Keep disclaiming 16-bit platform support. For now remove WIN16 references
[openssl.git] / ssl / ssl3.h
index 52a38ae..6475d82 100644 (file)
@@ -225,15 +225,15 @@ extern "C" {
 #define SSL3_TXT_KRB5_RC4_128_SHA              "KRB5-RC4-SHA"
 #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA         "KRB5-IDEA-CBC-SHA"
 #define SSL3_TXT_KRB5_DES_64_CBC_MD5           "KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA         "KRB5-DES-CBC3-SHA"
+#define SSL3_TXT_KRB5_DES_192_CBC3_MD5         "KRB5-DES-CBC3-MD5"
 #define SSL3_TXT_KRB5_RC4_128_MD5              "KRB5-RC4-MD5"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA                 "KRB5-IDEA-CBC-SHA"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5                 "KRB5-IDEA-CBC-MD5"
 
 #define SSL3_TXT_KRB5_DES_40_CBC_SHA           "EXP-KRB5-DES-CBC-SHA"
 #define SSL3_TXT_KRB5_RC2_40_CBC_SHA           "EXP-KRB5-RC2-CBC-SHA"
 #define SSL3_TXT_KRB5_RC4_40_SHA               "EXP-KRB5-RC4-SHA"
 #define SSL3_TXT_KRB5_DES_40_CBC_MD5           "EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5           "EXP-KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_RC2_40_CBC_MD5           "EXP-KRB5-RC2-CBC-MD5"
 #define SSL3_TXT_KRB5_RC4_40_MD5               "EXP-KRB5-RC4-MD5"
 
 #define SSL3_SSL_SESSION_ID_LENGTH             32
@@ -244,18 +244,50 @@ extern "C" {
 #define SSL3_SESSION_ID_SIZE                   32
 #define SSL3_RT_HEADER_LENGTH                  5
 
-/* Due to MS stuffing up, this can change.... */
-#if defined(OPENSSL_SYS_WIN16) || \
-       (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
-#define SSL3_RT_MAX_EXTRA                      (14000)
-#else
+/* This is the maximum MAC (digest) size used by the SSL library.
+ * Currently this is 20 when SHA1 is used. This must be updated if larger
+ * digests are used in future.
+ */
+
+#define SSL3_RT_MAX_MD_SIZE                    20
+
+/* Maximum block size used in all ciphersuites. Currently 16 for AES.
+ */
+
+#define        SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
+
 #define SSL3_RT_MAX_EXTRA                      (16384)
-#endif
 
+/* Maximum plaintext length: defined by SSL/TLS standards */
 #define SSL3_RT_MAX_PLAIN_LENGTH               16384
-#define SSL3_RT_MAX_COMPRESSED_LENGTH  (1024+SSL3_RT_MAX_PLAIN_LENGTH)
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH   (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_PACKET_SIZE                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+/* Maximum compression overhead: defined by SSL/TLS standards */
+#define SSL3_RT_MAX_COMPRESSED_OVERHEAD                1024
+
+/* The standards give a maximum encryption overhead of 1024 bytes.
+ * In practice the value is lower than this. The overhead is the maximum
+ * number of padding bytes (256) plus the mac size.
+ */
+#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
+
+/* OpenSSL currently only uses a padding length of at most one block so
+ * the send overhead is smaller.
+ */
+
+#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+                       (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
+
+/* If compression isn't used don't include the compression overhead */
+
+#ifdef OPENSSL_NO_COMP
+#define SSL3_RT_MAX_COMPRESSED_LENGTH          SSL3_RT_MAX_PLAIN_LENGTH
+#else
+#define SSL3_RT_MAX_COMPRESSED_LENGTH  \
+               (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
+#endif
+#define SSL3_RT_MAX_ENCRYPTED_LENGTH   \
+               (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
+#define SSL3_RT_MAX_PACKET_SIZE                \
+               (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 #define SSL3_RT_MAX_DATA_SIZE                  (1024*1024)
 
 #define SSL3_MD_CLIENT_FINISHED_CONST  "\x43\x4C\x4E\x54"
@@ -294,6 +326,8 @@ typedef struct ssl3_record_st
 /*rw*/ unsigned char *data;    /* pointer to the record data */
 /*rw*/ unsigned char *input;   /* where the decode bytes are */
 /*r */ unsigned char *comp;    /* only used with decompression - malloc()ed */
+/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
+/*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
        } SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
@@ -341,6 +375,9 @@ typedef struct ssl3_state_st
        int need_empty_fragments;
        int empty_fragment_done;
 
+       /* The value of 'extra' when the buffers were initialized */
+       int init_extra;
+
        SSL3_BUFFER rbuf;       /* read IO goes into here */
        SSL3_BUFFER wbuf;       /* write IO goes into here */
 
@@ -435,6 +472,7 @@ typedef struct ssl3_state_st
 
        } SSL3_STATE;
 
+
 /* SSLv3 */
 /*client */
 /* extra state */
@@ -445,6 +483,8 @@ typedef struct ssl3_state_st
 /* read from server */
 #define SSL3_ST_CR_SRVR_HELLO_A                (0x120|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_HELLO_B                (0x121|SSL_ST_CONNECT)
+#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
+#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_A              (0x130|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_B              (0x131|SSL_ST_CONNECT)
 #define SSL3_ST_CR_KEY_EXCH_A          (0x140|SSL_ST_CONNECT)
@@ -481,6 +521,8 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CLNT_HELLO_B                (0x111|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_C                (0x112|SSL_ST_ACCEPT)
 /* write to client */
+#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
+#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_HELLO_REQ_A         (0x120|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_HELLO_REQ_B         (0x121|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_HELLO_REQ_C         (0x122|SSL_ST_ACCEPT)
@@ -521,6 +563,8 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CERTIFICATE_VERIFY             15
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
+#define DTLS1_MT_HELLO_VERIFY_REQUEST    3
+
 
 #define SSL3_MT_CCS                            1