• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.]
56  */
57 /* ====================================================================
58  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
59  *
60  * Redistribution and use in source and binary forms, with or without
61  * modification, are permitted provided that the following conditions
62  * are met:
63  *
64  * 1. Redistributions of source code must retain the above copyright
65  *    notice, this list of conditions and the following disclaimer.
66  *
67  * 2. Redistributions in binary form must reproduce the above copyright
68  *    notice, this list of conditions and the following disclaimer in
69  *    the documentation and/or other materials provided with the
70  *    distribution.
71  *
72  * 3. All advertising materials mentioning features or use of this
73  *    software must display the following acknowledgment:
74  *    "This product includes software developed by the OpenSSL Project
75  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76  *
77  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78  *    endorse or promote products derived from this software without
79  *    prior written permission. For written permission, please contact
80  *    openssl-core@openssl.org.
81  *
82  * 5. Products derived from this software may not be called "OpenSSL"
83  *    nor may "OpenSSL" appear in their names without prior written
84  *    permission of the OpenSSL Project.
85  *
86  * 6. Redistributions of any form whatsoever must retain the following
87  *    acknowledgment:
88  *    "This product includes software developed by the OpenSSL Project
89  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90  *
91  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
95  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102  * OF THE POSSIBILITY OF SUCH DAMAGE.
103  * ====================================================================
104  *
105  * This product includes cryptographic software written by Eric Young
106  * (eay@cryptsoft.com).  This product includes software written by Tim
107  * Hudson (tjh@cryptsoft.com).
108  *
109  */
110 /* ====================================================================
111  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112  * ECC cipher suite support in OpenSSL originally developed by
113  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
114  */
115 
116 #ifndef OPENSSL_HEADER_SSL3_H
117 #define OPENSSL_HEADER_SSL3_H
118 
119 #include <openssl/aead.h>
120 
121 #ifdef  __cplusplus
122 extern "C" {
123 #endif
124 
125 
126 // These are kept to support clients that negotiates higher protocol versions
127 // using SSLv2 client hello records.
128 #define SSL2_MT_CLIENT_HELLO 1
129 #define SSL2_VERSION 0x0002
130 
131 // Signalling cipher suite value from RFC 5746.
132 #define SSL3_CK_SCSV 0x030000FF
133 // Fallback signalling cipher suite value from RFC 7507.
134 #define SSL3_CK_FALLBACK_SCSV 0x03005600
135 
136 #define SSL3_CK_RSA_NULL_MD5 0x03000001
137 #define SSL3_CK_RSA_NULL_SHA 0x03000002
138 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003
139 #define SSL3_CK_RSA_RC4_128_MD5 0x03000004
140 #define SSL3_CK_RSA_RC4_128_SHA 0x03000005
141 #define SSL3_CK_RSA_RC2_40_MD5 0x03000006
142 #define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
143 #define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
144 #define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
145 #define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
146 
147 #define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
148 #define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
149 #define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
150 #define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
151 #define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
152 #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
153 
154 #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
155 #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
156 #define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
157 #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
158 #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
159 #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
160 
161 #define SSL3_CK_ADH_RC4_40_MD5 0x03000017
162 #define SSL3_CK_ADH_RC4_128_MD5 0x03000018
163 #define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
164 #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
165 #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
166 
167 #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
168 #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
169 #define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
170 #define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
171 #define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
172 #define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
173 #define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
174 #define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
175 #define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
176 #define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
177 
178 #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
179 #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
180 #define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
181 #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
182 #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
183 #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
184 
185 #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
186 #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
187 #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
188 #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
189 #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
190 #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
191 
192 #define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
193 #define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
194 #define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
195 #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
196 #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
197 
198 #define SSL3_SSL_SESSION_ID_LENGTH 32
199 #define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
200 
201 #define SSL3_MASTER_SECRET_SIZE 48
202 #define SSL3_RANDOM_SIZE 32
203 #define SSL3_SESSION_ID_SIZE 32
204 #define SSL3_RT_HEADER_LENGTH 5
205 
206 #define SSL3_HM_HEADER_LENGTH 4
207 
208 #ifndef SSL3_ALIGN_PAYLOAD
209 // Some will argue that this increases memory footprint, but it's not actually
210 // true. Point is that malloc has to return at least 64-bit aligned pointers,
211 // meaning that allocating 5 bytes wastes 3 bytes in either case. Suggested
212 // pre-gaping simply moves these wasted bytes from the end of allocated region
213 // to its front, but makes data payload aligned, which improves performance.
214 #define SSL3_ALIGN_PAYLOAD 8
215 #else
216 #if (SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) != 0
217 #error "insane SSL3_ALIGN_PAYLOAD"
218 #undef SSL3_ALIGN_PAYLOAD
219 #endif
220 #endif
221 
222 // This is the maximum MAC (digest) size used by the SSL library. Currently
223 // maximum of 20 is used by SHA1, but we reserve for future extension for
224 // 512-bit hashes.
225 
226 #define SSL3_RT_MAX_MD_SIZE 64
227 
228 // Maximum block size used in all ciphersuites. Currently 16 for AES.
229 
230 #define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
231 
232 // Maximum plaintext length: defined by SSL/TLS standards
233 #define SSL3_RT_MAX_PLAIN_LENGTH 16384
234 // Maximum compression overhead: defined by SSL/TLS standards
235 #define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
236 
237 // The standards give a maximum encryption overhead of 1024 bytes. In practice
238 // the value is lower than this. The overhead is the maximum number of padding
239 // bytes (256) plus the mac size.
240 //
241 // TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1
242 // explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger
243 // than necessary and no true AEAD has variable overhead in TLS 1.2.
244 #define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
245 
246 // SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a
247 // record. This does not include the record header. Some ciphers use explicit
248 // nonces, so it includes both the AEAD overhead as well as the nonce.
249 #define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
250     (EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
251 
252 // SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
253 // |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
254 // compression overhead.
255 #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
256 
257 #define SSL3_RT_MAX_ENCRYPTED_LENGTH \
258   (SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH)
259 #define SSL3_RT_MAX_PACKET_SIZE \
260   (SSL3_RT_MAX_ENCRYPTED_LENGTH + SSL3_RT_HEADER_LENGTH)
261 
262 #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
263 #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
264 
265 #define SSL3_RT_CHANGE_CIPHER_SPEC 20
266 #define SSL3_RT_ALERT 21
267 #define SSL3_RT_HANDSHAKE 22
268 #define SSL3_RT_APPLICATION_DATA 23
269 
270 // Pseudo content type for SSL/TLS header info
271 #define SSL3_RT_HEADER 0x100
272 #define SSL3_RT_CLIENT_HELLO_INNER 0x101
273 
274 #define SSL3_AL_WARNING 1
275 #define SSL3_AL_FATAL 2
276 
277 #define SSL3_AD_CLOSE_NOTIFY 0
278 #define SSL3_AD_UNEXPECTED_MESSAGE 10     // fatal
279 #define SSL3_AD_BAD_RECORD_MAC 20         // fatal
280 #define SSL3_AD_DECOMPRESSION_FAILURE 30  // fatal
281 #define SSL3_AD_HANDSHAKE_FAILURE 40      // fatal
282 #define SSL3_AD_NO_CERTIFICATE 41
283 #define SSL3_AD_BAD_CERTIFICATE 42
284 #define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
285 #define SSL3_AD_CERTIFICATE_REVOKED 44
286 #define SSL3_AD_CERTIFICATE_EXPIRED 45
287 #define SSL3_AD_CERTIFICATE_UNKNOWN 46
288 #define SSL3_AD_ILLEGAL_PARAMETER 47       // fatal
289 #define SSL3_AD_INAPPROPRIATE_FALLBACK 86  // fatal
290 
291 #define SSL3_CT_RSA_SIGN 1
292 
293 #define SSL3_MT_HELLO_REQUEST 0
294 #define SSL3_MT_CLIENT_HELLO 1
295 #define SSL3_MT_SERVER_HELLO 2
296 #define SSL3_MT_NEW_SESSION_TICKET 4
297 #define SSL3_MT_END_OF_EARLY_DATA 5
298 #define SSL3_MT_ENCRYPTED_EXTENSIONS 8
299 #define SSL3_MT_CERTIFICATE 11
300 #define SSL3_MT_SERVER_KEY_EXCHANGE 12
301 #define SSL3_MT_CERTIFICATE_REQUEST 13
302 #define SSL3_MT_SERVER_HELLO_DONE 14
303 #define SSL3_MT_CERTIFICATE_VERIFY 15
304 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16
305 #define SSL3_MT_FINISHED 20
306 #define SSL3_MT_CERTIFICATE_STATUS 22
307 #define SSL3_MT_SUPPLEMENTAL_DATA 23
308 #define SSL3_MT_KEY_UPDATE 24
309 #define SSL3_MT_COMPRESSED_CERTIFICATE 25
310 #define SSL3_MT_NEXT_PROTO 67
311 #define SSL3_MT_CHANNEL_ID 203
312 #define SSL3_MT_MESSAGE_HASH 254
313 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3
314 
315 // The following are legacy aliases for consumers which use
316 // |SSL_CTX_set_msg_callback|.
317 #define SSL3_MT_SERVER_DONE SSL3_MT_SERVER_HELLO_DONE
318 #define SSL3_MT_NEWSESSION_TICKET SSL3_MT_NEW_SESSION_TICKET
319 
320 
321 #define SSL3_MT_CCS 1
322 
323 
324 #ifdef  __cplusplus
325 }  // extern C
326 #endif
327 
328 #endif  // OPENSSL_HEADER_SSL3_H
329