diff options
Diffstat (limited to 'src/include/openssl/tls1.h')
| -rw-r--r-- | src/include/openssl/tls1.h | 47 |
1 files changed, 45 insertions, 2 deletions
diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h index 7d16b55..f2bee27 100644 --- a/src/include/openssl/tls1.h +++ b/src/include/openssl/tls1.h @@ -209,7 +209,7 @@ extern "C" { #define TLSEXT_TYPE_signature_algorithms 13 /* ExtensionType value from RFC5764 */ -#define TLSEXT_TYPE_srtp 14 +#define TLSEXT_TYPE_use_srtp 14 /* ExtensionType value from RFC5620 */ #define TLSEXT_TYPE_heartbeat 15 @@ -239,7 +239,8 @@ extern "C" { #define TLSEXT_TYPE_next_proto_neg 13172 /* This is not an IANA defined extension number */ -#define TLSEXT_TYPE_channel_id 30032 +#define TLSEXT_TYPE_channel_id 30031 +#define TLSEXT_TYPE_channel_id_new 30032 /* NameType value from RFC 3546 */ #define TLSEXT_NAMETYPE_host_name 0 @@ -290,6 +291,14 @@ OPENSSL_EXPORT int SSL_export_keying_material( SSL *s, uint8_t *out, size_t out_len, const char *label, size_t label_len, const uint8_t *context, size_t context_len, int use_context); +OPENSSL_EXPORT int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, + int *psignandhash, uint8_t *rsig, + uint8_t *rhash); + +OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, + int *phash, int *psignandhash, + uint8_t *rsig, uint8_t *rhash); + /* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name| * in the server_name extension. It returns one on success and zero on error. */ OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name); @@ -313,6 +322,39 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( * callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. */ OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); +#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_GET_TLSEXT_TICKET_KEYS, (keylen), (keys)) +#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys)) + +/* SSL_CTX_set_tlsext_ticket_key_cb sets the ticket callback to |callback| and + * returns one. |callback| will be called when encrypting a new ticket and when + * decrypting a ticket from the client. + * + * In both modes, |ctx| and |hmac_ctx| will already have been initialized with + * |EVP_CIPHER_CTX_init| and |HMAC_CTX_init|, respectively. |callback| + * configures |hmac_ctx| with an HMAC digest and key, and configures |ctx| + * for encryption or decryption, based on the mode. + * + * When encrypting a new ticket, |encrypt| will be one. It writes a public + * 16-byte key name to |key_name| and a fresh IV to |iv|. The output IV length + * must match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, + * |callback| returns 1 on success and -1 on error. + * + * When decrypting a ticket, |encrypt| will be zero. |key_name| will point to a + * 16-byte key name and |iv| points to an IV. The length of the IV consumed must + * match |EVP_CIPHER_CTX_iv_length| of the cipher selected. In this mode, + * |callback| returns -1 to abort the handshake, 0 if decrypting the ticket + * failed, and 1 or 2 on success. If it returns 2, the ticket will be renewed. + * This may be used to re-key the ticket. + * + * WARNING: |callback| wildly breaks the usual return value convention and is + * called in two different modes. */ +OPENSSL_EXPORT int SSL_CTX_set_tlsext_ticket_key_cb( + SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, + int encrypt)); + /* PSK ciphersuites from 4279 */ #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B @@ -472,6 +514,7 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CC13 #define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CC14 +#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CC15 /* XXX * Inconsistency alert: |