diff options
| author | jsing <> | 2014-10-31 15:49:18 +0000 |
|---|---|---|
| committer | jsing <> | 2014-10-31 15:49:18 +0000 |
| commit | 8770b76cb61f86302f143b5be9680a006ee34f3b (patch) | |
| tree | f588703a95f20d96e24e4088d384adaa7840172d /src | |
| parent | 54a9e181c4116a60575beaeefc2224dd6e83bab5 (diff) | |
| download | openbsd-8770b76cb61f86302f143b5be9680a006ee34f3b.tar.gz openbsd-8770b76cb61f86302f143b5be9680a006ee34f3b.tar.bz2 openbsd-8770b76cb61f86302f143b5be9680a006ee34f3b.zip | |
Update comments for TLS ExtensionType values - many of the referenced
drafts are now RFCs. Also add the TLS extension type for ALPN and be
consistent with RFC reference formatting.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/tls1.h | 84 | ||||
| -rw-r--r-- | src/lib/libssl/tls1.h | 84 |
2 files changed, 92 insertions, 76 deletions
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h index 3bbb2acc2f..97041267e9 100644 --- a/src/lib/libssl/src/ssl/tls1.h +++ b/src/lib/libssl/src/ssl/tls1.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls1.h,v 1.19 2014/06/13 13:28:53 jsing Exp $ */ | 1 | /* $OpenBSD: tls1.h,v 1.20 2014/10/31 15:49:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -189,7 +189,7 @@ extern "C" { | |||
| 189 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ | 189 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ |
| 190 | #define TLS1_AD_USER_CANCELLED 90 | 190 | #define TLS1_AD_USER_CANCELLED 90 |
| 191 | #define TLS1_AD_NO_RENEGOTIATION 100 | 191 | #define TLS1_AD_NO_RENEGOTIATION 100 |
| 192 | /* codes 110-114 are from RFC3546 */ | 192 | /* Codes 110-114 are from RFC 3546. */ |
| 193 | #define TLS1_AD_UNSUPPORTED_EXTENSION 110 | 193 | #define TLS1_AD_UNSUPPORTED_EXTENSION 110 |
| 194 | #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 | 194 | #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 |
| 195 | #define TLS1_AD_UNRECOGNIZED_NAME 112 | 195 | #define TLS1_AD_UNRECOGNIZED_NAME 112 |
| @@ -197,46 +197,56 @@ extern "C" { | |||
| 197 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 | 197 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 |
| 198 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ | 198 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ |
| 199 | 199 | ||
| 200 | /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ | 200 | /* |
| 201 | * TLS ExtensionType values. | ||
| 202 | * | ||
| 203 | * http://www.iana.org/assignments/tls-extensiontype-values/ | ||
| 204 | */ | ||
| 205 | |||
| 206 | /* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */ | ||
| 201 | #define TLSEXT_TYPE_server_name 0 | 207 | #define TLSEXT_TYPE_server_name 0 |
| 202 | #define TLSEXT_TYPE_max_fragment_length 1 | 208 | #define TLSEXT_TYPE_max_fragment_length 1 |
| 203 | #define TLSEXT_TYPE_client_certificate_url 2 | 209 | #define TLSEXT_TYPE_client_certificate_url 2 |
| 204 | #define TLSEXT_TYPE_trusted_ca_keys 3 | 210 | #define TLSEXT_TYPE_trusted_ca_keys 3 |
| 205 | #define TLSEXT_TYPE_truncated_hmac 4 | 211 | #define TLSEXT_TYPE_truncated_hmac 4 |
| 206 | #define TLSEXT_TYPE_status_request 5 | 212 | #define TLSEXT_TYPE_status_request 5 |
| 207 | /* ExtensionType values from RFC4681 */ | 213 | |
| 214 | /* ExtensionType values from RFC 4681. */ | ||
| 208 | #define TLSEXT_TYPE_user_mapping 6 | 215 | #define TLSEXT_TYPE_user_mapping 6 |
| 209 | 216 | ||
| 210 | /* ExtensionType values from RFC5878 */ | 217 | /* ExtensionType values from RFC 5878. */ |
| 211 | #define TLSEXT_TYPE_client_authz 7 | 218 | #define TLSEXT_TYPE_client_authz 7 |
| 212 | #define TLSEXT_TYPE_server_authz 8 | 219 | #define TLSEXT_TYPE_server_authz 8 |
| 213 | 220 | ||
| 214 | /* ExtensionType values from RFC6091 */ | 221 | /* ExtensionType values from RFC 6091. */ |
| 215 | #define TLSEXT_TYPE_cert_type 9 | 222 | #define TLSEXT_TYPE_cert_type 9 |
| 216 | 223 | ||
| 217 | /* ExtensionType values from RFC4492 */ | 224 | /* ExtensionType values from RFC 4492. */ |
| 218 | #define TLSEXT_TYPE_elliptic_curves 10 | 225 | #define TLSEXT_TYPE_elliptic_curves 10 |
| 219 | #define TLSEXT_TYPE_ec_point_formats 11 | 226 | #define TLSEXT_TYPE_ec_point_formats 11 |
| 220 | 227 | ||
| 221 | /* ExtensionType value from RFC5054 */ | 228 | /* ExtensionType value from RFC 5054. */ |
| 222 | #define TLSEXT_TYPE_srp 12 | 229 | #define TLSEXT_TYPE_srp 12 |
| 223 | 230 | ||
| 224 | /* ExtensionType values from RFC5246 */ | 231 | /* ExtensionType values from RFC 5246. */ |
| 225 | #define TLSEXT_TYPE_signature_algorithms 13 | 232 | #define TLSEXT_TYPE_signature_algorithms 13 |
| 226 | 233 | ||
| 227 | /* ExtensionType value from RFC5764 */ | 234 | /* ExtensionType value from RFC 5764. */ |
| 228 | #define TLSEXT_TYPE_use_srtp 14 | 235 | #define TLSEXT_TYPE_use_srtp 14 |
| 229 | 236 | ||
| 230 | /* ExtensionType value from RFC5620 */ | 237 | /* ExtensionType value from RFC 5620. */ |
| 231 | #define TLSEXT_TYPE_heartbeat 15 | 238 | #define TLSEXT_TYPE_heartbeat 15 |
| 232 | 239 | ||
| 240 | /* ExtensionType value from RFC 7301. */ | ||
| 241 | #define TLSEXT_TYPE_application_layer_protocol_negotiation 16 | ||
| 242 | |||
| 233 | /* ExtensionType value for TLS padding extension. | 243 | /* ExtensionType value for TLS padding extension. |
| 234 | * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml | 244 | * (TEMPORARY - registered 2014-03-12, expires 2015-03-12) |
| 235 | * http://tools.ietf.org/html/draft-agl-tls-padding-03 | 245 | * http://tools.ietf.org/html/draft-agl-tls-padding-03 |
| 236 | */ | 246 | */ |
| 237 | #define TLSEXT_TYPE_padding 21 | 247 | #define TLSEXT_TYPE_padding 21 |
| 238 | 248 | ||
| 239 | /* ExtensionType value from RFC4507 */ | 249 | /* ExtensionType value from RFC 4507. */ |
| 240 | #define TLSEXT_TYPE_session_ticket 35 | 250 | #define TLSEXT_TYPE_session_ticket 35 |
| 241 | 251 | ||
| 242 | /* Temporary extension type */ | 252 | /* Temporary extension type */ |
| @@ -247,19 +257,19 @@ extern "C" { | |||
| 247 | #define TLSEXT_TYPE_next_proto_neg 13172 | 257 | #define TLSEXT_TYPE_next_proto_neg 13172 |
| 248 | #endif | 258 | #endif |
| 249 | 259 | ||
| 250 | /* NameType value from RFC 3546 */ | 260 | /* NameType value from RFC 3546. */ |
| 251 | #define TLSEXT_NAMETYPE_host_name 0 | 261 | #define TLSEXT_NAMETYPE_host_name 0 |
| 252 | /* status request value from RFC 3546 */ | 262 | /* status request value from RFC 3546 */ |
| 253 | #define TLSEXT_STATUSTYPE_ocsp 1 | 263 | #define TLSEXT_STATUSTYPE_ocsp 1 |
| 254 | 264 | ||
| 255 | /* ECPointFormat values from draft-ietf-tls-ecc-12 */ | 265 | /* ECPointFormat values from RFC 4492. */ |
| 256 | #define TLSEXT_ECPOINTFORMAT_first 0 | 266 | #define TLSEXT_ECPOINTFORMAT_first 0 |
| 257 | #define TLSEXT_ECPOINTFORMAT_uncompressed 0 | 267 | #define TLSEXT_ECPOINTFORMAT_uncompressed 0 |
| 258 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 | 268 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 |
| 259 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 | 269 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 |
| 260 | #define TLSEXT_ECPOINTFORMAT_last 2 | 270 | #define TLSEXT_ECPOINTFORMAT_last 2 |
| 261 | 271 | ||
| 262 | /* Signature and hash algorithms from RFC 5246 */ | 272 | /* Signature and hash algorithms from RFC 5246. */ |
| 263 | 273 | ||
| 264 | #define TLSEXT_signature_anonymous 0 | 274 | #define TLSEXT_signature_anonymous 0 |
| 265 | #define TLSEXT_signature_rsa 1 | 275 | #define TLSEXT_signature_rsa 1 |
| @@ -274,7 +284,6 @@ extern "C" { | |||
| 274 | #define TLSEXT_hash_sha384 5 | 284 | #define TLSEXT_hash_sha384 5 |
| 275 | #define TLSEXT_hash_sha512 6 | 285 | #define TLSEXT_hash_sha512 6 |
| 276 | 286 | ||
| 277 | |||
| 278 | #define TLSEXT_MAXLEN_host_name 255 | 287 | #define TLSEXT_MAXLEN_host_name 255 |
| 279 | 288 | ||
| 280 | const char *SSL_get_servername(const SSL *s, const int type); | 289 | const char *SSL_get_servername(const SSL *s, const int type); |
| @@ -345,8 +354,7 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) | |||
| 345 | #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ | 354 | #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ |
| 346 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | 355 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) |
| 347 | 356 | ||
| 348 | 357 | /* PSK ciphersuites from RFC 4279. */ | |
| 349 | /* PSK ciphersuites from 4279 */ | ||
| 350 | #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A | 358 | #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A |
| 351 | #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B | 359 | #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B |
| 352 | #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C | 360 | #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C |
| @@ -365,7 +373,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 365 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 | 373 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 |
| 366 | #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 | 374 | #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 |
| 367 | 375 | ||
| 368 | /* AES ciphersuites from RFC3268 */ | 376 | /* AES ciphersuites from RFC 3268. */ |
| 369 | 377 | ||
| 370 | #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F | 378 | #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F |
| 371 | #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 | 379 | #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 |
| @@ -389,7 +397,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 389 | #define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F | 397 | #define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F |
| 390 | #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 | 398 | #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 |
| 391 | 399 | ||
| 392 | /* Camellia ciphersuites from RFC4132 */ | 400 | /* Camellia ciphersuites from RFC 4132. */ |
| 393 | #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 | 401 | #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 |
| 394 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 | 402 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 |
| 395 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 | 403 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 |
| @@ -406,7 +414,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 406 | #define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C | 414 | #define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C |
| 407 | #define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D | 415 | #define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D |
| 408 | 416 | ||
| 409 | /* Camellia ciphersuites from RFC4132 */ | 417 | /* Camellia ciphersuites from RFC 4132. */ |
| 410 | #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 | 418 | #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 |
| 411 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 | 419 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 |
| 412 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 | 420 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 |
| @@ -414,7 +422,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 414 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 | 422 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 |
| 415 | #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 | 423 | #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 |
| 416 | 424 | ||
| 417 | /* SEED ciphersuites from RFC4162 */ | 425 | /* SEED ciphersuites from RFC 4162. */ |
| 418 | #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 | 426 | #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 |
| 419 | #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 | 427 | #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 |
| 420 | #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 | 428 | #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 |
| @@ -422,7 +430,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 422 | #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A | 430 | #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A |
| 423 | #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B | 431 | #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B |
| 424 | 432 | ||
| 425 | /* TLS v1.2 GCM ciphersuites from RFC5288 */ | 433 | /* TLS v1.2 GCM ciphersuites from RFC 5288. */ |
| 426 | #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C | 434 | #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C |
| 427 | #define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D | 435 | #define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D |
| 428 | #define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E | 436 | #define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E |
| @@ -436,7 +444,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 436 | #define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 | 444 | #define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 |
| 437 | #define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 | 445 | #define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 |
| 438 | 446 | ||
| 439 | /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ | 447 | /* ECC ciphersuites from RFC 4492. */ |
| 440 | #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 | 448 | #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 |
| 441 | #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 | 449 | #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 |
| 442 | #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 | 450 | #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 |
| @@ -467,7 +475,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 467 | #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 | 475 | #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 |
| 468 | #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 | 476 | #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 |
| 469 | 477 | ||
| 470 | /* SRP ciphersuites from RFC 5054 */ | 478 | /* SRP ciphersuites from RFC 5054. */ |
| 471 | #define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A | 479 | #define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A |
| 472 | #define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B | 480 | #define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B |
| 473 | #define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C | 481 | #define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C |
| @@ -478,7 +486,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 478 | #define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 | 486 | #define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 |
| 479 | #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 | 487 | #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 |
| 480 | 488 | ||
| 481 | /* ECDH HMAC based ciphersuites from RFC5289 */ | 489 | /* ECDH HMAC based ciphersuites from RFC 5289. */ |
| 482 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 | 490 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 |
| 483 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 | 491 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 |
| 484 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 | 492 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 |
| @@ -488,7 +496,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 488 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 | 496 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 |
| 489 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A | 497 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A |
| 490 | 498 | ||
| 491 | /* ECDH GCM based ciphersuites from RFC5289 */ | 499 | /* ECDH GCM based ciphersuites from RFC 5289. */ |
| 492 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B | 500 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B |
| 493 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C | 501 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C |
| 494 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D | 502 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D |
| @@ -518,7 +526,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 518 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" | 526 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" |
| 519 | #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" | 527 | #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" |
| 520 | 528 | ||
| 521 | /* AES ciphersuites from RFC3268 */ | 529 | /* AES ciphersuites from RFC 3268. */ |
| 522 | #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" | 530 | #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" |
| 523 | #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" | 531 | #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" |
| 524 | #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" | 532 | #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" |
| @@ -564,13 +572,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 564 | #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" | 572 | #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" |
| 565 | #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" | 573 | #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" |
| 566 | 574 | ||
| 567 | /* PSK ciphersuites from RFC 4279 */ | 575 | /* PSK ciphersuites from RFC 4279. */ |
| 568 | #define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" | 576 | #define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" |
| 569 | #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" | 577 | #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" |
| 570 | #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" | 578 | #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" |
| 571 | #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" | 579 | #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" |
| 572 | 580 | ||
| 573 | /* SRP ciphersuite from RFC 5054 */ | 581 | /* SRP ciphersuite from RFC 5054. */ |
| 574 | #define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" | 582 | #define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" |
| 575 | #define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" | 583 | #define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" |
| 576 | #define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" | 584 | #define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" |
| @@ -581,7 +589,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 581 | #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" | 589 | #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" |
| 582 | #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" | 590 | #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" |
| 583 | 591 | ||
| 584 | /* Camellia ciphersuites from RFC4132 */ | 592 | /* Camellia ciphersuites from RFC 4132. */ |
| 585 | #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" | 593 | #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" |
| 586 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" | 594 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" |
| 587 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" | 595 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" |
| @@ -596,7 +604,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 596 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" | 604 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" |
| 597 | #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" | 605 | #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" |
| 598 | 606 | ||
| 599 | /* SEED ciphersuites from RFC4162 */ | 607 | /* SEED ciphersuites from RFC 4162. */ |
| 600 | #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" | 608 | #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" |
| 601 | #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" | 609 | #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" |
| 602 | #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" | 610 | #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" |
| @@ -604,7 +612,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 604 | #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" | 612 | #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" |
| 605 | #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" | 613 | #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" |
| 606 | 614 | ||
| 607 | /* TLS v1.2 ciphersuites */ | 615 | /* TLS v1.2 ciphersuites. */ |
| 608 | #define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" | 616 | #define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" |
| 609 | #define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" | 617 | #define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" |
| 610 | #define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" | 618 | #define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" |
| @@ -619,7 +627,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 619 | #define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" | 627 | #define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" |
| 620 | #define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" | 628 | #define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" |
| 621 | 629 | ||
| 622 | /* TLS v1.2 GCM ciphersuites from RFC5288 */ | 630 | /* TLS v1.2 GCM ciphersuites from RFC 5288. */ |
| 623 | #define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" | 631 | #define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" |
| 624 | #define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" | 632 | #define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" |
| 625 | #define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" | 633 | #define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" |
| @@ -633,7 +641,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 633 | #define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" | 641 | #define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" |
| 634 | #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" | 642 | #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" |
| 635 | 643 | ||
| 636 | /* ECDH HMAC based ciphersuites from RFC5289 */ | 644 | /* ECDH HMAC based ciphersuites from RFC 5289. */ |
| 637 | 645 | ||
| 638 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" | 646 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" |
| 639 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" | 647 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" |
| @@ -644,7 +652,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 644 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" | 652 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" |
| 645 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" | 653 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" |
| 646 | 654 | ||
| 647 | /* ECDH GCM based ciphersuites from RFC5289 */ | 655 | /* ECDH GCM based ciphersuites from RFC 5289. */ |
| 648 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" | 656 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" |
| 649 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" | 657 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" |
| 650 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" | 658 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" |
| @@ -692,7 +700,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 692 | #define TLS_MD_MASTER_SECRET_CONST "master secret" | 700 | #define TLS_MD_MASTER_SECRET_CONST "master secret" |
| 693 | #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 | 701 | #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 |
| 694 | 702 | ||
| 695 | /* TLS Session Ticket extension struct */ | 703 | /* TLS Session Ticket extension struct. */ |
| 696 | struct tls_session_ticket_ext_st { | 704 | struct tls_session_ticket_ext_st { |
| 697 | unsigned short length; | 705 | unsigned short length; |
| 698 | void *data; | 706 | void *data; |
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 3bbb2acc2f..97041267e9 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls1.h,v 1.19 2014/06/13 13:28:53 jsing Exp $ */ | 1 | /* $OpenBSD: tls1.h,v 1.20 2014/10/31 15:49:18 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -189,7 +189,7 @@ extern "C" { | |||
| 189 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ | 189 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ |
| 190 | #define TLS1_AD_USER_CANCELLED 90 | 190 | #define TLS1_AD_USER_CANCELLED 90 |
| 191 | #define TLS1_AD_NO_RENEGOTIATION 100 | 191 | #define TLS1_AD_NO_RENEGOTIATION 100 |
| 192 | /* codes 110-114 are from RFC3546 */ | 192 | /* Codes 110-114 are from RFC 3546. */ |
| 193 | #define TLS1_AD_UNSUPPORTED_EXTENSION 110 | 193 | #define TLS1_AD_UNSUPPORTED_EXTENSION 110 |
| 194 | #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 | 194 | #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 |
| 195 | #define TLS1_AD_UNRECOGNIZED_NAME 112 | 195 | #define TLS1_AD_UNRECOGNIZED_NAME 112 |
| @@ -197,46 +197,56 @@ extern "C" { | |||
| 197 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 | 197 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 |
| 198 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ | 198 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ |
| 199 | 199 | ||
| 200 | /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ | 200 | /* |
| 201 | * TLS ExtensionType values. | ||
| 202 | * | ||
| 203 | * http://www.iana.org/assignments/tls-extensiontype-values/ | ||
| 204 | */ | ||
| 205 | |||
| 206 | /* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */ | ||
| 201 | #define TLSEXT_TYPE_server_name 0 | 207 | #define TLSEXT_TYPE_server_name 0 |
| 202 | #define TLSEXT_TYPE_max_fragment_length 1 | 208 | #define TLSEXT_TYPE_max_fragment_length 1 |
| 203 | #define TLSEXT_TYPE_client_certificate_url 2 | 209 | #define TLSEXT_TYPE_client_certificate_url 2 |
| 204 | #define TLSEXT_TYPE_trusted_ca_keys 3 | 210 | #define TLSEXT_TYPE_trusted_ca_keys 3 |
| 205 | #define TLSEXT_TYPE_truncated_hmac 4 | 211 | #define TLSEXT_TYPE_truncated_hmac 4 |
| 206 | #define TLSEXT_TYPE_status_request 5 | 212 | #define TLSEXT_TYPE_status_request 5 |
| 207 | /* ExtensionType values from RFC4681 */ | 213 | |
| 214 | /* ExtensionType values from RFC 4681. */ | ||
| 208 | #define TLSEXT_TYPE_user_mapping 6 | 215 | #define TLSEXT_TYPE_user_mapping 6 |
| 209 | 216 | ||
| 210 | /* ExtensionType values from RFC5878 */ | 217 | /* ExtensionType values from RFC 5878. */ |
| 211 | #define TLSEXT_TYPE_client_authz 7 | 218 | #define TLSEXT_TYPE_client_authz 7 |
| 212 | #define TLSEXT_TYPE_server_authz 8 | 219 | #define TLSEXT_TYPE_server_authz 8 |
| 213 | 220 | ||
| 214 | /* ExtensionType values from RFC6091 */ | 221 | /* ExtensionType values from RFC 6091. */ |
| 215 | #define TLSEXT_TYPE_cert_type 9 | 222 | #define TLSEXT_TYPE_cert_type 9 |
| 216 | 223 | ||
| 217 | /* ExtensionType values from RFC4492 */ | 224 | /* ExtensionType values from RFC 4492. */ |
| 218 | #define TLSEXT_TYPE_elliptic_curves 10 | 225 | #define TLSEXT_TYPE_elliptic_curves 10 |
| 219 | #define TLSEXT_TYPE_ec_point_formats 11 | 226 | #define TLSEXT_TYPE_ec_point_formats 11 |
| 220 | 227 | ||
| 221 | /* ExtensionType value from RFC5054 */ | 228 | /* ExtensionType value from RFC 5054. */ |
| 222 | #define TLSEXT_TYPE_srp 12 | 229 | #define TLSEXT_TYPE_srp 12 |
| 223 | 230 | ||
| 224 | /* ExtensionType values from RFC5246 */ | 231 | /* ExtensionType values from RFC 5246. */ |
| 225 | #define TLSEXT_TYPE_signature_algorithms 13 | 232 | #define TLSEXT_TYPE_signature_algorithms 13 |
| 226 | 233 | ||
| 227 | /* ExtensionType value from RFC5764 */ | 234 | /* ExtensionType value from RFC 5764. */ |
| 228 | #define TLSEXT_TYPE_use_srtp 14 | 235 | #define TLSEXT_TYPE_use_srtp 14 |
| 229 | 236 | ||
| 230 | /* ExtensionType value from RFC5620 */ | 237 | /* ExtensionType value from RFC 5620. */ |
| 231 | #define TLSEXT_TYPE_heartbeat 15 | 238 | #define TLSEXT_TYPE_heartbeat 15 |
| 232 | 239 | ||
| 240 | /* ExtensionType value from RFC 7301. */ | ||
| 241 | #define TLSEXT_TYPE_application_layer_protocol_negotiation 16 | ||
| 242 | |||
| 233 | /* ExtensionType value for TLS padding extension. | 243 | /* ExtensionType value for TLS padding extension. |
| 234 | * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml | 244 | * (TEMPORARY - registered 2014-03-12, expires 2015-03-12) |
| 235 | * http://tools.ietf.org/html/draft-agl-tls-padding-03 | 245 | * http://tools.ietf.org/html/draft-agl-tls-padding-03 |
| 236 | */ | 246 | */ |
| 237 | #define TLSEXT_TYPE_padding 21 | 247 | #define TLSEXT_TYPE_padding 21 |
| 238 | 248 | ||
| 239 | /* ExtensionType value from RFC4507 */ | 249 | /* ExtensionType value from RFC 4507. */ |
| 240 | #define TLSEXT_TYPE_session_ticket 35 | 250 | #define TLSEXT_TYPE_session_ticket 35 |
| 241 | 251 | ||
| 242 | /* Temporary extension type */ | 252 | /* Temporary extension type */ |
| @@ -247,19 +257,19 @@ extern "C" { | |||
| 247 | #define TLSEXT_TYPE_next_proto_neg 13172 | 257 | #define TLSEXT_TYPE_next_proto_neg 13172 |
| 248 | #endif | 258 | #endif |
| 249 | 259 | ||
| 250 | /* NameType value from RFC 3546 */ | 260 | /* NameType value from RFC 3546. */ |
| 251 | #define TLSEXT_NAMETYPE_host_name 0 | 261 | #define TLSEXT_NAMETYPE_host_name 0 |
| 252 | /* status request value from RFC 3546 */ | 262 | /* status request value from RFC 3546 */ |
| 253 | #define TLSEXT_STATUSTYPE_ocsp 1 | 263 | #define TLSEXT_STATUSTYPE_ocsp 1 |
| 254 | 264 | ||
| 255 | /* ECPointFormat values from draft-ietf-tls-ecc-12 */ | 265 | /* ECPointFormat values from RFC 4492. */ |
| 256 | #define TLSEXT_ECPOINTFORMAT_first 0 | 266 | #define TLSEXT_ECPOINTFORMAT_first 0 |
| 257 | #define TLSEXT_ECPOINTFORMAT_uncompressed 0 | 267 | #define TLSEXT_ECPOINTFORMAT_uncompressed 0 |
| 258 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 | 268 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 |
| 259 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 | 269 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 |
| 260 | #define TLSEXT_ECPOINTFORMAT_last 2 | 270 | #define TLSEXT_ECPOINTFORMAT_last 2 |
| 261 | 271 | ||
| 262 | /* Signature and hash algorithms from RFC 5246 */ | 272 | /* Signature and hash algorithms from RFC 5246. */ |
| 263 | 273 | ||
| 264 | #define TLSEXT_signature_anonymous 0 | 274 | #define TLSEXT_signature_anonymous 0 |
| 265 | #define TLSEXT_signature_rsa 1 | 275 | #define TLSEXT_signature_rsa 1 |
| @@ -274,7 +284,6 @@ extern "C" { | |||
| 274 | #define TLSEXT_hash_sha384 5 | 284 | #define TLSEXT_hash_sha384 5 |
| 275 | #define TLSEXT_hash_sha512 6 | 285 | #define TLSEXT_hash_sha512 6 |
| 276 | 286 | ||
| 277 | |||
| 278 | #define TLSEXT_MAXLEN_host_name 255 | 287 | #define TLSEXT_MAXLEN_host_name 255 |
| 279 | 288 | ||
| 280 | const char *SSL_get_servername(const SSL *s, const int type); | 289 | const char *SSL_get_servername(const SSL *s, const int type); |
| @@ -345,8 +354,7 @@ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) | |||
| 345 | #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ | 354 | #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ |
| 346 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | 355 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) |
| 347 | 356 | ||
| 348 | 357 | /* PSK ciphersuites from RFC 4279. */ | |
| 349 | /* PSK ciphersuites from 4279 */ | ||
| 350 | #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A | 358 | #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A |
| 351 | #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B | 359 | #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B |
| 352 | #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C | 360 | #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C |
| @@ -365,7 +373,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 365 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 | 373 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 |
| 366 | #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 | 374 | #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 |
| 367 | 375 | ||
| 368 | /* AES ciphersuites from RFC3268 */ | 376 | /* AES ciphersuites from RFC 3268. */ |
| 369 | 377 | ||
| 370 | #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F | 378 | #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F |
| 371 | #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 | 379 | #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 |
| @@ -389,7 +397,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 389 | #define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F | 397 | #define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F |
| 390 | #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 | 398 | #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 |
| 391 | 399 | ||
| 392 | /* Camellia ciphersuites from RFC4132 */ | 400 | /* Camellia ciphersuites from RFC 4132. */ |
| 393 | #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 | 401 | #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 |
| 394 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 | 402 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 |
| 395 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 | 403 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 |
| @@ -406,7 +414,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 406 | #define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C | 414 | #define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C |
| 407 | #define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D | 415 | #define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D |
| 408 | 416 | ||
| 409 | /* Camellia ciphersuites from RFC4132 */ | 417 | /* Camellia ciphersuites from RFC 4132. */ |
| 410 | #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 | 418 | #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 |
| 411 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 | 419 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 |
| 412 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 | 420 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 |
| @@ -414,7 +422,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 414 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 | 422 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 |
| 415 | #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 | 423 | #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 |
| 416 | 424 | ||
| 417 | /* SEED ciphersuites from RFC4162 */ | 425 | /* SEED ciphersuites from RFC 4162. */ |
| 418 | #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 | 426 | #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 |
| 419 | #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 | 427 | #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 |
| 420 | #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 | 428 | #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 |
| @@ -422,7 +430,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 422 | #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A | 430 | #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A |
| 423 | #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B | 431 | #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B |
| 424 | 432 | ||
| 425 | /* TLS v1.2 GCM ciphersuites from RFC5288 */ | 433 | /* TLS v1.2 GCM ciphersuites from RFC 5288. */ |
| 426 | #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C | 434 | #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C |
| 427 | #define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D | 435 | #define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D |
| 428 | #define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E | 436 | #define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E |
| @@ -436,7 +444,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 436 | #define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 | 444 | #define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 |
| 437 | #define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 | 445 | #define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 |
| 438 | 446 | ||
| 439 | /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ | 447 | /* ECC ciphersuites from RFC 4492. */ |
| 440 | #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 | 448 | #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 |
| 441 | #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 | 449 | #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 |
| 442 | #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 | 450 | #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 |
| @@ -467,7 +475,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 467 | #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 | 475 | #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 |
| 468 | #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 | 476 | #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 |
| 469 | 477 | ||
| 470 | /* SRP ciphersuites from RFC 5054 */ | 478 | /* SRP ciphersuites from RFC 5054. */ |
| 471 | #define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A | 479 | #define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A |
| 472 | #define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B | 480 | #define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B |
| 473 | #define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C | 481 | #define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C |
| @@ -478,7 +486,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 478 | #define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 | 486 | #define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 |
| 479 | #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 | 487 | #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 |
| 480 | 488 | ||
| 481 | /* ECDH HMAC based ciphersuites from RFC5289 */ | 489 | /* ECDH HMAC based ciphersuites from RFC 5289. */ |
| 482 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 | 490 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 |
| 483 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 | 491 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 |
| 484 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 | 492 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 |
| @@ -488,7 +496,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 488 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 | 496 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 |
| 489 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A | 497 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A |
| 490 | 498 | ||
| 491 | /* ECDH GCM based ciphersuites from RFC5289 */ | 499 | /* ECDH GCM based ciphersuites from RFC 5289. */ |
| 492 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B | 500 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B |
| 493 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C | 501 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C |
| 494 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D | 502 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D |
| @@ -518,7 +526,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 518 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" | 526 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" |
| 519 | #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" | 527 | #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" |
| 520 | 528 | ||
| 521 | /* AES ciphersuites from RFC3268 */ | 529 | /* AES ciphersuites from RFC 3268. */ |
| 522 | #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" | 530 | #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" |
| 523 | #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" | 531 | #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" |
| 524 | #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" | 532 | #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" |
| @@ -564,13 +572,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 564 | #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" | 572 | #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" |
| 565 | #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" | 573 | #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" |
| 566 | 574 | ||
| 567 | /* PSK ciphersuites from RFC 4279 */ | 575 | /* PSK ciphersuites from RFC 4279. */ |
| 568 | #define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" | 576 | #define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" |
| 569 | #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" | 577 | #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" |
| 570 | #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" | 578 | #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" |
| 571 | #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" | 579 | #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" |
| 572 | 580 | ||
| 573 | /* SRP ciphersuite from RFC 5054 */ | 581 | /* SRP ciphersuite from RFC 5054. */ |
| 574 | #define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" | 582 | #define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" |
| 575 | #define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" | 583 | #define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" |
| 576 | #define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" | 584 | #define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" |
| @@ -581,7 +589,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 581 | #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" | 589 | #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" |
| 582 | #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" | 590 | #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" |
| 583 | 591 | ||
| 584 | /* Camellia ciphersuites from RFC4132 */ | 592 | /* Camellia ciphersuites from RFC 4132. */ |
| 585 | #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" | 593 | #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" |
| 586 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" | 594 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" |
| 587 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" | 595 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" |
| @@ -596,7 +604,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 596 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" | 604 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" |
| 597 | #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" | 605 | #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" |
| 598 | 606 | ||
| 599 | /* SEED ciphersuites from RFC4162 */ | 607 | /* SEED ciphersuites from RFC 4162. */ |
| 600 | #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" | 608 | #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" |
| 601 | #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" | 609 | #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" |
| 602 | #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" | 610 | #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" |
| @@ -604,7 +612,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 604 | #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" | 612 | #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" |
| 605 | #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" | 613 | #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" |
| 606 | 614 | ||
| 607 | /* TLS v1.2 ciphersuites */ | 615 | /* TLS v1.2 ciphersuites. */ |
| 608 | #define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" | 616 | #define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" |
| 609 | #define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" | 617 | #define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" |
| 610 | #define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" | 618 | #define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" |
| @@ -619,7 +627,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 619 | #define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" | 627 | #define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" |
| 620 | #define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" | 628 | #define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" |
| 621 | 629 | ||
| 622 | /* TLS v1.2 GCM ciphersuites from RFC5288 */ | 630 | /* TLS v1.2 GCM ciphersuites from RFC 5288. */ |
| 623 | #define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" | 631 | #define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" |
| 624 | #define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" | 632 | #define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" |
| 625 | #define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" | 633 | #define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" |
| @@ -633,7 +641,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 633 | #define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" | 641 | #define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" |
| 634 | #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" | 642 | #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" |
| 635 | 643 | ||
| 636 | /* ECDH HMAC based ciphersuites from RFC5289 */ | 644 | /* ECDH HMAC based ciphersuites from RFC 5289. */ |
| 637 | 645 | ||
| 638 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" | 646 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" |
| 639 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" | 647 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" |
| @@ -644,7 +652,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 644 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" | 652 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" |
| 645 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" | 653 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" |
| 646 | 654 | ||
| 647 | /* ECDH GCM based ciphersuites from RFC5289 */ | 655 | /* ECDH GCM based ciphersuites from RFC 5289. */ |
| 648 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" | 656 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" |
| 649 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" | 657 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" |
| 650 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" | 658 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" |
| @@ -692,7 +700,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | |||
| 692 | #define TLS_MD_MASTER_SECRET_CONST "master secret" | 700 | #define TLS_MD_MASTER_SECRET_CONST "master secret" |
| 693 | #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 | 701 | #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 |
| 694 | 702 | ||
| 695 | /* TLS Session Ticket extension struct */ | 703 | /* TLS Session Ticket extension struct. */ |
| 696 | struct tls_session_ticket_ext_st { | 704 | struct tls_session_ticket_ext_st { |
| 697 | unsigned short length; | 705 | unsigned short length; |
| 698 | void *data; | 706 | void *data; |