X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl3.h;h=9b5a9b96d58cffec75e04b0494a3dcfea3e7321d;hp=0543cb287ebc5a7b41875069ce310c114cbb669f;hb=eb125795d247ca2885fbb57c79a8f6d9129616fe;hpb=81025661a94034fef1386cb5d5137ba4ddb120f0 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 0543cb287e..9b5a9b96d5 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -128,6 +128,22 @@ extern "C" { #endif +<<<<<<< ssl3.h +/* Magic Cipher Suite Value. NB: bogus value used for testing */ +<<<<<<< ssl3.h +#ifndef SSL3_CK_MCSV +#define SSL3_CK_MCSV 0x03000FEC +#endif +======= +#ifndef SSL3_CK_SCSV +#define SSL3_CK_SCSV 0x03000FEC +#endif +>>>>>>> 1.50 +======= +/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +#define SSL3_CK_SCSV 0x030000FF +>>>>>>> 1.51 + #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 @@ -368,13 +384,14 @@ typedef struct ssl3_buffer_st * enough to contain all of the cert types defined either for * SSLv3 and TLSv1. */ -#define SSL3_CT_NUMBER 7 +#define SSL3_CT_NUMBER 9 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 #define SSL3_FLAGS_POP_BUFFER 0x0004 #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 typedef struct ssl3_state_st { @@ -443,6 +460,14 @@ typedef struct ssl3_state_st int in_read_app_data; + /* Opaque PRF input as used for the current handshake. + * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined + * (otherwise, they are merely present to improve binary compatibility) */ + void *client_opaque_prf_input; + size_t client_opaque_prf_input_len; + void *server_opaque_prf_input; + size_t server_opaque_prf_input_len; + struct { /* actually only needs to be 16+20 */ unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; @@ -457,7 +482,7 @@ typedef struct ssl3_state_st int message_type; /* used to hold the new cipher we are going to use */ - SSL_CIPHER *new_cipher; + const SSL_CIPHER *new_cipher; #ifndef OPENSSL_NO_DH DH *dh; #endif @@ -494,6 +519,12 @@ typedef struct ssl3_state_st int cert_request; } tmp; + /* Connection binding to prevent renegotiation attacks */ + unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_client_finished_len; + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ } SSL3_STATE; @@ -537,6 +568,8 @@ typedef struct ssl3_state_st #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) /* server */ /* extra state */ @@ -578,8 +611,10 @@ typedef struct ssl3_state_st #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_CONNECT) -#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_CONNECT) +#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) #define SSL3_MT_HELLO_REQUEST 0 #define SSL3_MT_CLIENT_HELLO 1 @@ -592,6 +627,7 @@ typedef struct ssl3_state_st #define SSL3_MT_CERTIFICATE_VERIFY 15 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 #define SSL3_MT_FINISHED 20 +#define SSL3_MT_CERTIFICATE_STATUS 22 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3