Remove heartbeats completely

[openssl.git] / include / openssl / tls1.h
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h

index 23e382cdd3f266a158184e4d26f99f7c32c9d85a..e0698061463d3bd3e07ff0124ba2c6b129c8b22f 100644 (file)
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -65,7 +65,12 @@ extern "C" {
  # define TLS1_VERSION                    0x0301
  # define TLS1_1_VERSION                  0x0302
  # define TLS1_2_VERSION                  0x0303
-# define TLS_MAX_VERSION                 TLS1_2_VERSION
+# define TLS1_3_VERSION                  0x0304
+# define TLS_MAX_VERSION                 TLS1_3_VERSION
+
+/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -18 */
+# define TLS1_3_VERSION_DRAFT            0x7f12
+# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 18)"
  
  /* Special value for method supporting multiple versions */
  # define TLS_ANY_VERSION                 0x10000
@@ -123,9 +128,15 @@ extern "C" {
  # define TLSEXT_TYPE_cert_type           9
  
  /* ExtensionType values from RFC4492 */
-# define TLSEXT_TYPE_elliptic_curves             10
+/*
+ * Prior to TLSv1.3 the supported_groups extension was known as
+ * elliptic_curves
+ */
+# define TLSEXT_TYPE_supported_groups            10
+# define TLSEXT_TYPE_elliptic_curves             TLSEXT_TYPE_supported_groups
  # define TLSEXT_TYPE_ec_point_formats            11
  
+
  /* ExtensionType value from RFC5054 */
  # define TLSEXT_TYPE_srp                         12
  
@@ -135,9 +146,6 @@ extern "C" {
  /* ExtensionType value from RFC5764 */
  # define TLSEXT_TYPE_use_srtp    14
  
-/* ExtensionType value from RFC5620 */
-# define TLSEXT_TYPE_heartbeat   15
-
  /* ExtensionType value from RFC7301 */
  # define TLSEXT_TYPE_application_layer_protocol_negotiation 16
  
@@ -162,6 +170,9 @@ extern "C" {
  /* ExtensionType value from RFC4507 */
  # define TLSEXT_TYPE_session_ticket              35
  
+/* As defined for TLS1.3 */
+# define TLSEXT_TYPE_supported_versions          43
+
  /* Temporary extension type */
  # define TLSEXT_TYPE_renegotiate                 0xff01
  
@@ -311,35 +322,6 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
  # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
  SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
  
-# ifndef OPENSSL_NO_HEARTBEATS
-#  define SSL_DTLSEXT_HB_ENABLED                   0x01
-#  define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS        0x02
-#  define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS        0x04
-#  define SSL_get_dtlsext_heartbeat_pending(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL)
-#  define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
-
-#  if OPENSSL_API_COMPAT < 0x10100000L
-#   define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
-        SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
-#   define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
-        SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
-#   define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \
-        SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
-#   define SSL_TLSEXT_HB_ENABLED \
-        SSL_DTLSEXT_HB_ENABLED
-#   define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \
-        SSL_DTLSEXT_HB_DONT_SEND_REQUESTS
-#   define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \
-        SSL_DTLSEXT_HB_DONT_RECV_REQUESTS
-#   define SSL_get_tlsext_heartbeat_pending(ssl) \
-        SSL_get_dtlsext_heartbeat_pending(ssl)
-#   define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
-        SSL_set_dtlsext_heartbeat_no_requests(ssl, arg)
-#  endif
-# endif
-
  /* PSK ciphersuites from 4279 */
  # define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
  # define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
@@ -599,6 +581,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
  # define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305           0x0300CCAD
  # define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305           0x0300CCAE
  
+/* TLS v1.3 ciphersuites */
+# define TLS1_3_CK_AES_128_GCM_SHA256                     0x03001301
+
  /*
   * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
   * ciphers names with "EDH" instead of "DHE".  Going forward, we should be
@@ -868,6 +853,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
  # define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305           "DHE-PSK-CHACHA20-POLY1305"
  # define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305           "RSA-PSK-CHACHA20-POLY1305"
  
+/* TLSv1.3 ciphersuites */
+/*
+ * TODO(TLS1.3): Review the naming scheme for TLSv1.3 ciphers and also the
+ * cipherstring selection process for these ciphers
+ */
+# define TLS1_3_TXT_AES_128_GCM_SHA256                     "TLS13-AES-128-GCM-SHA256"
+
  # define TLS_CT_RSA_SIGN                 1
  # define TLS_CT_DSS_SIGN                 2
  # define TLS_CT_RSA_FIXED_DH             3