X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl3.h;h=efff233fbdb3c0e8d082791c30d00cb84acaf019;hp=c94b3a4290cf6ce4839b7b7004ef69921fdc7a94;hb=71c16698fa7b88e4ef4fd34ad4bc1920eb09f93a;hpb=4b5cce664c8c770dbac661286c5118cb54d1d9d6 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index c94b3a4290..efff233fbd 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -128,9 +128,14 @@ extern "C" { #endif -/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +/* Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ #define SSL3_CK_SCSV 0x030000FF +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) */ +#define SSL3_CK_FALLBACK_SCSV 0x03005600 + #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 @@ -428,7 +433,12 @@ typedef struct ssl3_buffer_st #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 - +/* + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. + */ +#define SSL3_FLAGS_CCS_OK 0x0080 + /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us * from restarting the handshake in a loop. It's reset on a @@ -440,7 +450,7 @@ typedef struct ssl3_buffer_st */ #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 /* Set if we encrypt then mac instead of usual mac then encrypt */ -#define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0080 +#define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0100 #ifndef OPENSSL_NO_SSL_INTERN @@ -492,8 +502,11 @@ typedef struct ssl3_state_st * and freed and MD_CTX-es for all required digests are stored in * this array */ EVP_MD_CTX **handshake_dgst; - /* this is set whenerver we see a change_cipher_spec message - * come in when we are not looking for one */ + /* + * Set whenever an expected ChangeCipherSpec message is processed. + * Unset when the peer's Finished message is received. + * Unexpected ChangeCipherSpec messages trigger a fatal alert. + */ int change_cipher_spec; int warn_alert; @@ -583,14 +596,6 @@ typedef struct ssl3_state_st #endif #ifndef OPENSSL_NO_TLSEXT - /* tlsext_custom_types contains an array of TLS Extension types which - * were advertised by the client in its ClientHello, which were not - * otherwise handled by OpenSSL, and which the server has registered - * a custom_srv_ext_record to handle. - * The array does not contain any duplicates, and is in the same order - * as the types were received in the client hello. */ - unsigned short *tlsext_custom_types; - size_t tlsext_custom_types_count; /* how many tlsext_custom_types */ /* ALPN information * (we are in the process of transitioning from NPN to ALPN.) */ @@ -638,10 +643,6 @@ typedef struct ssl3_state_st #define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) -#ifndef OPENSSL_NO_TLSEXT -#define SSL3_ST_CR_SUPPLEMENTAL_DATA_A (0x212|SSL_ST_CONNECT) -#define SSL3_ST_CR_SUPPLEMENTAL_DATA_B (0x213|SSL_ST_CONNECT) -#endif /* write to server */ #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) @@ -657,10 +658,6 @@ typedef struct ssl3_state_st #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) #endif -#ifndef OPENSSL_NO_TLSEXT -#define SSL3_ST_CW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_CONNECT) -#define SSL3_ST_CW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_CONNECT) -#endif #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) /* read from server */ @@ -685,10 +682,7 @@ typedef struct ssl3_state_st #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) -#ifndef OPENSSL_NO_TLSEXT -#define SSL3_ST_SR_SUPPLEMENTAL_DATA_A (0x212|SSL_ST_ACCEPT) -#define SSL3_ST_SR_SUPPLEMENTAL_DATA_B (0x213|SSL_ST_ACCEPT) -#endif +#define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) /* write to client */ #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) @@ -729,10 +723,6 @@ typedef struct ssl3_state_st #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) -#ifndef OPENSSL_NO_TLSEXT -#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x222|SSL_ST_ACCEPT) -#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x223|SSL_ST_ACCEPT) -#endif #define SSL3_MT_HELLO_REQUEST 0 #define SSL3_MT_CLIENT_HELLO 1 @@ -746,9 +736,6 @@ typedef struct ssl3_state_st #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 #define SSL3_MT_FINISHED 20 #define SSL3_MT_CERTIFICATE_STATUS 22 -#ifndef OPENSSL_NO_TLSEXT -#define SSL3_MT_SUPPLEMENTAL_DATA 23 -#endif #ifndef OPENSSL_NO_NEXTPROTONEG #define SSL3_MT_NEXT_PROTO 67 #endif