X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=include%2Fopenssl%2Ftls1.h;h=8e890bf8b403f58262c416b2f05098bd62cf50c7;hp=f0c61060a35d288901dab9ed130d5ac511464eb4;hb=e984b535d95f354e9df5dfe95d588db0d6dc2413;hpb=b5b253b1bfe55d0d1be4c45dafed8d789ab97c17;ds=sidebyside diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index f0c61060a3..8e890bf8b4 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -68,8 +68,9 @@ extern "C" { # define TLS1_3_VERSION 0x0304 # define TLS_MAX_VERSION TLS1_3_VERSION -/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -17 */ -# define TLS1_3_VERSION_DRAFT 0x7f11 +/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -19 */ +# define TLS1_3_VERSION_DRAFT 0x7f13 +# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 19)" /* Special value for method supporting multiple versions */ # define TLS_ANY_VERSION 0x10000 @@ -102,6 +103,10 @@ extern "C" { # define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ # define TLS1_AD_USER_CANCELLED 90 # define TLS1_AD_NO_RENEGOTIATION 100 +/* TLSv1.3 alerts */ +# define TLS13_AD_END_OF_EARLY_DATA 1 +# define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ +# define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ /* codes 110-114 are from RFC3546 */ # define TLS1_AD_UNSUPPORTED_EXTENSION 110 # define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 @@ -127,9 +132,15 @@ extern "C" { # define TLSEXT_TYPE_cert_type 9 /* ExtensionType values from RFC4492 */ -# define TLSEXT_TYPE_elliptic_curves 10 +/* + * Prior to TLSv1.3 the supported_groups extension was known as + * elliptic_curves + */ +# define TLSEXT_TYPE_supported_groups 10 +# define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups # define TLSEXT_TYPE_ec_point_formats 11 + /* ExtensionType value from RFC5054 */ # define TLSEXT_TYPE_srp 12 @@ -167,7 +178,13 @@ extern "C" { # define TLSEXT_TYPE_session_ticket 35 /* As defined for TLS1.3 */ +# define TLSEXT_TYPE_key_share 40 +# define TLSEXT_TYPE_psk 41 +# define TLSEXT_TYPE_early_data 42 # define TLSEXT_TYPE_supported_versions 43 +# define TLSEXT_TYPE_cookie 44 +# define TLSEXT_TYPE_psk_kex_modes 45 +# define TLSEXT_TYPE_early_data_info 46 /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 @@ -240,6 +257,8 @@ __owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *p, size_t plen, int use_context); +int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); + int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, unsigned char *rsig, unsigned char *rhash); @@ -608,6 +627,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) /* TLS v1.3 ciphersuites */ # define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +# define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 /* * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE @@ -884,6 +907,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) * cipherstring selection process for these ciphers */ # define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256" +# define TLS1_3_TXT_AES_256_GCM_SHA384 "TLS13-AES-256-GCM-SHA384" +# define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "TLS13-CHACHA20-POLY1305-SHA256" +# define TLS1_3_TXT_AES_128_CCM_SHA256 "TLS13-AES-128-CCM-SHA256" +# define TLS1_3_TXT_AES_128_CCM_8_SHA256 "TLS13-AES-128-CCM-8-SHA256" # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2