projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Update the TLSv1.3 version indicator for draft-19
[openssl.git]
/
include
/
openssl
/
tls1.h
diff --git
a/include/openssl/tls1.h
b/include/openssl/tls1.h
index f0c61060a35d288901dab9ed130d5ac511464eb4..8e890bf8b403f58262c416b2f05098bd62cf50c7 100644
(file)
--- a/
include/openssl/tls1.h
+++ b/
include/openssl/tls1.h
@@
-68,8
+68,9
@@
extern "C" {
# define TLS1_3_VERSION 0x0304
# define TLS_MAX_VERSION TLS1_3_VERSION
# define TLS1_3_VERSION 0x0304
# define TLS_MAX_VERSION TLS1_3_VERSION
-/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -17 */
-# define TLS1_3_VERSION_DRAFT 0x7f11
+/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -19 */
+# define TLS1_3_VERSION_DRAFT 0x7f13
+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 19)"
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
@@
-102,6
+103,10
@@
extern "C" {
# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */
# define TLS1_AD_USER_CANCELLED 90
# define TLS1_AD_NO_RENEGOTIATION 100
# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */
# define TLS1_AD_USER_CANCELLED 90
# define TLS1_AD_NO_RENEGOTIATION 100
+/* TLSv1.3 alerts */
+# define TLS13_AD_END_OF_EARLY_DATA 1
+# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */
+# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */
/* codes 110-114 are from RFC3546 */
# define TLS1_AD_UNSUPPORTED_EXTENSION 110
# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
/* codes 110-114 are from RFC3546 */
# define TLS1_AD_UNSUPPORTED_EXTENSION 110
# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
@@
-127,9
+132,15
@@
extern "C" {
# define TLSEXT_TYPE_cert_type 9
/* ExtensionType values from RFC4492 */
# define TLSEXT_TYPE_cert_type 9
/* ExtensionType values from RFC4492 */
-# define TLSEXT_TYPE_elliptic_curves 10
+/*
+ * Prior to TLSv1.3 the supported_groups extension was known as
+ * elliptic_curves
+ */
+# define TLSEXT_TYPE_supported_groups 10
+# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups
# define TLSEXT_TYPE_ec_point_formats 11
# define TLSEXT_TYPE_ec_point_formats 11
+
/* ExtensionType value from RFC5054 */
# define TLSEXT_TYPE_srp 12
/* ExtensionType value from RFC5054 */
# define TLSEXT_TYPE_srp 12
@@
-167,7
+178,13
@@
extern "C" {
# define TLSEXT_TYPE_session_ticket 35
/* As defined for TLS1.3 */
# define TLSEXT_TYPE_session_ticket 35
/* As defined for TLS1.3 */
+# define TLSEXT_TYPE_key_share 40
+# define TLSEXT_TYPE_psk 41
+# define TLSEXT_TYPE_early_data 42
# define TLSEXT_TYPE_supported_versions 43
# define TLSEXT_TYPE_supported_versions 43
+# define TLSEXT_TYPE_cookie 44
+# define TLSEXT_TYPE_psk_kex_modes 45
+# define TLSEXT_TYPE_early_data_info 46
/* Temporary extension type */
# define TLSEXT_TYPE_renegotiate 0xff01
/* Temporary extension type */
# define TLSEXT_TYPE_renegotiate 0xff01
@@
-240,6
+257,8
@@
__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
const unsigned char *p, size_t plen,
int use_context);
const unsigned char *p, size_t plen,
int use_context);
+int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid);
+
int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
@@
-608,6
+627,10
@@
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
/* TLS v1.3 ciphersuites */
# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
/* TLS v1.3 ciphersuites */
# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
+# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
+# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
+# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
+# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
/*
* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
/*
* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
@@
-884,6
+907,10
@@
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
* cipherstring selection process for these ciphers
*/
# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256"
* cipherstring selection process for these ciphers
*/
# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256"
+# define TLS1_3_TXT_AES_256_GCM_SHA384 "TLS13-AES-256-GCM-SHA384"
+# define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "TLS13-CHACHA20-POLY1305-SHA256"
+# define TLS1_3_TXT_AES_128_CCM_SHA256 "TLS13-AES-128-CCM-SHA256"
+# define TLS1_3_TXT_AES_128_CCM_8_SHA256 "TLS13-AES-128-CCM-8-SHA256"
# define TLS_CT_RSA_SIGN 1
# define TLS_CT_DSS_SIGN 2
# define TLS_CT_RSA_SIGN 1
# define TLS_CT_DSS_SIGN 2