xref: /onnv-gate/usr/src/common/openssl/ssl/ssl3.h (revision 2139:6243c3338933) 
10Sstevel@tonic-gate /* ssl/ssl3.h */
20Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
30Sstevel@tonic-gate  * All rights reserved.
40Sstevel@tonic-gate  *
50Sstevel@tonic-gate  * This package is an SSL implementation written
60Sstevel@tonic-gate  * by Eric Young (eay@cryptsoft.com).
70Sstevel@tonic-gate  * The implementation was written so as to conform with Netscapes SSL.
80Sstevel@tonic-gate  *
90Sstevel@tonic-gate  * This library is free for commercial and non-commercial use as long as
100Sstevel@tonic-gate  * the following conditions are aheared to.  The following conditions
110Sstevel@tonic-gate  * apply to all code found in this distribution, be it the RC4, RSA,
120Sstevel@tonic-gate  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
130Sstevel@tonic-gate  * included with this distribution is covered by the same copyright terms
140Sstevel@tonic-gate  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
150Sstevel@tonic-gate  *
160Sstevel@tonic-gate  * Copyright remains Eric Young's, and as such any Copyright notices in
170Sstevel@tonic-gate  * the code are not to be removed.
180Sstevel@tonic-gate  * If this package is used in a product, Eric Young should be given attribution
190Sstevel@tonic-gate  * as the author of the parts of the library used.
200Sstevel@tonic-gate  * This can be in the form of a textual message at program startup or
210Sstevel@tonic-gate  * in documentation (online or textual) provided with the package.
220Sstevel@tonic-gate  *
230Sstevel@tonic-gate  * Redistribution and use in source and binary forms, with or without
240Sstevel@tonic-gate  * modification, are permitted provided that the following conditions
250Sstevel@tonic-gate  * are met:
260Sstevel@tonic-gate  * 1. Redistributions of source code must retain the copyright
270Sstevel@tonic-gate  *    notice, this list of conditions and the following disclaimer.
280Sstevel@tonic-gate  * 2. Redistributions in binary form must reproduce the above copyright
290Sstevel@tonic-gate  *    notice, this list of conditions and the following disclaimer in the
300Sstevel@tonic-gate  *    documentation and/or other materials provided with the distribution.
310Sstevel@tonic-gate  * 3. All advertising materials mentioning features or use of this software
320Sstevel@tonic-gate  *    must display the following acknowledgement:
330Sstevel@tonic-gate  *    "This product includes cryptographic software written by
340Sstevel@tonic-gate  *     Eric Young (eay@cryptsoft.com)"
350Sstevel@tonic-gate  *    The word 'cryptographic' can be left out if the rouines from the library
360Sstevel@tonic-gate  *    being used are not cryptographic related :-).
370Sstevel@tonic-gate  * 4. If you include any Windows specific code (or a derivative thereof) from
380Sstevel@tonic-gate  *    the apps directory (application code) you must include an acknowledgement:
390Sstevel@tonic-gate  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
400Sstevel@tonic-gate  *
410Sstevel@tonic-gate  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
420Sstevel@tonic-gate  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
430Sstevel@tonic-gate  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
440Sstevel@tonic-gate  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
450Sstevel@tonic-gate  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
460Sstevel@tonic-gate  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
470Sstevel@tonic-gate  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
480Sstevel@tonic-gate  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
490Sstevel@tonic-gate  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
500Sstevel@tonic-gate  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
510Sstevel@tonic-gate  * SUCH DAMAGE.
520Sstevel@tonic-gate  *
530Sstevel@tonic-gate  * The licence and distribution terms for any publically available version or
540Sstevel@tonic-gate  * derivative of this code cannot be changed.  i.e. this code cannot simply be
550Sstevel@tonic-gate  * copied and put under another distribution licence
560Sstevel@tonic-gate  * [including the GNU Public Licence.]
570Sstevel@tonic-gate  */
580Sstevel@tonic-gate /* ====================================================================
590Sstevel@tonic-gate  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
600Sstevel@tonic-gate  *
610Sstevel@tonic-gate  * Redistribution and use in source and binary forms, with or without
620Sstevel@tonic-gate  * modification, are permitted provided that the following conditions
630Sstevel@tonic-gate  * are met:
640Sstevel@tonic-gate  *
650Sstevel@tonic-gate  * 1. Redistributions of source code must retain the above copyright
660Sstevel@tonic-gate  *    notice, this list of conditions and the following disclaimer.
670Sstevel@tonic-gate  *
680Sstevel@tonic-gate  * 2. Redistributions in binary form must reproduce the above copyright
690Sstevel@tonic-gate  *    notice, this list of conditions and the following disclaimer in
700Sstevel@tonic-gate  *    the documentation and/or other materials provided with the
710Sstevel@tonic-gate  *    distribution.
720Sstevel@tonic-gate  *
730Sstevel@tonic-gate  * 3. All advertising materials mentioning features or use of this
740Sstevel@tonic-gate  *    software must display the following acknowledgment:
750Sstevel@tonic-gate  *    "This product includes software developed by the OpenSSL Project
760Sstevel@tonic-gate  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
770Sstevel@tonic-gate  *
780Sstevel@tonic-gate  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
790Sstevel@tonic-gate  *    endorse or promote products derived from this software without
800Sstevel@tonic-gate  *    prior written permission. For written permission, please contact
810Sstevel@tonic-gate  *    openssl-core@openssl.org.
820Sstevel@tonic-gate  *
830Sstevel@tonic-gate  * 5. Products derived from this software may not be called "OpenSSL"
840Sstevel@tonic-gate  *    nor may "OpenSSL" appear in their names without prior written
850Sstevel@tonic-gate  *    permission of the OpenSSL Project.
860Sstevel@tonic-gate  *
870Sstevel@tonic-gate  * 6. Redistributions of any form whatsoever must retain the following
880Sstevel@tonic-gate  *    acknowledgment:
890Sstevel@tonic-gate  *    "This product includes software developed by the OpenSSL Project
900Sstevel@tonic-gate  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
910Sstevel@tonic-gate  *
920Sstevel@tonic-gate  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
930Sstevel@tonic-gate  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
940Sstevel@tonic-gate  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
950Sstevel@tonic-gate  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
960Sstevel@tonic-gate  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
970Sstevel@tonic-gate  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
980Sstevel@tonic-gate  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
990Sstevel@tonic-gate  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1000Sstevel@tonic-gate  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1010Sstevel@tonic-gate  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1020Sstevel@tonic-gate  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1030Sstevel@tonic-gate  * OF THE POSSIBILITY OF SUCH DAMAGE.
1040Sstevel@tonic-gate  * ====================================================================
1050Sstevel@tonic-gate  *
1060Sstevel@tonic-gate  * This product includes cryptographic software written by Eric Young
1070Sstevel@tonic-gate  * (eay@cryptsoft.com).  This product includes software written by Tim
1080Sstevel@tonic-gate  * Hudson (tjh@cryptsoft.com).
1090Sstevel@tonic-gate  *
1100Sstevel@tonic-gate  */
111*2139Sjp161948 /* ====================================================================
112*2139Sjp161948  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113*2139Sjp161948  * ECC cipher suite support in OpenSSL originally developed by
114*2139Sjp161948  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115*2139Sjp161948  */
1160Sstevel@tonic-gate 
1170Sstevel@tonic-gate #ifndef HEADER_SSL3_H
1180Sstevel@tonic-gate #define HEADER_SSL3_H
1190Sstevel@tonic-gate 
1200Sstevel@tonic-gate #ifndef OPENSSL_NO_COMP
1210Sstevel@tonic-gate #include <openssl/comp.h>
1220Sstevel@tonic-gate #endif
1230Sstevel@tonic-gate #include <openssl/buffer.h>
1240Sstevel@tonic-gate #include <openssl/evp.h>
1250Sstevel@tonic-gate #include <openssl/ssl.h>
126*2139Sjp161948 #include <openssl/pq_compat.h>
1270Sstevel@tonic-gate 
1280Sstevel@tonic-gate #ifdef  __cplusplus
1290Sstevel@tonic-gate extern "C" {
1300Sstevel@tonic-gate #endif
1310Sstevel@tonic-gate 
1320Sstevel@tonic-gate #define SSL3_CK_RSA_NULL_MD5			0x03000001
1330Sstevel@tonic-gate #define SSL3_CK_RSA_NULL_SHA			0x03000002
1340Sstevel@tonic-gate #define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
1350Sstevel@tonic-gate #define SSL3_CK_RSA_RC4_128_MD5			0x03000004
1360Sstevel@tonic-gate #define SSL3_CK_RSA_RC4_128_SHA			0x03000005
1370Sstevel@tonic-gate #define SSL3_CK_RSA_RC2_40_MD5			0x03000006
1380Sstevel@tonic-gate #define SSL3_CK_RSA_IDEA_128_SHA		0x03000007
1390Sstevel@tonic-gate #define SSL3_CK_RSA_DES_40_CBC_SHA		0x03000008
1400Sstevel@tonic-gate #define SSL3_CK_RSA_DES_64_CBC_SHA		0x03000009
1410Sstevel@tonic-gate #define SSL3_CK_RSA_DES_192_CBC3_SHA		0x0300000A
1420Sstevel@tonic-gate 
1430Sstevel@tonic-gate #define SSL3_CK_DH_DSS_DES_40_CBC_SHA		0x0300000B
1440Sstevel@tonic-gate #define SSL3_CK_DH_DSS_DES_64_CBC_SHA		0x0300000C
1450Sstevel@tonic-gate #define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 	0x0300000D
1460Sstevel@tonic-gate #define SSL3_CK_DH_RSA_DES_40_CBC_SHA		0x0300000E
1470Sstevel@tonic-gate #define SSL3_CK_DH_RSA_DES_64_CBC_SHA		0x0300000F
1480Sstevel@tonic-gate #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 	0x03000010
1490Sstevel@tonic-gate 
1500Sstevel@tonic-gate #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA		0x03000011
1510Sstevel@tonic-gate #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA		0x03000012
1520Sstevel@tonic-gate #define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA	0x03000013
1530Sstevel@tonic-gate #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA		0x03000014
1540Sstevel@tonic-gate #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA		0x03000015
1550Sstevel@tonic-gate #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA	0x03000016
1560Sstevel@tonic-gate 
1570Sstevel@tonic-gate #define SSL3_CK_ADH_RC4_40_MD5			0x03000017
1580Sstevel@tonic-gate #define SSL3_CK_ADH_RC4_128_MD5			0x03000018
1590Sstevel@tonic-gate #define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019
1600Sstevel@tonic-gate #define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A
1610Sstevel@tonic-gate #define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B
1620Sstevel@tonic-gate 
1630Sstevel@tonic-gate #define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
1640Sstevel@tonic-gate #define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
1650Sstevel@tonic-gate #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
1660Sstevel@tonic-gate 	 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
1670Sstevel@tonic-gate 	 of the ietf-tls list */
1680Sstevel@tonic-gate #define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E
1690Sstevel@tonic-gate #endif
1700Sstevel@tonic-gate 
1710Sstevel@tonic-gate /*    VRS Additional Kerberos5 entries
1720Sstevel@tonic-gate  */
1730Sstevel@tonic-gate #define SSL3_CK_KRB5_DES_64_CBC_SHA		0x0300001E
1740Sstevel@tonic-gate #define SSL3_CK_KRB5_DES_192_CBC3_SHA		0x0300001F
1750Sstevel@tonic-gate #define SSL3_CK_KRB5_RC4_128_SHA		0x03000020
1760Sstevel@tonic-gate #define SSL3_CK_KRB5_IDEA_128_CBC_SHA	       	0x03000021
1770Sstevel@tonic-gate #define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000022
1780Sstevel@tonic-gate #define SSL3_CK_KRB5_DES_192_CBC3_MD5       	0x03000023
1790Sstevel@tonic-gate #define SSL3_CK_KRB5_RC4_128_MD5	       	0x03000024
1800Sstevel@tonic-gate #define SSL3_CK_KRB5_IDEA_128_CBC_MD5 		0x03000025
1810Sstevel@tonic-gate 
1820Sstevel@tonic-gate #define SSL3_CK_KRB5_DES_40_CBC_SHA 		0x03000026
1830Sstevel@tonic-gate #define SSL3_CK_KRB5_RC2_40_CBC_SHA 		0x03000027
1840Sstevel@tonic-gate #define SSL3_CK_KRB5_RC4_40_SHA	 		0x03000028
1850Sstevel@tonic-gate #define SSL3_CK_KRB5_DES_40_CBC_MD5 		0x03000029
1860Sstevel@tonic-gate #define SSL3_CK_KRB5_RC2_40_CBC_MD5 		0x0300002A
1870Sstevel@tonic-gate #define SSL3_CK_KRB5_RC4_40_MD5	 		0x0300002B
1880Sstevel@tonic-gate 
1890Sstevel@tonic-gate #define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
1900Sstevel@tonic-gate #define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
1910Sstevel@tonic-gate #define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"
1920Sstevel@tonic-gate #define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"
1930Sstevel@tonic-gate #define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"
1940Sstevel@tonic-gate #define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"
1950Sstevel@tonic-gate #define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"
1960Sstevel@tonic-gate #define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"
1970Sstevel@tonic-gate #define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"
1980Sstevel@tonic-gate #define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"
1990Sstevel@tonic-gate 
2000Sstevel@tonic-gate #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA		"EXP-DH-DSS-DES-CBC-SHA"
2010Sstevel@tonic-gate #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA		"DH-DSS-DES-CBC-SHA"
2020Sstevel@tonic-gate #define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 	"DH-DSS-DES-CBC3-SHA"
2030Sstevel@tonic-gate #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA		"EXP-DH-RSA-DES-CBC-SHA"
2040Sstevel@tonic-gate #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA		"DH-RSA-DES-CBC-SHA"
2050Sstevel@tonic-gate #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 	"DH-RSA-DES-CBC3-SHA"
2060Sstevel@tonic-gate 
2070Sstevel@tonic-gate #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"
2080Sstevel@tonic-gate #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"
2090Sstevel@tonic-gate #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"
2100Sstevel@tonic-gate #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"
2110Sstevel@tonic-gate #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"
2120Sstevel@tonic-gate #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"
2130Sstevel@tonic-gate 
2140Sstevel@tonic-gate #define SSL3_TXT_ADH_RC4_40_MD5			"EXP-ADH-RC4-MD5"
2150Sstevel@tonic-gate #define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"
2160Sstevel@tonic-gate #define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"
2170Sstevel@tonic-gate #define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"
2180Sstevel@tonic-gate #define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"
2190Sstevel@tonic-gate 
2200Sstevel@tonic-gate #define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"
2210Sstevel@tonic-gate #define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
2220Sstevel@tonic-gate #define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"
2230Sstevel@tonic-gate 
2240Sstevel@tonic-gate #define SSL3_TXT_KRB5_DES_64_CBC_SHA		"KRB5-DES-CBC-SHA"
2250Sstevel@tonic-gate #define SSL3_TXT_KRB5_DES_192_CBC3_SHA		"KRB5-DES-CBC3-SHA"
2260Sstevel@tonic-gate #define SSL3_TXT_KRB5_RC4_128_SHA		"KRB5-RC4-SHA"
2270Sstevel@tonic-gate #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA	       	"KRB5-IDEA-CBC-SHA"
2280Sstevel@tonic-gate #define SSL3_TXT_KRB5_DES_64_CBC_MD5       	"KRB5-DES-CBC-MD5"
2290Sstevel@tonic-gate #define SSL3_TXT_KRB5_DES_192_CBC3_MD5       	"KRB5-DES-CBC3-MD5"
2300Sstevel@tonic-gate #define SSL3_TXT_KRB5_RC4_128_MD5		"KRB5-RC4-MD5"
2310Sstevel@tonic-gate #define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 		"KRB5-IDEA-CBC-MD5"
2320Sstevel@tonic-gate 
2330Sstevel@tonic-gate #define SSL3_TXT_KRB5_DES_40_CBC_SHA 		"EXP-KRB5-DES-CBC-SHA"
2340Sstevel@tonic-gate #define SSL3_TXT_KRB5_RC2_40_CBC_SHA 		"EXP-KRB5-RC2-CBC-SHA"
2350Sstevel@tonic-gate #define SSL3_TXT_KRB5_RC4_40_SHA	 	"EXP-KRB5-RC4-SHA"
2360Sstevel@tonic-gate #define SSL3_TXT_KRB5_DES_40_CBC_MD5 		"EXP-KRB5-DES-CBC-MD5"
2370Sstevel@tonic-gate #define SSL3_TXT_KRB5_RC2_40_CBC_MD5 		"EXP-KRB5-RC2-CBC-MD5"
2380Sstevel@tonic-gate #define SSL3_TXT_KRB5_RC4_40_MD5	 	"EXP-KRB5-RC4-MD5"
2390Sstevel@tonic-gate 
2400Sstevel@tonic-gate #define SSL3_SSL_SESSION_ID_LENGTH		32
2410Sstevel@tonic-gate #define SSL3_MAX_SSL_SESSION_ID_LENGTH		32
2420Sstevel@tonic-gate 
2430Sstevel@tonic-gate #define SSL3_MASTER_SECRET_SIZE			48
2440Sstevel@tonic-gate #define SSL3_RANDOM_SIZE			32
2450Sstevel@tonic-gate #define SSL3_SESSION_ID_SIZE			32
2460Sstevel@tonic-gate #define SSL3_RT_HEADER_LENGTH			5
2470Sstevel@tonic-gate 
2480Sstevel@tonic-gate /* Due to MS stuffing up, this can change.... */
2490Sstevel@tonic-gate #if defined(OPENSSL_SYS_WIN16) || \
2500Sstevel@tonic-gate 	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
2510Sstevel@tonic-gate #define SSL3_RT_MAX_EXTRA			(14000)
2520Sstevel@tonic-gate #else
2530Sstevel@tonic-gate #define SSL3_RT_MAX_EXTRA			(16384)
2540Sstevel@tonic-gate #endif
2550Sstevel@tonic-gate 
2560Sstevel@tonic-gate #define SSL3_RT_MAX_PLAIN_LENGTH		16384
257*2139Sjp161948 #ifdef OPENSSL_NO_COMP
258*2139Sjp161948 #define SSL3_RT_MAX_COMPRESSED_LENGTH	SSL3_RT_MAX_PLAIN_LENGTH
259*2139Sjp161948 #else
2600Sstevel@tonic-gate #define SSL3_RT_MAX_COMPRESSED_LENGTH	(1024+SSL3_RT_MAX_PLAIN_LENGTH)
261*2139Sjp161948 #endif
2620Sstevel@tonic-gate #define SSL3_RT_MAX_ENCRYPTED_LENGTH	(1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
2630Sstevel@tonic-gate #define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
2640Sstevel@tonic-gate #define SSL3_RT_MAX_DATA_SIZE			(1024*1024)
2650Sstevel@tonic-gate 
2660Sstevel@tonic-gate #define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"
2670Sstevel@tonic-gate #define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"
2680Sstevel@tonic-gate 
2690Sstevel@tonic-gate #define SSL3_VERSION			0x0300
2700Sstevel@tonic-gate #define SSL3_VERSION_MAJOR		0x03
2710Sstevel@tonic-gate #define SSL3_VERSION_MINOR		0x00
2720Sstevel@tonic-gate 
2730Sstevel@tonic-gate #define SSL3_RT_CHANGE_CIPHER_SPEC	20
2740Sstevel@tonic-gate #define SSL3_RT_ALERT			21
2750Sstevel@tonic-gate #define SSL3_RT_HANDSHAKE		22
2760Sstevel@tonic-gate #define SSL3_RT_APPLICATION_DATA	23
2770Sstevel@tonic-gate 
2780Sstevel@tonic-gate #define SSL3_AL_WARNING			1
2790Sstevel@tonic-gate #define SSL3_AL_FATAL			2
2800Sstevel@tonic-gate 
2810Sstevel@tonic-gate #define SSL3_AD_CLOSE_NOTIFY		 0
2820Sstevel@tonic-gate #define SSL3_AD_UNEXPECTED_MESSAGE	10	/* fatal */
2830Sstevel@tonic-gate #define SSL3_AD_BAD_RECORD_MAC		20	/* fatal */
2840Sstevel@tonic-gate #define SSL3_AD_DECOMPRESSION_FAILURE	30	/* fatal */
2850Sstevel@tonic-gate #define SSL3_AD_HANDSHAKE_FAILURE	40	/* fatal */
2860Sstevel@tonic-gate #define SSL3_AD_NO_CERTIFICATE		41
2870Sstevel@tonic-gate #define SSL3_AD_BAD_CERTIFICATE		42
2880Sstevel@tonic-gate #define SSL3_AD_UNSUPPORTED_CERTIFICATE	43
2890Sstevel@tonic-gate #define SSL3_AD_CERTIFICATE_REVOKED	44
2900Sstevel@tonic-gate #define SSL3_AD_CERTIFICATE_EXPIRED	45
2910Sstevel@tonic-gate #define SSL3_AD_CERTIFICATE_UNKNOWN	46
2920Sstevel@tonic-gate #define SSL3_AD_ILLEGAL_PARAMETER	47	/* fatal */
2930Sstevel@tonic-gate 
2940Sstevel@tonic-gate typedef struct ssl3_record_st
2950Sstevel@tonic-gate 	{
2960Sstevel@tonic-gate /*r */	int type;               /* type of record */
2970Sstevel@tonic-gate /*rw*/	unsigned int length;    /* How many bytes available */
2980Sstevel@tonic-gate /*r */	unsigned int off;       /* read/write offset into 'buf' */
2990Sstevel@tonic-gate /*rw*/	unsigned char *data;    /* pointer to the record data */
3000Sstevel@tonic-gate /*rw*/	unsigned char *input;   /* where the decode bytes are */
3010Sstevel@tonic-gate /*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
302*2139Sjp161948 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
303*2139Sjp161948 /*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
3040Sstevel@tonic-gate 	} SSL3_RECORD;
3050Sstevel@tonic-gate 
3060Sstevel@tonic-gate typedef struct ssl3_buffer_st
3070Sstevel@tonic-gate 	{
3080Sstevel@tonic-gate 	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
3090Sstevel@tonic-gate 	                         * see ssl3_setup_buffers() */
3100Sstevel@tonic-gate 	size_t len;             /* buffer size */
3110Sstevel@tonic-gate 	int offset;             /* where to 'copy from' */
3120Sstevel@tonic-gate 	int left;               /* how many bytes left */
3130Sstevel@tonic-gate 	} SSL3_BUFFER;
3140Sstevel@tonic-gate 
3150Sstevel@tonic-gate #define SSL3_CT_RSA_SIGN			1
3160Sstevel@tonic-gate #define SSL3_CT_DSS_SIGN			2
3170Sstevel@tonic-gate #define SSL3_CT_RSA_FIXED_DH			3
3180Sstevel@tonic-gate #define SSL3_CT_DSS_FIXED_DH			4
3190Sstevel@tonic-gate #define SSL3_CT_RSA_EPHEMERAL_DH		5
3200Sstevel@tonic-gate #define SSL3_CT_DSS_EPHEMERAL_DH		6
3210Sstevel@tonic-gate #define SSL3_CT_FORTEZZA_DMS			20
322*2139Sjp161948 /* SSL3_CT_NUMBER is used to size arrays and it must be large
323*2139Sjp161948  * enough to contain all of the cert types defined either for
324*2139Sjp161948  * SSLv3 and TLSv1.
325*2139Sjp161948  */
326*2139Sjp161948 #define SSL3_CT_NUMBER			7
327*2139Sjp161948 
3280Sstevel@tonic-gate 
3290Sstevel@tonic-gate #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
3300Sstevel@tonic-gate #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
3310Sstevel@tonic-gate #define SSL3_FLAGS_POP_BUFFER			0x0004
3320Sstevel@tonic-gate #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
3330Sstevel@tonic-gate 
3340Sstevel@tonic-gate typedef struct ssl3_state_st
3350Sstevel@tonic-gate 	{
3360Sstevel@tonic-gate 	long flags;
3370Sstevel@tonic-gate 	int delay_buf_pop_ret;
3380Sstevel@tonic-gate 
3390Sstevel@tonic-gate 	unsigned char read_sequence[8];
3400Sstevel@tonic-gate 	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
3410Sstevel@tonic-gate 	unsigned char write_sequence[8];
3420Sstevel@tonic-gate 	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
3430Sstevel@tonic-gate 
3440Sstevel@tonic-gate 	unsigned char server_random[SSL3_RANDOM_SIZE];
3450Sstevel@tonic-gate 	unsigned char client_random[SSL3_RANDOM_SIZE];
3460Sstevel@tonic-gate 
3470Sstevel@tonic-gate 	/* flags for countermeasure against known-IV weakness */
3480Sstevel@tonic-gate 	int need_empty_fragments;
3490Sstevel@tonic-gate 	int empty_fragment_done;
3500Sstevel@tonic-gate 
3510Sstevel@tonic-gate 	SSL3_BUFFER rbuf;	/* read IO goes into here */
3520Sstevel@tonic-gate 	SSL3_BUFFER wbuf;	/* write IO goes into here */
3530Sstevel@tonic-gate 
3540Sstevel@tonic-gate 	SSL3_RECORD rrec;	/* each decoded record goes in here */
3550Sstevel@tonic-gate 	SSL3_RECORD wrec;	/* goes out from here */
3560Sstevel@tonic-gate 
3570Sstevel@tonic-gate 	/* storage for Alert/Handshake protocol data received but not
3580Sstevel@tonic-gate 	 * yet processed by ssl3_read_bytes: */
3590Sstevel@tonic-gate 	unsigned char alert_fragment[2];
3600Sstevel@tonic-gate 	unsigned int alert_fragment_len;
3610Sstevel@tonic-gate 	unsigned char handshake_fragment[4];
3620Sstevel@tonic-gate 	unsigned int handshake_fragment_len;
3630Sstevel@tonic-gate 
3640Sstevel@tonic-gate 	/* partial write - check the numbers match */
3650Sstevel@tonic-gate 	unsigned int wnum;	/* number of bytes sent so far */
3660Sstevel@tonic-gate 	int wpend_tot;		/* number bytes written */
3670Sstevel@tonic-gate 	int wpend_type;
3680Sstevel@tonic-gate 	int wpend_ret;		/* number of bytes submitted */
3690Sstevel@tonic-gate 	const unsigned char *wpend_buf;
3700Sstevel@tonic-gate 
3710Sstevel@tonic-gate 	/* used during startup, digest all incoming/outgoing packets */
3720Sstevel@tonic-gate 	EVP_MD_CTX finish_dgst1;
3730Sstevel@tonic-gate 	EVP_MD_CTX finish_dgst2;
3740Sstevel@tonic-gate 
3750Sstevel@tonic-gate 	/* this is set whenerver we see a change_cipher_spec message
3760Sstevel@tonic-gate 	 * come in when we are not looking for one */
3770Sstevel@tonic-gate 	int change_cipher_spec;
3780Sstevel@tonic-gate 
3790Sstevel@tonic-gate 	int warn_alert;
3800Sstevel@tonic-gate 	int fatal_alert;
3810Sstevel@tonic-gate 	/* we allow one fatal and one warning alert to be outstanding,
3820Sstevel@tonic-gate 	 * send close alert via the warning alert */
3830Sstevel@tonic-gate 	int alert_dispatch;
3840Sstevel@tonic-gate 	unsigned char send_alert[2];
3850Sstevel@tonic-gate 
3860Sstevel@tonic-gate 	/* This flag is set when we should renegotiate ASAP, basically when
3870Sstevel@tonic-gate 	 * there is no more data in the read or write buffers */
3880Sstevel@tonic-gate 	int renegotiate;
3890Sstevel@tonic-gate 	int total_renegotiations;
3900Sstevel@tonic-gate 	int num_renegotiations;
3910Sstevel@tonic-gate 
3920Sstevel@tonic-gate 	int in_read_app_data;
3930Sstevel@tonic-gate 
3940Sstevel@tonic-gate 	struct	{
3950Sstevel@tonic-gate 		/* actually only needs to be 16+20 */
3960Sstevel@tonic-gate 		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
3970Sstevel@tonic-gate 
3980Sstevel@tonic-gate 		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
3990Sstevel@tonic-gate 		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
4000Sstevel@tonic-gate 		int finish_md_len;
4010Sstevel@tonic-gate 		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
4020Sstevel@tonic-gate 		int peer_finish_md_len;
4030Sstevel@tonic-gate 
4040Sstevel@tonic-gate 		unsigned long message_size;
4050Sstevel@tonic-gate 		int message_type;
4060Sstevel@tonic-gate 
4070Sstevel@tonic-gate 		/* used to hold the new cipher we are going to use */
4080Sstevel@tonic-gate 		SSL_CIPHER *new_cipher;
4090Sstevel@tonic-gate #ifndef OPENSSL_NO_DH
4100Sstevel@tonic-gate 		DH *dh;
4110Sstevel@tonic-gate #endif
412*2139Sjp161948 
413*2139Sjp161948 #ifndef OPENSSL_NO_ECDH
414*2139Sjp161948 		EC_KEY *ecdh; /* holds short lived ECDH key */
415*2139Sjp161948 #endif
416*2139Sjp161948 
4170Sstevel@tonic-gate 		/* used when SSL_ST_FLUSH_DATA is entered */
4180Sstevel@tonic-gate 		int next_state;
4190Sstevel@tonic-gate 
4200Sstevel@tonic-gate 		int reuse_message;
4210Sstevel@tonic-gate 
4220Sstevel@tonic-gate 		/* used for certificate requests */
4230Sstevel@tonic-gate 		int cert_req;
4240Sstevel@tonic-gate 		int ctype_num;
4250Sstevel@tonic-gate 		char ctype[SSL3_CT_NUMBER];
4260Sstevel@tonic-gate 		STACK_OF(X509_NAME) *ca_names;
4270Sstevel@tonic-gate 
4280Sstevel@tonic-gate 		int use_rsa_tmp;
4290Sstevel@tonic-gate 
4300Sstevel@tonic-gate 		int key_block_length;
4310Sstevel@tonic-gate 		unsigned char *key_block;
4320Sstevel@tonic-gate 
4330Sstevel@tonic-gate 		const EVP_CIPHER *new_sym_enc;
4340Sstevel@tonic-gate 		const EVP_MD *new_hash;
4350Sstevel@tonic-gate #ifndef OPENSSL_NO_COMP
4360Sstevel@tonic-gate 		const SSL_COMP *new_compression;
4370Sstevel@tonic-gate #else
4380Sstevel@tonic-gate 		char *new_compression;
4390Sstevel@tonic-gate #endif
4400Sstevel@tonic-gate 		int cert_request;
4410Sstevel@tonic-gate 		} tmp;
4420Sstevel@tonic-gate 
4430Sstevel@tonic-gate 	} SSL3_STATE;
4440Sstevel@tonic-gate 
445*2139Sjp161948 
4460Sstevel@tonic-gate /* SSLv3 */
4470Sstevel@tonic-gate /*client */
4480Sstevel@tonic-gate /* extra state */
4490Sstevel@tonic-gate #define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)
4500Sstevel@tonic-gate /* write to server */
4510Sstevel@tonic-gate #define SSL3_ST_CW_CLNT_HELLO_A		(0x110|SSL_ST_CONNECT)
4520Sstevel@tonic-gate #define SSL3_ST_CW_CLNT_HELLO_B		(0x111|SSL_ST_CONNECT)
4530Sstevel@tonic-gate /* read from server */
4540Sstevel@tonic-gate #define SSL3_ST_CR_SRVR_HELLO_A		(0x120|SSL_ST_CONNECT)
4550Sstevel@tonic-gate #define SSL3_ST_CR_SRVR_HELLO_B		(0x121|SSL_ST_CONNECT)
456*2139Sjp161948 #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
457*2139Sjp161948 #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
4580Sstevel@tonic-gate #define SSL3_ST_CR_CERT_A		(0x130|SSL_ST_CONNECT)
4590Sstevel@tonic-gate #define SSL3_ST_CR_CERT_B		(0x131|SSL_ST_CONNECT)
4600Sstevel@tonic-gate #define SSL3_ST_CR_KEY_EXCH_A		(0x140|SSL_ST_CONNECT)
4610Sstevel@tonic-gate #define SSL3_ST_CR_KEY_EXCH_B		(0x141|SSL_ST_CONNECT)
4620Sstevel@tonic-gate #define SSL3_ST_CR_CERT_REQ_A		(0x150|SSL_ST_CONNECT)
4630Sstevel@tonic-gate #define SSL3_ST_CR_CERT_REQ_B		(0x151|SSL_ST_CONNECT)
4640Sstevel@tonic-gate #define SSL3_ST_CR_SRVR_DONE_A		(0x160|SSL_ST_CONNECT)
4650Sstevel@tonic-gate #define SSL3_ST_CR_SRVR_DONE_B		(0x161|SSL_ST_CONNECT)
4660Sstevel@tonic-gate /* write to server */
4670Sstevel@tonic-gate #define SSL3_ST_CW_CERT_A		(0x170|SSL_ST_CONNECT)
4680Sstevel@tonic-gate #define SSL3_ST_CW_CERT_B		(0x171|SSL_ST_CONNECT)
4690Sstevel@tonic-gate #define SSL3_ST_CW_CERT_C		(0x172|SSL_ST_CONNECT)
4700Sstevel@tonic-gate #define SSL3_ST_CW_CERT_D		(0x173|SSL_ST_CONNECT)
4710Sstevel@tonic-gate #define SSL3_ST_CW_KEY_EXCH_A		(0x180|SSL_ST_CONNECT)
4720Sstevel@tonic-gate #define SSL3_ST_CW_KEY_EXCH_B		(0x181|SSL_ST_CONNECT)
4730Sstevel@tonic-gate #define SSL3_ST_CW_CERT_VRFY_A		(0x190|SSL_ST_CONNECT)
4740Sstevel@tonic-gate #define SSL3_ST_CW_CERT_VRFY_B		(0x191|SSL_ST_CONNECT)
4750Sstevel@tonic-gate #define SSL3_ST_CW_CHANGE_A		(0x1A0|SSL_ST_CONNECT)
4760Sstevel@tonic-gate #define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)
4770Sstevel@tonic-gate #define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
4780Sstevel@tonic-gate #define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
4790Sstevel@tonic-gate /* read from server */
4800Sstevel@tonic-gate #define SSL3_ST_CR_CHANGE_A		(0x1C0|SSL_ST_CONNECT)
4810Sstevel@tonic-gate #define SSL3_ST_CR_CHANGE_B		(0x1C1|SSL_ST_CONNECT)
4820Sstevel@tonic-gate #define SSL3_ST_CR_FINISHED_A		(0x1D0|SSL_ST_CONNECT)
4830Sstevel@tonic-gate #define SSL3_ST_CR_FINISHED_B		(0x1D1|SSL_ST_CONNECT)
4840Sstevel@tonic-gate 
4850Sstevel@tonic-gate /* server */
4860Sstevel@tonic-gate /* extra state */
4870Sstevel@tonic-gate #define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
4880Sstevel@tonic-gate /* read from client */
4890Sstevel@tonic-gate /* Do not change the number values, they do matter */
4900Sstevel@tonic-gate #define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
4910Sstevel@tonic-gate #define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
4920Sstevel@tonic-gate #define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
4930Sstevel@tonic-gate /* write to client */
494*2139Sjp161948 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
495*2139Sjp161948 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
4960Sstevel@tonic-gate #define SSL3_ST_SW_HELLO_REQ_A		(0x120|SSL_ST_ACCEPT)
4970Sstevel@tonic-gate #define SSL3_ST_SW_HELLO_REQ_B		(0x121|SSL_ST_ACCEPT)
4980Sstevel@tonic-gate #define SSL3_ST_SW_HELLO_REQ_C		(0x122|SSL_ST_ACCEPT)
4990Sstevel@tonic-gate #define SSL3_ST_SW_SRVR_HELLO_A		(0x130|SSL_ST_ACCEPT)
5000Sstevel@tonic-gate #define SSL3_ST_SW_SRVR_HELLO_B		(0x131|SSL_ST_ACCEPT)
5010Sstevel@tonic-gate #define SSL3_ST_SW_CERT_A		(0x140|SSL_ST_ACCEPT)
5020Sstevel@tonic-gate #define SSL3_ST_SW_CERT_B		(0x141|SSL_ST_ACCEPT)
5030Sstevel@tonic-gate #define SSL3_ST_SW_KEY_EXCH_A		(0x150|SSL_ST_ACCEPT)
5040Sstevel@tonic-gate #define SSL3_ST_SW_KEY_EXCH_B		(0x151|SSL_ST_ACCEPT)
5050Sstevel@tonic-gate #define SSL3_ST_SW_CERT_REQ_A		(0x160|SSL_ST_ACCEPT)
5060Sstevel@tonic-gate #define SSL3_ST_SW_CERT_REQ_B		(0x161|SSL_ST_ACCEPT)
5070Sstevel@tonic-gate #define SSL3_ST_SW_SRVR_DONE_A		(0x170|SSL_ST_ACCEPT)
5080Sstevel@tonic-gate #define SSL3_ST_SW_SRVR_DONE_B		(0x171|SSL_ST_ACCEPT)
5090Sstevel@tonic-gate /* read from client */
5100Sstevel@tonic-gate #define SSL3_ST_SR_CERT_A		(0x180|SSL_ST_ACCEPT)
5110Sstevel@tonic-gate #define SSL3_ST_SR_CERT_B		(0x181|SSL_ST_ACCEPT)
5120Sstevel@tonic-gate #define SSL3_ST_SR_KEY_EXCH_A		(0x190|SSL_ST_ACCEPT)
5130Sstevel@tonic-gate #define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)
5140Sstevel@tonic-gate #define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)
5150Sstevel@tonic-gate #define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)
5160Sstevel@tonic-gate #define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)
5170Sstevel@tonic-gate #define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)
5180Sstevel@tonic-gate #define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
5190Sstevel@tonic-gate #define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
5200Sstevel@tonic-gate /* write to client */
5210Sstevel@tonic-gate #define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)
5220Sstevel@tonic-gate #define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)
5230Sstevel@tonic-gate #define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)
5240Sstevel@tonic-gate #define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)
5250Sstevel@tonic-gate 
5260Sstevel@tonic-gate #define SSL3_MT_HELLO_REQUEST			0
5270Sstevel@tonic-gate #define SSL3_MT_CLIENT_HELLO			1
5280Sstevel@tonic-gate #define SSL3_MT_SERVER_HELLO			2
5290Sstevel@tonic-gate #define SSL3_MT_CERTIFICATE			11
5300Sstevel@tonic-gate #define SSL3_MT_SERVER_KEY_EXCHANGE		12
5310Sstevel@tonic-gate #define SSL3_MT_CERTIFICATE_REQUEST		13
5320Sstevel@tonic-gate #define SSL3_MT_SERVER_DONE			14
5330Sstevel@tonic-gate #define SSL3_MT_CERTIFICATE_VERIFY		15
5340Sstevel@tonic-gate #define SSL3_MT_CLIENT_KEY_EXCHANGE		16
5350Sstevel@tonic-gate #define SSL3_MT_FINISHED			20
536*2139Sjp161948 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
537*2139Sjp161948 
5380Sstevel@tonic-gate 
5390Sstevel@tonic-gate #define SSL3_MT_CCS				1
5400Sstevel@tonic-gate 
5410Sstevel@tonic-gate /* These are used when changing over to a new cipher */
5420Sstevel@tonic-gate #define SSL3_CC_READ		0x01
5430Sstevel@tonic-gate #define SSL3_CC_WRITE		0x02
5440Sstevel@tonic-gate #define SSL3_CC_CLIENT		0x10
5450Sstevel@tonic-gate #define SSL3_CC_SERVER		0x20
5460Sstevel@tonic-gate #define SSL3_CHANGE_CIPHER_CLIENT_WRITE	(SSL3_CC_CLIENT|SSL3_CC_WRITE)
5470Sstevel@tonic-gate #define SSL3_CHANGE_CIPHER_SERVER_READ	(SSL3_CC_SERVER|SSL3_CC_READ)
5480Sstevel@tonic-gate #define SSL3_CHANGE_CIPHER_CLIENT_READ	(SSL3_CC_CLIENT|SSL3_CC_READ)
5490Sstevel@tonic-gate #define SSL3_CHANGE_CIPHER_SERVER_WRITE	(SSL3_CC_SERVER|SSL3_CC_WRITE)
5500Sstevel@tonic-gate 
5510Sstevel@tonic-gate #ifdef  __cplusplus
5520Sstevel@tonic-gate }
5530Sstevel@tonic-gate #endif
5540Sstevel@tonic-gate #endif
5550Sstevel@tonic-gate 
556