summaryrefslogtreecommitdiff
path: root/include/openssl/tls1.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/openssl/tls1.h')
-rw-r--r--include/openssl/tls1.h175
1 files changed, 59 insertions, 116 deletions
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 2600704993..541110e256 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -1,19 +1,26 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-#ifndef HEADER_TLS1_H
-# define HEADER_TLS1_H
+#ifndef OPENSSL_TLS1_H
+# define OPENSSL_TLS1_H
+# pragma once
+
+# include <openssl/macros.h>
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define HEADER_TLS1_H
+# endif
# include <openssl/buffer.h>
# include <openssl/x509.h>
+# include <openssl/prov_ssl.h>
#ifdef __cplusplus
extern "C" {
@@ -24,11 +31,10 @@ extern "C" {
# define OPENSSL_TLS_SECURITY_LEVEL 1
# endif
-# define TLS1_VERSION 0x0301
-# define TLS1_1_VERSION 0x0302
-# define TLS1_2_VERSION 0x0303
-# define TLS1_3_VERSION 0x0304
-# define TLS_MAX_VERSION TLS1_3_VERSION
+/* TLS*_VERSION constants are defined in prov_ssl.h */
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define TLS_MAX_VERSION TLS1_3_VERSION
+# endif
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
@@ -107,9 +113,6 @@ extern "C" {
/* ExtensionType value from RFC5764 */
# define TLSEXT_TYPE_use_srtp 14
-/* ExtensionType value from RFC5620 */
-# define TLSEXT_TYPE_heartbeat 15
-
/* ExtensionType value from RFC7301 */
# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
@@ -322,38 +325,14 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define SSL_CTX_get_tlsext_status_type(ssl) \
SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL)
-# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\
(void (*)(void))cb)
-
-# ifndef OPENSSL_NO_HEARTBEATS
-# define SSL_DTLSEXT_HB_ENABLED 0x01
-# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02
-# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04
-# define SSL_get_dtlsext_heartbeat_pending(ssl) \
- SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL)
-# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
- SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
-
-# if OPENSSL_API_COMPAT < 0x10100000L
-# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
- SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
-# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
- SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
-# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \
- SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
-# define SSL_TLSEXT_HB_ENABLED \
- SSL_DTLSEXT_HB_ENABLED
-# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \
- SSL_DTLSEXT_HB_DONT_SEND_REQUESTS
-# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \
- SSL_DTLSEXT_HB_DONT_RECV_REQUESTS
-# define SSL_get_tlsext_heartbeat_pending(ssl) \
- SSL_get_dtlsext_heartbeat_pending(ssl)
-# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
- SSL_set_dtlsext_heartbeat_no_requests(ssl,arg)
-# endif
# endif
+int SSL_CTX_set_tlsext_ticket_key_evp_cb
+ (SSL_CTX *ctx, int (*fp)(SSL *, unsigned char *, unsigned char *,
+ EVP_CIPHER_CTX *, EVP_MAC_CTX *, int));
/* PSK ciphersuites from 4279 */
# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
@@ -1135,14 +1114,21 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS_CT_RSA_FIXED_ECDH 65
# define TLS_CT_ECDSA_FIXED_ECDH 66
# define TLS_CT_GOST01_SIGN 22
-# define TLS_CT_GOST12_SIGN 238
-# define TLS_CT_GOST12_512_SIGN 239
+# define TLS_CT_GOST12_IANA_SIGN 67
+# define TLS_CT_GOST12_IANA_512_SIGN 68
+# define TLS_CT_GOST12_LEGACY_SIGN 238
+# define TLS_CT_GOST12_LEGACY_512_SIGN 239
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# define TLS_CT_GOST12_SIGN TLS_CT_GOST12_LEGACY_SIGN
+# define TLS_CT_GOST12_512_SIGN TLS_CT_GOST12_LEGACY_512_SIGN
+# endif
/*
* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
* comment there)
*/
-# define TLS_CT_NUMBER 10
+# define TLS_CT_NUMBER 12
# if defined(SSL3_CT_NUMBER)
# if TLS_CT_NUMBER != SSL3_CT_NUMBER
@@ -1152,78 +1138,35 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_FINISH_MAC_LENGTH 12
-# define TLS_MD_MAX_CONST_SIZE 22
-# define TLS_MD_CLIENT_FINISH_CONST "client finished"
-# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
-# define TLS_MD_SERVER_FINISH_CONST "server finished"
-# define TLS_MD_SERVER_FINISH_CONST_SIZE 15
-# define TLS_MD_KEY_EXPANSION_CONST "key expansion"
-# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
-# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
-# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
-# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
-# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
-# define TLS_MD_IV_BLOCK_CONST "IV block"
-# define TLS_MD_IV_BLOCK_CONST_SIZE 8
-# define TLS_MD_MASTER_SECRET_CONST "master secret"
-# define TLS_MD_MASTER_SECRET_CONST_SIZE 13
-# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret"
-# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22
-
-# ifdef CHARSET_EBCDIC
-# undef TLS_MD_CLIENT_FINISH_CONST
-/*
- * client finished
- */
-# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
-
-# undef TLS_MD_SERVER_FINISH_CONST
-/*
- * server finished
- */
-# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
-
-# undef TLS_MD_SERVER_WRITE_KEY_CONST
-/*
- * server write key
- */
-# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
-
-# undef TLS_MD_KEY_EXPANSION_CONST
-/*
- * key expansion
- */
-# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
-
-# undef TLS_MD_CLIENT_WRITE_KEY_CONST
-/*
- * client write key
- */
-# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
-
-# undef TLS_MD_SERVER_WRITE_KEY_CONST
-/*
- * server write key
- */
-# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
-
-# undef TLS_MD_IV_BLOCK_CONST
-/*
- * IV block
- */
-# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
-
-# undef TLS_MD_MASTER_SECRET_CONST
-/*
- * master secret
- */
-# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
-# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST
-/*
- * extended master secret
- */
-# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
-# endif
+# define TLS_MD_MAX_CONST_SIZE 22
+
+/* ASCII: "client finished", in hex for EBCDIC compatibility */
+# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
+/* ASCII: "server finished", in hex for EBCDIC compatibility */
+# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+# define TLS_MD_SERVER_FINISH_CONST_SIZE 15
+/* ASCII: "server write key", in hex for EBCDIC compatibility */
+# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
+/* ASCII: "key expansion", in hex for EBCDIC compatibility */
+# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
+# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
+/* ASCII: "client write key", in hex for EBCDIC compatibility */
+# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
+/* ASCII: "server write key", in hex for EBCDIC compatibility */
+# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
+/* ASCII: "IV block", in hex for EBCDIC compatibility */
+# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
+# define TLS_MD_IV_BLOCK_CONST_SIZE 8
+/* ASCII: "master secret", in hex for EBCDIC compatibility */
+# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+# define TLS_MD_MASTER_SECRET_CONST_SIZE 13
+/* ASCII: "extended master secret", in hex for EBCDIC compatibility */
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22
/* TLS Session Ticket extension struct */
struct tls_session_ticket_ext_st {
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-31 20:02:48 +0000