Google Git
Sign in
flutter / third_party / openssl / 35a1cc90bc1795e8893c11e442790ee7f659fffb / . / ssl / tls1.h
blob: 91c2cce7a2b7a069d490ca930d81fe82030fae43 [file] [log] [blame]
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]1/* ssl/tls1.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]8 *
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]15 *
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]22 *
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]37 * 4. If you include any Windows specific code (or a derivative thereof) from
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]40 *
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]52 *
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]58/* ====================================================================
Bodo Möllerf1fd4542006-01-03 03:27:19 +0000[diff] [blame]59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]66 * notice, this list of conditions and the following disclaimer.
Bodo Möllerf1fd4542006-01-03 03:27:19 +0000[diff] [blame]67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]114 * Portions of the attached software ("Contribution") are developed by
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
Nils Larschddac1972006-03-10 23:06:27 +0000[diff] [blame]124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]150
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]151#ifndef HEADER_TLS1_H
152# define HEADER_TLS1_H
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]153
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]154# include <openssl/buffer.h>
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]155
156#ifdef __cplusplus
157extern "C" {
158#endif
159
Dr. Stephen Hensonb362cca2013-12-15 13:32:24 +0000[diff] [blame]160/* Default security level if not overriden at config time */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]161# ifndef OPENSSL_TLS_SECURITY_LEVEL
162# define OPENSSL_TLS_SECURITY_LEVEL 1
163# endif
Dr. Stephen Hensonb362cca2013-12-15 13:32:24 +0000[diff] [blame]164
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]165# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
Ben Lauriebc348241999-03-06 15:21:02 +0000[diff] [blame]166
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]167# define TLS1_VERSION 0x0301
168# define TLS1_1_VERSION 0x0302
169# define TLS1_2_VERSION 0x0303
170# define TLS_MAX_VERSION TLS1_2_VERSION
Bodo Moellercf6da052014-10-15 04:03:28 +0200[diff] [blame]171
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]172# define TLS1_VERSION_MAJOR 0x03
173# define TLS1_VERSION_MINOR 0x01
Bodo Moellercf6da052014-10-15 04:03:28 +0200[diff] [blame]174
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]175# define TLS1_1_VERSION_MAJOR 0x03
176# define TLS1_1_VERSION_MINOR 0x02
Dr. Stephen Henson637f3742009-12-07 13:31:02 +0000[diff] [blame]177
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]178# define TLS1_2_VERSION_MAJOR 0x03
179# define TLS1_2_VERSION_MINOR 0x03
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]180
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]181# define TLS1_get_version(s) \
182 ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
Dr. Stephen Henson238b6362011-05-25 11:43:07 +0000[diff] [blame]183
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]184# define TLS1_get_client_version(s) \
185 ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
Dr. Stephen Henson6dd54732011-10-07 15:07:19 +0000[diff] [blame]186
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]187# define TLS1_AD_DECRYPTION_FAILED 21
188# define TLS1_AD_RECORD_OVERFLOW 22
189# define TLS1_AD_UNKNOWN_CA 48/* fatal */
190# define TLS1_AD_ACCESS_DENIED 49/* fatal */
191# define TLS1_AD_DECODE_ERROR 50/* fatal */
192# define TLS1_AD_DECRYPT_ERROR 51
193# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */
194# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */
195# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */
196# define TLS1_AD_INTERNAL_ERROR 80/* fatal */
197# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */
198# define TLS1_AD_USER_CANCELLED 90
199# define TLS1_AD_NO_RENEGOTIATION 100
Bodo Möller3ff94a02006-01-07 20:28:11 +0000[diff] [blame]200/* codes 110-114 are from RFC3546 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]201# define TLS1_AD_UNSUPPORTED_EXTENSION 110
202# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
203# define TLS1_AD_UNRECOGNIZED_NAME 112
204# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
205# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
206# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */
Bodo Möllered3883d2006-01-02 23:14:37 +0000[diff] [blame]207
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]208/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]209# define TLSEXT_TYPE_server_name 0
210# define TLSEXT_TYPE_max_fragment_length 1
211# define TLSEXT_TYPE_client_certificate_url 2
212# define TLSEXT_TYPE_trusted_ca_keys 3
213# define TLSEXT_TYPE_truncated_hmac 4
214# define TLSEXT_TYPE_status_request 5
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]215/* ExtensionType values from RFC4681 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]216# define TLSEXT_TYPE_user_mapping 6
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]217/* ExtensionType values from RFC5878 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]218# define TLSEXT_TYPE_client_authz 7
219# define TLSEXT_TYPE_server_authz 8
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]220/* ExtensionType values from RFC6091 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]221# define TLSEXT_TYPE_cert_type 9
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]222
Bodo Möller761772d2007-09-21 06:54:24 +0000[diff] [blame]223/* ExtensionType values from RFC4492 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]224# define TLSEXT_TYPE_elliptic_curves 10
225# define TLSEXT_TYPE_ec_point_formats 11
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]226
Ben Laurieedc032b2011-03-12 17:01:19 +0000[diff] [blame]227/* ExtensionType value from RFC5054 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]228# define TLSEXT_TYPE_srp 12
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]229
230/* ExtensionType values from RFC5246 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]231# define TLSEXT_TYPE_signature_algorithms 13
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]232
233/* ExtensionType value from RFC5764 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]234# define TLSEXT_TYPE_use_srtp 14
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]235
236/* ExtensionType value from RFC5620 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]237# define TLSEXT_TYPE_heartbeat 15
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]238
Adam Langley6f017a82013-04-15 18:07:47 -0400[diff] [blame]239/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]240# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
Adam Langley6f017a82013-04-15 18:07:47 -0400[diff] [blame]241
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]242/*
243 * ExtensionType value for TLS padding extension.
Dr. Stephen Hensoncd6bd5f2014-04-05 20:43:54 +0100[diff] [blame]244 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
245 * http://tools.ietf.org/html/draft-agl-tls-padding-03
246 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]247# define TLSEXT_TYPE_padding 21
248/*
249 * Extension type for Encrypt-then-MAC
Dr. Stephen Hensonc43a5542014-06-07 14:17:44 +0100[diff] [blame]250 * http://www.ietf.org/id/draft-ietf-tls-encrypt-then-mac-02.txt
251 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]252# define TLSEXT_TYPE_encrypt_then_mac 22
Dr. Stephen Hensoncd6bd5f2014-04-05 20:43:54 +0100[diff] [blame]253
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]254/* ExtensionType value from RFC4507 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]255# define TLSEXT_TYPE_session_ticket 35
Dr. Stephen Henson15a40af2012-03-09 18:38:35 +0000[diff] [blame]256
Bodo Möller761772d2007-09-21 06:54:24 +0000[diff] [blame]257/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]258# if 0
Matt Caswelldbd87ff2015-01-21 11:09:58 +0000[diff] [blame]259/*
260 * will have to be provided externally for now ,
261 * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
262 * using whatever extension number you'd like to try
263 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]264# define TLSEXT_TYPE_opaque_prf_input ??
265# endif
Bodo Möllered3883d2006-01-02 23:14:37 +0000[diff] [blame]266
Dr. Stephen Henson860c3dd2009-11-11 14:51:19 +0000[diff] [blame]267/* Temporary extension type */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]268# define TLSEXT_TYPE_renegotiate 0xff01
Dr. Stephen Henson860c3dd2009-11-11 14:51:19 +0000[diff] [blame]269
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]270# ifndef OPENSSL_NO_NEXTPROTONEG
Ben Laurieee2ffc22010-07-28 10:06:55 +0000[diff] [blame]271/* This is not an IANA defined extension number */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]272# define TLSEXT_TYPE_next_proto_neg 13172
273# endif
Ben Laurieee2ffc22010-07-28 10:06:55 +0000[diff] [blame]274
Bodo Möllerf1fd4542006-01-03 03:27:19 +0000[diff] [blame]275/* NameType value from RFC 3546 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]276# define TLSEXT_NAMETYPE_host_name 0
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]277/* status request value from RFC 3546 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]278# define TLSEXT_STATUSTYPE_ocsp 1
Bodo Möllered3883d2006-01-02 23:14:37 +0000[diff] [blame]279
Bodo Möller36ca4ba2006-03-11 23:46:37 +0000[diff] [blame]280/* ECPointFormat values from draft-ietf-tls-ecc-12 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]281# define TLSEXT_ECPOINTFORMAT_first 0
282# define TLSEXT_ECPOINTFORMAT_uncompressed 0
283# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
284# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
285# define TLSEXT_ECPOINTFORMAT_last 2
Bodo Möllerf1fd4542006-01-03 03:27:19 +0000[diff] [blame]286
Dr. Stephen Henson6b7be582011-05-06 13:00:07 +0000[diff] [blame]287/* Signature and hash algorithms from RFC 5246 */
288
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]289# define TLSEXT_signature_anonymous 0
290# define TLSEXT_signature_rsa 1
291# define TLSEXT_signature_dsa 2
292# define TLSEXT_signature_ecdsa 3
Dr. Stephen Henson6b7be582011-05-06 13:00:07 +0000[diff] [blame]293
Dr. Stephen Henson0f229cc2012-06-22 14:03:31 +0000[diff] [blame]294/* Total number of different signature algorithms */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]295# define TLSEXT_signature_num 4
Dr. Stephen Henson0f229cc2012-06-22 14:03:31 +0000[diff] [blame]296
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]297# define TLSEXT_hash_none 0
298# define TLSEXT_hash_md5 1
299# define TLSEXT_hash_sha1 2
300# define TLSEXT_hash_sha224 3
301# define TLSEXT_hash_sha256 4
302# define TLSEXT_hash_sha384 5
303# define TLSEXT_hash_sha512 6
Dr. Stephen Henson0f229cc2012-06-22 14:03:31 +0000[diff] [blame]304
305/* Total number of different digest algorithms */
306
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]307# define TLSEXT_hash_num 7
Dr. Stephen Henson0f229cc2012-06-22 14:03:31 +0000[diff] [blame]308
Dr. Stephen Hensone7f8ff42012-03-06 14:28:21 +0000[diff] [blame]309/* Flag set for unrecognised algorithms */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]310# define TLSEXT_nid_unknown 0x1000000
Dr. Stephen Henson6b7be582011-05-06 13:00:07 +0000[diff] [blame]311
Dr. Stephen Henson2ea80352012-08-15 15:15:05 +0000[diff] [blame]312/* ECC curves */
313
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]314# define TLSEXT_curve_P_256 23
315# define TLSEXT_curve_P_384 24
Dr. Stephen Henson2ea80352012-08-15 15:15:05 +0000[diff] [blame]316
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]317# ifndef OPENSSL_NO_TLSEXT
Bodo Möllerf1fd4542006-01-03 03:27:19 +0000[diff] [blame]318
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]319# define TLSEXT_MAXLEN_host_name 255
Bodo Möllera13c20f2006-01-09 19:49:05 +0000[diff] [blame]320
Ben Lauriee0af0402011-11-15 23:50:52 +0000[diff] [blame]321const char *SSL_get_servername(const SSL *s, const int type);
322int SSL_get_servername_type(const SSL *s);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]323/*
324 * SSL_export_keying_material exports a value derived from the master secret,
Dr. Stephen Henson74b4b492012-02-22 15:06:56 +0000[diff] [blame]325 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
326 * optional context. (Since a zero length context is allowed, the |use_context|
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]327 * flag controls whether a context is included.) It returns 1 on success and
328 * zero otherwise.
Dr. Stephen Henson74b4b492012-02-22 15:06:56 +0000[diff] [blame]329 */
330int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]331 const char *label, size_t llen,
332 const unsigned char *p, size_t plen,
333 int use_context);
Bodo Möllerf1fd4542006-01-03 03:27:19 +0000[diff] [blame]334
Dr. Stephen Hensone7f8ff42012-03-06 14:28:21 +0000[diff] [blame]335int SSL_get_sigalgs(SSL *s, int idx,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]336 int *psign, int *phash, int *psignandhash,
337 unsigned char *rsig, unsigned char *rhash);
Dr. Stephen Hensone7f8ff42012-03-06 14:28:21 +0000[diff] [blame]338
Dr. Stephen Henson4453cd82012-06-25 14:32:30 +0000[diff] [blame]339int SSL_get_shared_sigalgs(SSL *s, int idx,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]340 int *psign, int *phash, int *psignandhash,
341 unsigned char *rsig, unsigned char *rhash);
Dr. Stephen Henson4453cd82012-06-25 14:32:30 +0000[diff] [blame]342
Dr. Stephen Henson18d71582012-06-29 14:24:42 +0000[diff] [blame]343int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
344
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]345# define SSL_set_tlsext_host_name(s,name) \
Bodo Möllerf1fd4542006-01-03 03:27:19 +0000[diff] [blame]346SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
Bodo Möllered3883d2006-01-02 23:14:37 +0000[diff] [blame]347
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]348# define SSL_set_tlsext_debug_callback(ssl, cb) \
Dr. Stephen Henson6434abb2007-08-11 23:18:29 +0000[diff] [blame]349SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
350
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]351# define SSL_set_tlsext_debug_arg(ssl, arg) \
Dr. Stephen Henson6434abb2007-08-11 23:18:29 +0000[diff] [blame]352SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
353
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]354# define SSL_set_tlsext_status_type(ssl, type) \
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]355SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
356
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]357# define SSL_get_tlsext_status_exts(ssl, arg) \
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]358SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
359
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]360# define SSL_set_tlsext_status_exts(ssl, arg) \
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]361SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
362
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]363# define SSL_get_tlsext_status_ids(ssl, arg) \
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]364SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
365
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]366# define SSL_set_tlsext_status_ids(ssl, arg) \
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]367SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
368
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]369# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]370SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
371
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]372# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]373SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
374
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]375# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
Bodo Möllered3883d2006-01-02 23:14:37 +0000[diff] [blame]376SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
Bodo Möller241520e2006-01-11 06:10:40 +0000[diff] [blame]377
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]378# define SSL_TLSEXT_ERR_OK 0
379# define SSL_TLSEXT_ERR_ALERT_WARNING 1
380# define SSL_TLSEXT_ERR_ALERT_FATAL 2
381# define SSL_TLSEXT_ERR_NOACK 3
Bodo Möller241520e2006-01-11 06:10:40 +0000[diff] [blame]382
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]383# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
Bodo Möllered3883d2006-01-02 23:14:37 +0000[diff] [blame]384SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
Dr. Stephen Henson94d511c2007-08-28 01:08:45 +0000[diff] [blame]385
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]386# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
387 SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
388# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
389 SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
Bodo Möller761772d2007-09-21 06:54:24 +0000[diff] [blame]390
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]391# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]392SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
393
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]394# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
Dr. Stephen Henson67c8e7f2007-09-26 21:56:59 +0000[diff] [blame]395SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
396
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]397# define SSL_set_tlsext_opaque_prf_input(s, src, len) \
Bodo Möller761772d2007-09-21 06:54:24 +0000[diff] [blame]398SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]399# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
Bodo Möller761772d2007-09-21 06:54:24 +0000[diff] [blame]400SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]401# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
Bodo Möller761772d2007-09-21 06:54:24 +0000[diff] [blame]402SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
403
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]404# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
Dr. Stephen Henson8a2062f2008-04-30 16:14:02 +0000[diff] [blame]405SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
406
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]407# ifndef OPENSSL_NO_HEARTBEATS
408# define SSL_TLSEXT_HB_ENABLED 0x01
409# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02
410# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04
Dr. Stephen Henson48175042011-12-31 22:59:57 +0000[diff] [blame]411
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]412# define SSL_get_tlsext_heartbeat_pending(ssl) \
Dr. Stephen Henson48175042011-12-31 22:59:57 +0000[diff] [blame]413 SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]414# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
Dr. Stephen Henson48175042011-12-31 22:59:57 +0000[diff] [blame]415 SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]416# endif
417# endif
Bodo Möllered3883d2006-01-02 23:14:37 +0000[diff] [blame]418
Nils Larschddac1972006-03-10 23:06:27 +0000[diff] [blame]419/* PSK ciphersuites from 4279 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]420# define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
421# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
422# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
423# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
Bodo Möllerf1fd4542006-01-03 03:27:19 +0000[diff] [blame]424
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]425/*
426 * Additional TLS ciphersuites from expired Internet Draft
427 * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if
428 * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c). We
429 * actually treat them like SSL 3.0 ciphers, which we probably shouldn't.
430 * Note that the first two are actually not in the IDs.
431 */
432# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060/* not in
433 * ID */
434# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061/* not in
435 * ID */
436# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
437# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
438# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
439# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
440# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
Dr. Stephen Hensondeb2c1a2001-02-07 18:15:18 +0000[diff] [blame]441
Bodo Möllerea4f1092002-07-04 08:51:09 +0000[diff] [blame]442/* AES ciphersuites from RFC3268 */
Dr. Stephen Hensondeb2c1a2001-02-07 18:15:18 +0000[diff] [blame]443
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]444# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
445# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
446# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
447# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
448# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
449# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
Dr. Stephen Hensondeb2c1a2001-02-07 18:15:18 +0000[diff] [blame]450
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]451# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
452# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
453# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
454# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
455# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
456# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
Ben Laurie06ab81f1999-02-21 20:03:24 +0000[diff] [blame]457
Dr. Stephen Henson7409d7a2011-04-29 22:56:51 +0000[diff] [blame]458/* TLS v1.2 ciphersuites */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]459# define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
460# define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
461# define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
462# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
463# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
464# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
Dr. Stephen Henson7409d7a2011-04-29 22:56:51 +0000[diff] [blame]465
Bodo Möller96afc1c2007-04-23 23:48:59 +0000[diff] [blame]466/* Camellia ciphersuites from RFC4132 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]467# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
468# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
469# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
470# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
471# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
472# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
Bodo Möllerf3dea9a2006-06-09 15:44:59 +0000[diff] [blame]473
Dr. Stephen Henson7409d7a2011-04-29 22:56:51 +0000[diff] [blame]474/* TLS v1.2 ciphersuites */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]475# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
476# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
477# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
478# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
479# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
480# define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
481# define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
Dr. Stephen Henson7409d7a2011-04-29 22:56:51 +0000[diff] [blame]482
483/* Camellia ciphersuites from RFC4132 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]484# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
485# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
486# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
487# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
488# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
489# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
Bodo Möllerf3dea9a2006-06-09 15:44:59 +0000[diff] [blame]490
Bodo Möller96afc1c2007-04-23 23:48:59 +0000[diff] [blame]491/* SEED ciphersuites from RFC4162 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]492# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
493# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
494# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
495# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
496# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
497# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
Bodo Möller96afc1c2007-04-23 23:48:59 +0000[diff] [blame]498
Dr. Stephen Henson28dd49f2011-08-03 15:37:22 +0000[diff] [blame]499/* TLS v1.2 GCM ciphersuites from RFC5288 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]500# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
501# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
502# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
503# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
504# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
505# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
506# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
507# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
508# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
509# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
510# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
511# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
Dr. Stephen Henson28dd49f2011-08-03 15:37:22 +0000[diff] [blame]512
PKe6332482014-06-27 18:22:51 +0100[diff] [blame]513/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]514# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA
515# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB
516# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC
517# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD
518# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE
519# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF
PKe6332482014-06-27 18:22:51 +0100[diff] [blame]520
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]521# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0
522# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1
523# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2
524# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3
525# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4
526# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5
PKe6332482014-06-27 18:22:51 +0100[diff] [blame]527
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]528/*
529 * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in
530 * draft 13
531 */
532# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
533# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
534# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
535# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
536# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]537
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]538# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
539# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
540# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
541# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
542# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]543
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]544# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
545# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
546# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
547# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
548# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]549
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]550# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
551# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
552# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
553# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
554# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]555
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]556# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
557# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
558# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
559# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
560# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]561
Ben Laurieedc032b2011-03-12 17:01:19 +0000[diff] [blame]562/* SRP ciphersuites from RFC 5054 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]563# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
564# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
565# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
566# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
567# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
568# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
569# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
570# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
571# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
Ben Laurieedc032b2011-03-12 17:01:19 +0000[diff] [blame]572
Dr. Stephen Hensond09677a2011-07-25 20:41:32 +0000[diff] [blame]573/* ECDH HMAC based ciphersuites from RFC5289 */
574
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]575# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
576# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
577# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
578# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
579# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
580# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
581# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
582# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
Dr. Stephen Hensond09677a2011-07-25 20:41:32 +0000[diff] [blame]583
Dr. Stephen Henson28dd49f2011-08-03 15:37:22 +0000[diff] [blame]584/* ECDH GCM based ciphersuites from RFC5289 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]585# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
586# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
587# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
588# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
589# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
590# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
591# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
592# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
Dr. Stephen Henson28dd49f2011-08-03 15:37:22 +0000[diff] [blame]593
Hubert Kario75048782014-07-23 15:03:59 +0200[diff] [blame]594/* Camellia-CBC ciphersuites from RFC6367 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]595# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072
596# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073
597# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074
598# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075
599# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076
600# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077
601# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078
602# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079
Hubert Kario75048782014-07-23 15:03:59 +0200[diff] [blame]603
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]604/*
605 * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
606 * ciphers names with "EDH" instead of "DHE". Going forward, we should be
607 * using DHE everywhere, though we may indefinitely maintain aliases for
608 * users or configurations that used "EDH"
Daniel Kahn Gillmor0ecfd922013-12-20 02:56:54 -0500[diff] [blame]609 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]610# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
611# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
612# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
613# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
614# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
615# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
616# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
Dr. Stephen Hensondeb2c1a2001-02-07 18:15:18 +0000[diff] [blame]617
Bodo Möllerea4f1092002-07-04 08:51:09 +0000[diff] [blame]618/* AES ciphersuites from RFC3268 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]619# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
620# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
621# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
622# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
623# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
624# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
Bodo Möllerea4f1092002-07-04 08:51:09 +0000[diff] [blame]625
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]626# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
627# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
628# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
629# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
630# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
631# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
Ben Laurieabed0b81999-04-15 18:52:13 +0000[diff] [blame]632
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]633/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]634# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
635# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
636# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
637# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
638# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
Bodo Möllerd56349a2005-12-13 07:33:35 +0000[diff] [blame]639
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]640# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
641# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
642# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
643# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
644# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]645
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]646# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
647# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
648# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
649# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
650# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
Bodo Möllerd56349a2005-12-13 07:33:35 +0000[diff] [blame]651
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]652# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
653# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
654# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
655# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
656# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
Bodo Möllerea262262002-08-09 08:56:08 +0000[diff] [blame]657
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]658# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
659# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
660# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
661# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
662# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
Ben Laurie06ab81f1999-02-21 20:03:24 +0000[diff] [blame]663
Nils Larschddac1972006-03-10 23:06:27 +0000[diff] [blame]664/* PSK ciphersuites from RFC 4279 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]665# define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
666# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
667# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
668# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
Nils Larschddac1972006-03-10 23:06:27 +0000[diff] [blame]669
Ben Laurieedc032b2011-03-12 17:01:19 +0000[diff] [blame]670/* SRP ciphersuite from RFC 5054 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]671# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
672# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
673# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
674# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
675# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
676# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
677# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
678# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
679# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
Ben Laurieedc032b2011-03-12 17:01:19 +0000[diff] [blame]680
Bodo Möllerf3dea9a2006-06-09 15:44:59 +0000[diff] [blame]681/* Camellia ciphersuites from RFC4132 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]682# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
683# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
684# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
685# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
686# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
687# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
Bodo Möllerf3dea9a2006-06-09 15:44:59 +0000[diff] [blame]688
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]689# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
690# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
691# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
692# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
693# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
694# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
Bodo Möllerf3dea9a2006-06-09 15:44:59 +0000[diff] [blame]695
PKe6332482014-06-27 18:22:51 +0100[diff] [blame]696/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]697# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256"
698# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256"
699# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256"
700# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256"
701# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256"
702# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256"
PKe6332482014-06-27 18:22:51 +0100[diff] [blame]703
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]704# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256"
705# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256"
706# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256"
707# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256"
708# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256"
709# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256"
PKe6332482014-06-27 18:22:51 +0100[diff] [blame]710
Bodo Möller96afc1c2007-04-23 23:48:59 +0000[diff] [blame]711/* SEED ciphersuites from RFC4162 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]712# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
713# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
714# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
715# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
716# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
717# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
Bodo Möllerf3dea9a2006-06-09 15:44:59 +0000[diff] [blame]718
Dr. Stephen Henson7409d7a2011-04-29 22:56:51 +0000[diff] [blame]719/* TLS v1.2 ciphersuites */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]720# define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
721# define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
722# define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
723# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
724# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
725# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
726# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
727# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
728# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
729# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
730# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
731# define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
732# define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
Dr. Stephen Henson81025662007-08-31 12:42:53 +0000[diff] [blame]733
Dr. Stephen Henson28dd49f2011-08-03 15:37:22 +0000[diff] [blame]734/* TLS v1.2 GCM ciphersuites from RFC5288 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]735# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
736# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
737# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
738# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
739# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
740# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
741# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
742# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
743# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
744# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
745# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
746# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
Dr. Stephen Henson28dd49f2011-08-03 15:37:22 +0000[diff] [blame]747
Dr. Stephen Hensond09677a2011-07-25 20:41:32 +0000[diff] [blame]748/* ECDH HMAC based ciphersuites from RFC5289 */
749
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]750# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
751# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
752# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
753# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
754# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
755# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
756# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
757# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
Dr. Stephen Hensond09677a2011-07-25 20:41:32 +0000[diff] [blame]758
Dr. Stephen Henson28dd49f2011-08-03 15:37:22 +0000[diff] [blame]759/* ECDH GCM based ciphersuites from RFC5289 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]760# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256"
761# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384"
762# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256"
763# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384"
764# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
765# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
766# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
767# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
Dr. Stephen Henson28dd49f2011-08-03 15:37:22 +0000[diff] [blame]768
Hubert Kario75048782014-07-23 15:03:59 +0200[diff] [blame]769/* Camellia-CBC ciphersuites from RFC6367 */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]770# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256"
771# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384"
772# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256"
773# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384"
774# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256"
775# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384"
776# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256"
777# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384"
Hubert Kario75048782014-07-23 15:03:59 +0200[diff] [blame]778
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]779# define TLS_CT_RSA_SIGN 1
780# define TLS_CT_DSS_SIGN 2
781# define TLS_CT_RSA_FIXED_DH 3
782# define TLS_CT_DSS_FIXED_DH 4
783# define TLS_CT_ECDSA_SIGN 64
784# define TLS_CT_RSA_FIXED_ECDH 65
785# define TLS_CT_ECDSA_FIXED_ECDH 66
786# define TLS_CT_GOST94_SIGN 21
787# define TLS_CT_GOST01_SIGN 22
788/*
789 * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
790 * comment there)
791 */
792# define TLS_CT_NUMBER 9
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]793
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]794# define TLS1_FINISH_MAC_LENGTH 12
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]795
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]796# define TLS_MD_MAX_CONST_SIZE 20
797# define TLS_MD_CLIENT_FINISH_CONST "client finished"
798# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
799# define TLS_MD_SERVER_FINISH_CONST "server finished"
800# define TLS_MD_SERVER_FINISH_CONST_SIZE 15
801# define TLS_MD_KEY_EXPANSION_CONST "key expansion"
802# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
803# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
804# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
805# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
806# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
807# define TLS_MD_IV_BLOCK_CONST "IV block"
808# define TLS_MD_IV_BLOCK_CONST_SIZE 8
809# define TLS_MD_MASTER_SECRET_CONST "master secret"
810# define TLS_MD_MASTER_SECRET_CONST_SIZE 13
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]811
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]812# ifdef CHARSET_EBCDIC
813# undef TLS_MD_CLIENT_FINISH_CONST
814/*
815 * client finished
816 */
817# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
Matt Caswelle636e2a2015-01-19 12:42:01 +0000[diff] [blame]818
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]819# undef TLS_MD_SERVER_FINISH_CONST
820/*
821 * server finished
822 */
823# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
Matt Caswelle636e2a2015-01-19 12:42:01 +0000[diff] [blame]824
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]825# undef TLS_MD_SERVER_WRITE_KEY_CONST
826/*
827 * server write key
828 */
829# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
Matt Caswelle636e2a2015-01-19 12:42:01 +0000[diff] [blame]830
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]831# undef TLS_MD_KEY_EXPANSION_CONST
832/*
833 * key expansion
834 */
835# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
Matt Caswelle636e2a2015-01-19 12:42:01 +0000[diff] [blame]836
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]837# undef TLS_MD_CLIENT_WRITE_KEY_CONST
838/*
839 * client write key
840 */
841# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
Matt Caswelle636e2a2015-01-19 12:42:01 +0000[diff] [blame]842
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]843# undef TLS_MD_SERVER_WRITE_KEY_CONST
844/*
845 * server write key
846 */
847# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
Matt Caswelle636e2a2015-01-19 12:42:01 +0000[diff] [blame]848
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]849# undef TLS_MD_IV_BLOCK_CONST
850/*
851 * IV block
852 */
853# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
Matt Caswelle636e2a2015-01-19 12:42:01 +0000[diff] [blame]854
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]855# undef TLS_MD_MASTER_SECRET_CONST
856/*
857 * master secret
858 */
859# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
860# endif
Ulf Möllerca570cf1999-06-04 21:54:13 +0000[diff] [blame]861
Dr. Stephen Henson12bf56c2008-11-15 17:18:12 +0000[diff] [blame]862/* TLS Session Ticket extension struct */
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]863struct tls_session_ticket_ext_st {
864 unsigned short length;
865 void *data;
866};
Dr. Stephen Henson12bf56c2008-11-15 17:18:12 +0000[diff] [blame]867
Ralf S. Engelschall58964a41998-12-21 10:56:39 +0000[diff] [blame]868#ifdef __cplusplus
869}
870#endif
871#endif