Main Page
Related Pages
Modules
Namespaces
Namespace List
Namespace Members
All
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Functions
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Variables
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Typedefs
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
r
s
t
u
v
w
y
z
Enumerations
a
b
c
d
e
f
g
h
i
j
l
m
n
o
p
r
s
t
u
v
w
Enumerator
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
r
s
t
u
z
Classes
Class List
Class Hierarchy
Class Members
All
:
[
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
~
Functions
[
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
~
Variables
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Typedefs
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
r
s
t
u
v
w
y
Enumerations
a
b
c
d
e
f
h
i
k
l
m
n
o
p
r
s
t
u
v
w
Enumerator
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
z
Properties
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
r
s
t
u
v
w
Related Functions
:
a
b
c
d
e
f
g
h
i
j
l
m
n
o
p
q
r
s
t
u
v
w
z
Files
File List
File Members
All
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Functions
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
z
Variables
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Typedefs
_
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
q
r
s
t
u
v
w
x
z
Enumerations
_
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
r
s
t
u
v
w
x
Enumerator
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
r
s
t
u
v
w
x
Macros
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
grpc
third_party
boringssl-with-bazel
src
include
openssl
ssl3.h
Go to the documentation of this file.
1
/* ssl/ssl3.h */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
* All rights reserved.
4
*
5
* This package is an SSL implementation written
6
* by Eric Young (eay@cryptsoft.com).
7
* The implementation was written so as to conform with Netscapes SSL.
8
*
9
* This library is free for commercial and non-commercial use as long as
10
* the following conditions are aheared to. The following conditions
11
* apply to all code found in this distribution, be it the RC4, RSA,
12
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13
* included with this distribution is covered by the same copyright terms
14
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
*
16
* Copyright remains Eric Young's, and as such any Copyright notices in
17
* the code are not to be removed.
18
* If this package is used in a product, Eric Young should be given attribution
19
* as the author of the parts of the library used.
20
* This can be in the form of a textual message at program startup or
21
* in documentation (online or textual) provided with the package.
22
*
23
* Redistribution and use in source and binary forms, with or without
24
* modification, are permitted provided that the following conditions
25
* are met:
26
* 1. Redistributions of source code must retain the copyright
27
* notice, this list of conditions and the following disclaimer.
28
* 2. Redistributions in binary form must reproduce the above copyright
29
* notice, this list of conditions and the following disclaimer in the
30
* documentation and/or other materials provided with the distribution.
31
* 3. All advertising materials mentioning features or use of this software
32
* must display the following acknowledgement:
33
* "This product includes cryptographic software written by
34
* Eric Young (eay@cryptsoft.com)"
35
* The word 'cryptographic' can be left out if the rouines from the library
36
* being used are not cryptographic related :-).
37
* 4. If you include any Windows specific code (or a derivative thereof) from
38
* the apps directory (application code) you must include an acknowledgement:
39
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
*
41
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
* SUCH DAMAGE.
52
*
53
* The licence and distribution terms for any publically available version or
54
* derivative of this code cannot be changed. i.e. this code cannot simply be
55
* copied and put under another distribution licence
56
* [including the GNU Public Licence.]
57
*/
58
/* ====================================================================
59
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60
*
61
* Redistribution and use in source and binary forms, with or without
62
* modification, are permitted provided that the following conditions
63
* are met:
64
*
65
* 1. Redistributions of source code must retain the above copyright
66
* notice, this list of conditions and the following disclaimer.
67
*
68
* 2. Redistributions in binary form must reproduce the above copyright
69
* notice, this list of conditions and the following disclaimer in
70
* the documentation and/or other materials provided with the
71
* distribution.
72
*
73
* 3. All advertising materials mentioning features or use of this
74
* software must display the following acknowledgment:
75
* "This product includes software developed by the OpenSSL Project
76
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77
*
78
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79
* endorse or promote products derived from this software without
80
* prior written permission. For written permission, please contact
81
* openssl-core@openssl.org.
82
*
83
* 5. Products derived from this software may not be called "OpenSSL"
84
* nor may "OpenSSL" appear in their names without prior written
85
* permission of the OpenSSL Project.
86
*
87
* 6. Redistributions of any form whatsoever must retain the following
88
* acknowledgment:
89
* "This product includes software developed by the OpenSSL Project
90
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91
*
92
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103
* OF THE POSSIBILITY OF SUCH DAMAGE.
104
* ====================================================================
105
*
106
* This product includes cryptographic software written by Eric Young
107
* (eay@cryptsoft.com). This product includes software written by Tim
108
* Hudson (tjh@cryptsoft.com).
109
*
110
*/
111
/* ====================================================================
112
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113
* ECC cipher suite support in OpenSSL originally developed by
114
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115
*/
116
117
#ifndef OPENSSL_HEADER_SSL3_H
118
#define OPENSSL_HEADER_SSL3_H
119
120
#include <
openssl/aead.h
>
121
#include <
openssl/type_check.h
>
122
123
#ifdef __cplusplus
124
extern
"C"
{
125
#endif
126
127
128
// These are kept to support clients that negotiates higher protocol versions
129
// using SSLv2 client hello records.
130
#define SSL2_MT_CLIENT_HELLO 1
131
#define SSL2_VERSION 0x0002
132
133
// Signalling cipher suite value from RFC 5746.
134
#define SSL3_CK_SCSV 0x030000FF
135
// Fallback signalling cipher suite value from RFC 7507.
136
#define SSL3_CK_FALLBACK_SCSV 0x03005600
137
138
#define SSL3_CK_RSA_NULL_MD5 0x03000001
139
#define SSL3_CK_RSA_NULL_SHA 0x03000002
140
#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
141
#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
142
#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
143
#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
144
#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
145
#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
146
#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
147
#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
148
149
#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
150
#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
151
#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
152
#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
153
#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
154
#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
155
156
#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
157
#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
158
#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
159
#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
160
#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
161
#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
162
163
#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
164
#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
165
#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
166
#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
167
#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
168
169
#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
170
#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
171
#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
172
#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
173
#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
174
#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
175
#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
176
#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
177
#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
178
#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
179
180
#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
181
#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
182
#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
183
#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
184
#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
185
#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
186
187
#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
188
#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
189
#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
190
#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
191
#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
192
#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
193
194
#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
195
#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
196
#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
197
#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
198
#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
199
200
#define SSL3_SSL_SESSION_ID_LENGTH 32
201
#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
202
203
#define SSL3_MASTER_SECRET_SIZE 48
204
#define SSL3_RANDOM_SIZE 32
205
#define SSL3_SESSION_ID_SIZE 32
206
#define SSL3_RT_HEADER_LENGTH 5
207
208
#define SSL3_HM_HEADER_LENGTH 4
209
210
#ifndef SSL3_ALIGN_PAYLOAD
211
// Some will argue that this increases memory footprint, but it's not actually
212
// true. Point is that malloc has to return at least 64-bit aligned pointers,
213
// meaning that allocating 5 bytes wastes 3 bytes in either case. Suggested
214
// pre-gaping simply moves these wasted bytes from the end of allocated region
215
// to its front, but makes data payload aligned, which improves performance.
216
#define SSL3_ALIGN_PAYLOAD 8
217
#else
218
#if (SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) != 0
219
#error "insane SSL3_ALIGN_PAYLOAD"
220
#undef SSL3_ALIGN_PAYLOAD
221
#endif
222
#endif
223
224
// This is the maximum MAC (digest) size used by the SSL library. Currently
225
// maximum of 20 is used by SHA1, but we reserve for future extension for
226
// 512-bit hashes.
227
228
#define SSL3_RT_MAX_MD_SIZE 64
229
230
// Maximum block size used in all ciphersuites. Currently 16 for AES.
231
232
#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
233
234
// Maximum plaintext length: defined by SSL/TLS standards
235
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
236
// Maximum compression overhead: defined by SSL/TLS standards
237
#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
238
239
// The standards give a maximum encryption overhead of 1024 bytes. In practice
240
// the value is lower than this. The overhead is the maximum number of padding
241
// bytes (256) plus the mac size.
242
//
243
// TODO(davidben): This derivation doesn't take AEADs into account, or TLS 1.1
244
// explicit nonces. It happens to work because |SSL3_RT_MAX_MD_SIZE| is larger
245
// than necessary and no true AEAD has variable overhead in TLS 1.2.
246
#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
247
248
// SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD is the maximum overhead in encrypting a
249
// record. This does not include the record header. Some ciphers use explicit
250
// nonces, so it includes both the AEAD overhead as well as the nonce.
251
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
252
(EVP_AEAD_MAX_OVERHEAD + EVP_AEAD_MAX_NONCE_LENGTH)
253
254
OPENSSL_STATIC_ASSERT
(
SSL3_RT_MAX_ENCRYPTED_OVERHEAD
>=
255
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
,
256
"max overheads are inconsistent"
);
257
258
// SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
259
// |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
260
// compression overhead.
261
#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
262
263
#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
264
(SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH)
265
#define SSL3_RT_MAX_PACKET_SIZE \
266
(SSL3_RT_MAX_ENCRYPTED_LENGTH + SSL3_RT_HEADER_LENGTH)
267
268
#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
269
#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
270
271
#define SSL3_RT_CHANGE_CIPHER_SPEC 20
272
#define SSL3_RT_ALERT 21
273
#define SSL3_RT_HANDSHAKE 22
274
#define SSL3_RT_APPLICATION_DATA 23
275
276
// Pseudo content type for SSL/TLS header info
277
#define SSL3_RT_HEADER 0x100
278
279
#define SSL3_AL_WARNING 1
280
#define SSL3_AL_FATAL 2
281
282
#define SSL3_AD_CLOSE_NOTIFY 0
283
#define SSL3_AD_UNEXPECTED_MESSAGE 10 // fatal
284
#define SSL3_AD_BAD_RECORD_MAC 20 // fatal
285
#define SSL3_AD_DECOMPRESSION_FAILURE 30 // fatal
286
#define SSL3_AD_HANDSHAKE_FAILURE 40 // fatal
287
#define SSL3_AD_NO_CERTIFICATE 41
288
#define SSL3_AD_BAD_CERTIFICATE 42
289
#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
290
#define SSL3_AD_CERTIFICATE_REVOKED 44
291
#define SSL3_AD_CERTIFICATE_EXPIRED 45
292
#define SSL3_AD_CERTIFICATE_UNKNOWN 46
293
#define SSL3_AD_ILLEGAL_PARAMETER 47 // fatal
294
#define SSL3_AD_INAPPROPRIATE_FALLBACK 86 // fatal
295
296
#define SSL3_CT_RSA_SIGN 1
297
298
#define SSL3_MT_HELLO_REQUEST 0
299
#define SSL3_MT_CLIENT_HELLO 1
300
#define SSL3_MT_SERVER_HELLO 2
301
#define SSL3_MT_NEW_SESSION_TICKET 4
302
#define SSL3_MT_END_OF_EARLY_DATA 5
303
#define SSL3_MT_ENCRYPTED_EXTENSIONS 8
304
#define SSL3_MT_CERTIFICATE 11
305
#define SSL3_MT_SERVER_KEY_EXCHANGE 12
306
#define SSL3_MT_CERTIFICATE_REQUEST 13
307
#define SSL3_MT_SERVER_HELLO_DONE 14
308
#define SSL3_MT_CERTIFICATE_VERIFY 15
309
#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
310
#define SSL3_MT_FINISHED 20
311
#define SSL3_MT_CERTIFICATE_STATUS 22
312
#define SSL3_MT_SUPPLEMENTAL_DATA 23
313
#define SSL3_MT_KEY_UPDATE 24
314
#define SSL3_MT_COMPRESSED_CERTIFICATE 25
315
#define SSL3_MT_NEXT_PROTO 67
316
#define SSL3_MT_CHANNEL_ID 203
317
#define SSL3_MT_MESSAGE_HASH 254
318
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
319
320
// The following are legacy aliases for consumers which use
321
// |SSL_CTX_set_msg_callback|.
322
#define SSL3_MT_SERVER_DONE SSL3_MT_SERVER_HELLO_DONE
323
#define SSL3_MT_NEWSESSION_TICKET SSL3_MT_NEW_SESSION_TICKET
324
325
326
#define SSL3_MT_CCS 1
327
328
329
#ifdef __cplusplus
330
}
// extern C
331
#endif
332
333
#endif // OPENSSL_HEADER_SSL3_H
OPENSSL_STATIC_ASSERT
OPENSSL_STATIC_ASSERT(SSL3_RT_MAX_ENCRYPTED_OVERHEAD >=SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD, "max overheads are inconsistent")
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
Definition:
ssl3.h:251
aead.h
SSL3_RT_MAX_ENCRYPTED_OVERHEAD
#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD
Definition:
ssl3.h:246
type_check.h
grpc
Author(s):
autogenerated on Thu Mar 13 2025 03:01:20