05-15 02:29:21 +0000
commit: b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 (patch)
tree: fa27cf82a1250b64ed3bf5f4a18c7354d470bbcc /src/lib/libssl/ssl3.h
parent: e471e1ea98d673597b182ea85f29e30c97cd08b5 (diff)
download: openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.gz
openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.bz2
openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.zip
1 files changed, 83 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 7ee1feaa67..8fd6951d77 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -55,11 +55,64 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #ifndef HEADER_SSL3_H 
 #define HEADER_SSL3_H 
-#ifndef NO_COMP
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
 #endif
 #include <openssl/buffer.h>
@@ -105,6 +158,22 @@ extern "C" {
 #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
 #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+/*    VRS Additional Kerberos5 entries
+ */
+#define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000021
+#define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000022
+#define SSL3_CK_KRB5_DES_64_CBC_SHA             0x03000023
+#define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000024
+#define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x03000025
+#define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000026
+#define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
+#define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
 #define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
 #define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
 #define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
@@ -149,7 +218,8 @@ extern "C" {
 #define SSL3_RT_HEADER_LENGTH                   5
 /* Due to MS stuffing up, this can change.... */
-#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
+#if defined(OPENSSL_SYS_WIN16) || \
+        (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
 #define SSL3_RT_MAX_EXTRA                       (14000)
 #else
 #define SSL3_RT_MAX_EXTRA                       (16384)
@@ -201,10 +271,11 @@ typedef struct ssl3_record_st
 typedef struct ssl3_buffer_st
        {
-        unsigned char *buf;     /* SSL3_RT_MAX_PACKET_SIZE bytes (more if
+        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-                                 * SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */
+                                 * see ssl3_setup_buffers() */
-        int offset;             /* where to 'copy from' */
+        size_t len;             /* buffer size */
-        int left;               /* how many bytes left */
+        int offset;             /* where to 'copy from' */
+        int left;               /* how many bytes left */
        } SSL3_BUFFER;
 #define SSL3_CT_RSA_SIGN                        1
@@ -234,6 +305,10 @@ typedef struct ssl3_state_st
        unsigned char server_random[SSL3_RANDOM_SIZE];
        unsigned char client_random[SSL3_RANDOM_SIZE];
+        /* flags for countermeasure against known-IV weakness */
+        int need_empty_fragments;
+        int empty_fragment_done;
        SSL3_BUFFER rbuf;       /* read IO goes into here */
        SSL3_BUFFER wbuf;       /* write IO goes into here */
@@ -292,7 +367,7 @@ typedef struct ssl3_state_st
                /* used to hold the new cipher we are going to use */
                SSL_CIPHER *new_cipher;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
                DH *dh;
 #endif
                /* used when SSL_ST_FLUSH_DATA is entered */
@@ -313,7 +388,7 @@ typedef struct ssl3_state_st
                const EVP_CIPHER *new_sym_enc;
                const EVP_MD *new_hash;
-#ifndef NO_COMP
+#ifndef OPENSSL_NO_COMP
                const SSL_COMP *new_compression;
 #else
                char *new_compression;
author	beck <>	2002-05-15 02:29:21 +0000
committer	beck <>	2002-05-15 02:29:21 +0000
commit	b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 (patch)
tree	fa27cf82a1250b64ed3bf5f4a18c7354d470bbcc /src/lib/libssl/ssl3.h
parent	e471e1ea98d673597b182ea85f29e30c97cd08b5 (diff)
download	openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.gz openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.bz2 openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.zip

diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 7ee1feaa67..8fd6951d77 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h
@@ -55,11 +55,64 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
		58	/* ====================================================================
		59	* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
		60	*
		61	* Redistribution and use in source and binary forms, with or without
		62	* modification, are permitted provided that the following conditions
		63	* are met:
		64	*
		65	* 1. Redistributions of source code must retain the above copyright
		66	* notice, this list of conditions and the following disclaimer.
		67	*
		68	* 2. Redistributions in binary form must reproduce the above copyright
		69	* notice, this list of conditions and the following disclaimer in
		70	* the documentation and/or other materials provided with the
		71	* distribution.
		72	*
		73	* 3. All advertising materials mentioning features or use of this
		74	* software must display the following acknowledgment:
		75	* "This product includes software developed by the OpenSSL Project
		76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		77	*
		78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		79	* endorse or promote products derived from this software without
		80	* prior written permission. For written permission, please contact
		81	* openssl-core@openssl.org.
		82	*
		83	* 5. Products derived from this software may not be called "OpenSSL"
		84	* nor may "OpenSSL" appear in their names without prior written
		85	* permission of the OpenSSL Project.
		86	*
		87	* 6. Redistributions of any form whatsoever must retain the following
		88	* acknowledgment:
		89	* "This product includes software developed by the OpenSSL Project
		90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		91	*
		92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		103	* OF THE POSSIBILITY OF SUCH DAMAGE.
		104	* ====================================================================
		105	*
		106	* This product includes cryptographic software written by Eric Young
		107	* (eay@cryptsoft.com). This product includes software written by Tim
		108	* Hudson (tjh@cryptsoft.com).
		109	*
		110	*/
58		111
59	#ifndef HEADER_SSL3_H	112	#ifndef HEADER_SSL3_H
60	#define HEADER_SSL3_H	113	#define HEADER_SSL3_H
61		114
62	#ifndef NO_COMP	115	#ifndef OPENSSL_NO_COMP
63	#include <openssl/comp.h>	116	#include <openssl/comp.h>
64	#endif	117	#endif
65	#include <openssl/buffer.h>	118	#include <openssl/buffer.h>
@@ -105,6 +158,22 @@ extern "C" {
105	#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D	158	#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
106	#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E	159	#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
107		160
		161	/* VRS Additional Kerberos5 entries
		162	*/
		163	#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000021
		164	#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000022
		165	#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x03000023
		166	#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000024
		167	#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x03000025
		168	#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000026
		169
		170	#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
		171	#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
		172	#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
		173	#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
		174	#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
		175	#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
		176
108	#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"	177	#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
109	#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"	178	#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
110	#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"	179	#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
@@ -149,7 +218,8 @@ extern "C" {
149	#define SSL3_RT_HEADER_LENGTH 5	218	#define SSL3_RT_HEADER_LENGTH 5
150		219
151	/* Due to MS stuffing up, this can change.... */	220	/* Due to MS stuffing up, this can change.... */
152	#if defined(WIN16) \|\| (defined(MSDOS) && !defined(WIN32))	221	#if defined(OPENSSL_SYS_WIN16) \|\| \
		222	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
153	#define SSL3_RT_MAX_EXTRA (14000)	223	#define SSL3_RT_MAX_EXTRA (14000)
154	#else	224	#else
155	#define SSL3_RT_MAX_EXTRA (16384)	225	#define SSL3_RT_MAX_EXTRA (16384)
@@ -201,10 +271,11 @@ typedef struct ssl3_record_st
201		271
202	typedef struct ssl3_buffer_st	272	typedef struct ssl3_buffer_st
203	{	273	{
204	unsigned char buf; / SSL3_RT_MAX_PACKET_SIZE bytes (more if	274	unsigned char buf; / at least SSL3_RT_MAX_PACKET_SIZE bytes,
205	* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */	275	* see ssl3_setup_buffers() */
206	int offset; /* where to 'copy from' */	276	size_t len; /* buffer size */
207	int left; /* how many bytes left */	277	int offset; /* where to 'copy from' */
		278	int left; /* how many bytes left */
208	} SSL3_BUFFER;	279	} SSL3_BUFFER;
209		280
210	#define SSL3_CT_RSA_SIGN 1	281	#define SSL3_CT_RSA_SIGN 1
@@ -234,6 +305,10 @@ typedef struct ssl3_state_st
234	unsigned char server_random[SSL3_RANDOM_SIZE];	305	unsigned char server_random[SSL3_RANDOM_SIZE];
235	unsigned char client_random[SSL3_RANDOM_SIZE];	306	unsigned char client_random[SSL3_RANDOM_SIZE];
236		307
		308	/* flags for countermeasure against known-IV weakness */
		309	int need_empty_fragments;
		310	int empty_fragment_done;
		311
237	SSL3_BUFFER rbuf; /* read IO goes into here */	312	SSL3_BUFFER rbuf; /* read IO goes into here */
238	SSL3_BUFFER wbuf; /* write IO goes into here */	313	SSL3_BUFFER wbuf; /* write IO goes into here */
239		314
@@ -292,7 +367,7 @@ typedef struct ssl3_state_st
292		367
293	/* used to hold the new cipher we are going to use */	368	/* used to hold the new cipher we are going to use */
294	SSL_CIPHER *new_cipher;	369	SSL_CIPHER *new_cipher;
295	#ifndef NO_DH	370	#ifndef OPENSSL_NO_DH
296	DH *dh;	371	DH *dh;
297	#endif	372	#endif
298	/* used when SSL_ST_FLUSH_DATA is entered */	373	/* used when SSL_ST_FLUSH_DATA is entered */
@@ -313,7 +388,7 @@ typedef struct ssl3_state_st
313		388
314	const EVP_CIPHER *new_sym_enc;	389	const EVP_CIPHER *new_sym_enc;
315	const EVP_MD *new_hash;	390	const EVP_MD *new_hash;
316	#ifndef NO_COMP	391	#ifndef OPENSSL_NO_COMP
317	const SSL_COMP *new_compression;	392	const SSL_COMP *new_compression;
318	#else	393	#else
319	char *new_compression;	394	char *new_compression;