X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl3.h;h=d8ed725d2d7971d0938b1063701407474457560a;hp=84198ff501acc78506e4c26876dd9a2420134cbd;hb=2f0275a4c3c8921e51d5c0ceb64a71d53dda5da0;hpb=a9e1c50bb09a110d4774e6710f9322344684fa2d

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 84198ff501..d8ed725d2d 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -251,6 +251,8 @@ extern "C" {
 #define SSL3_SESSION_ID_SIZE			32
 #define SSL3_RT_HEADER_LENGTH			5
 
+#define SSL3_HM_HEADER_LENGTH                  4
+
 #ifndef SSL3_ALIGN_PAYLOAD
  /* Some will argue that this increases memory footprint, but it's
   * not actually true. Point is that malloc has to return at least
@@ -324,6 +326,23 @@ extern "C" {
 #define SSL3_RT_APPLICATION_DATA	23
 #define TLS1_RT_HEARTBEAT		24
 
+/* Pseudo content types to indicate additional parameters */
+#define TLS1_RT_CRYPTO			0x1000
+#define TLS1_RT_CRYPTO_PREMASTER	(TLS1_RT_CRYPTO | 0x1)
+#define TLS1_RT_CRYPTO_CLIENT_RANDOM	(TLS1_RT_CRYPTO | 0x2)
+#define TLS1_RT_CRYPTO_SERVER_RANDOM	(TLS1_RT_CRYPTO | 0x3)
+#define TLS1_RT_CRYPTO_MASTER		(TLS1_RT_CRYPTO | 0x4)
+
+#define TLS1_RT_CRYPTO_READ		0x0000
+#define TLS1_RT_CRYPTO_WRITE		0x0100
+#define TLS1_RT_CRYPTO_MAC		(TLS1_RT_CRYPTO | 0x5)
+#define TLS1_RT_CRYPTO_KEY		(TLS1_RT_CRYPTO | 0x6)
+#define TLS1_RT_CRYPTO_IV		(TLS1_RT_CRYPTO | 0x7)
+#define TLS1_RT_CRYPTO_FIXED_IV		(TLS1_RT_CRYPTO | 0x8)
+
+/* Pseudo content type for SSL/TLS header info */
+#define SSL3_RT_HEADER			0x100
+
 #define SSL3_AL_WARNING			1
 #define SSL3_AL_FATAL			2
 
@@ -349,6 +368,10 @@ typedef struct ssl3_record_st
 	{
 /*r */	int type;               /* type of record */
 /*rw*/	unsigned int length;    /* How many bytes available */
+/*rw*/	unsigned int orig_len;  /* How many bytes were available before padding
+				   was removed? This is used to implement the
+				   MAC check in constant time for CBC records.
+				 */
 /*r */	unsigned int off;       /* read/write offset into 'buf' */
 /*rw*/	unsigned char *data;    /* pointer to the record data */
 /*rw*/	unsigned char *input;   /* where the decode bytes are */
@@ -536,8 +559,7 @@ typedef struct ssl3_state_st
         int send_connection_binding; /* TODOEKR */
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
-	/* Set if we saw the Next Protocol Negotiation extension from
-	   our peer. */
+	/* Set if we saw the Next Protocol Negotiation extension from our peer. */
 	int next_proto_neg_seen;
 #endif