Keep old method in case of an unsupported protocol

[openssl.git] / ssl / ssl3.h

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 796dcbc52875e8fa344ad862e5a5837365d1b1b3..76f922e356dcde7eda80d58e2d9b72b64fff7977 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -123,11 +123,20 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
+#include <openssl/pq_compat.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
+/* Signalling cipher suite value from RFC 5746
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */
+#define SSL3_CK_SCSV                           0x030000FF
+
+/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV) */
+#define SSL3_CK_FALLBACK_SCSV                  0x03005600
+
 #define SSL3_CK_RSA_NULL_MD5                   0x03000001
 #define SSL3_CK_RSA_NULL_SHA                   0x03000002
 #define SSL3_CK_RSA_RC4_40_MD5                         0x03000003
@@ -253,7 +262,11 @@ extern "C" {
 #endif
 
 #define SSL3_RT_MAX_PLAIN_LENGTH               16384
+#ifdef OPENSSL_NO_COMP
+#define SSL3_RT_MAX_COMPRESSED_LENGTH  SSL3_RT_MAX_PLAIN_LENGTH
+#else
 #define SSL3_RT_MAX_COMPRESSED_LENGTH  (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#endif
 #define SSL3_RT_MAX_ENCRYPTED_LENGTH   (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
 #define SSL3_RT_MAX_PACKET_SIZE                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 #define SSL3_RT_MAX_DATA_SIZE                  (1024*1024)
@@ -294,6 +307,8 @@ typedef struct ssl3_record_st
 /*rw*/ unsigned char *data;    /* pointer to the record data */
 /*rw*/ unsigned char *input;   /* where the decode bytes are */
 /*r */ unsigned char *comp;    /* only used with decompression - malloc()ed */
+/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
+/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
        } SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
@@ -323,6 +338,18 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED       0x0002
 #define SSL3_FLAGS_POP_BUFFER                  0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
+#define SSL3_FLAGS_CCS_OK                      0x0080
+ 
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+ * from restarting the handshake in a loop. It's reset on a
+ * renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS
+ * attack where the client handshakes in a loop using SGC to
+ * restart. Servers which permit renegotiation can still be
+ * effected, but we can't prevent that.
+ */
+#define SSL3_FLAGS_SGC_RESTART_DONE            0x0040
 
 typedef struct ssl3_state_st
        {
@@ -433,8 +460,24 @@ typedef struct ssl3_state_st
                int cert_request;
                } tmp;
 
+        /* Connection binding to prevent renegotiation attacks */
+        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_client_finished_len;
+        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_server_finished_len;
+        int send_connection_binding; /* TODOEKR */
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+       /* This is set to true if we believe that this is a version of Safari
+        * running on OS X 10.6 or newer. We wish to know this because Safari
+        * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+       char is_probably_safari;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
        } SSL3_STATE;
 
+
 /* SSLv3 */
 /*client */
 /* extra state */
@@ -445,6 +488,8 @@ typedef struct ssl3_state_st
 /* read from server */
 #define SSL3_ST_CR_SRVR_HELLO_A                (0x120|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_HELLO_B                (0x121|SSL_ST_CONNECT)
+#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
+#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_A              (0x130|SSL_ST_CONNECT)
 #define SSL3_ST_CR_CERT_B              (0x131|SSL_ST_CONNECT)
 #define SSL3_ST_CR_KEY_EXCH_A          (0x140|SSL_ST_CONNECT)
@@ -471,6 +516,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CR_CHANGE_B            (0x1C1|SSL_ST_CONNECT)
 #define SSL3_ST_CR_FINISHED_A          (0x1D0|SSL_ST_CONNECT)
 #define SSL3_ST_CR_FINISHED_B          (0x1D1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SESSION_TICKET_A    (0x1E0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SESSION_TICKET_B    (0x1E1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_A       (0x1F0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_B       (0x1F1|SSL_ST_CONNECT)
 
 /* server */
 /* extra state */
@@ -481,6 +530,8 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CLNT_HELLO_B                (0x111|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_C                (0x112|SSL_ST_ACCEPT)
 /* write to client */
+#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
+#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_HELLO_REQ_A         (0x120|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_HELLO_REQ_B         (0x121|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_HELLO_REQ_C         (0x122|SSL_ST_ACCEPT)
@@ -510,10 +561,15 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SW_CHANGE_B            (0x1D1|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_A          (0x1E0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_B          (0x1E1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SESSION_TICKET_A    (0x1F0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SESSION_TICKET_B    (0x1F1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_A       (0x200|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_B       (0x201|SSL_ST_ACCEPT)
 
 #define SSL3_MT_HELLO_REQUEST                  0
 #define SSL3_MT_CLIENT_HELLO                   1
 #define SSL3_MT_SERVER_HELLO                   2
+#define        SSL3_MT_NEWSESSION_TICKET               4
 #define SSL3_MT_CERTIFICATE                    11
 #define SSL3_MT_SERVER_KEY_EXCHANGE            12
 #define SSL3_MT_CERTIFICATE_REQUEST            13
@@ -521,6 +577,9 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CERTIFICATE_VERIFY             15
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
+#define SSL3_MT_CERTIFICATE_STATUS             22
+#define DTLS1_MT_HELLO_VERIFY_REQUEST    3
+
 
 #define SSL3_MT_CCS                            1