Add error codes for DRBG KAT failures.

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 244cfb2bb59c994811217314503b50ea46234adb..7f15173f0e9d9c6a519a4bb65a8e960f13a037d0 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -287,6 +287,7 @@ extern "C" {
 #define SSL_TXT_AES128         "AES128"
 #define SSL_TXT_AES256         "AES256"
 #define SSL_TXT_AES            "AES"
+#define SSL_TXT_AES_GCM                "AESGCM"
 #define SSL_TXT_CAMELLIA128    "CAMELLIA128"
 #define SSL_TXT_CAMELLIA256    "CAMELLIA256"
 #define SSL_TXT_CAMELLIA       "CAMELLIA"
@@ -446,10 +447,12 @@ struct ssl_method_st
  *     Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
  *     Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
  *     HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension 
- *     ECPointFormatList [ 7 ] OCTET STRING,     -- optional EC point format list from TLS extension
- *     PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- *     PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity
- *     SRP_username [ 11 ] EXPLICIT OCTET STRING -- optional SRP username
+ *     PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ *     PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
+ *     Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ *     Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *     Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
+ *     SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
  *     }
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -1130,12 +1133,12 @@ struct ssl_st
        int server;     /* are we the server side? - mostly used by SSL_clear*/
 
        int new_session;/* Generate a new session or reuse an old one.
-                                        * NB: For servers, the 'new' session may actually be a previously
-                                        * cached session or even the previous session unless
-                                        * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+                        * NB: For servers, the 'new' session may actually be a previously
+                        * cached session or even the previous session unless
+                        * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
        int renegotiate;/* 1 if we are renegotiating.
-                                        * 2 if we are a server and are inside a handshake
-                                        *   (i.e. not just sending a HelloRequest) */
+                        * 2 if we are a server and are inside a handshake
+                        * (i.e. not just sending a HelloRequest) */
 
        int quiet_shutdown;/* don't send shutdown packets */
        int shutdown;   /* we have shut things down, 0x01 sent, 0x02