*/\r
\r
#ifndef HEADER_SSL3_H\r
-#define HEADER_SSL3_H\r
+# define HEADER_SSL3_H\r
\r
-#ifndef OPENSSL_NO_COMP\r
-#include <openssl/comp.h>\r
-#endif\r
-#include <openssl/buffer.h>\r
-#include <openssl/evp.h>\r
-#include <openssl/ssl.h>\r
+# ifndef OPENSSL_NO_COMP\r
+# include <openssl/comp.h>\r
+# endif\r
+# include <openssl/buffer.h>\r
+# include <openssl/evp.h>\r
+# include <openssl/ssl.h>\r
\r
#ifdef __cplusplus\r
extern "C" {\r
#endif\r
\r
-/* Signalling cipher suite value from RFC 5746\r
- * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */\r
-#define SSL3_CK_SCSV 0x030000FF\r
-\r
-/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00\r
- * (TLS_FALLBACK_SCSV) */\r
-#define SSL3_CK_FALLBACK_SCSV 0x03005600\r
-\r
-#define SSL3_CK_RSA_NULL_MD5 0x03000001\r
-#define SSL3_CK_RSA_NULL_SHA 0x03000002\r
-#define SSL3_CK_RSA_RC4_40_MD5 0x03000003\r
-#define SSL3_CK_RSA_RC4_128_MD5 0x03000004\r
-#define SSL3_CK_RSA_RC4_128_SHA 0x03000005\r
-#define SSL3_CK_RSA_RC2_40_MD5 0x03000006\r
-#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007\r
-#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008\r
-#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009\r
-#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A\r
-\r
-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B\r
-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C\r
-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D\r
-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E\r
-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F\r
-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010\r
-\r
-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011\r
-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012\r
-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013\r
-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014\r
-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015\r
-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016\r
-\r
-#define SSL3_CK_ADH_RC4_40_MD5 0x03000017\r
-#define SSL3_CK_ADH_RC4_128_MD5 0x03000018\r
-#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019\r
-#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A\r
-#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B\r
-\r
-#if 0\r
- #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C\r
- #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D\r
- #if 0 /* Because it clashes with KRB5, is never used any more, and is safe\r
- to remove according to David Hopwood <david.hopwood@zetnet.co.uk>\r
- of the ietf-tls list */\r
- #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E\r
- #endif\r
-#endif\r
+/*\r
+ * Signalling cipher suite value from RFC 5746\r
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)\r
+ */\r
+# define SSL3_CK_SCSV 0x030000FF\r
\r
-/* VRS Additional Kerberos5 entries\r
+/*\r
+ * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00\r
+ * (TLS_FALLBACK_SCSV)\r
*/\r
-#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E\r
-#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F\r
-#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020\r
-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021\r
-#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022\r
-#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023\r
-#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024\r
-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025\r
-\r
-#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026\r
-#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027\r
-#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028\r
-#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029\r
-#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A\r
-#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B\r
-\r
-#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"\r
-#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"\r
-#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"\r
-#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"\r
-#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"\r
-#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"\r
-#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"\r
-#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"\r
-#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"\r
-#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"\r
-\r
-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"\r
-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"\r
-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"\r
-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"\r
-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"\r
-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"\r
-\r
-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"\r
-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"\r
-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"\r
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"\r
-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"\r
-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"\r
-\r
-#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"\r
-#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"\r
-#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"\r
-#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"\r
-#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"\r
-\r
-#if 0\r
- #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"\r
- #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"\r
- #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"\r
-#endif\r
+# define SSL3_CK_FALLBACK_SCSV 0x03005600\r
+\r
+# define SSL3_CK_RSA_NULL_MD5 0x03000001\r
+# define SSL3_CK_RSA_NULL_SHA 0x03000002\r
+# define SSL3_CK_RSA_RC4_40_MD5 0x03000003\r
+# define SSL3_CK_RSA_RC4_128_MD5 0x03000004\r
+# define SSL3_CK_RSA_RC4_128_SHA 0x03000005\r
+# define SSL3_CK_RSA_RC2_40_MD5 0x03000006\r
+# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007\r
+# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008\r
+# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009\r
+# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A\r
+\r
+# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B\r
+# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C\r
+# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D\r
+# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E\r
+# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F\r
+# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010\r
+\r
+# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011\r
+# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA SSL3_CK_EDH_DSS_DES_40_CBC_SHA\r
+# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012\r
+# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA SSL3_CK_EDH_DSS_DES_64_CBC_SHA\r
+# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013\r
+# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA SSL3_CK_EDH_DSS_DES_192_CBC3_SHA\r
+# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014\r
+# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA SSL3_CK_EDH_RSA_DES_40_CBC_SHA\r
+# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015\r
+# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA SSL3_CK_EDH_RSA_DES_64_CBC_SHA\r
+# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016\r
+# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA SSL3_CK_EDH_RSA_DES_192_CBC3_SHA\r
+\r
+# define SSL3_CK_ADH_RC4_40_MD5 0x03000017\r
+# define SSL3_CK_ADH_RC4_128_MD5 0x03000018\r
+# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019\r
+# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A\r
+# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B\r
+\r
+# if 0\r
+# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C\r
+# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D\r
+# if 0 /* Because it clashes with KRB5, is never\r
+ * used any more, and is safe to remove\r
+ * according to David Hopwood\r
+ * <david.hopwood@zetnet.co.uk> of the\r
+ * ietf-tls list */\r
+# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E\r
+# endif\r
+# endif\r
+\r
+/*\r
+ * VRS Additional Kerberos5 entries\r
+ */\r
+# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E\r
+# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F\r
+# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020\r
+# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021\r
+# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022\r
+# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023\r
+# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024\r
+# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025\r
+\r
+# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026\r
+# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027\r
+# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028\r
+# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029\r
+# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A\r
+# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B\r
+\r
+# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"\r
+# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"\r
+# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"\r
+# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"\r
+# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"\r
+# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"\r
+# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"\r
+# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"\r
+# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"\r
+# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"\r
+\r
+# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"\r
+# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"\r
+# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"\r
+# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"\r
+# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"\r
+# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"\r
+\r
+# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA "EXP-DHE-DSS-DES-CBC-SHA"\r
+# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA "DHE-DSS-DES-CBC-SHA"\r
+# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA "DHE-DSS-DES-CBC3-SHA"\r
+# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA "EXP-DHE-RSA-DES-CBC-SHA"\r
+# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA "DHE-RSA-DES-CBC-SHA"\r
+# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA "DHE-RSA-DES-CBC3-SHA"\r
\r
-#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"\r
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"\r
-#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"\r
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"\r
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"\r
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"\r
-#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"\r
-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"\r
-\r
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"\r
-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"\r
-#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"\r
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"\r
-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"\r
-#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"\r
-\r
-#define SSL3_SSL_SESSION_ID_LENGTH 32\r
-#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32\r
-\r
-#define SSL3_MASTER_SECRET_SIZE 48\r
-#define SSL3_RANDOM_SIZE 32\r
-#define SSL3_SESSION_ID_SIZE 32\r
-#define SSL3_RT_HEADER_LENGTH 5\r
-\r
-#ifndef SSL3_ALIGN_PAYLOAD\r
- /* Some will argue that this increases memory footprint, but it's\r
- * not actually true. Point is that malloc has to return at least\r
- * 64-bit aligned pointers, meaning that allocating 5 bytes wastes\r
- * 3 bytes in either case. Suggested pre-gaping simply moves these\r
- * wasted bytes from the end of allocated region to its front,\r
- * but makes data payload aligned, which improves performance:-) */\r
-# define SSL3_ALIGN_PAYLOAD 8\r
-#else\r
-# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0\r
-# error "insane SSL3_ALIGN_PAYLOAD"\r
-# undef SSL3_ALIGN_PAYLOAD\r
+/*\r
+ * This next block of six "EDH" labels is for backward compatibility with\r
+ * older versions of OpenSSL. New code should use the six "DHE" labels above\r
+ * instead:\r
+ */\r
+# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"\r
+# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"\r
+# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"\r
+# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"\r
+# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"\r
+# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"\r
+\r
+# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"\r
+# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"\r
+# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"\r
+# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"\r
+# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"\r
+\r
+# if 0\r
+# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"\r
+# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"\r
+# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"\r
# endif\r
-#endif\r
\r
-/* This is the maximum MAC (digest) size used by the SSL library.\r
- * Currently maximum of 20 is used by SHA1, but we reserve for\r
- * future extension for 512-bit hashes.\r
+# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"\r
+# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"\r
+# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"\r
+# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"\r
+# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"\r
+# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"\r
+# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"\r
+# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"\r
+\r
+# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"\r
+# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"\r
+# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"\r
+# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"\r
+# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"\r
+# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"\r
+\r
+# define SSL3_SSL_SESSION_ID_LENGTH 32\r
+# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32\r
+\r
+# define SSL3_MASTER_SECRET_SIZE 48\r
+# define SSL3_RANDOM_SIZE 32\r
+# define SSL3_SESSION_ID_SIZE 32\r
+# define SSL3_RT_HEADER_LENGTH 5\r
+\r
+# define SSL3_HM_HEADER_LENGTH 4\r
+\r
+# ifndef SSL3_ALIGN_PAYLOAD\r
+ /*\r
+ * Some will argue that this increases memory footprint, but it's not\r
+ * actually true. Point is that malloc has to return at least 64-bit aligned\r
+ * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.\r
+ * Suggested pre-gaping simply moves these wasted bytes from the end of\r
+ * allocated region to its front, but makes data payload aligned, which\r
+ * improves performance:-)\r
+ */\r
+# define SSL3_ALIGN_PAYLOAD 8\r
+# else\r
+# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0\r
+# error "insane SSL3_ALIGN_PAYLOAD"\r
+# undef SSL3_ALIGN_PAYLOAD\r
+# endif\r
+# endif\r
+\r
+/*\r
+ * This is the maximum MAC (digest) size used by the SSL library. Currently\r
+ * maximum of 20 is used by SHA1, but we reserve for future extension for\r
+ * 512-bit hashes.\r
*/\r
\r
-#define SSL3_RT_MAX_MD_SIZE 64\r
+# define SSL3_RT_MAX_MD_SIZE 64\r
\r
-/* Maximum block size used in all ciphersuites. Currently 16 for AES.\r
+/*\r
+ * Maximum block size used in all ciphersuites. Currently 16 for AES.\r
*/\r
\r
-#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16\r
+# define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16\r
\r
-#define SSL3_RT_MAX_EXTRA (16384)\r
+# define SSL3_RT_MAX_EXTRA (16384)\r
\r
/* Maximum plaintext length: defined by SSL/TLS standards */\r
-#define SSL3_RT_MAX_PLAIN_LENGTH 16384\r
+# define SSL3_RT_MAX_PLAIN_LENGTH 16384\r
/* Maximum compression overhead: defined by SSL/TLS standards */\r
-#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024\r
+# define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024\r
\r
-/* The standards give a maximum encryption overhead of 1024 bytes.\r
- * In practice the value is lower than this. The overhead is the maximum\r
- * number of padding bytes (256) plus the mac size.\r
+/*\r
+ * The standards give a maximum encryption overhead of 1024 bytes. In\r
+ * practice the value is lower than this. The overhead is the maximum number\r
+ * of padding bytes (256) plus the mac size.\r
*/\r
-#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)\r
+# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)\r
\r
-/* OpenSSL currently only uses a padding length of at most one block so\r
- * the send overhead is smaller.\r
+/*\r
+ * OpenSSL currently only uses a padding length of at most one block so the\r
+ * send overhead is smaller.\r
*/\r
\r
-#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \\r
- (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)\r
+# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \\r
+ (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)\r
\r
/* If compression isn't used don't include the compression overhead */\r
\r
-#ifdef OPENSSL_NO_COMP\r
-#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH\r
-#else\r
-#define SSL3_RT_MAX_COMPRESSED_LENGTH \\r
- (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)\r
-#endif\r
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH \\r
- (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)\r
-#define SSL3_RT_MAX_PACKET_SIZE \\r
- (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)\r
-\r
-#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"\r
-#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"\r
-\r
-#define SSL3_VERSION 0x0300\r
-#define SSL3_VERSION_MAJOR 0x03\r
-#define SSL3_VERSION_MINOR 0x00\r
-\r
-#define SSL3_RT_CHANGE_CIPHER_SPEC 20\r
-#define SSL3_RT_ALERT 21\r
-#define SSL3_RT_HANDSHAKE 22\r
-#define SSL3_RT_APPLICATION_DATA 23\r
-#define TLS1_RT_HEARTBEAT 24\r
-\r
-#define SSL3_AL_WARNING 1\r
-#define SSL3_AL_FATAL 2\r
-\r
-#define SSL3_AD_CLOSE_NOTIFY 0\r
-#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */\r
-#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */\r
-#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */\r
-#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */\r
-#define SSL3_AD_NO_CERTIFICATE 41\r
-#define SSL3_AD_BAD_CERTIFICATE 42\r
-#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43\r
-#define SSL3_AD_CERTIFICATE_REVOKED 44\r
-#define SSL3_AD_CERTIFICATE_EXPIRED 45\r
-#define SSL3_AD_CERTIFICATE_UNKNOWN 46\r
-#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */\r
-\r
-#define TLS1_HB_REQUEST 1\r
-#define TLS1_HB_RESPONSE 2\r
-\r
-#ifndef OPENSSL_NO_SSL_INTERN\r
-\r
-typedef struct ssl3_record_st\r
- {\r
-/*r */ int type; /* type of record */\r
-/*rw*/ unsigned int length; /* How many bytes available */\r
-/*r */ unsigned int off; /* read/write offset into 'buf' */\r
-/*rw*/ unsigned char *data; /* pointer to the record data */\r
-/*rw*/ unsigned char *input; /* where the decode bytes are */\r
-/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */\r
-/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */\r
-/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */\r
- } SSL3_RECORD;\r
-\r
-typedef struct ssl3_buffer_st\r
- {\r
- unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,\r
- * see ssl3_setup_buffers() */\r
- size_t len; /* buffer size */\r
- int offset; /* where to 'copy from' */\r
- int left; /* how many bytes left */\r
- } SSL3_BUFFER;\r
+# ifdef OPENSSL_NO_COMP\r
+# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH\r
+# else\r
+# define SSL3_RT_MAX_COMPRESSED_LENGTH \\r
+ (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)\r
+# endif\r
+# define SSL3_RT_MAX_ENCRYPTED_LENGTH \\r
+ (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)\r
+# define SSL3_RT_MAX_PACKET_SIZE \\r
+ (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)\r
+\r
+# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"\r
+# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"\r
+\r
+# define SSL3_VERSION 0x0300\r
+# define SSL3_VERSION_MAJOR 0x03\r
+# define SSL3_VERSION_MINOR 0x00\r
+\r
+# define SSL3_RT_CHANGE_CIPHER_SPEC 20\r
+# define SSL3_RT_ALERT 21\r
+# define SSL3_RT_HANDSHAKE 22\r
+# define SSL3_RT_APPLICATION_DATA 23\r
+# define TLS1_RT_HEARTBEAT 24\r
+\r
+/* Pseudo content types to indicate additional parameters */\r
+# define TLS1_RT_CRYPTO 0x1000\r
+# define TLS1_RT_CRYPTO_PREMASTER (TLS1_RT_CRYPTO | 0x1)\r
+# define TLS1_RT_CRYPTO_CLIENT_RANDOM (TLS1_RT_CRYPTO | 0x2)\r
+# define TLS1_RT_CRYPTO_SERVER_RANDOM (TLS1_RT_CRYPTO | 0x3)\r
+# define TLS1_RT_CRYPTO_MASTER (TLS1_RT_CRYPTO | 0x4)\r
+\r
+# define TLS1_RT_CRYPTO_READ 0x0000\r
+# define TLS1_RT_CRYPTO_WRITE 0x0100\r
+# define TLS1_RT_CRYPTO_MAC (TLS1_RT_CRYPTO | 0x5)\r
+# define TLS1_RT_CRYPTO_KEY (TLS1_RT_CRYPTO | 0x6)\r
+# define TLS1_RT_CRYPTO_IV (TLS1_RT_CRYPTO | 0x7)\r
+# define TLS1_RT_CRYPTO_FIXED_IV (TLS1_RT_CRYPTO | 0x8)\r
+\r
+/* Pseudo content type for SSL/TLS header info */\r
+# define SSL3_RT_HEADER 0x100\r
+\r
+# define SSL3_AL_WARNING 1\r
+# define SSL3_AL_FATAL 2\r
+\r
+# define SSL3_AD_CLOSE_NOTIFY 0\r
+# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */\r
+# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */\r
+# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */\r
+# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */\r
+# define SSL3_AD_NO_CERTIFICATE 41\r
+# define SSL3_AD_BAD_CERTIFICATE 42\r
+# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43\r
+# define SSL3_AD_CERTIFICATE_REVOKED 44\r
+# define SSL3_AD_CERTIFICATE_EXPIRED 45\r
+# define SSL3_AD_CERTIFICATE_UNKNOWN 46\r
+# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */\r
+\r
+# define TLS1_HB_REQUEST 1\r
+# define TLS1_HB_RESPONSE 2\r
+\r
+# ifndef OPENSSL_NO_SSL_INTERN\r
+\r
+typedef struct ssl3_record_st {\r
+ /* type of record */\r
+ /*\r
+ * r\r
+ */ int type;\r
+ /* How many bytes available */\r
+ /*\r
+ * rw\r
+ */ unsigned int length;\r
+ /* read/write offset into 'buf' */\r
+ /*\r
+ * r\r
+ */ unsigned int off;\r
+ /* pointer to the record data */\r
+ /*\r
+ * rw\r
+ */ unsigned char *data;\r
+ /* where the decode bytes are */\r
+ /*\r
+ * rw\r
+ */ unsigned char *input;\r
+ /* only used with decompression - malloc()ed */\r
+ /*\r
+ * r\r
+ */ unsigned char *comp;\r
+ /* epoch number, needed by DTLS1 */\r
+ /*\r
+ * r\r
+ */ unsigned long epoch;\r
+ /* sequence number, needed by DTLS1 */\r
+ /*\r
+ * r\r
+ */ unsigned char seq_num[8];\r
+} SSL3_RECORD;\r
+\r
+typedef struct ssl3_buffer_st {\r
+ /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */\r
+ unsigned char *buf;\r
+ /* buffer size */\r
+ size_t len;\r
+ /* where to 'copy from' */\r
+ int offset;\r
+ /* how many bytes left */\r
+ int left;\r
+} SSL3_BUFFER;\r
\r
-#endif\r
+# endif\r
\r
-#define SSL3_CT_RSA_SIGN 1\r
-#define SSL3_CT_DSS_SIGN 2\r
-#define SSL3_CT_RSA_FIXED_DH 3\r
-#define SSL3_CT_DSS_FIXED_DH 4\r
-#define SSL3_CT_RSA_EPHEMERAL_DH 5\r
-#define SSL3_CT_DSS_EPHEMERAL_DH 6\r
-#define SSL3_CT_FORTEZZA_DMS 20\r
-/* SSL3_CT_NUMBER is used to size arrays and it must be large\r
- * enough to contain all of the cert types defined either for\r
- * SSLv3 and TLSv1.\r
+# define SSL3_CT_RSA_SIGN 1\r
+# define SSL3_CT_DSS_SIGN 2\r
+# define SSL3_CT_RSA_FIXED_DH 3\r
+# define SSL3_CT_DSS_FIXED_DH 4\r
+# define SSL3_CT_RSA_EPHEMERAL_DH 5\r
+# define SSL3_CT_DSS_EPHEMERAL_DH 6\r
+# define SSL3_CT_FORTEZZA_DMS 20\r
+/*\r
+ * SSL3_CT_NUMBER is used to size arrays and it must be large enough to\r
+ * contain all of the cert types defined either for SSLv3 and TLSv1.\r
*/\r
-#define SSL3_CT_NUMBER 9\r
-\r
-\r
-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001\r
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002\r
-#define SSL3_FLAGS_POP_BUFFER 0x0004\r
-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008\r
-#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010\r
-#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020\r
+# define SSL3_CT_NUMBER 9\r
+\r
+# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001\r
+# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002\r
+# define SSL3_FLAGS_POP_BUFFER 0x0004\r
+# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008\r
+# define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010\r
+# define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020\r
/*\r
* Set when the handshake is ready to process peer's ChangeCipherSpec message.\r
* Cleared after the message has been processed.\r
*/\r
-#define SSL3_FLAGS_CCS_OK 0x0080\r
-\r
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we\r
- * restart a handshake because of MS SGC and so prevents us\r
- * from restarting the handshake in a loop. It's reset on a\r
- * renegotiation, so effectively limits the client to one restart\r
- * per negotiation. This limits the possibility of a DDoS\r
- * attack where the client handshakes in a loop using SGC to\r
- * restart. Servers which permit renegotiation can still be\r
- * effected, but we can't prevent that.\r
- */\r
-#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040\r
-\r
-#ifndef OPENSSL_NO_SSL_INTERN\r
-\r
-typedef struct ssl3_state_st\r
- {\r
- long flags;\r
- int delay_buf_pop_ret;\r
-\r
- unsigned char read_sequence[8];\r
- int read_mac_secret_size;\r
- unsigned char read_mac_secret[EVP_MAX_MD_SIZE];\r
- unsigned char write_sequence[8];\r
- int write_mac_secret_size;\r
- unsigned char write_mac_secret[EVP_MAX_MD_SIZE];\r
-\r
- unsigned char server_random[SSL3_RANDOM_SIZE];\r
- unsigned char client_random[SSL3_RANDOM_SIZE];\r
-\r
- /* flags for countermeasure against known-IV weakness */\r
- int need_empty_fragments;\r
- int empty_fragment_done;\r
-\r
- /* The value of 'extra' when the buffers were initialized */\r
- int init_extra;\r
-\r
- SSL3_BUFFER rbuf; /* read IO goes into here */\r
- SSL3_BUFFER wbuf; /* write IO goes into here */\r
-\r
- SSL3_RECORD rrec; /* each decoded record goes in here */\r
- SSL3_RECORD wrec; /* goes out from here */\r
-\r
- /* storage for Alert/Handshake protocol data received but not\r
- * yet processed by ssl3_read_bytes: */\r
- unsigned char alert_fragment[2];\r
- unsigned int alert_fragment_len;\r
- unsigned char handshake_fragment[4];\r
- unsigned int handshake_fragment_len;\r
-\r
- /* partial write - check the numbers match */\r
- unsigned int wnum; /* number of bytes sent so far */\r
- int wpend_tot; /* number bytes written */\r
- int wpend_type;\r
- int wpend_ret; /* number of bytes submitted */\r
- const unsigned char *wpend_buf;\r
-\r
- /* used during startup, digest all incoming/outgoing packets */\r
- BIO *handshake_buffer;\r
- /* When set of handshake digests is determined, buffer is hashed\r
- * and freed and MD_CTX-es for all required digests are stored in\r
- * this array */\r
- EVP_MD_CTX **handshake_dgst;\r
- /*\r
- * Set whenever an expected ChangeCipherSpec message is processed.\r
- * Unset when the peer's Finished message is received.\r
- * Unexpected ChangeCipherSpec messages trigger a fatal alert.\r
- */\r
- int change_cipher_spec;\r
-\r
- int warn_alert;\r
- int fatal_alert;\r
- /* we allow one fatal and one warning alert to be outstanding,\r
- * send close alert via the warning alert */\r
- int alert_dispatch;\r
- unsigned char send_alert[2];\r
-\r
- /* This flag is set when we should renegotiate ASAP, basically when\r
- * there is no more data in the read or write buffers */\r
- int renegotiate;\r
- int total_renegotiations;\r
- int num_renegotiations;\r
-\r
- int in_read_app_data;\r
-\r
- /* Opaque PRF input as used for the current handshake.\r
- * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined\r
- * (otherwise, they are merely present to improve binary compatibility) */\r
- void *client_opaque_prf_input;\r
- size_t client_opaque_prf_input_len;\r
- void *server_opaque_prf_input;\r
- size_t server_opaque_prf_input_len;\r
-\r
- struct {\r
- /* actually only needs to be 16+20 */\r
- unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];\r
-\r
- /* actually only need to be 16+20 for SSLv3 and 12 for TLS */\r
- unsigned char finish_md[EVP_MAX_MD_SIZE*2];\r
- int finish_md_len;\r
- unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];\r
- int peer_finish_md_len;\r
-\r
- unsigned long message_size;\r
- int message_type;\r
-\r
- /* used to hold the new cipher we are going to use */\r
- const SSL_CIPHER *new_cipher;\r
-#ifndef OPENSSL_NO_DH\r
- DH *dh;\r
-#endif\r
-\r
-#ifndef OPENSSL_NO_ECDH\r
- EC_KEY *ecdh; /* holds short lived ECDH key */\r
-#endif\r
-\r
- /* used when SSL_ST_FLUSH_DATA is entered */\r
- int next_state;\r
-\r
- int reuse_message;\r
-\r
- /* used for certificate requests */\r
- int cert_req;\r
- int ctype_num;\r
- char ctype[SSL3_CT_NUMBER];\r
- STACK_OF(X509_NAME) *ca_names;\r
-\r
- int use_rsa_tmp;\r
+# define SSL3_FLAGS_CCS_OK 0x0080\r
+\r
+/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */\r
+# define SSL3_FLAGS_SGC_RESTART_DONE 0x0040\r
+\r
+# ifndef OPENSSL_NO_SSL_INTERN\r
+\r
+typedef struct ssl3_state_st {\r
+ long flags;\r
+ int delay_buf_pop_ret;\r
+ unsigned char read_sequence[8];\r
+ int read_mac_secret_size;\r
+ unsigned char read_mac_secret[EVP_MAX_MD_SIZE];\r
+ unsigned char write_sequence[8];\r
+ int write_mac_secret_size;\r
+ unsigned char write_mac_secret[EVP_MAX_MD_SIZE];\r
+ unsigned char server_random[SSL3_RANDOM_SIZE];\r
+ unsigned char client_random[SSL3_RANDOM_SIZE];\r
+ /* flags for countermeasure against known-IV weakness */\r
+ int need_empty_fragments;\r
+ int empty_fragment_done;\r
+ /* The value of 'extra' when the buffers were initialized */\r
+ int init_extra;\r
+ SSL3_BUFFER rbuf; /* read IO goes into here */\r
+ SSL3_BUFFER wbuf; /* write IO goes into here */\r
+ SSL3_RECORD rrec; /* each decoded record goes in here */\r
+ SSL3_RECORD wrec; /* goes out from here */\r
+ /*\r
+ * storage for Alert/Handshake protocol data received but not yet\r
+ * processed by ssl3_read_bytes:\r
+ */\r
+ unsigned char alert_fragment[2];\r
+ unsigned int alert_fragment_len;\r
+ unsigned char handshake_fragment[4];\r
+ unsigned int handshake_fragment_len;\r
+ /* partial write - check the numbers match */\r
+ unsigned int wnum; /* number of bytes sent so far */\r
+ int wpend_tot; /* number bytes written */\r
+ int wpend_type;\r
+ int wpend_ret; /* number of bytes submitted */\r
+ const unsigned char *wpend_buf;\r
+ /* used during startup, digest all incoming/outgoing packets */\r
+ BIO *handshake_buffer;\r
+ /*\r
+ * When set of handshake digests is determined, buffer is hashed and\r
+ * freed and MD_CTX-es for all required digests are stored in this array\r
+ */\r
+ EVP_MD_CTX **handshake_dgst;\r
+ /*\r
+ * Set whenever an expected ChangeCipherSpec message is processed.\r
+ * Unset when the peer's Finished message is received.\r
+ * Unexpected ChangeCipherSpec messages trigger a fatal alert.\r
+ */\r
+ int change_cipher_spec;\r
+ int warn_alert;\r
+ int fatal_alert;\r
+ /*\r
+ * we allow one fatal and one warning alert to be outstanding, send close\r
+ * alert via the warning alert\r
+ */\r
+ int alert_dispatch;\r
+ unsigned char send_alert[2];\r
+ /*\r
+ * This flag is set when we should renegotiate ASAP, basically when there\r
+ * is no more data in the read or write buffers\r
+ */\r
+ int renegotiate;\r
+ int total_renegotiations;\r
+ int num_renegotiations;\r
+ int in_read_app_data;\r
+ /*\r
+ * Opaque PRF input as used for the current handshake. These fields are\r
+ * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they\r
+ * are merely present to improve binary compatibility)\r
+ */\r
+ void *client_opaque_prf_input;\r
+ size_t client_opaque_prf_input_len;\r
+ void *server_opaque_prf_input;\r
+ size_t server_opaque_prf_input_len;\r
+ struct {\r
+ /* actually only needs to be 16+20 */\r
+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];\r
+ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */\r
+ unsigned char finish_md[EVP_MAX_MD_SIZE * 2];\r
+ int finish_md_len;\r
+ unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];\r
+ int peer_finish_md_len;\r
+ unsigned long message_size;\r
+ int message_type;\r
+ /* used to hold the new cipher we are going to use */\r
+ const SSL_CIPHER *new_cipher;\r
+# ifndef OPENSSL_NO_DH\r
+ DH *dh;\r
+# endif\r
+# ifndef OPENSSL_NO_ECDH\r
+ EC_KEY *ecdh; /* holds short lived ECDH key */\r
+# endif\r
+ /* used when SSL_ST_FLUSH_DATA is entered */\r
+ int next_state;\r
+ int reuse_message;\r
+ /* used for certificate requests */\r
+ int cert_req;\r
+ int ctype_num;\r
+ char ctype[SSL3_CT_NUMBER];\r
+ STACK_OF(X509_NAME) *ca_names;\r
+ int use_rsa_tmp;\r
+ int key_block_length;\r
+ unsigned char *key_block;\r
+ const EVP_CIPHER *new_sym_enc;\r
+ const EVP_MD *new_hash;\r
+ int new_mac_pkey_type;\r
+ int new_mac_secret_size;\r
+# ifndef OPENSSL_NO_COMP\r
+ const SSL_COMP *new_compression;\r
+# else\r
+ char *new_compression;\r
+# endif\r
+ int cert_request;\r
+ } tmp;\r
+\r
+ /* Connection binding to prevent renegotiation attacks */\r
+ unsigned char previous_client_finished[EVP_MAX_MD_SIZE];\r
+ unsigned char previous_client_finished_len;\r
+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE];\r
+ unsigned char previous_server_finished_len;\r
+ int send_connection_binding; /* TODOEKR */\r
+\r
+# ifndef OPENSSL_NO_NEXTPROTONEG\r
+ /*\r
+ * Set if we saw the Next Protocol Negotiation extension from our peer.\r
+ */\r
+ int next_proto_neg_seen;\r
+# endif\r
+\r
+# ifndef OPENSSL_NO_TLSEXT\r
+# ifndef OPENSSL_NO_EC\r
+ /*\r
+ * This is set to true if we believe that this is a version of Safari\r
+ * running on OS X 10.6 or newer. We wish to know this because Safari on\r
+ * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.\r
+ */\r
+ char is_probably_safari;\r
+# endif /* !OPENSSL_NO_EC */\r
+\r
+ /*\r
+ * ALPN information (we are in the process of transitioning from NPN to\r
+ * ALPN.)\r
+ */\r
+\r
+ /*\r
+ * In a server these point to the selected ALPN protocol after the\r
+ * ClientHello has been processed. In a client these contain the protocol\r
+ * that the server selected once the ServerHello has been processed.\r
+ */\r
+ unsigned char *alpn_selected;\r
+ unsigned alpn_selected_len;\r
+# endif /* OPENSSL_NO_TLSEXT */\r
+} SSL3_STATE;\r
\r
- int key_block_length;\r
- unsigned char *key_block;\r
-\r
- const EVP_CIPHER *new_sym_enc;\r
- const EVP_MD *new_hash;\r
- int new_mac_pkey_type;\r
- int new_mac_secret_size;\r
-#ifndef OPENSSL_NO_COMP\r
- const SSL_COMP *new_compression;\r
-#else\r
- char *new_compression;\r
-#endif\r
- int cert_request;\r
- } tmp;\r
-\r
- /* Connection binding to prevent renegotiation attacks */\r
- unsigned char previous_client_finished[EVP_MAX_MD_SIZE];\r
- unsigned char previous_client_finished_len;\r
- unsigned char previous_server_finished[EVP_MAX_MD_SIZE];\r
- unsigned char previous_server_finished_len;\r
- int send_connection_binding; /* TODOEKR */\r
-\r
-#ifndef OPENSSL_NO_NEXTPROTONEG\r
- /* Set if we saw the Next Protocol Negotiation extension from our peer. */\r
- int next_proto_neg_seen;\r
-#endif\r
-\r
-#ifndef OPENSSL_NO_TLSEXT\r
-#ifndef OPENSSL_NO_EC\r
- /* This is set to true if we believe that this is a version of Safari\r
- * running on OS X 10.6 or newer. We wish to know this because Safari\r
- * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */\r
- char is_probably_safari;\r
-#endif /* !OPENSSL_NO_EC */\r
-#endif /* !OPENSSL_NO_TLSEXT */\r
- } SSL3_STATE;\r
-\r
-#endif\r
+# endif\r
\r
/* SSLv3 */\r
-/*client */\r
+/*\r
+ * client\r
+ */\r
/* extra state */\r
-#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)\r
-#ifndef OPENSSL_NO_SCTP\r
-#define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT)\r
-#define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT)\r
-#endif\r
+# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)\r
+# ifndef OPENSSL_NO_SCTP\r
+# define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT)\r
+# define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT)\r
+# endif\r
/* write to server */\r
-#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)\r
/* read from server */\r
-#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)\r
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)\r
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)\r
+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)\r
+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)\r
/* write to server */\r
-#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)\r
-#ifndef OPENSSL_NO_NEXTPROTONEG\r
-#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)\r
-#endif\r
-#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)\r
-#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)\r
+# ifndef OPENSSL_NO_NEXTPROTONEG\r
+# define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)\r
+# endif\r
+# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)\r
+# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)\r
/* read from server */\r
-#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)\r
-#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)\r
+# define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)\r
\r
/* server */\r
/* extra state */\r
-#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)\r
-#ifndef OPENSSL_NO_SCTP\r
-#define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT)\r
-#define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT)\r
-#endif\r
+# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)\r
+# ifndef OPENSSL_NO_SCTP\r
+# define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT)\r
+# define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT)\r
+# endif\r
/* read from client */\r
/* Do not change the number values, they do matter */\r
-#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT)\r
/* write to client */\r
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)\r
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)\r
+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)\r
+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)\r
/* read from client */\r
-#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)\r
-#ifndef OPENSSL_NO_NEXTPROTONEG\r
-#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)\r
-#endif\r
-#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)\r
+# ifndef OPENSSL_NO_NEXTPROTONEG\r
+# define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)\r
+# endif\r
+# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)\r
/* write to client */\r
-#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)\r
-#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)\r
-\r
-#define SSL3_MT_HELLO_REQUEST 0\r
-#define SSL3_MT_CLIENT_HELLO 1\r
-#define SSL3_MT_SERVER_HELLO 2\r
-#define SSL3_MT_NEWSESSION_TICKET 4\r
-#define SSL3_MT_CERTIFICATE 11\r
-#define SSL3_MT_SERVER_KEY_EXCHANGE 12\r
-#define SSL3_MT_CERTIFICATE_REQUEST 13\r
-#define SSL3_MT_SERVER_DONE 14\r
-#define SSL3_MT_CERTIFICATE_VERIFY 15\r
-#define SSL3_MT_CLIENT_KEY_EXCHANGE 16\r
-#define SSL3_MT_FINISHED 20\r
-#define SSL3_MT_CERTIFICATE_STATUS 22\r
-#ifndef OPENSSL_NO_NEXTPROTONEG\r
-#define SSL3_MT_NEXT_PROTO 67\r
-#endif\r
-#define DTLS1_MT_HELLO_VERIFY_REQUEST 3\r
-\r
+# define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)\r
+# define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)\r
+\r
+# define SSL3_MT_HELLO_REQUEST 0\r
+# define SSL3_MT_CLIENT_HELLO 1\r
+# define SSL3_MT_SERVER_HELLO 2\r
+# define SSL3_MT_NEWSESSION_TICKET 4\r
+# define SSL3_MT_CERTIFICATE 11\r
+# define SSL3_MT_SERVER_KEY_EXCHANGE 12\r
+# define SSL3_MT_CERTIFICATE_REQUEST 13\r
+# define SSL3_MT_SERVER_DONE 14\r
+# define SSL3_MT_CERTIFICATE_VERIFY 15\r
+# define SSL3_MT_CLIENT_KEY_EXCHANGE 16\r
+# define SSL3_MT_FINISHED 20\r
+# define SSL3_MT_CERTIFICATE_STATUS 22\r
+# ifndef OPENSSL_NO_NEXTPROTONEG\r
+# define SSL3_MT_NEXT_PROTO 67\r
+# endif\r
+# define DTLS1_MT_HELLO_VERIFY_REQUEST 3\r
\r
-#define SSL3_MT_CCS 1\r
+# define SSL3_MT_CCS 1\r
\r
/* These are used when changing over to a new cipher */\r
-#define SSL3_CC_READ 0x01\r
-#define SSL3_CC_WRITE 0x02\r
-#define SSL3_CC_CLIENT 0x10\r
-#define SSL3_CC_SERVER 0x20\r
-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)\r
-#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)\r
-#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)\r
-#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)\r
+# define SSL3_CC_READ 0x01\r
+# define SSL3_CC_WRITE 0x02\r
+# define SSL3_CC_CLIENT 0x10\r
+# define SSL3_CC_SERVER 0x20\r
+# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)\r
+# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)\r
+# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)\r
+# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)\r
\r
#ifdef __cplusplus\r
}\r
#endif\r
#endif\r
-\r