# define TLS1_3_VERSION 0x0304
# define TLS_MAX_VERSION TLS1_3_VERSION
-/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -18 */
-# define TLS1_3_VERSION_DRAFT 0x7f12
-# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 18)"
+/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -20 */
+# define TLS1_3_VERSION_DRAFT 0x7f14
+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 20)"
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */
# define TLS1_AD_USER_CANCELLED 90
# define TLS1_AD_NO_RENEGOTIATION 100
+/* TLSv1.3 alerts */
+# define TLS13_AD_END_OF_EARLY_DATA 1
+# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */
+# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */
/* codes 110-114 are from RFC3546 */
# define TLS1_AD_UNSUPPORTED_EXTENSION 110
# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
/* ExtensionType value from RFC5764 */
# define TLSEXT_TYPE_use_srtp 14
+/* ExtensionType value from RFC5620 */
+# define TLSEXT_TYPE_heartbeat 15
+
/* ExtensionType value from RFC7301 */
# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
# define TLSEXT_TYPE_session_ticket 35
/* As defined for TLS1.3 */
+# define TLSEXT_TYPE_key_share 40
+# define TLSEXT_TYPE_psk 41
+# define TLSEXT_TYPE_early_data 42
# define TLSEXT_TYPE_supported_versions 43
+# define TLSEXT_TYPE_cookie 44
+# define TLSEXT_TYPE_psk_kex_modes 45
+# define TLSEXT_TYPE_certificate_authorities 47
/* Temporary extension type */
# define TLSEXT_TYPE_renegotiate 0xff01
const unsigned char *p, size_t plen,
int use_context);
+int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid);
+
int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
unsigned char *rsig, unsigned char *rhash);
__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
# define SSL_set_tlsext_host_name(s,name) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
+SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name, \
+ (char *)(name))
# define SSL_set_tlsext_debug_callback(ssl, cb) \
-SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
+SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))(cb))
# define SSL_set_tlsext_debug_arg(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)(arg))
# define SSL_get_tlsext_status_type(ssl) \
SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0, NULL)
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
# define SSL_get_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)(arg))
# define SSL_set_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)(arg))
# define SSL_get_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)(arg))
# define SSL_set_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)(arg))
# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)(arg))
# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)(arg))
# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
+SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, \
+ (void (*)(void))(cb))
# define SSL_TLSEXT_ERR_OK 0
# define SSL_TLSEXT_ERR_ALERT_WARNING 1
# define SSL_TLSEXT_ERR_NOACK 3
# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
+SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)(arg))
# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
+SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))(cb))
# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, \
+ (void (*)(void))(cb))
# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg
+SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)(arg))
# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)(arg))
#define SSL_CTX_set_tlsext_status_type(ssl, type) \
SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL)
SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL)
# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \
+ (void (*)(void))(cb))
+
+# ifndef OPENSSL_NO_HEARTBEATS
+# define SSL_DTLSEXT_HB_ENABLED 0x01
+# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02
+# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04
+# define SSL_get_dtlsext_heartbeat_pending(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL)
+# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
+ SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
+ SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
+# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
+ SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
+# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \
+ SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
+# define SSL_TLSEXT_HB_ENABLED \
+ SSL_DTLSEXT_HB_ENABLED
+# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \
+ SSL_DTLSEXT_HB_DONT_SEND_REQUESTS
+# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \
+ SSL_DTLSEXT_HB_DONT_RECV_REQUESTS
+# define SSL_get_tlsext_heartbeat_pending(ssl) \
+ SSL_get_dtlsext_heartbeat_pending(ssl)
+# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
+ SSL_set_dtlsext_heartbeat_no_requests(ssl, arg)
+# endif
+# endif
/* PSK ciphersuites from 4279 */
# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
/* TLS v1.3 ciphersuites */
# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
+# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
+# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
+# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
+# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
/*
* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
* cipherstring selection process for these ciphers
*/
# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256"
+# define TLS1_3_TXT_AES_256_GCM_SHA384 "TLS13-AES-256-GCM-SHA384"
+# define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "TLS13-CHACHA20-POLY1305-SHA256"
+# define TLS1_3_TXT_AES_128_CCM_SHA256 "TLS13-AES-128-CCM-SHA256"
+# define TLS1_3_TXT_AES_128_CCM_8_SHA256 "TLS13-AES-128-CCM-8-SHA256"
# define TLS_CT_RSA_SIGN 1
# define TLS_CT_DSS_SIGN 2