1 files changed, 2 insertions, 214 deletions
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 2d1d293e1a..38838ea9a5 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -55,19 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
 #ifndef HEADER_TLS1_H 
 #define HEADER_TLS1_H 
@@ -78,7 +65,7 @@
 extern "C" {
 #endif
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    1
 #define TLS1_VERSION                    0x0301
 #define TLS1_VERSION_MAJOR              0x03
@@ -96,93 +83,6 @@ extern "C" {
 #define TLS1_AD_INTERNAL_ERROR          80      /* fatal */
 #define TLS1_AD_USER_CANCELLED          90
 #define TLS1_AD_NO_RENEGOTIATION        100
-/* codes 110-114 are from RFC3546 */
-#define TLS1_AD_UNSUPPORTED_EXTENSION   110
-#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
-#define TLS1_AD_UNRECOGNIZED_NAME       112
-#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
-#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
-#define TLS1_AD_UNKNOWN_PSK_IDENTITY    115     /* fatal */
-/* ExtensionType values from RFC 3546 */
-#define TLSEXT_TYPE_server_name                 0
-#define TLSEXT_TYPE_max_fragment_length         1
-#define TLSEXT_TYPE_client_certificate_url      2
-#define TLSEXT_TYPE_trusted_ca_keys             3
-#define TLSEXT_TYPE_truncated_hmac              4
-#define TLSEXT_TYPE_status_request              5
-#define TLSEXT_TYPE_elliptic_curves             10
-#define TLSEXT_TYPE_ec_point_formats            11
-#define TLSEXT_TYPE_session_ticket              35
-/* NameType value from RFC 3546 */
-#define TLSEXT_NAMETYPE_host_name 0
-/* status request value from RFC 3546 */
-#define TLSEXT_STATUSTYPE_ocsp 1
-#ifndef OPENSSL_NO_TLSEXT
-#define TLSEXT_MAXLEN_host_name 255
-const char *SSL_get_servername(const SSL *s, const int type) ;
-int SSL_get_servername_type(const SSL *s) ;
-#define SSL_set_tlsext_host_name(s,name) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
-#define SSL_set_tlsext_debug_callback(ssl, cb) \
-SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
-#define SSL_set_tlsext_debug_arg(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
-#define SSL_set_tlsext_status_type(ssl, type) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
-#define SSL_get_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-#define SSL_set_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-#define SSL_get_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-#define SSL_set_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
-#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
-#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
-#define SSL_TLSEXT_ERR_OK 0
-#define SSL_TLSEXT_ERR_ALERT_WARNING 1
-#define SSL_TLSEXT_ERR_ALERT_FATAL 2
-#define SSL_TLSEXT_ERR_NOACK 3
-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
-#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
-#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
-#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
-#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
-#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
-#endif
 /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
@@ -212,60 +112,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
 #define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
-/* SEED ciphersuites from RFC4162 */
-#define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
-#define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
-#define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
-#define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
-#define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
-#define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
-/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
-#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
-#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
-#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
-#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
-#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
-#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
-#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
-#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
-#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
-#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
-#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
-#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
-#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
-#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
-#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
-#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
-#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
 /* XXX
 * Inconsistency alert:
 * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -296,68 +142,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
 #define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
-/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
-#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
-/* SEED ciphersuites from RFC4162 */
-#define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
-#define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
-#define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
-#define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
 #define TLS_CT_RSA_SIGN                 1
 #define TLS_CT_DSS_SIGN                 2
 #define TLS_CT_RSA_FIXED_DH             3
 #define TLS_CT_DSS_FIXED_DH             4
-#define TLS_CT_ECDSA_SIGN               64
+#define TLS_CT_NUMBER                   4
-#define TLS_CT_RSA_FIXED_ECDH           65
-#define TLS_CT_ECDSA_FIXED_ECDH         66
-#define TLS_CT_NUMBER                   7
 #define TLS1_FINISH_MAC_LENGTH          12
@@ -403,5 +193,3 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #endif
 #endif

diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 2d1d293e1a..38838ea9a5 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -55,19 +55,6 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58	/* ====================================================================
59	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60	*
61	* Portions of the attached software ("Contribution") are developed by
62	* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63	*
64	* The Contribution is licensed pursuant to the OpenSSL open source
65	* license provided above.
66	*
67	* ECC cipher suite support in OpenSSL originally written by
68	* Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
69	*
70	*/
71		58
72	#ifndef HEADER_TLS1_H	59	#ifndef HEADER_TLS1_H
73	#define HEADER_TLS1_H	60	#define HEADER_TLS1_H
@@ -78,7 +65,7 @@
78	extern "C" {	65	extern "C" {
79	#endif	66	#endif
80		67
81	#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0	68	#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1
82		69
83	#define TLS1_VERSION 0x0301	70	#define TLS1_VERSION 0x0301
84	#define TLS1_VERSION_MAJOR 0x03	71	#define TLS1_VERSION_MAJOR 0x03
@@ -96,93 +83,6 @@ extern "C" {
96	#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */	83	#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
97	#define TLS1_AD_USER_CANCELLED 90	84	#define TLS1_AD_USER_CANCELLED 90
98	#define TLS1_AD_NO_RENEGOTIATION 100	85	#define TLS1_AD_NO_RENEGOTIATION 100
99	/* codes 110-114 are from RFC3546 */
100	#define TLS1_AD_UNSUPPORTED_EXTENSION 110
101	#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
102	#define TLS1_AD_UNRECOGNIZED_NAME 112
103	#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
104	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
105	#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
106
107	/* ExtensionType values from RFC 3546 */
108	#define TLSEXT_TYPE_server_name 0
109	#define TLSEXT_TYPE_max_fragment_length 1
110	#define TLSEXT_TYPE_client_certificate_url 2
111	#define TLSEXT_TYPE_trusted_ca_keys 3
112	#define TLSEXT_TYPE_truncated_hmac 4
113	#define TLSEXT_TYPE_status_request 5
114	#define TLSEXT_TYPE_elliptic_curves 10
115	#define TLSEXT_TYPE_ec_point_formats 11
116	#define TLSEXT_TYPE_session_ticket 35
117
118	/* NameType value from RFC 3546 */
119	#define TLSEXT_NAMETYPE_host_name 0
120	/* status request value from RFC 3546 */
121	#define TLSEXT_STATUSTYPE_ocsp 1
122
123	#ifndef OPENSSL_NO_TLSEXT
124
125	#define TLSEXT_MAXLEN_host_name 255
126
127	const char SSL_get_servername(const SSL s, const int type) ;
128	int SSL_get_servername_type(const SSL *s) ;
129
130	#define SSL_set_tlsext_host_name(s,name) \
131	SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
132
133	#define SSL_set_tlsext_debug_callback(ssl, cb) \
134	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
135
136	#define SSL_set_tlsext_debug_arg(ssl, arg) \
137	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
138
139	#define SSL_set_tlsext_status_type(ssl, type) \
140	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
141
142	#define SSL_get_tlsext_status_exts(ssl, arg) \
143	SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
144
145	#define SSL_set_tlsext_status_exts(ssl, arg) \
146	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
147
148	#define SSL_get_tlsext_status_ids(ssl, arg) \
149	SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
150
151	#define SSL_set_tlsext_status_ids(ssl, arg) \
152	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
153
154	#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
155	SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
156
157	#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
158	SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
159
160	#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
161	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
162
163	#define SSL_TLSEXT_ERR_OK 0
164	#define SSL_TLSEXT_ERR_ALERT_WARNING 1
165	#define SSL_TLSEXT_ERR_ALERT_FATAL 2
166	#define SSL_TLSEXT_ERR_NOACK 3
167
168	#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
169	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
170
171	#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
172	SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys))
173	#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
174	SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys))
175
176	#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
177	SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
178
179	#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
180	SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
181
182	#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
183	SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
184
185	#endif
186		86
187	/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt	87	/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
188	* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see	88	* (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
@@ -212,60 +112,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
212	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039	112	#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
213	#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A	113	#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
214		114
215	/* Camellia ciphersuites from RFC4132 */
216	#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
217	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
218	#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
219	#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
220	#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
221	#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
222
223	#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
224	#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
225	#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
226	#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
227	#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
228	#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
229
230	/* SEED ciphersuites from RFC4162 */
231	#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
232	#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
233	#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
234	#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
235	#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
236	#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
237
238	/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
239	#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
240	#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
241	#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
242	#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
243	#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
244
245	#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
246	#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
247	#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
248	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
249	#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
250
251	#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
252	#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
253	#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
254	#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
255	#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
256
257	#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
258	#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
259	#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
260	#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
261	#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
262
263	#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
264	#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
265	#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
266	#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
267	#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
268
269	/* XXX	115	/* XXX
270	* Inconsistency alert:	116	* Inconsistency alert:
271	* The OpenSSL names of ciphers with ephemeral DH here include the string	117	* The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -296,68 +142,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
296	#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"	142	#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
297	#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"	143	#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
298		144
299	/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
300	#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
301	#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
302	#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
303	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
304	#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
305
306	#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
307	#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
308	#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
309	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
310	#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
311
312	#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
313	#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
314	#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
315	#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
316	#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
317
318	#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
319	#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
320	#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
321	#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
322	#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
323
324	#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
325	#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
326	#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
327	#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
328	#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
329
330	/* Camellia ciphersuites from RFC4132 */
331	#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
332	#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
333	#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
334	#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
335	#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
336	#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
337
338	#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
339	#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
340	#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
341	#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
342	#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
343	#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
344
345	/* SEED ciphersuites from RFC4162 */
346	#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
347	#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
348	#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
349	#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
350	#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
351	#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
352		145
353	#define TLS_CT_RSA_SIGN 1	146	#define TLS_CT_RSA_SIGN 1
354	#define TLS_CT_DSS_SIGN 2	147	#define TLS_CT_DSS_SIGN 2
355	#define TLS_CT_RSA_FIXED_DH 3	148	#define TLS_CT_RSA_FIXED_DH 3
356	#define TLS_CT_DSS_FIXED_DH 4	149	#define TLS_CT_DSS_FIXED_DH 4
357	#define TLS_CT_ECDSA_SIGN 64	150	#define TLS_CT_NUMBER 4
358	#define TLS_CT_RSA_FIXED_ECDH 65
359	#define TLS_CT_ECDSA_FIXED_ECDH 66
360	#define TLS_CT_NUMBER 7
361		151
362	#define TLS1_FINISH_MAC_LENGTH 12	152	#define TLS1_FINISH_MAC_LENGTH 12
363		153
@@ -403,5 +193,3 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
403	#endif	193	#endif
404	#endif	194	#endif
405		195
406
407