Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build

functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
author: ryker <> 1998-10-05 20:13:14 +0000
committer: ryker <> 1998-10-05 20:13:14 +0000
commit: aeeae06a79815dc190061534d47236cec09f9e32 (patch)
tree: 851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libssl/ssl3.h
parent: a4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff)
download: openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip
1 files changed, 455 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
new file mode 100644
index 0000000000..95772eef60
--- /dev/null
+++ b/src/lib/libssl/ssl3.h
@@ -0,0 +1,455 @@
+/* ssl/ssl3.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_SSL3_H 
+#define HEADER_SSL3_H 
+#include "buffer.h"
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define SSL3_CK_RSA_NULL_MD5                    0x03000001
+#define SSL3_CK_RSA_NULL_SHA                    0x03000002
+#define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
+#define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
+#define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
+#define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
+#define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
+#define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
+#define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
+#define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
+#define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
+#define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
+#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
+#define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
+#define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
+#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
+#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          0x03000011
+#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          0x03000012
+#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        0x03000013
+#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          0x03000014
+#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          0x03000015
+#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        0x03000016
+#define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
+#define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
+#define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
+#define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
+#define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
+#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+#define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
+#define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
+#define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
+#define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
+#define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
+#define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
+#define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
+#define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
+#define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
+#define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
+#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
+#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
+#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
+#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
+#define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
+#define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
+#define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
+#define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
+#define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
+#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#define SSL3_SSL_SESSION_ID_LENGTH              32
+#define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
+#define SSL3_MASTER_SECRET_SIZE                 48
+#define SSL3_RANDOM_SIZE                        32
+#define SSL3_SESSION_ID_SIZE                    32
+#define SSL3_RT_HEADER_LENGTH                   5
+/* Due to MS stuffing up, this can change.... */
+#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
+#define SSL3_RT_MAX_EXTRA                       (14000)
+#else
+#define SSL3_RT_MAX_EXTRA                       (16384)
+#endif
+#define SSL3_RT_MAX_PLAIN_LENGTH                16384
+#define SSL3_RT_MAX_COMPRESSED_LENGTH   (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#define SSL3_RT_MAX_ENCRYPTED_LENGTH    (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
+#define SSL3_RT_MAX_PACKET_SIZE         (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+#define SSL3_RT_MAX_DATA_SIZE                   (1024*1024)
+/* the states that a SSL3_RECORD can be in
+ * For SSL_read it goes
+ * rbuf->ENCODED        -> read 
+ * ENCODED              -> we need to decode everything - call decode_record
+ */
+ 
+#define SSL3_RS_BLANK                   1
+#define SSL3_RS_DATA
+#define SSL3_RS_ENCODED                 2
+#define SSL3_RS_READ_MORE               3
+#define SSL3_RS_WRITE_MORE
+#define SSL3_RS_PLAIN                   3
+#define SSL3_RS_PART_READ               4
+#define SSL3_RS_PART_WRITE              5
+#define SSL3_MD_CLIENT_FINISHED_CONST   {0x43,0x4C,0x4E,0x54}
+#define SSL3_MD_SERVER_FINISHED_CONST   {0x53,0x52,0x56,0x52}
+#define SSL3_VERSION                    0x0300
+#define SSL3_VERSION_MAJOR              0x03
+#define SSL3_VERSION_MINOR              0x00
+#define SSL3_RT_CHANGE_CIPHER_SPEC      20
+#define SSL3_RT_ALERT                   21
+#define SSL3_RT_HANDSHAKE               22
+#define SSL3_RT_APPLICATION_DATA        23
+#define SSL3_AL_WARNING                 1
+#define SSL3_AL_FATAL                   2
+#define SSL3_AD_CLOSE_NOTIFY             0
+#define SSL3_AD_UNEXPECTED_MESSAGE      10      /* fatal */
+#define SSL3_AD_BAD_RECORD_MAC          20      /* fatal */
+#define SSL3_AD_DECOMPRESSION_FAILURE   30      /* fatal */
+#define SSL3_AD_HANDSHAKE_FAILURE       40      /* fatal */
+#define SSL3_AD_NO_CERTIFICATE          41
+#define SSL3_AD_BAD_CERTIFICATE         42
+#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
+#define SSL3_AD_CERTIFICATE_REVOKED     44
+#define SSL3_AD_CERTIFICATE_EXPIRED     45
+#define SSL3_AD_CERTIFICATE_UNKNOWN     46
+#define SSL3_AD_ILLEGAL_PARAMETER       47      /* fatal */
+typedef struct ssl3_record_st
+        {
+/*r */  int type;               /* type of record */
+/*  */  /*int state;*/          /* any data in it? */
+/*rw*/  unsigned int length;    /* How many bytes available */
+/*r */  unsigned int off;       /* read/write offset into 'buf' */
+/*rw*/  unsigned char *data;    /* pointer to the record data */
+/*rw*/  unsigned char *input;   /* where the decode bytes are */
+/*rw*/  unsigned char *comp;    /* only used with decompression */
+        } SSL3_RECORD;
+typedef struct ssl3_buffer_st
+        {
+/*r */  int total;              /* used in non-blocking writes */
+/*r */  int wanted;             /* how many more bytes we need */
+/*rw*/  int left;               /* how many bytes left */
+/*rw*/  int offset;             /* where to 'copy from' */
+/*rw*/  unsigned char *buf;     /* SSL3_RT_MAX_PACKET_SIZE bytes */
+        } SSL3_BUFFER;
+typedef struct ssl3_compression_st {
+        int nothing;
+        } SSL3_COMPRESSION;
+#define SSL3_CT_RSA_SIGN                        1
+#define SSL3_CT_DSS_SIGN                        2
+#define SSL3_CT_RSA_FIXED_DH                    3
+#define SSL3_CT_DSS_FIXED_DH                    4
+#define SSL3_CT_RSA_EPHEMERAL_DH                5
+#define SSL3_CT_DSS_EPHEMERAL_DH                6
+#define SSL3_CT_FORTEZZA_DMS                    20
+#define SSL3_CT_NUMBER                          7
+#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
+#define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
+#define SSL3_FLAGS_POP_BUFFER                   0x0004
+#define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
+#if 0
+#define AD_CLOSE_NOTIFY                 0
+#define AD_UNEXPECTED_MESSAGE           1
+#define AD_BAD_RECORD_MAC               2
+#define AD_DECRYPTION_FAILED            3
+#define AD_RECORD_OVERFLOW              4
+#define AD_DECOMPRESSION_FAILURE        5       /* fatal */
+#define AD_HANDSHAKE_FAILURE            6       /* fatal */
+#define AD_NO_CERTIFICATE               7       /* Not under TLS */
+#define AD_BAD_CERTIFICATE              8
+#define AD_UNSUPPORTED_CERTIFICATE      9
+#define AD_CERTIFICATE_REVOKED          10      
+#define AD_CERTIFICATE_EXPIRED          11
+#define AD_CERTIFICATE_UNKNOWN          12
+#define AD_ILLEGAL_PARAMETER            13      /* fatal */
+#define AD_UNKNOWN_CA                   14      /* fatal */
+#define AD_ACCESS_DENIED                15      /* fatal */
+#define AD_DECODE_ERROR                 16      /* fatal */
+#define AD_DECRYPT_ERROR                17
+#define AD_EXPORT_RESTRICION            18      /* fatal */
+#define AD_PROTOCOL_VERSION             19      /* fatal */
+#define AD_INSUFFICIENT_SECURITY        20      /* fatal */
+#define AD_INTERNAL_ERROR               21      /* fatal */
+#define AD_USER_CANCLED                 22
+#define AD_NO_RENEGOTIATION             23
+#endif
+typedef struct ssl3_ctx_st
+        {
+        long flags;
+        int delay_buf_pop_ret;
+        unsigned char read_sequence[8];
+        unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+        unsigned char write_sequence[8];
+        unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+        unsigned char server_random[SSL3_RANDOM_SIZE];
+        unsigned char client_random[SSL3_RANDOM_SIZE];
+        SSL3_BUFFER rbuf;       /* read IO goes into here */
+        SSL3_BUFFER wbuf;       /* write IO goes into here */
+        SSL3_RECORD rrec;       /* each decoded record goes in here */
+        SSL3_RECORD wrec;       /* goes out from here */
+                                /* Used by ssl3_read_n to point
+                                 * to input data packet */
+        /* partial write - check the numbers match */
+        unsigned int wnum;      /* number of bytes sent so far */
+        int wpend_tot;          /* number bytes written */
+        int wpend_type;
+        int wpend_ret;          /* number of bytes submitted */
+        char *wpend_buf;
+        /* used during startup, digest all incoming/outgoing packets */
+        EVP_MD_CTX finish_dgst1;
+        EVP_MD_CTX finish_dgst2;
+        /* this is set whenerver we see a change_cipher_spec message
+         * come in when we are not looking for one */
+        int change_cipher_spec;
+        int warn_alert;
+        int fatal_alert;
+        /* we alow one fatal and one warning alert to be outstanding,
+         * send close alert via the warning alert */
+        int alert_dispatch;
+        char send_alert[2];
+        /* This flag is set when we should renegotiate ASAP, basically when
+         * there is no more data in the read or write buffers */
+        int renegotiate;
+        int total_renegotiations;
+        int num_renegotiations;
+        int in_read_app_data;
+        struct  {
+                /* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
+                unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+                
+                unsigned long message_size;
+                int message_type;
+                /* used to hold the new cipher we are going to use */
+                SSL_CIPHER *new_cipher;
+                DH *dh;
+                /* used when SSL_ST_FLUSH_DATA is entered */
+                int next_state;                 
+                int reuse_message;
+                /* used for certificate requests */
+                int cert_req;
+                int ctype_num;
+                char ctype[SSL3_CT_NUMBER];
+                STACK *ca_names;
+                int use_rsa_tmp;
+                int key_block_length;
+                unsigned char *key_block;
+                EVP_CIPHER *new_sym_enc;
+                EVP_MD *new_hash;
+                SSL_COMPRESSION *new_compression;
+                int cert_request;
+                } tmp;
+        } SSL3_CTX;
+/* SSLv3 */
+/*client */
+/* extra state */
+#define SSL3_ST_CW_FLUSH                (0x100|SSL_ST_CONNECT)
+/* write to server */
+#define SSL3_ST_CW_CLNT_HELLO_A         (0x110|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CLNT_HELLO_B         (0x111|SSL_ST_CONNECT)
+/* read from server */
+#define SSL3_ST_CR_SRVR_HELLO_A         (0x120|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_HELLO_B         (0x121|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_A               (0x130|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_B               (0x131|SSL_ST_CONNECT)
+#define SSL3_ST_CR_KEY_EXCH_A           (0x140|SSL_ST_CONNECT)
+#define SSL3_ST_CR_KEY_EXCH_B           (0x141|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_REQ_A           (0x150|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_REQ_B           (0x151|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_DONE_A          (0x160|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SRVR_DONE_B          (0x161|SSL_ST_CONNECT)
+/* write to server */
+#define SSL3_ST_CW_CERT_A               (0x170|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_B               (0x171|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_C               (0x172|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_D               (0x173|SSL_ST_CONNECT)
+#define SSL3_ST_CW_KEY_EXCH_A           (0x180|SSL_ST_CONNECT)
+#define SSL3_ST_CW_KEY_EXCH_B           (0x181|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_VRFY_A          (0x190|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
+#define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
+#define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
+/* read from server */
+#define SSL3_ST_CR_CHANGE_A             (0x1C0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CHANGE_B             (0x1C1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_FINISHED_A           (0x1D0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_FINISHED_B           (0x1D1|SSL_ST_CONNECT)
+/* server */
+/* extra state */
+#define SSL3_ST_SW_FLUSH                (0x100|SSL_ST_ACCEPT)
+/* read from client */
+/* Do not change the number values, they do matter */
+#define SSL3_ST_SR_CLNT_HELLO_A         (0x110|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
+/* write to client */
+#define SSL3_ST_SW_HELLO_REQ_A          (0x120|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_HELLO_REQ_B          (0x121|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_HELLO_REQ_C          (0x122|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_HELLO_A         (0x130|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_HELLO_B         (0x131|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_A               (0x140|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_B               (0x141|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_KEY_EXCH_A           (0x150|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_KEY_EXCH_B           (0x151|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_REQ_A           (0x160|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_REQ_B           (0x161|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_DONE_A          (0x170|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SRVR_DONE_B          (0x171|SSL_ST_ACCEPT)
+/* read from client */
+#define SSL3_ST_SR_CERT_A               (0x180|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_B               (0x181|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_KEY_EXCH_A           (0x190|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_KEY_EXCH_B           (0x191|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_VRFY_A          (0x1A0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
+/* write to client */
+#define SSL3_ST_SW_CHANGE_A             (0x1D0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CHANGE_B             (0x1D1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_FINISHED_A           (0x1E0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_FINISHED_B           (0x1E1|SSL_ST_ACCEPT)
+#define SSL3_MT_CLIENT_REQUEST                  0
+#define SSL3_MT_CLIENT_HELLO                    1
+#define SSL3_MT_SERVER_HELLO                    2
+#define SSL3_MT_CERTIFICATE                     11
+#define SSL3_MT_SERVER_KEY_EXCHANGE             12
+#define SSL3_MT_CERTIFICATE_REQUEST             13
+#define SSL3_MT_SERVER_DONE                     14
+#define SSL3_MT_CERTIFICATE_VERIFY              15
+#define SSL3_MT_CLIENT_KEY_EXCHANGE             16
+#define SSL3_MT_FINISHED                        20
+#define SSL3_MT_CCS                             1
+/* These are used when changing over to a new cipher */
+#define SSL3_CC_READ            0x01
+#define SSL3_CC_WRITE           0x02
+#define SSL3_CC_CLIENT          0x10
+#define SSL3_CC_SERVER          0x20
+#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)  
+#define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
+#define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
+#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
+#ifdef  __cplusplus
+}
+#endif
+#endif
author	ryker <>	1998-10-05 20:13:14 +0000
committer	ryker <>	1998-10-05 20:13:14 +0000
commit	aeeae06a79815dc190061534d47236cec09f9e32 (patch)
tree	851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libssl/ssl3.h
parent	a4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff)
download	openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2 openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip

diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h new file mode 100644 index 0000000000..95772eef60 --- /dev/null +++ b/src/lib/libssl/ssl3.h
@@ -0,0 +1,455 @@
	1	/* ssl/ssl3.h */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#ifndef HEADER_SSL3_H
	60	#define HEADER_SSL3_H
	61
	62	#include "buffer.h"
	63
	64	#ifdef __cplusplus
	65	extern "C" {
	66	#endif
	67
	68	#define SSL3_CK_RSA_NULL_MD5 0x03000001
	69	#define SSL3_CK_RSA_NULL_SHA 0x03000002
	70	#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
	71	#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
	72	#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
	73	#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
	74	#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
	75	#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
	76	#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
	77	#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
	78
	79	#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
	80	#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
	81	#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
	82	#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
	83	#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
	84	#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
	85
	86	#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
	87	#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
	88	#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
	89	#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
	90	#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
	91	#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
	92
	93	#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
	94	#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
	95	#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
	96	#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
	97	#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
	98
	99	#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
	100	#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
	101	#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
	102
	103	#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
	104	#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
	105	#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
	106	#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
	107	#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
	108	#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
	109	#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
	110	#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
	111	#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
	112	#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
	113
	114	#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
	115	#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
	116	#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
	117	#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
	118	#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
	119	#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
	120
	121	#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
	122	#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
	123	#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
	124	#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
	125	#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
	126	#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
	127
	128	#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
	129	#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
	130	#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
	131	#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
	132	#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
	133
	134	#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
	135	#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
	136	#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
	137
	138	#define SSL3_SSL_SESSION_ID_LENGTH 32
	139	#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
	140
	141	#define SSL3_MASTER_SECRET_SIZE 48
	142	#define SSL3_RANDOM_SIZE 32
	143	#define SSL3_SESSION_ID_SIZE 32
	144	#define SSL3_RT_HEADER_LENGTH 5
	145
	146	/* Due to MS stuffing up, this can change.... */
	147	#if defined(WIN16) \|\| (defined(MSDOS) && !defined(WIN32))
	148	#define SSL3_RT_MAX_EXTRA (14000)
	149	#else
	150	#define SSL3_RT_MAX_EXTRA (16384)
	151	#endif
	152
	153	#define SSL3_RT_MAX_PLAIN_LENGTH 16384
	154	#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
	155	#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
	156	#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
	157	#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
	158
	159	/* the states that a SSL3_RECORD can be in
	160	* For SSL_read it goes
	161	* rbuf->ENCODED -> read
	162	* ENCODED -> we need to decode everything - call decode_record
	163	*/
	164
	165	#define SSL3_RS_BLANK 1
	166	#define SSL3_RS_DATA
	167
	168	#define SSL3_RS_ENCODED 2
	169	#define SSL3_RS_READ_MORE 3
	170	#define SSL3_RS_WRITE_MORE
	171	#define SSL3_RS_PLAIN 3
	172	#define SSL3_RS_PART_READ 4
	173	#define SSL3_RS_PART_WRITE 5
	174
	175	#define SSL3_MD_CLIENT_FINISHED_CONST {0x43,0x4C,0x4E,0x54}
	176	#define SSL3_MD_SERVER_FINISHED_CONST {0x53,0x52,0x56,0x52}
	177
	178	#define SSL3_VERSION 0x0300
	179	#define SSL3_VERSION_MAJOR 0x03
	180	#define SSL3_VERSION_MINOR 0x00
	181
	182	#define SSL3_RT_CHANGE_CIPHER_SPEC 20
	183	#define SSL3_RT_ALERT 21
	184	#define SSL3_RT_HANDSHAKE 22
	185	#define SSL3_RT_APPLICATION_DATA 23
	186
	187	#define SSL3_AL_WARNING 1
	188	#define SSL3_AL_FATAL 2
	189
	190	#define SSL3_AD_CLOSE_NOTIFY 0
	191	#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
	192	#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
	193	#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
	194	#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
	195	#define SSL3_AD_NO_CERTIFICATE 41
	196	#define SSL3_AD_BAD_CERTIFICATE 42
	197	#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
	198	#define SSL3_AD_CERTIFICATE_REVOKED 44
	199	#define SSL3_AD_CERTIFICATE_EXPIRED 45
	200	#define SSL3_AD_CERTIFICATE_UNKNOWN 46
	201	#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
	202
	203	typedef struct ssl3_record_st
	204	{
	205	/r / int type; /* type of record */
	206	/* / /int state;/ / any data in it? */
	207	/rw/ unsigned int length; /* How many bytes available */
	208	/r / unsigned int off; /* read/write offset into 'buf' */
	209	/rw/ unsigned char data; / pointer to the record data */
	210	/rw/ unsigned char input; / where the decode bytes are */
	211	/rw/ unsigned char comp; / only used with decompression */
	212	} SSL3_RECORD;
	213
	214	typedef struct ssl3_buffer_st
	215	{
	216	/r / int total; /* used in non-blocking writes */
	217	/r / int wanted; /* how many more bytes we need */
	218	/rw/ int left; /* how many bytes left */
	219	/rw/ int offset; /* where to 'copy from' */
	220	/rw/ unsigned char buf; / SSL3_RT_MAX_PACKET_SIZE bytes */
	221	} SSL3_BUFFER;
	222
	223	typedef struct ssl3_compression_st {
	224	int nothing;
	225	} SSL3_COMPRESSION;
	226
	227	#define SSL3_CT_RSA_SIGN 1
	228	#define SSL3_CT_DSS_SIGN 2
	229	#define SSL3_CT_RSA_FIXED_DH 3
	230	#define SSL3_CT_DSS_FIXED_DH 4
	231	#define SSL3_CT_RSA_EPHEMERAL_DH 5
	232	#define SSL3_CT_DSS_EPHEMERAL_DH 6
	233	#define SSL3_CT_FORTEZZA_DMS 20
	234	#define SSL3_CT_NUMBER 7
	235
	236	#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
	237	#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
	238	#define SSL3_FLAGS_POP_BUFFER 0x0004
	239	#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
	240
	241	#if 0
	242	#define AD_CLOSE_NOTIFY 0
	243	#define AD_UNEXPECTED_MESSAGE 1
	244	#define AD_BAD_RECORD_MAC 2
	245	#define AD_DECRYPTION_FAILED 3
	246	#define AD_RECORD_OVERFLOW 4
	247	#define AD_DECOMPRESSION_FAILURE 5 /* fatal */
	248	#define AD_HANDSHAKE_FAILURE 6 /* fatal */
	249	#define AD_NO_CERTIFICATE 7 /* Not under TLS */
	250	#define AD_BAD_CERTIFICATE 8
	251	#define AD_UNSUPPORTED_CERTIFICATE 9
	252	#define AD_CERTIFICATE_REVOKED 10
	253	#define AD_CERTIFICATE_EXPIRED 11
	254	#define AD_CERTIFICATE_UNKNOWN 12
	255	#define AD_ILLEGAL_PARAMETER 13 /* fatal */
	256	#define AD_UNKNOWN_CA 14 /* fatal */
	257	#define AD_ACCESS_DENIED 15 /* fatal */
	258	#define AD_DECODE_ERROR 16 /* fatal */
	259	#define AD_DECRYPT_ERROR 17
	260	#define AD_EXPORT_RESTRICION 18 /* fatal */
	261	#define AD_PROTOCOL_VERSION 19 /* fatal */
	262	#define AD_INSUFFICIENT_SECURITY 20 /* fatal */
	263	#define AD_INTERNAL_ERROR 21 /* fatal */
	264	#define AD_USER_CANCLED 22
	265	#define AD_NO_RENEGOTIATION 23
	266	#endif
	267
	268	typedef struct ssl3_ctx_st
	269	{
	270	long flags;
	271	int delay_buf_pop_ret;
	272
	273	unsigned char read_sequence[8];
	274	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
	275	unsigned char write_sequence[8];
	276	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
	277
	278	unsigned char server_random[SSL3_RANDOM_SIZE];
	279	unsigned char client_random[SSL3_RANDOM_SIZE];
	280
	281	SSL3_BUFFER rbuf; /* read IO goes into here */
	282	SSL3_BUFFER wbuf; /* write IO goes into here */
	283	SSL3_RECORD rrec; /* each decoded record goes in here */
	284	SSL3_RECORD wrec; /* goes out from here */
	285	/* Used by ssl3_read_n to point
	286	* to input data packet */
	287
	288	/* partial write - check the numbers match */
	289	unsigned int wnum; /* number of bytes sent so far */
	290	int wpend_tot; /* number bytes written */
	291	int wpend_type;
	292	int wpend_ret; /* number of bytes submitted */
	293	char *wpend_buf;
	294
	295	/* used during startup, digest all incoming/outgoing packets */
	296	EVP_MD_CTX finish_dgst1;
	297	EVP_MD_CTX finish_dgst2;
	298
	299	/* this is set whenerver we see a change_cipher_spec message
	300	* come in when we are not looking for one */
	301	int change_cipher_spec;
	302
	303	int warn_alert;
	304	int fatal_alert;
	305	/* we alow one fatal and one warning alert to be outstanding,
	306	* send close alert via the warning alert */
	307	int alert_dispatch;
	308	char send_alert[2];
	309
	310	/* This flag is set when we should renegotiate ASAP, basically when
	311	* there is no more data in the read or write buffers */
	312	int renegotiate;
	313	int total_renegotiations;
	314	int num_renegotiations;
	315
	316	int in_read_app_data;
	317
	318	struct {
	319	/* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
	320	unsigned char finish_md[EVP_MAX_MD_SIZE*2];
	321
	322	unsigned long message_size;
	323	int message_type;
	324
	325	/* used to hold the new cipher we are going to use */
	326	SSL_CIPHER *new_cipher;
	327	DH *dh;
	328
	329	/* used when SSL_ST_FLUSH_DATA is entered */
	330	int next_state;
	331
	332	int reuse_message;
	333
	334	/* used for certificate requests */
	335	int cert_req;
	336	int ctype_num;
	337	char ctype[SSL3_CT_NUMBER];
	338	STACK *ca_names;
	339
	340	int use_rsa_tmp;
	341
	342	int key_block_length;
	343	unsigned char *key_block;
	344
	345	EVP_CIPHER *new_sym_enc;
	346	EVP_MD *new_hash;
	347	SSL_COMPRESSION *new_compression;
	348	int cert_request;
	349	} tmp;
	350	} SSL3_CTX;
	351
	352	/* SSLv3 */
	353	/client /
	354	/* extra state */
	355	#define SSL3_ST_CW_FLUSH (0x100\|SSL_ST_CONNECT)
	356	/* write to server */
	357	#define SSL3_ST_CW_CLNT_HELLO_A (0x110\|SSL_ST_CONNECT)
	358	#define SSL3_ST_CW_CLNT_HELLO_B (0x111\|SSL_ST_CONNECT)
	359	/* read from server */
	360	#define SSL3_ST_CR_SRVR_HELLO_A (0x120\|SSL_ST_CONNECT)
	361	#define SSL3_ST_CR_SRVR_HELLO_B (0x121\|SSL_ST_CONNECT)
	362	#define SSL3_ST_CR_CERT_A (0x130\|SSL_ST_CONNECT)
	363	#define SSL3_ST_CR_CERT_B (0x131\|SSL_ST_CONNECT)
	364	#define SSL3_ST_CR_KEY_EXCH_A (0x140\|SSL_ST_CONNECT)
	365	#define SSL3_ST_CR_KEY_EXCH_B (0x141\|SSL_ST_CONNECT)
	366	#define SSL3_ST_CR_CERT_REQ_A (0x150\|SSL_ST_CONNECT)
	367	#define SSL3_ST_CR_CERT_REQ_B (0x151\|SSL_ST_CONNECT)
	368	#define SSL3_ST_CR_SRVR_DONE_A (0x160\|SSL_ST_CONNECT)
	369	#define SSL3_ST_CR_SRVR_DONE_B (0x161\|SSL_ST_CONNECT)
	370	/* write to server */
	371	#define SSL3_ST_CW_CERT_A (0x170\|SSL_ST_CONNECT)
	372	#define SSL3_ST_CW_CERT_B (0x171\|SSL_ST_CONNECT)
	373	#define SSL3_ST_CW_CERT_C (0x172\|SSL_ST_CONNECT)
	374	#define SSL3_ST_CW_CERT_D (0x173\|SSL_ST_CONNECT)
	375	#define SSL3_ST_CW_KEY_EXCH_A (0x180\|SSL_ST_CONNECT)
	376	#define SSL3_ST_CW_KEY_EXCH_B (0x181\|SSL_ST_CONNECT)
	377	#define SSL3_ST_CW_CERT_VRFY_A (0x190\|SSL_ST_CONNECT)
	378	#define SSL3_ST_CW_CERT_VRFY_B (0x191\|SSL_ST_CONNECT)
	379	#define SSL3_ST_CW_CHANGE_A (0x1A0\|SSL_ST_CONNECT)
	380	#define SSL3_ST_CW_CHANGE_B (0x1A1\|SSL_ST_CONNECT)
	381	#define SSL3_ST_CW_FINISHED_A (0x1B0\|SSL_ST_CONNECT)
	382	#define SSL3_ST_CW_FINISHED_B (0x1B1\|SSL_ST_CONNECT)
	383	/* read from server */
	384	#define SSL3_ST_CR_CHANGE_A (0x1C0\|SSL_ST_CONNECT)
	385	#define SSL3_ST_CR_CHANGE_B (0x1C1\|SSL_ST_CONNECT)
	386	#define SSL3_ST_CR_FINISHED_A (0x1D0\|SSL_ST_CONNECT)
	387	#define SSL3_ST_CR_FINISHED_B (0x1D1\|SSL_ST_CONNECT)
	388
	389	/* server */
	390	/* extra state */
	391	#define SSL3_ST_SW_FLUSH (0x100\|SSL_ST_ACCEPT)
	392	/* read from client */
	393	/* Do not change the number values, they do matter */
	394	#define SSL3_ST_SR_CLNT_HELLO_A (0x110\|SSL_ST_ACCEPT)
	395	#define SSL3_ST_SR_CLNT_HELLO_B (0x111\|SSL_ST_ACCEPT)
	396	#define SSL3_ST_SR_CLNT_HELLO_C (0x112\|SSL_ST_ACCEPT)
	397	/* write to client */
	398	#define SSL3_ST_SW_HELLO_REQ_A (0x120\|SSL_ST_ACCEPT)
	399	#define SSL3_ST_SW_HELLO_REQ_B (0x121\|SSL_ST_ACCEPT)
	400	#define SSL3_ST_SW_HELLO_REQ_C (0x122\|SSL_ST_ACCEPT)
	401	#define SSL3_ST_SW_SRVR_HELLO_A (0x130\|SSL_ST_ACCEPT)
	402	#define SSL3_ST_SW_SRVR_HELLO_B (0x131\|SSL_ST_ACCEPT)
	403	#define SSL3_ST_SW_CERT_A (0x140\|SSL_ST_ACCEPT)
	404	#define SSL3_ST_SW_CERT_B (0x141\|SSL_ST_ACCEPT)
	405	#define SSL3_ST_SW_KEY_EXCH_A (0x150\|SSL_ST_ACCEPT)
	406	#define SSL3_ST_SW_KEY_EXCH_B (0x151\|SSL_ST_ACCEPT)
	407	#define SSL3_ST_SW_CERT_REQ_A (0x160\|SSL_ST_ACCEPT)
	408	#define SSL3_ST_SW_CERT_REQ_B (0x161\|SSL_ST_ACCEPT)
	409	#define SSL3_ST_SW_SRVR_DONE_A (0x170\|SSL_ST_ACCEPT)
	410	#define SSL3_ST_SW_SRVR_DONE_B (0x171\|SSL_ST_ACCEPT)
	411	/* read from client */
	412	#define SSL3_ST_SR_CERT_A (0x180\|SSL_ST_ACCEPT)
	413	#define SSL3_ST_SR_CERT_B (0x181\|SSL_ST_ACCEPT)
	414	#define SSL3_ST_SR_KEY_EXCH_A (0x190\|SSL_ST_ACCEPT)
	415	#define SSL3_ST_SR_KEY_EXCH_B (0x191\|SSL_ST_ACCEPT)
	416	#define SSL3_ST_SR_CERT_VRFY_A (0x1A0\|SSL_ST_ACCEPT)
	417	#define SSL3_ST_SR_CERT_VRFY_B (0x1A1\|SSL_ST_ACCEPT)
	418	#define SSL3_ST_SR_CHANGE_A (0x1B0\|SSL_ST_ACCEPT)
	419	#define SSL3_ST_SR_CHANGE_B (0x1B1\|SSL_ST_ACCEPT)
	420	#define SSL3_ST_SR_FINISHED_A (0x1C0\|SSL_ST_ACCEPT)
	421	#define SSL3_ST_SR_FINISHED_B (0x1C1\|SSL_ST_ACCEPT)
	422	/* write to client */
	423	#define SSL3_ST_SW_CHANGE_A (0x1D0\|SSL_ST_ACCEPT)
	424	#define SSL3_ST_SW_CHANGE_B (0x1D1\|SSL_ST_ACCEPT)
	425	#define SSL3_ST_SW_FINISHED_A (0x1E0\|SSL_ST_ACCEPT)
	426	#define SSL3_ST_SW_FINISHED_B (0x1E1\|SSL_ST_ACCEPT)
	427
	428	#define SSL3_MT_CLIENT_REQUEST 0
	429	#define SSL3_MT_CLIENT_HELLO 1
	430	#define SSL3_MT_SERVER_HELLO 2
	431	#define SSL3_MT_CERTIFICATE 11
	432	#define SSL3_MT_SERVER_KEY_EXCHANGE 12
	433	#define SSL3_MT_CERTIFICATE_REQUEST 13
	434	#define SSL3_MT_SERVER_DONE 14
	435	#define SSL3_MT_CERTIFICATE_VERIFY 15
	436	#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
	437	#define SSL3_MT_FINISHED 20
	438
	439	#define SSL3_MT_CCS 1
	440
	441	/* These are used when changing over to a new cipher */
	442	#define SSL3_CC_READ 0x01
	443	#define SSL3_CC_WRITE 0x02
	444	#define SSL3_CC_CLIENT 0x10
	445	#define SSL3_CC_SERVER 0x20
	446	#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT\|SSL3_CC_WRITE)
	447	#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER\|SSL3_CC_READ)
	448	#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT\|SSL3_CC_READ)
	449	#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER\|SSL3_CC_WRITE)
	450
	451	#ifdef __cplusplus
	452	}
	453	#endif
	454	#endif
	455