Support retries in certificate callback
[openssl.git] / ssl / ssl3.h
index 91089f3..8fe6949 100644 (file)
@@ -149,12 +149,18 @@ extern "C" {
 #define SSL3_CK_DH_RSA_DES_64_CBC_SHA          0x0300000F
 #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA        0x03000010
 
-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA         0x03000011
-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA         0x03000012
-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA       0x03000013
-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA         0x03000014
-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA         0x03000015
-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA       0x03000016
+#define SSL3_CK_DHE_DSS_DES_40_CBC_SHA         0x03000011
+#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          SSL3_CK_DHE_DSS_DES_40_CBC_SHA
+#define SSL3_CK_DHE_DSS_DES_64_CBC_SHA         0x03000012
+#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA         SSL3_CK_DHE_DSS_DES_64_CBC_SHA
+#define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA       0x03000013
+#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA       SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
+#define SSL3_CK_DHE_RSA_DES_40_CBC_SHA         0x03000014
+#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA         SSL3_CK_DHE_RSA_DES_40_CBC_SHA
+#define SSL3_CK_DHE_RSA_DES_64_CBC_SHA         0x03000015
+#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA         SSL3_CK_DHE_RSA_DES_64_CBC_SHA
+#define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA       0x03000016
+#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA       SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
 
 #define SSL3_CK_ADH_RC4_40_MD5                 0x03000017
 #define SSL3_CK_ADH_RC4_128_MD5                        0x03000018
@@ -208,6 +214,17 @@ extern "C" {
 #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA         "DH-RSA-DES-CBC-SHA"
 #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA       "DH-RSA-DES-CBC3-SHA"
 
+#define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA                "EXP-DHE-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA                "DHE-DSS-DES-CBC-SHA"
+#define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA      "DHE-DSS-DES-CBC3-SHA"
+#define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA                "EXP-DHE-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA                "DHE-RSA-DES-CBC-SHA"
+#define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA      "DHE-RSA-DES-CBC3-SHA"
+
+/* This next block of six "EDH" labels is for backward compatibility
+   with older versions of OpenSSL.  New code should use the six "DHE"
+   labels above instead:
+ */
 #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA                "EXP-EDH-DSS-DES-CBC-SHA"
 #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA                "EDH-DSS-DES-CBC-SHA"
 #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA      "EDH-DSS-DES-CBC3-SHA"
@@ -251,6 +268,8 @@ extern "C" {
 #define SSL3_SESSION_ID_SIZE                   32
 #define SSL3_RT_HEADER_LENGTH                  5
 
+#define SSL3_HM_HEADER_LENGTH                  4
+
 #ifndef SSL3_ALIGN_PAYLOAD
  /* Some will argue that this increases memory footprint, but it's
   * not actually true. Point is that malloc has to return at least
@@ -324,6 +343,23 @@ extern "C" {
 #define SSL3_RT_APPLICATION_DATA       23
 #define TLS1_RT_HEARTBEAT              24
 
+/* Pseudo content types to indicate additional parameters */
+#define TLS1_RT_CRYPTO                 0x1000
+#define TLS1_RT_CRYPTO_PREMASTER       (TLS1_RT_CRYPTO | 0x1)
+#define TLS1_RT_CRYPTO_CLIENT_RANDOM   (TLS1_RT_CRYPTO | 0x2)
+#define TLS1_RT_CRYPTO_SERVER_RANDOM   (TLS1_RT_CRYPTO | 0x3)
+#define TLS1_RT_CRYPTO_MASTER          (TLS1_RT_CRYPTO | 0x4)
+
+#define TLS1_RT_CRYPTO_READ            0x0000
+#define TLS1_RT_CRYPTO_WRITE           0x0100
+#define TLS1_RT_CRYPTO_MAC             (TLS1_RT_CRYPTO | 0x5)
+#define TLS1_RT_CRYPTO_KEY             (TLS1_RT_CRYPTO | 0x6)
+#define TLS1_RT_CRYPTO_IV              (TLS1_RT_CRYPTO | 0x7)
+#define TLS1_RT_CRYPTO_FIXED_IV                (TLS1_RT_CRYPTO | 0x8)
+
+/* Pseudo content type for SSL/TLS header info */
+#define SSL3_RT_HEADER                 0x100
+
 #define SSL3_AL_WARNING                        1
 #define SSL3_AL_FATAL                  2
 
@@ -349,6 +385,10 @@ typedef struct ssl3_record_st
        {
 /*r */ int type;               /* type of record */
 /*rw*/ unsigned int length;    /* How many bytes available */
+/*rw*/ unsigned int orig_len;  /* How many bytes were available before padding
+                                  was removed? This is used to implement the
+                                  MAC check in constant time for CBC records.
+                                */
 /*r */ unsigned int off;       /* read/write offset into 'buf' */
 /*rw*/ unsigned char *data;    /* pointer to the record data */
 /*rw*/ unsigned char *input;   /* where the decode bytes are */
@@ -399,6 +439,8 @@ typedef struct ssl3_buffer_st
  * effected, but we can't prevent that.
  */
 #define SSL3_FLAGS_SGC_RESTART_DONE            0x0040
+/* Set if we encrypt then mac instead of usual mac then encrypt */
+#define TLS1_FLAGS_ENCRYPT_THEN_MAC            0x0080
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
@@ -477,12 +519,6 @@ typedef struct ssl3_state_st
        void *server_opaque_prf_input;
        size_t server_opaque_prf_input_len;
 
-#ifndef OPENSSL_NO_NEXTPROTONEG
-       /* Set if we saw the Next Protocol Negotiation extension from
-          our peer. */
-       int next_proto_neg_seen;
-#endif
-
        struct  {
                /* actually only needs to be 16+20 */
                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
@@ -540,6 +576,40 @@ typedef struct ssl3_state_st
         unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
         unsigned char previous_server_finished_len;
         int send_connection_binding; /* TODOEKR */
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+       int next_proto_neg_seen;
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+       /* tlsext_custom_types contains an array of TLS Extension types which 
+        * were advertised by the client in its ClientHello, which were not 
+        * otherwise handled by OpenSSL, and which the server has registered
+        * a custom_srv_ext_record to handle.
+        * The array does not contain any duplicates, and is in the same order
+        * as the types were received in the client hello. */
+       unsigned short *tlsext_custom_types;
+       size_t tlsext_custom_types_count; /* how many tlsext_custom_types */
+
+       /* ALPN information
+        * (we are in the process of transitioning from NPN to ALPN.) */
+
+       /* In a server these point to the selected ALPN protocol after the
+        * ClientHello has been processed. In a client these contain the
+        * protocol that the server selected once the ServerHello has been
+        * processed. */
+       unsigned char *alpn_selected;
+       unsigned alpn_selected_len;
+
+#ifndef OPENSSL_NO_EC
+       /* This is set to true if we believe that this is a version of Safari
+        * running on OS X 10.6 or newer. We wish to know this because Safari
+        * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+       char is_probably_safari;
+#endif /* !OPENSSL_NO_EC */
+
+#endif /* !OPENSSL_NO_TLSEXT */
        } SSL3_STATE;
 
 #endif
@@ -568,6 +638,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CR_CERT_REQ_B          (0x151|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_DONE_A         (0x160|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_DONE_B         (0x161|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_TLSEXT
+#define SSL3_ST_CR_SUPPLEMENTAL_DATA_A (0x212|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SUPPLEMENTAL_DATA_B  (0x213|SSL_ST_CONNECT)
+#endif
 /* write to server */
 #define SSL3_ST_CW_CERT_A              (0x170|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CERT_B              (0x171|SSL_ST_CONNECT)
@@ -583,6 +657,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CW_NEXT_PROTO_A                (0x200|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_B                (0x201|SSL_ST_CONNECT)
 #endif
+#ifndef OPENSSL_NO_TLSEXT
+#define SSL3_ST_CW_SUPPLEMENTAL_DATA_A         (0x222|SSL_ST_CONNECT)
+#define SSL3_ST_CW_SUPPLEMENTAL_DATA_B         (0x223|SSL_ST_CONNECT)
+#endif
 #define SSL3_ST_CW_FINISHED_A          (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B          (0x1B1|SSL_ST_CONNECT)
 /* read from server */
@@ -607,6 +685,11 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CLNT_HELLO_A                (0x110|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_B                (0x111|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_C                (0x112|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CLNT_HELLO_D                (0x115|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_TLSEXT
+#define SSL3_ST_SR_SUPPLEMENTAL_DATA_A         (0x212|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_SUPPLEMENTAL_DATA_B         (0x213|SSL_ST_ACCEPT)
+#endif
 /* write to client */
 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
@@ -647,6 +730,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SW_SESSION_TICKET_B    (0x1F1|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_CERT_STATUS_A       (0x200|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_CERT_STATUS_B       (0x201|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_TLSEXT
+#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_ACCEPT)
+#endif
 
 #define SSL3_MT_HELLO_REQUEST                  0
 #define SSL3_MT_CLIENT_HELLO                   1
@@ -660,6 +747,9 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
 #define SSL3_MT_CERTIFICATE_STATUS             22
+#ifndef OPENSSL_NO_TLSEXT
+#define SSL3_MT_SUPPLEMENTAL_DATA              23
+#endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_MT_NEXT_PROTO                     67
 #endif
@@ -682,4 +772,3 @@ typedef struct ssl3_state_st
 }
 #endif
 #endif
-