#ifndef HEADER_SSL3_H
#define HEADER_SSL3_H
-#include "buffer.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
#ifdef __cplusplus
extern "C" {
#define SSL3_RS_PART_READ 4
#define SSL3_RS_PART_WRITE 5
-#define SSL3_MD_CLIENT_FINISHED_CONST {0x43,0x4C,0x4E,0x54}
-#define SSL3_MD_SERVER_FINISHED_CONST {0x53,0x52,0x56,0x52}
+#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
+#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
#define SSL3_VERSION 0x0300
#define SSL3_VERSION_MAJOR 0x03
/*r */ unsigned int off; /* read/write offset into 'buf' */
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
-/*rw*/ unsigned char *comp; /* only used with decompression */
+/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
} SSL3_RECORD;
typedef struct ssl3_buffer_st
/*rw*/ unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes */
} SSL3_BUFFER;
-typedef struct ssl3_compression_st {
- int nothing;
- } SSL3_COMPRESSION;
-
#define SSL3_CT_RSA_SIGN 1
#define SSL3_CT_DSS_SIGN 2
#define SSL3_CT_RSA_FIXED_DH 3
#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
#define SSL3_FLAGS_POP_BUFFER 0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
+#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#if 0
#define AD_CLOSE_NOTIFY 0
int wpend_tot; /* number bytes written */
int wpend_type;
int wpend_ret; /* number of bytes submitted */
- char *wpend_buf;
+ const unsigned char *wpend_buf;
/* used during startup, digest all incoming/outgoing packets */
EVP_MD_CTX finish_dgst1;
/* we alow one fatal and one warning alert to be outstanding,
* send close alert via the warning alert */
int alert_dispatch;
- char send_alert[2];
+ unsigned char send_alert[2];
/* This flag is set when we should renegotiate ASAP, basically when
* there is no more data in the read or write buffers */
int in_read_app_data;
struct {
- /* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
- unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+ /* actually only needs to be 16+20 */
+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+
+ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+ unsigned char server_finish_md[EVP_MAX_MD_SIZE*2];
+ int server_finish_md_len;
+ unsigned char client_finish_md[EVP_MAX_MD_SIZE*2];
+ int client_finish_md_len;
unsigned long message_size;
int message_type;
/* used to hold the new cipher we are going to use */
SSL_CIPHER *new_cipher;
+#ifndef NO_DH
DH *dh;
-
+#endif
/* used when SSL_ST_FLUSH_DATA is entered */
int next_state;
int cert_req;
int ctype_num;
char ctype[SSL3_CT_NUMBER];
- STACK *ca_names;
+ STACK_OF(X509_NAME) *ca_names;
int use_rsa_tmp;
int key_block_length;
unsigned char *key_block;
- EVP_CIPHER *new_sym_enc;
- EVP_MD *new_hash;
- SSL_COMPRESSION *new_compression;
+ const EVP_CIPHER *new_sym_enc;
+ const EVP_MD *new_hash;
+#ifdef HEADER_COMP_H
+ const SSL_COMP *new_compression;
+#else
+ char *new_compression;
+#endif
int cert_request;
} tmp;
+
} SSL3_CTX;
/* SSLv3 */
#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_MS_SGC (0x113|SSL_ST_ACCEPT)
/* write to client */
#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)