resolve conflicts

author: djm <> 2008-09-06 12:17:54 +0000
committer: djm <> 2008-09-06 12:17:54 +0000
commit: 38ce604e3cc97706b876b0525ddff0121115456d (patch)
tree: 7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libssl/tls1.h
parent: 12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (diff)
download: openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.gz
openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.bz2
openbsd-38ce604e3cc97706b876b0525ddff0121115456d.zip
1 files changed, 214 insertions, 2 deletions
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 38838ea9a5..2d1d293e1a 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -55,6 +55,19 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 #ifndef HEADER_TLS1_H 
 #define HEADER_TLS1_H 
@@ -65,7 +78,7 @@
 extern "C" {
 #endif
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    1
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
 #define TLS1_VERSION                    0x0301
 #define TLS1_VERSION_MAJOR              0x03
@@ -83,6 +96,93 @@ extern "C" {
 #define TLS1_AD_INTERNAL_ERROR          80      /* fatal */
 #define TLS1_AD_USER_CANCELLED          90
 #define TLS1_AD_NO_RENEGOTIATION        100
+/* codes 110-114 are from RFC3546 */
+#define TLS1_AD_UNSUPPORTED_EXTENSION   110
+#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
+#define TLS1_AD_UNRECOGNIZED_NAME       112
+#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
+#define TLS1_AD_UNKNOWN_PSK_IDENTITY    115     /* fatal */
+/* ExtensionType values from RFC 3546 */
+#define TLSEXT_TYPE_server_name                 0
+#define TLSEXT_TYPE_max_fragment_length         1
+#define TLSEXT_TYPE_client_certificate_url      2
+#define TLSEXT_TYPE_trusted_ca_keys             3
+#define TLSEXT_TYPE_truncated_hmac              4
+#define TLSEXT_TYPE_status_request              5
+#define TLSEXT_TYPE_elliptic_curves             10
+#define TLSEXT_TYPE_ec_point_formats            11
+#define TLSEXT_TYPE_session_ticket              35
+/* NameType value from RFC 3546 */
+#define TLSEXT_NAMETYPE_host_name 0
+/* status request value from RFC 3546 */
+#define TLSEXT_STATUSTYPE_ocsp 1
+#ifndef OPENSSL_NO_TLSEXT
+#define TLSEXT_MAXLEN_host_name 255
+const char *SSL_get_servername(const SSL *s, const int type) ;
+int SSL_get_servername_type(const SSL *s) ;
+#define SSL_set_tlsext_host_name(s,name) \
+SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
+#define SSL_set_tlsext_debug_callback(ssl, cb) \
+SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
+#define SSL_set_tlsext_debug_arg(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
+#define SSL_set_tlsext_status_type(ssl, type) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
+#define SSL_get_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+#define SSL_set_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+#define SSL_get_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+#define SSL_set_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
+#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
+#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
+SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
+#define SSL_TLSEXT_ERR_OK 0
+#define SSL_TLSEXT_ERR_ALERT_WARNING 1
+#define SSL_TLSEXT_ERR_ALERT_FATAL 2
+#define SSL_TLSEXT_ERR_NOACK 3
+#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
+SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
+#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
+#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
+#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+#endif
 /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
@@ -112,6 +212,60 @@ extern "C" {
 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
 #define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
+/* Camellia ciphersuites from RFC4132 */
+#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
+#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
+#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
+#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
+#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
+#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
+#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
+#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
+#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
+#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
+#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
+#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
+/* SEED ciphersuites from RFC4162 */
+#define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
+#define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
+#define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
+#define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
+#define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
+#define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
+/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
+#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
+#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
+#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
+#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
+#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
+#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
+#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
+#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
+#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
+#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
+#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
+#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
+#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
+#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
+#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
+#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
+#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
 /* XXX
 * Inconsistency alert:
 * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -142,12 +296,68 @@ extern "C" {
 #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
 #define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
+/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
+/* Camellia ciphersuites from RFC4132 */
+#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
+#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
+#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
+#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
+/* SEED ciphersuites from RFC4162 */
+#define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
+#define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
+#define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
+#define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
 #define TLS_CT_RSA_SIGN                 1
 #define TLS_CT_DSS_SIGN                 2
 #define TLS_CT_RSA_FIXED_DH             3
 #define TLS_CT_DSS_FIXED_DH             4
-#define TLS_CT_NUMBER                   4
+#define TLS_CT_ECDSA_SIGN               64
+#define TLS_CT_RSA_FIXED_ECDH           65
+#define TLS_CT_ECDSA_FIXED_ECDH         66
+#define TLS_CT_NUMBER                   7
 #define TLS1_FINISH_MAC_LENGTH          12
@@ -193,3 +403,5 @@ extern "C" {
 #endif
 #endif
author	djm <>	2008-09-06 12:17:54 +0000
committer	djm <>	2008-09-06 12:17:54 +0000
commit	38ce604e3cc97706b876b0525ddff0121115456d (patch)
tree	7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libssl/tls1.h
parent	12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (diff)
download	openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.gz openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.bz2 openbsd-38ce604e3cc97706b876b0525ddff0121115456d.zip

diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 38838ea9a5..2d1d293e1a 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -55,6 +55,19 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
		58	/* ====================================================================
		59	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
		60	*
		61	* Portions of the attached software ("Contribution") are developed by
		62	* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
		63	*
		64	* The Contribution is licensed pursuant to the OpenSSL open source
		65	* license provided above.
		66	*
		67	* ECC cipher suite support in OpenSSL originally written by
		68	* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
		69	*
		70	*/
58		71
59	#ifndef HEADER_TLS1_H	72	#ifndef HEADER_TLS1_H
60	#define HEADER_TLS1_H	73	#define HEADER_TLS1_H
@@ -65,7 +78,7 @@
65	extern "C" {	78	extern "C" {
66	#endif	79	#endif
67		80
68	#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1	81	#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
69		82
70	#define TLS1_VERSION 0x0301	83	#define TLS1_VERSION 0x0301
71	#define TLS1_VERSION_MAJOR 0x03	84	#define TLS1_VERSION_MAJOR 0x03
@@ -83,6 +96,93 @@ extern "C" {
83	#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */	96	#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
84	#define TLS1_AD_USER_CANCELLED 90	97	#define TLS1_AD_USER_CANCELLED 90
85	#define TLS1_AD_NO_RENEGOTIATION 100	98	#define TLS1_AD_NO_RENEGOTIATION 100
		99	/* codes 110-114 are from RFC3546 */
		100	#define TLS1_AD_UNSUPPORTED_EXTENSION 110
		101	#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
		102	#define TLS1_AD_UNRECOGNIZED_NAME 112
		103	#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
		104	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
		105	#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
		106
		107	/* ExtensionType values from RFC 3546 */
		108	#define TLSEXT_TYPE_server_name 0
		109	#define TLSEXT_TYPE_max_fragment_length 1
		110	#define TLSEXT_TYPE_client_certificate_url 2
		111	#define TLSEXT_TYPE_trusted_ca_keys 3
		112	#define TLSEXT_TYPE_truncated_hmac 4
		113	#define TLSEXT_TYPE_status_request 5
		114	#define TLSEXT_TYPE_elliptic_curves 10
		115	#define TLSEXT_TYPE_ec_point_formats 11
		116	#define TLSEXT_TYPE_session_ticket 35
		117
		118	/* NameType value from RFC 3546 */
		119	#define TLSEXT_NAMETYPE_host_name 0
		120	/* status request value from RFC 3546 */
		121	#define TLSEXT_STATUSTYPE_ocsp 1
		122
		123	#ifndef OPENSSL_NO_TLSEXT
		124
		125	#define TLSEXT_MAXLEN_host_name 255
		126
		127	const char SSL_get_servername(const SSL s, const int type) ;
		128	int SSL_get_servername_type(const SSL *s) ;
		129
		130	#define SSL_set_tlsext_host_name(s,name) \
		131	SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
		132
		133	#define SSL_set_tlsext_debug_callback(ssl, cb) \
		134	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
		135
		136	#define SSL_set_tlsext_debug_arg(ssl, arg) \
		137	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
		138
		139	#define SSL_set_tlsext_status_type(ssl, type) \
		140	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
		141
		142	#define SSL_get_tlsext_status_exts(ssl, arg) \
		143	SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
		144
		145	#define SSL_set_tlsext_status_exts(ssl, arg) \
		146	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
		147
		148	#define SSL_get_tlsext_status_ids(ssl, arg) \
		149	SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
		150
		151	#define SSL_set_tlsext_status_ids(ssl, arg) \
		152	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
		153
		154	#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
		155	SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
		156
		157	#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
		158	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
		159
		160	#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
		161	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
		162
		163	#define SSL_TLSEXT_ERR_OK 0
		164	#define SSL_TLSEXT_ERR_ALERT_WARNING 1
		165	#define SSL_TLSEXT_ERR_ALERT_FATAL 2
		166	#define SSL_TLSEXT_ERR_NOACK 3
		167
		168	#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
		169	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
		170
		171	#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
		172	SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
		173	#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
		174	SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
		175
		176	#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
		177	SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
		178
		179	#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
		180	SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
		181
		182	#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
		183	SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
		184
		185	#endif
86		186
87	/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt	187	/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
88	* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see	188	* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
@@ -112,6 +212,60 @@ extern "C" {
112	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039	212	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
113	#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A	213	#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
114		214
		215	/* Camellia ciphersuites from RFC4132 */
		216	#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
		217	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
		218	#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
		219	#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
		220	#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
		221	#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
		222
		223	#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
		224	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
		225	#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
		226	#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
		227	#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
		228	#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
		229
		230	/* SEED ciphersuites from RFC4162 */
		231	#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
		232	#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
		233	#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
		234	#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
		235	#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
		236	#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
		237
		238	/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
		239	#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
		240	#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
		241	#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
		242	#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
		243	#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
		244
		245	#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
		246	#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
		247	#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
		248	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
		249	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
		250
		251	#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
		252	#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
		253	#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
		254	#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
		255	#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
		256
		257	#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
		258	#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
		259	#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
		260	#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
		261	#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
		262
		263	#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
		264	#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
		265	#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
		266	#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
		267	#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
		268
115	/* XXX	269	/* XXX
116	* Inconsistency alert:	270	* Inconsistency alert:
117	* The OpenSSL names of ciphers with ephemeral DH here include the string	271	* The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -142,12 +296,68 @@ extern "C" {
142	#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"	296	#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
143	#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"	297	#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
144		298
		299	/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
		300	#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
		301	#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
		302	#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
		303	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
		304	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
		305
		306	#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
		307	#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
		308	#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
		309	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
		310	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
		311
		312	#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
		313	#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
		314	#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
		315	#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
		316	#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
		317
		318	#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
		319	#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
		320	#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
		321	#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
		322	#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
		323
		324	#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
		325	#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
		326	#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
		327	#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
		328	#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
		329
		330	/* Camellia ciphersuites from RFC4132 */
		331	#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
		332	#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
		333	#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
		334	#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
		335	#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
		336	#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
		337
		338	#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
		339	#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
		340	#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
		341	#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
		342	#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
		343	#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
		344
		345	/* SEED ciphersuites from RFC4162 */
		346	#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
		347	#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
		348	#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
		349	#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
		350	#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
		351	#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
145		352
146	#define TLS_CT_RSA_SIGN 1	353	#define TLS_CT_RSA_SIGN 1
147	#define TLS_CT_DSS_SIGN 2	354	#define TLS_CT_DSS_SIGN 2
148	#define TLS_CT_RSA_FIXED_DH 3	355	#define TLS_CT_RSA_FIXED_DH 3
149	#define TLS_CT_DSS_FIXED_DH 4	356	#define TLS_CT_DSS_FIXED_DH 4
150	#define TLS_CT_NUMBER 4	357	#define TLS_CT_ECDSA_SIGN 64
		358	#define TLS_CT_RSA_FIXED_ECDH 65
		359	#define TLS_CT_ECDSA_FIXED_ECDH 66
		360	#define TLS_CT_NUMBER 7
151		361
152	#define TLS1_FINISH_MAC_LENGTH 12	362	#define TLS1_FINISH_MAC_LENGTH 12
153		363
@@ -193,3 +403,5 @@ extern "C" {
193	#endif	403	#endif
194	#endif	404	#endif
195		405
		406
		407