diff options
author | Robert Sloan <varomodt@google.com> | 2018-01-22 12:53:01 -0800 |
---|---|---|
committer | Rob Sloan <varomodt@google.com> | 2018-01-23 17:32:16 +0000 |
commit | 978112cdf099dece01f92874cc8a8025b2405a59 (patch) | |
tree | 18f725077b4089ab4c60f4fc19c2b265f9f79bda /src/include | |
parent | 0db7f543e9eb4209a3124ef956229ed0e942193d (diff) | |
download | boringssl-978112cdf099dece01f92874cc8a8025b2405a59.tar.gz |
NO PARTIAL RERUN external/boringssl: Sync to cb15cfda29c0c60d8d74145b17c93b43a7667837.android-wear-8.0.0_r1
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/37c6eb4284bea36be9fa41d35b582008f2023dcf..cb15cfda29c0c60d8d74145b17c93b43a7667837
Test: BoringSSL CTS Presubmits
Change-Id: I8a20a38a338c40600b7b1034cd1d750d8ce2cbe6
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/openssl/base.h | 2 | ||||
-rw-r--r-- | src/include/openssl/crypto.h | 4 | ||||
-rw-r--r-- | src/include/openssl/ssl.h | 28 | ||||
-rw-r--r-- | src/include/openssl/tls1.h | 3 |
4 files changed, 36 insertions, 1 deletions
diff --git a/src/include/openssl/base.h b/src/include/openssl/base.h index 9edaa5ca..dea069ab 100644 --- a/src/include/openssl/base.h +++ b/src/include/openssl/base.h @@ -151,7 +151,7 @@ extern "C" { // A consumer may use this symbol in the preprocessor to temporarily build // against multiple revisions of BoringSSL at the same time. It is not // recommended to do so for longer than is necessary. -#define BORINGSSL_API_VERSION 6 +#define BORINGSSL_API_VERSION 7 #if defined(BORINGSSL_SHARED_LIBRARY) diff --git a/src/include/openssl/crypto.h b/src/include/openssl/crypto.h index dc87dd2d..ccf5012c 100644 --- a/src/include/openssl/crypto.h +++ b/src/include/openssl/crypto.h @@ -58,6 +58,10 @@ OPENSSL_EXPORT int CRYPTO_has_asm(void); // which case it returns one. OPENSSL_EXPORT int FIPS_mode(void); +// BORINGSSL_self_test triggers the FIPS KAT-based self tests. It returns one +// on success and zero on error. +OPENSSL_EXPORT int BORINGSSL_self_test(void); + // Deprecated functions. diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index b868d3f2..7ae82767 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -2785,6 +2785,33 @@ OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))( SSL *ssl, EVP_PKEY **out_pkey); +// Token Binding. +// +// See draft-ietf-tokbind-protocol-16. + +// SSL_set_token_binding_params sets |params| as the Token Binding Key +// parameters (section 3 of draft-ietf-tokbind-protocol-16) to negotiate on the +// connection. If this function is not called, or if |len| is 0, then this +// endpoint will not attempt to negotiate Token Binding. |params| are provided +// in preference order, with the more preferred parameters at the beginning of +// the list. This function returns 1 on success and 0 on failure. +OPENSSL_EXPORT int SSL_set_token_binding_params(SSL *ssl, const uint8_t *params, + size_t len); + +// SSL_is_token_binding_negotiated returns 1 if Token Binding was negotiated +// on this connection and 0 otherwise. On a server, it is possible for this +// function to return 1 when the client's view of the connection is that Token +// Binding was not negotiated. This occurs when the server indicates a version +// of Token Binding less than the client's minimum version. +OPENSSL_EXPORT int SSL_is_token_binding_negotiated(const SSL *ssl); + +// SSL_get_negotiated_token_binding_param returns the TokenBindingKeyParameters +// enum value that was negotiated. It is only valid to call this function if +// SSL_is_token_binding_negotiated returned 1, otherwise this function returns +// an undefined value. +OPENSSL_EXPORT uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl); + + // DTLS-SRTP. // // See RFC 5764. @@ -4588,6 +4615,7 @@ OPENSSL_EXPORT bool SealRecord(SSL *ssl, Span<uint8_t> out_prefix, #define SSL_R_EMPTY_HELLO_RETRY_REQUEST 282 #define SSL_R_EARLY_DATA_NOT_IN_USE 283 #define SSL_R_HANDSHAKE_NOT_COMPLETE 284 +#define SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI 285 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h index 4b5d2262..682bb9ba 100644 --- a/src/include/openssl/tls1.h +++ b/src/include/openssl/tls1.h @@ -202,6 +202,9 @@ extern "C" { // ExtensionType value from RFC7627 #define TLSEXT_TYPE_extended_master_secret 23 +// ExtensionType value from draft-ietf-tokbind-negotiation-10 +#define TLSEXT_TYPE_token_binding 24 + // ExtensionType value from RFC4507 #define TLSEXT_TYPE_session_ticket 35 |