update NEWS file

[openssl.git] / ssl / ssl3.h

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index e04226f46fbdbd45029044298cd82a0a08e715b5..9b5a9b96d58cffec75e04b0494a3dcfea3e7321d 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -128,6 +128,22 @@
 extern "C" {
 #endif
 
+<<<<<<< ssl3.h
+/* Magic Cipher Suite Value. NB: bogus value used for testing */
+<<<<<<< ssl3.h
+#ifndef SSL3_CK_MCSV
+#define SSL3_CK_MCSV                           0x03000FEC
+#endif
+=======
+#ifndef SSL3_CK_SCSV
+#define SSL3_CK_SCSV                           0x03000FEC
+#endif
+>>>>>>> 1.50
+=======
+/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+#define SSL3_CK_SCSV                           0x030000FF
+>>>>>>> 1.51
+
 #define SSL3_CK_RSA_NULL_MD5                   0x03000001
 #define SSL3_CK_RSA_NULL_SHA                   0x03000002
 #define SSL3_CK_RSA_RC4_40_MD5                         0x03000003
@@ -368,13 +384,14 @@ typedef struct ssl3_buffer_st
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER                 7
+#define SSL3_CT_NUMBER                 9
 
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS      0x0001
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED       0x0002
 #define SSL3_FLAGS_POP_BUFFER                  0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
+#define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
 
 typedef struct ssl3_state_st
        {
@@ -465,7 +482,7 @@ typedef struct ssl3_state_st
                int message_type;
 
                /* used to hold the new cipher we are going to use */
-               SSL_CIPHER *new_cipher;
+               const SSL_CIPHER *new_cipher;
 #ifndef OPENSSL_NO_DH
                DH *dh;
 #endif
@@ -502,6 +519,12 @@ typedef struct ssl3_state_st
                int cert_request;
                } tmp;
 
+        /* Connection binding to prevent renegotiation attacks */
+        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_client_finished_len;
+        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_server_finished_len;
+        int send_connection_binding; /* TODOEKR */
        } SSL3_STATE;
 
 
@@ -545,6 +568,8 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CR_FINISHED_B          (0x1D1|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SESSION_TICKET_A    (0x1E0|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SESSION_TICKET_B    (0x1E1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_A       (0x1F0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_B       (0x1F1|SSL_ST_CONNECT)
 
 /* server */
 /* extra state */
@@ -588,6 +613,8 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SW_FINISHED_B          (0x1E1|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_SESSION_TICKET_A    (0x1F0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_SESSION_TICKET_B    (0x1F1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_A       (0x200|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_B       (0x201|SSL_ST_ACCEPT)
 
 #define SSL3_MT_HELLO_REQUEST                  0
 #define SSL3_MT_CLIENT_HELLO                   1
@@ -600,6 +627,7 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CERTIFICATE_VERIFY             15
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
+#define SSL3_MT_CERTIFICATE_STATUS             22
 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3