X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=include%2Fopenssl%2Ftls1.h;h=2f19ccf2298fbed0fc81845432e5266b7d761d53;hb=b5ee517794cf546dc7e3d5a82b400955a7381053;hp=434e327f763ab5cac7464887dd378b2b6bbfb191;hpb=c589c34e619c8700ab16b152dd9c8ee58356b319;p=openssl.git diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 434e327f76..2f19ccf229 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -30,9 +30,13 @@ extern "C" { # define TLS1_3_VERSION 0x0304 # define TLS_MAX_VERSION TLS1_3_VERSION -/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -23 */ -# define TLS1_3_VERSION_DRAFT 0x7f17 -# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 23)" +/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */ +# define TLS1_3_VERSION_DRAFT_26 0x7f1a +# define TLS1_3_VERSION_DRAFT_27 0x7f1b +# define TLS1_3_VERSION_DRAFT 0x7f1c +# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)" +# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)" +# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)" /* Special value for method supporting multiple versions */ # define TLS_ANY_VERSION 0x10000 @@ -66,7 +70,6 @@ extern "C" { # define TLS1_AD_USER_CANCELLED 90 # define TLS1_AD_NO_RENEGOTIATION 100 /* TLSv1.3 alerts */ -# define TLS13_AD_END_OF_EARLY_DATA 1 # define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ # define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ /* codes 110-114 are from RFC3546 */ @@ -146,6 +149,7 @@ extern "C" { # define TLSEXT_TYPE_cookie 44 # define TLSEXT_TYPE_psk_kex_modes 45 # define TLSEXT_TYPE_certificate_authorities 47 +# define TLSEXT_TYPE_post_handshake_auth 49 # define TLSEXT_TYPE_signature_algorithms_cert 50 # define TLSEXT_TYPE_key_share 51 @@ -231,6 +235,19 @@ __owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen, int use_context); +/* + * SSL_export_keying_material_early exports a value derived from the + * early exporter master secret, as specified in + * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes + * |olen| bytes to |out| given a label and optional context. It + * returns 1 on success and 0 otherwise. + */ +__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out, + size_t olen, const char *label, + size_t llen, + const unsigned char *context, + size_t contextlen); + int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid); int SSL_get_sigalgs(SSL *s, int idx, @@ -1117,18 +1134,6 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256 "RSA-PSK-ARIA128-GCM-SHA256" # define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384 "RSA-PSK-ARIA256-GCM-SHA384" - -/* TLSv1.3 ciphersuites */ -/* - * TODO(TLS1.3): Review the naming scheme for TLSv1.3 ciphers and also the - * cipherstring selection process for these ciphers - */ -# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256" -# define TLS1_3_TXT_AES_256_GCM_SHA384 "TLS13-AES-256-GCM-SHA384" -# define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "TLS13-CHACHA20-POLY1305-SHA256" -# define TLS1_3_TXT_AES_128_CCM_SHA256 "TLS13-AES-128-CCM-SHA256" -# define TLS1_3_TXT_AES_128_CCM_8_SHA256 "TLS13-AES-128-CCM-8-SHA256" - # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2 # define TLS_CT_RSA_FIXED_DH 3 @@ -1144,7 +1149,13 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see * comment there) */ -# define TLS_CT_NUMBER 9 +# define TLS_CT_NUMBER 10 + +# if defined(SSL3_CT_NUMBER) +# if TLS_CT_NUMBER != SSL3_CT_NUMBER +# error "SSL/TLS CT_NUMBER values do not match" +# endif +# endif # define TLS1_FINISH_MAC_LENGTH 12