diff options
Diffstat (limited to 'linux-x86_64/include/openssl/tls1.h')
| -rw-r--r-- | linux-x86_64/include/openssl/tls1.h | 56 |
1 files changed, 39 insertions, 17 deletions
diff --git a/linux-x86_64/include/openssl/tls1.h b/linux-x86_64/include/openssl/tls1.h index 69d8186..7e237d0 100644 --- a/linux-x86_64/include/openssl/tls1.h +++ b/linux-x86_64/include/openssl/tls1.h @@ -209,11 +209,9 @@ extern "C" { # define TLSEXT_TYPE_status_request 5 /* ExtensionType values from RFC4681 */ # define TLSEXT_TYPE_user_mapping 6 - /* ExtensionType values from RFC5878 */ # define TLSEXT_TYPE_client_authz 7 # define TLSEXT_TYPE_server_authz 8 - /* ExtensionType values from RFC6091 */ # define TLSEXT_TYPE_cert_type 9 @@ -233,10 +231,12 @@ extern "C" { /* ExtensionType value from RFC5620 */ # define TLSEXT_TYPE_heartbeat 15 +/* ExtensionType value from RFC7301 */ +# define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + /* * ExtensionType value for TLS padding extension. - * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml - * http://tools.ietf.org/html/draft-agl-tls-padding-03 + * http://tools.ietf.org/html/draft-agl-tls-padding */ # define TLSEXT_TYPE_padding 21 @@ -250,7 +250,7 @@ extern "C" { * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 * using whatever extension number you'd like to try */ -# define TLSEXT_TYPE_opaque_prf_input ?? */ +# define TLSEXT_TYPE_opaque_prf_input ?? # endif /* Temporary extension type */ @@ -261,25 +261,27 @@ extern "C" { # define TLSEXT_TYPE_next_proto_neg 13172 # endif -/* NameType value from RFC 3546 */ +/* NameType value from RFC3546 */ # define TLSEXT_NAMETYPE_host_name 0 -/* status request value from RFC 3546 */ +/* status request value from RFC3546 */ # define TLSEXT_STATUSTYPE_ocsp 1 -/* ECPointFormat values from draft-ietf-tls-ecc-12 */ +/* ECPointFormat values from RFC4492 */ # define TLSEXT_ECPOINTFORMAT_first 0 # define TLSEXT_ECPOINTFORMAT_uncompressed 0 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 # define TLSEXT_ECPOINTFORMAT_last 2 -/* Signature and hash algorithms from RFC 5246 */ - +/* Signature and hash algorithms from RFC5246 */ # define TLSEXT_signature_anonymous 0 # define TLSEXT_signature_rsa 1 # define TLSEXT_signature_dsa 2 # define TLSEXT_signature_ecdsa 3 +/* Total number of different signature algorithms */ +# define TLSEXT_signature_num 4 + # define TLSEXT_hash_none 0 # define TLSEXT_hash_md5 1 # define TLSEXT_hash_sha1 2 @@ -288,6 +290,18 @@ extern "C" { # define TLSEXT_hash_sha384 5 # define TLSEXT_hash_sha512 6 +/* Total number of different digest algorithms */ + +# define TLSEXT_hash_num 7 + +/* Flag set for unrecognised algorithms */ +# define TLSEXT_nid_unknown 0x1000000 + +/* ECC curves */ + +# define TLSEXT_curve_P_256 23 +# define TLSEXT_curve_P_384 24 + # ifndef OPENSSL_NO_TLSEXT # define TLSEXT_MAXLEN_host_name 255 @@ -306,6 +320,16 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *p, size_t plen, int use_context); +int SSL_get_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + # define SSL_set_tlsext_host_name(s,name) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) @@ -404,7 +428,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 /* AES ciphersuites from RFC3268 */ - # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F # define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 # define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 @@ -541,11 +564,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 /* - * XXX Inconsistency alert: The OpenSSL names of ciphers with ephemeral DH - * here include the string "DHE", while elsewhere it has always been "EDH". - * (The alias for the list of all such ciphers also is "EDH".) The - * specifications speak of "EDH"; maybe we should allow both forms for - * everything. + * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave + * some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we + * should be using DHE + * everywhere, though we may indefinitely maintain + * aliases for users + * or configurations that used "EDH" + */ # define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" # define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" @@ -570,7 +592,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" # define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" -/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ +/* ECC ciphersuites from RFC4492 */ # define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" # define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" # define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" |