Project

General

Profile

Statistics
| Revision:

root / lab4 / .minix-src / include / openssl / tls1.h @ 13

History | View | Annotate | Download (37.7 KB)

1 13 up20180614
/* ssl/tls1.h */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
/* ====================================================================
59
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60
 *
61
 * Redistribution and use in source and binary forms, with or without
62
 * modification, are permitted provided that the following conditions
63
 * are met:
64
 *
65
 * 1. Redistributions of source code must retain the above copyright
66
 *    notice, this list of conditions and the following disclaimer.
67
 *
68
 * 2. Redistributions in binary form must reproduce the above copyright
69
 *    notice, this list of conditions and the following disclaimer in
70
 *    the documentation and/or other materials provided with the
71
 *    distribution.
72
 *
73
 * 3. All advertising materials mentioning features or use of this
74
 *    software must display the following acknowledgment:
75
 *    "This product includes software developed by the OpenSSL Project
76
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77
 *
78
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79
 *    endorse or promote products derived from this software without
80
 *    prior written permission. For written permission, please contact
81
 *    openssl-core@openssl.org.
82
 *
83
 * 5. Products derived from this software may not be called "OpenSSL"
84
 *    nor may "OpenSSL" appear in their names without prior written
85
 *    permission of the OpenSSL Project.
86
 *
87
 * 6. Redistributions of any form whatsoever must retain the following
88
 *    acknowledgment:
89
 *    "This product includes software developed by the OpenSSL Project
90
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91
 *
92
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103
 * OF THE POSSIBILITY OF SUCH DAMAGE.
104
 * ====================================================================
105
 *
106
 * This product includes cryptographic software written by Eric Young
107
 * (eay@cryptsoft.com).  This product includes software written by Tim
108
 * Hudson (tjh@cryptsoft.com).
109
 *
110
 */
111
/* ====================================================================
112
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113
 *
114
 * Portions of the attached software ("Contribution") are developed by
115
 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116
 *
117
 * The Contribution is licensed pursuant to the OpenSSL open source
118
 * license provided above.
119
 *
120
 * ECC cipher suite support in OpenSSL originally written by
121
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122
 *
123
 */
124
/* ====================================================================
125
 * Copyright 2005 Nokia. All rights reserved.
126
 *
127
 * The portions of the attached software ("Contribution") is developed by
128
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129
 * license.
130
 *
131
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133
 * support (see RFC 4279) to OpenSSL.
134
 *
135
 * No patent licenses or other rights except those expressly stated in
136
 * the OpenSSL open source license shall be deemed granted or received
137
 * expressly, by implication, estoppel, or otherwise.
138
 *
139
 * No assurances are provided by Nokia that the Contribution does not
140
 * infringe the patent or other intellectual property rights of any third
141
 * party or that the license provides you with all the necessary rights
142
 * to make use of the Contribution.
143
 *
144
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148
 * OTHERWISE.
149
 */
150
151
#ifndef HEADER_TLS1_H
152
# define HEADER_TLS1_H
153
154
# include <openssl/buffer.h>
155
156
#ifdef  __cplusplus
157
extern "C" {
158
#endif
159
160
# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
161
162
# define TLS1_VERSION                    0x0301
163
# define TLS1_1_VERSION                  0x0302
164
# define TLS1_2_VERSION                  0x0303
165
# define TLS_MAX_VERSION                 TLS1_2_VERSION
166
167
# define TLS1_VERSION_MAJOR              0x03
168
# define TLS1_VERSION_MINOR              0x01
169
170
# define TLS1_1_VERSION_MAJOR            0x03
171
# define TLS1_1_VERSION_MINOR            0x02
172
173
# define TLS1_2_VERSION_MAJOR            0x03
174
# define TLS1_2_VERSION_MINOR            0x03
175
176
# define TLS1_get_version(s) \
177
                ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
178
179
# define TLS1_get_client_version(s) \
180
                ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
181
182
# define TLS1_AD_DECRYPTION_FAILED       21
183
# define TLS1_AD_RECORD_OVERFLOW         22
184
# define TLS1_AD_UNKNOWN_CA              48/* fatal */
185
# define TLS1_AD_ACCESS_DENIED           49/* fatal */
186
# define TLS1_AD_DECODE_ERROR            50/* fatal */
187
# define TLS1_AD_DECRYPT_ERROR           51
188
# define TLS1_AD_EXPORT_RESTRICTION      60/* fatal */
189
# define TLS1_AD_PROTOCOL_VERSION        70/* fatal */
190
# define TLS1_AD_INSUFFICIENT_SECURITY   71/* fatal */
191
# define TLS1_AD_INTERNAL_ERROR          80/* fatal */
192
# define TLS1_AD_INAPPROPRIATE_FALLBACK  86/* fatal */
193
# define TLS1_AD_USER_CANCELLED          90
194
# define TLS1_AD_NO_RENEGOTIATION        100
195
/* codes 110-114 are from RFC3546 */
196
# define TLS1_AD_UNSUPPORTED_EXTENSION   110
197
# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
198
# define TLS1_AD_UNRECOGNIZED_NAME       112
199
# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
200
# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
201
# define TLS1_AD_UNKNOWN_PSK_IDENTITY    115/* fatal */
202
203
/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
204
# define TLSEXT_TYPE_server_name                 0
205
# define TLSEXT_TYPE_max_fragment_length         1
206
# define TLSEXT_TYPE_client_certificate_url      2
207
# define TLSEXT_TYPE_trusted_ca_keys             3
208
# define TLSEXT_TYPE_truncated_hmac              4
209
# define TLSEXT_TYPE_status_request              5
210
/* ExtensionType values from RFC4681 */
211
# define TLSEXT_TYPE_user_mapping                6
212
213
/* ExtensionType values from RFC5878 */
214
# define TLSEXT_TYPE_client_authz                7
215
# define TLSEXT_TYPE_server_authz                8
216
217
/* ExtensionType values from RFC6091 */
218
# define TLSEXT_TYPE_cert_type           9
219
220
/* ExtensionType values from RFC4492 */
221
# define TLSEXT_TYPE_elliptic_curves             10
222
# define TLSEXT_TYPE_ec_point_formats            11
223
224
/* ExtensionType value from RFC5054 */
225
# define TLSEXT_TYPE_srp                         12
226
227
/* ExtensionType values from RFC5246 */
228
# define TLSEXT_TYPE_signature_algorithms        13
229
230
/* ExtensionType value from RFC5764 */
231
# define TLSEXT_TYPE_use_srtp    14
232
233
/* ExtensionType value from RFC5620 */
234
# define TLSEXT_TYPE_heartbeat   15
235
236
/*
237
 * ExtensionType value for TLS padding extension.
238
 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
239
 * http://tools.ietf.org/html/draft-agl-tls-padding-03
240
 */
241
# define TLSEXT_TYPE_padding     21
242
243
/* ExtensionType value from RFC4507 */
244
# define TLSEXT_TYPE_session_ticket              35
245
246
/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
247
# if 0
248
/*
249
 * will have to be provided externally for now ,
250
 * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
251
 * using whatever extension number you'd like to try
252
 */
253
#  define TLSEXT_TYPE_opaque_prf_input           ?? */
254
# endif
255

256
/* Temporary extension type */
257
# define TLSEXT_TYPE_renegotiate                 0xff01
258

259
# ifndef OPENSSL_NO_NEXTPROTONEG
260
/* This is not an IANA defined extension number */
261
#  define TLSEXT_TYPE_next_proto_neg              13172
262
# endif
263

264
/* NameType value from RFC 3546 */
265
# define TLSEXT_NAMETYPE_host_name 0
266
/* status request value from RFC 3546 */
267
# define TLSEXT_STATUSTYPE_ocsp 1
268

269
/* ECPointFormat values from draft-ietf-tls-ecc-12 */
270
# define TLSEXT_ECPOINTFORMAT_first                      0
271
# define TLSEXT_ECPOINTFORMAT_uncompressed               0
272
# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime  1
273
# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
274
# define TLSEXT_ECPOINTFORMAT_last                       2
275

276
/* Signature and hash algorithms from RFC 5246 */
277

278
# define TLSEXT_signature_anonymous                      0
279
# define TLSEXT_signature_rsa                            1
280
# define TLSEXT_signature_dsa                            2
281
# define TLSEXT_signature_ecdsa                          3
282

283
# define TLSEXT_hash_none                                0
284
# define TLSEXT_hash_md5                                 1
285
# define TLSEXT_hash_sha1                                2
286
# define TLSEXT_hash_sha224                              3
287
# define TLSEXT_hash_sha256                              4
288
# define TLSEXT_hash_sha384                              5
289
# define TLSEXT_hash_sha512                              6
290

291
# ifndef OPENSSL_NO_TLSEXT
292

293
#  define TLSEXT_MAXLEN_host_name 255
294

295
const char *SSL_get_servername(const SSL *s, const int type);
296
int SSL_get_servername_type(const SSL *s);
297
/*
298
 * SSL_export_keying_material exports a value derived from the master secret,
299
 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
300
 * optional context. (Since a zero length context is allowed, the |use_context|
301
 * flag controls whether a context is included.) It returns 1 on success and
302
 * zero otherwise.
303
 */
304
int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
305
                               const char *label, size_t llen,
306
                               const unsigned char *p, size_t plen,
307
                               int use_context);
308

309
#  define SSL_set_tlsext_host_name(s,name) \
310
SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
311

312
#  define SSL_set_tlsext_debug_callback(ssl, cb) \
313
SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
314

315
#  define SSL_set_tlsext_debug_arg(ssl, arg) \
316
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
317

318
#  define SSL_set_tlsext_status_type(ssl, type) \
319
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
320

321
#  define SSL_get_tlsext_status_exts(ssl, arg) \
322
SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
323

324
#  define SSL_set_tlsext_status_exts(ssl, arg) \
325
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
326

327
#  define SSL_get_tlsext_status_ids(ssl, arg) \
328
SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
329

330
#  define SSL_set_tlsext_status_ids(ssl, arg) \
331
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
332

333
#  define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
334
SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
335

336
#  define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
337
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
338

339
#  define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
340
SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
341

342
#  define SSL_TLSEXT_ERR_OK 0
343
#  define SSL_TLSEXT_ERR_ALERT_WARNING 1
344
#  define SSL_TLSEXT_ERR_ALERT_FATAL 2
345
#  define SSL_TLSEXT_ERR_NOACK 3
346

347
#  define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
348
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
349

350
#  define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
351
        SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
352
#  define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
353
        SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
354

355
#  define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
356
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
357

358
#  define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
359
SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
360

361
#  define SSL_set_tlsext_opaque_prf_input(s, src, len) \
362
SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
363
#  define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
364
SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
365
#  define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
366
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
367

368
#  define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
369
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
370

371
#  ifndef OPENSSL_NO_HEARTBEATS
372
#   define SSL_TLSEXT_HB_ENABLED                           0x01
373
#   define SSL_TLSEXT_HB_DONT_SEND_REQUESTS        0x02
374
#   define SSL_TLSEXT_HB_DONT_RECV_REQUESTS        0x04
375

376
#   define SSL_get_tlsext_heartbeat_pending(ssl) \
377
        SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
378
#   define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
379
        SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
380
#  endif
381
# endif
382

383
/* PSK ciphersuites from 4279 */
384
# define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
385
# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
386
# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
387
# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
388

389
/*
390
 * Additional TLS ciphersuites from expired Internet Draft
391
 * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if
392
 * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c).  We
393
 * actually treat them like SSL 3.0 ciphers, which we probably shouldn't.
394
 * Note that the first two are actually not in the IDs.
395
 */
396
# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060/* not in
397
                                                                    * ID */
398
# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061/* not in
399
                                                                    * ID */
400
# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA         0x03000062
401
# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA     0x03000063
402
# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA          0x03000064
403
# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA      0x03000065
404
# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA                0x03000066
405

406
/* AES ciphersuites from RFC3268 */
407

408
# define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
409
# define TLS1_CK_DH_DSS_WITH_AES_128_SHA                 0x03000030
410
# define TLS1_CK_DH_RSA_WITH_AES_128_SHA                 0x03000031
411
# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA                0x03000032
412
# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA                0x03000033
413
# define TLS1_CK_ADH_WITH_AES_128_SHA                    0x03000034
414

415
# define TLS1_CK_RSA_WITH_AES_256_SHA                    0x03000035
416
# define TLS1_CK_DH_DSS_WITH_AES_256_SHA                 0x03000036
417
# define TLS1_CK_DH_RSA_WITH_AES_256_SHA                 0x03000037
418
# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA                0x03000038
419
# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
420
# define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
421

422
/* TLS v1.2 ciphersuites */
423
# define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
424
# define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
425
# define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
426
# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
427
# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
428
# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
429

430
/* Camellia ciphersuites from RFC4132 */
431
# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
432
# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
433
# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
434
# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
435
# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
436
# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
437

438
/* TLS v1.2 ciphersuites */
439
# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
440
# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
441
# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
442
# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
443
# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
444
# define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
445
# define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
446

447
/* Camellia ciphersuites from RFC4132 */
448
# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
449
# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
450
# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
451
# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
452
# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
453
# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
454

455
/* SEED ciphersuites from RFC4162 */
456
# define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
457
# define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
458
# define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
459
# define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
460
# define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
461
# define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
462

463
/* TLS v1.2 GCM ciphersuites from RFC5288 */
464
# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
465
# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
466
# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
467
# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
468
# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
469
# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
470
# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
471
# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
472
# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
473
# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
474
# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
475
# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
476

477
/*
478
 * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in
479
 * draft 13
480
 */
481
# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
482
# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
483
# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
484
# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
485
# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
486

487
# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
488
# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
489
# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
490
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
491
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
492

493
# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
494
# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
495
# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
496
# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
497
# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
498

499
# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
500
# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
501
# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
502
# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
503
# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
504

505
# define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
506
# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
507
# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
508
# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
509
# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
510

511
/* SRP ciphersuites from RFC 5054 */
512
# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
513
# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
514
# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
515
# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
516
# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
517
# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
518
# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
519
# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
520
# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
521

522
/* ECDH HMAC based ciphersuites from RFC5289 */
523

524
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
525
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
526
# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
527
# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
528
# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
529
# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
530
# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
531
# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
532

533
/* ECDH GCM based ciphersuites from RFC5289 */
534
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
535
# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
536
# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
537
# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
538
# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
539
# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
540
# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
541
# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
542

543
/*
544
 * XXX Inconsistency alert: The OpenSSL names of ciphers with ephemeral DH
545
 * here include the string "DHE", while elsewhere it has always been "EDH".
546
 * (The alias for the list of all such ciphers also is "EDH".) The
547
 * specifications speak of "EDH"; maybe we should allow both forms for
548
 * everything.
549
 */
550
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5         "EXP1024-RC4-MD5"
551
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     "EXP1024-RC2-CBC-MD5"
552
# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA        "EXP1024-DES-CBC-SHA"
553
# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA    "EXP1024-DHE-DSS-DES-CBC-SHA"
554
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA         "EXP1024-RC4-SHA"
555
# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA     "EXP1024-DHE-DSS-RC4-SHA"
556
# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
557

558
/* AES ciphersuites from RFC3268 */
559
# define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
560
# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
561
# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA                "DH-RSA-AES128-SHA"
562
# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA               "DHE-DSS-AES128-SHA"
563
# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-AES128-SHA"
564
# define TLS1_TXT_ADH_WITH_AES_128_SHA                   "ADH-AES128-SHA"
565

566
# define TLS1_TXT_RSA_WITH_AES_256_SHA                   "AES256-SHA"
567
# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA                "DH-DSS-AES256-SHA"
568
# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA                "DH-RSA-AES256-SHA"
569
# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA               "DHE-DSS-AES256-SHA"
570
# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
571
# define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
572

573
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
574
# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
575
# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
576
# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
577
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
578
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
579

580
# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
581
# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
582
# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
583
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
584
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
585

586
# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
587
# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
588
# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
589
# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
590
# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
591

592
# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
593
# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
594
# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
595
# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
596
# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
597

598
# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
599
# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
600
# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
601
# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
602
# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
603

604
/* PSK ciphersuites from RFC 4279 */
605
# define TLS1_TXT_PSK_WITH_RC4_128_SHA                   "PSK-RC4-SHA"
606
# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA              "PSK-3DES-EDE-CBC-SHA"
607
# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
608
# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
609

610
/* SRP ciphersuite from RFC 5054 */
611
# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
612
# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
613
# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
614
# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
615
# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
616
# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
617
# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
618
# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
619
# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
620

621
/* Camellia ciphersuites from RFC4132 */
622
# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
623
# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
624
# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
625
# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
626
# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
627
# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
628

629
# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
630
# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
631
# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
632
# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
633
# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
634
# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
635

636
/* SEED ciphersuites from RFC4162 */
637
# define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
638
# define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
639
# define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
640
# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
641
# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
642
# define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
643

644
/* TLS v1.2 ciphersuites */
645
# define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
646
# define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
647
# define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
648
# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
649
# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
650
# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
651
# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
652
# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
653
# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
654
# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
655
# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
656
# define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
657
# define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
658

659
/* TLS v1.2 GCM ciphersuites from RFC5288 */
660
# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
661
# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
662
# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
663
# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
664
# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
665
# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
666
# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
667
# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
668
# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
669
# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
670
# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
671
# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
672

673
/* ECDH HMAC based ciphersuites from RFC5289 */
674

675
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
676
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
677
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
678
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
679
# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
680
# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
681
# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
682
# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
683

684
/* ECDH GCM based ciphersuites from RFC5289 */
685
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
686
# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
687
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
688
# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
689
# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
690
# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
691
# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
692
# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
693

694
# define TLS_CT_RSA_SIGN                 1
695
# define TLS_CT_DSS_SIGN                 2
696
# define TLS_CT_RSA_FIXED_DH             3
697
# define TLS_CT_DSS_FIXED_DH             4
698
# define TLS_CT_ECDSA_SIGN               64
699
# define TLS_CT_RSA_FIXED_ECDH           65
700
# define TLS_CT_ECDSA_FIXED_ECDH         66
701
# define TLS_CT_GOST94_SIGN              21
702
# define TLS_CT_GOST01_SIGN              22
703
/*
704
 * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
705
 * comment there)
706
 */
707
# define TLS_CT_NUMBER                   9
708

709
# define TLS1_FINISH_MAC_LENGTH          12
710

711
# define TLS_MD_MAX_CONST_SIZE                   20
712
# define TLS_MD_CLIENT_FINISH_CONST              "client finished"
713
# define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
714
# define TLS_MD_SERVER_FINISH_CONST              "server finished"
715
# define TLS_MD_SERVER_FINISH_CONST_SIZE         15
716
# define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
717
# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
718
# define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
719
# define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
720
# define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
721
# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
722
# define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
723
# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
724
# define TLS_MD_IV_BLOCK_CONST                   "IV block"
725
# define TLS_MD_IV_BLOCK_CONST_SIZE              8
726
# define TLS_MD_MASTER_SECRET_CONST              "master secret"
727
# define TLS_MD_MASTER_SECRET_CONST_SIZE         13
728

729
# ifdef CHARSET_EBCDIC
730
#  undef TLS_MD_CLIENT_FINISH_CONST
731
/*
732
 * client finished
733
 */
734
#  define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
735

736
#  undef TLS_MD_SERVER_FINISH_CONST
737
/*
738
 * server finished
739
 */
740
#  define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
741

742
#  undef TLS_MD_SERVER_WRITE_KEY_CONST
743
/*
744
 * server write key
745
 */
746
#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
747

748
#  undef TLS_MD_KEY_EXPANSION_CONST
749
/*
750
 * key expansion
751
 */
752
#  define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
753

754
#  undef TLS_MD_CLIENT_WRITE_KEY_CONST
755
/*
756
 * client write key
757
 */
758
#  define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
759

760
#  undef TLS_MD_SERVER_WRITE_KEY_CONST
761
/*
762
 * server write key
763
 */
764
#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
765

766
#  undef TLS_MD_IV_BLOCK_CONST
767
/*
768
 * IV block
769
 */
770
#  define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
771

772
#  undef TLS_MD_MASTER_SECRET_CONST
773
/*
774
 * master secret
775
 */
776
#  define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
777
# endif
778

779
/* TLS Session Ticket extension struct */
780
struct tls_session_ticket_ext_st {
781
    unsigned short length;
782
    void *data;
783
};
784

785
#ifdef  __cplusplus
786
}
787
#endif
788
#endif