Home | History | Annotate | Download | only in openssl
      1 /* ssl/ssl3.h */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 /* ====================================================================
     59  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
     60  *
     61  * Redistribution and use in source and binary forms, with or without
     62  * modification, are permitted provided that the following conditions
     63  * are met:
     64  *
     65  * 1. Redistributions of source code must retain the above copyright
     66  *    notice, this list of conditions and the following disclaimer.
     67  *
     68  * 2. Redistributions in binary form must reproduce the above copyright
     69  *    notice, this list of conditions and the following disclaimer in
     70  *    the documentation and/or other materials provided with the
     71  *    distribution.
     72  *
     73  * 3. All advertising materials mentioning features or use of this
     74  *    software must display the following acknowledgment:
     75  *    "This product includes software developed by the OpenSSL Project
     76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     77  *
     78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     79  *    endorse or promote products derived from this software without
     80  *    prior written permission. For written permission, please contact
     81  *    openssl-core (at) openssl.org.
     82  *
     83  * 5. Products derived from this software may not be called "OpenSSL"
     84  *    nor may "OpenSSL" appear in their names without prior written
     85  *    permission of the OpenSSL Project.
     86  *
     87  * 6. Redistributions of any form whatsoever must retain the following
     88  *    acknowledgment:
     89  *    "This product includes software developed by the OpenSSL Project
     90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     91  *
     92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    103  * OF THE POSSIBILITY OF SUCH DAMAGE.
    104  * ====================================================================
    105  *
    106  * This product includes cryptographic software written by Eric Young
    107  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    108  * Hudson (tjh (at) cryptsoft.com).
    109  *
    110  */
    111 /* ====================================================================
    112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
    113  * ECC cipher suite support in OpenSSL originally developed by
    114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
    115  */
    116 
    117 #ifndef OPENSSL_HEADER_SSL3_H
    118 #define OPENSSL_HEADER_SSL3_H
    119 
    120 #include <openssl/aead.h>
    121 #include <openssl/type_check.h>
    122 
    123 #ifdef  __cplusplus
    124 extern "C" {
    125 #endif
    126 
    127 
    128 // These are kept to support clients that negotiates higher protocol versions
    129 // using SSLv2 client hello records.
    130 #define SSL2_MT_CLIENT_HELLO 1
    131 #define SSL2_VERSION 0x0002
    132 
    133 // Signalling cipher suite value from RFC 5746.
    134 #define SSL3_CK_SCSV 0x030000FF
    135 // Fallback signalling cipher suite value from RFC 7507.
    136 #define SSL3_CK_FALLBACK_SCSV 0x03005600
    137 
    138 #define SSL3_CK_RSA_NULL_MD5 0x03000001
    139 #define SSL3_CK_RSA_NULL_SHA 0x03000002
    140 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003
    141 #define SSL3_CK_RSA_RC4_128_MD5 0x03000004
    142 #define SSL3_CK_RSA_RC4_128_SHA 0x03000005
    143 #define SSL3_CK_RSA_RC2_40_MD5 0x03000006
    144 #define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
    145 #define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
    146 #define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
    147 #define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
    148 
    149 #define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
    150 #define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
    151 #define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
    152 #define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
    153 #define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
    154 #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
    155 
    156 #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
    157 #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
    158 #define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
    159 #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
    160 #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
    161 #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
    162 
    163 #define SSL3_CK_ADH_RC4_40_MD5 0x03000017
    164 #define SSL3_CK_ADH_RC4_128_MD5 0x03000018
    165 #define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
    166 #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
    167 #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
    168 
    169 #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
    170 #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
    171 #define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
    172 #define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
    173 #define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
    174 #define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
    175 #define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
    176 #define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
    177 #define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
    178 #define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
    179 
    180 #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
    181 #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
    182 #define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
    183 #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
    184 #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
    185 #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
    186 
    187 #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
    188 #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
    189 #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
    190 #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
    191 #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
    192 #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
    193 
    194 #define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
    195 #define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
    196 #define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
    197 #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
    198 #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
    199 
    200 #define SSL3_SSL_SESSION_ID_LENGTH 32
    201 #define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
    202 
    203 #define SSL3_MASTER_SECRET_SIZE 48
    204 #define SSL3_RANDOM_SIZE 32
    205 #define SSL3_SESSION_ID_SIZE 32
    206 #define SSL3_RT_HEADER_LENGTH 5
    207 
    208 #define SSL3_HM_HEADER_LENGTH 4
    209 
    210 #ifndef SSL3_ALIGN_PAYLOAD
    211 // Some will argue that this increases memory footprint, but it's not actually
    212 // true. Point is that malloc has to return at least 64-bit aligned pointers,
    213 // meaning that allocating 5 bytes wastes 3 bytes in either case. Suggested
    214 // pre-gaping simply moves these wasted bytes from the end of allocated region
    215 // to its front, but makes data payload aligned, which improves performance.
    216 #define SSL3_ALIGN_PAYLOAD 8
    217 #else
    218 #if (SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) != 0
    219 #error "insane SSL3_ALIGN_PAYLOAD"
    220 #undef SSL3_ALIGN_PAYLOAD
    221 #endif
    222 #endif
    223 
    224 // This is the maximum MAC (digest) size used by the SSL library. Currently
    225 // maximum of 20 is used by SHA1, but we reserve for future extension for
    226 // 512-bit hashes.
    227 
    228 #define SSL3_RT_MAX_MD_SIZE 64
    229 
    230 // Maximum block size used in all ciphersuites. Currently 16 for AES.
    231 
    232 #define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
    233 
    234 // Maximum plaintext length: defined by SSL/TLS standards
    235 #define SSL3_RT_MAX_PLAIN_LENGTH 16384
    236 // Maximum compression overhead: defined by SSL/TLS standards
    237 #define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
    238 
    239 // The standards give a maximum encryption overhead of 1024 bytes. In practice
    240 // the value is lower than this. The overhead is the maximum number of padding
    241 // bytes (256) plus the mac size.
    242 //
    243 // TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1
    244 // explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger
    245 // than necessary and no true AEAD has variable overhead in TLS 1.2.
    246 #define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
    247 
    248 // SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a
    249 // record. This does not include the record header. Some ciphers use explicit
    250 // nonces, so it includes both the AEAD overhead as well as the nonce.
    251 #define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
    252     (EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
    253 
    254 OPENSSL_COMPILE_ASSERT(
    255     SSL3_RT_MAX_ENCRYPTED_OVERHEAD >= SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
    256     max_overheads_are_consistent);
    257 
    258 // SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
    259 // |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
    260 // compression overhead.
    261 #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
    262 
    263 #define SSL3_RT_MAX_ENCRYPTED_LENGTH \
    264   (SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH)
    265 #define SSL3_RT_MAX_PACKET_SIZE \
    266   (SSL3_RT_MAX_ENCRYPTED_LENGTH + SSL3_RT_HEADER_LENGTH)
    267 
    268 #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
    269 #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
    270 
    271 #define SSL3_RT_CHANGE_CIPHER_SPEC 20
    272 #define SSL3_RT_ALERT 21
    273 #define SSL3_RT_HANDSHAKE 22
    274 #define SSL3_RT_APPLICATION_DATA 23
    275 
    276 // Pseudo content type for SSL/TLS header info
    277 #define SSL3_RT_HEADER 0x100
    278 
    279 #define SSL3_AL_WARNING 1
    280 #define SSL3_AL_FATAL 2
    281 
    282 #define SSL3_AD_CLOSE_NOTIFY 0
    283 #define SSL3_AD_UNEXPECTED_MESSAGE 10     // fatal
    284 #define SSL3_AD_BAD_RECORD_MAC 20         // fatal
    285 #define SSL3_AD_DECOMPRESSION_FAILURE 30  // fatal
    286 #define SSL3_AD_HANDSHAKE_FAILURE 40      // fatal
    287 #define SSL3_AD_NO_CERTIFICATE 41
    288 #define SSL3_AD_BAD_CERTIFICATE 42
    289 #define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
    290 #define SSL3_AD_CERTIFICATE_REVOKED 44
    291 #define SSL3_AD_CERTIFICATE_EXPIRED 45
    292 #define SSL3_AD_CERTIFICATE_UNKNOWN 46
    293 #define SSL3_AD_ILLEGAL_PARAMETER 47       // fatal
    294 #define SSL3_AD_INAPPROPRIATE_FALLBACK 86  // fatal
    295 
    296 #define SSL3_CT_RSA_SIGN 1
    297 
    298 #define SSL3_MT_HELLO_REQUEST 0
    299 #define SSL3_MT_CLIENT_HELLO 1
    300 #define SSL3_MT_SERVER_HELLO 2
    301 #define SSL3_MT_NEW_SESSION_TICKET 4
    302 #define SSL3_MT_END_OF_EARLY_DATA 5
    303 #define SSL3_MT_HELLO_RETRY_REQUEST 6
    304 #define SSL3_MT_ENCRYPTED_EXTENSIONS 8
    305 #define SSL3_MT_CERTIFICATE 11
    306 #define SSL3_MT_SERVER_KEY_EXCHANGE 12
    307 #define SSL3_MT_CERTIFICATE_REQUEST 13
    308 #define SSL3_MT_SERVER_HELLO_DONE 14
    309 #define SSL3_MT_CERTIFICATE_VERIFY 15
    310 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16
    311 #define SSL3_MT_FINISHED 20
    312 #define SSL3_MT_CERTIFICATE_STATUS 22
    313 #define SSL3_MT_SUPPLEMENTAL_DATA 23
    314 #define SSL3_MT_KEY_UPDATE 24
    315 #define SSL3_MT_NEXT_PROTO 67
    316 #define SSL3_MT_CHANNEL_ID 203
    317 #define SSL3_MT_MESSAGE_HASH 254
    318 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3
    319 
    320 // The following are legacy aliases for consumers which use
    321 // |SSL_CTX_set_msg_callback|.
    322 #define SSL3_MT_SERVER_DONE SSL3_MT_SERVER_HELLO_DONE
    323 #define SSL3_MT_NEWSESSION_TICKET SSL3_MT_NEW_SESSION_TICKET
    324 
    325 
    326 #define SSL3_MT_CCS 1
    327 
    328 
    329 #ifdef  __cplusplus
    330 }  // extern C
    331 #endif
    332 
    333 #endif  // OPENSSL_HEADER_SSL3_H
    334