s3_srvr.c: fix typo.

[openssl.git] / ssl / ssl3.h

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 289e9e9a8a07c871c51d8f767811b64e22a306d3..4e72c1749bc1b9710866b01bdba2809ccb2cfdf2 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -322,6 +322,7 @@ extern "C" {
 #define SSL3_RT_ALERT                  21
 #define SSL3_RT_HANDSHAKE              22
 #define SSL3_RT_APPLICATION_DATA       23
+#define TLS1_RT_HEARTBEAT              24
 
 #define SSL3_AL_WARNING                        1
 #define SSL3_AL_FATAL                  2
@@ -339,6 +340,9 @@ extern "C" {
 #define SSL3_AD_CERTIFICATE_UNKNOWN    46
 #define SSL3_AD_ILLEGAL_PARAMETER      47      /* fatal */
 
+#define TLS1_HB_REQUEST                1
+#define TLS1_HB_RESPONSE       2
+       
 #ifndef OPENSSL_NO_SSL_INTERN
 
 typedef struct ssl3_record_st
@@ -384,6 +388,17 @@ typedef struct ssl3_buffer_st
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE              0x0020
+ 
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+ * from restarting the handshake in a loop. It's reset on a
+ * renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS
+ * attack where the client handshakes in a loop using SGC to
+ * restart. Servers which permit renegotiation can still be
+ * effected, but we can't prevent that.
+ */
+#define SSL3_FLAGS_SGC_RESTART_DONE            0x0040
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
@@ -462,12 +477,6 @@ typedef struct ssl3_state_st
        void *server_opaque_prf_input;
        size_t server_opaque_prf_input_len;
 
-#ifndef OPENSSL_NO_NEXTPROTONEG
-       /* Set if we saw the Next Protocol Negotiation extension from
-          our peer. */
-       int next_proto_neg_seen;
-#endif
-
        struct  {
                /* actually only needs to be 16+20 */
                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
@@ -525,6 +534,12 @@ typedef struct ssl3_state_st
         unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
         unsigned char previous_server_finished_len;
         int send_connection_binding; /* TODOEKR */
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       /* Set if we saw the Next Protocol Negotiation extension from
+          our peer. */
+       int next_proto_neg_seen;
+#endif
        } SSL3_STATE;
 
 #endif
@@ -533,6 +548,10 @@ typedef struct ssl3_state_st
 /*client */
 /* extra state */
 #define SSL3_ST_CW_FLUSH               (0x100|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_SCTP
+#define DTLS1_SCTP_ST_CW_WRITE_SOCK                    (0x310|SSL_ST_CONNECT)
+#define DTLS1_SCTP_ST_CR_READ_SOCK                     (0x320|SSL_ST_CONNECT)
+#endif 
 /* write to server */
 #define SSL3_ST_CW_CLNT_HELLO_A                (0x110|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CLNT_HELLO_B                (0x111|SSL_ST_CONNECT)
@@ -579,6 +598,10 @@ typedef struct ssl3_state_st
 /* server */
 /* extra state */
 #define SSL3_ST_SW_FLUSH               (0x100|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_SCTP
+#define DTLS1_SCTP_ST_SW_WRITE_SOCK                    (0x310|SSL_ST_ACCEPT)
+#define DTLS1_SCTP_ST_SR_READ_SOCK                     (0x320|SSL_ST_ACCEPT)
+#endif 
 /* read from client */
 /* Do not change the number values, they do matter */
 #define SSL3_ST_SR_CLNT_HELLO_A                (0x110|SSL_ST_ACCEPT)