diff options
| author | Matt Caswell <matt@openssl.org> | 2017-09-11 15:43:56 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-01-24 18:02:35 +0000 |
| commit | 43054d3d734a8fa8a3d2da20c206a47d4060b7bd (patch) | |
| tree | 8b38e327d08c5a42560ca70eec3df53a82f429f3 /include | |
| parent | 14262ca950b8a75014e5495a2b93e1baa62d33a9 (diff) | |
Add support for sending TLSv1.3 cookies
This just adds the various extension functions. More changes will be
required to actually use them.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4435)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/dtls1.h | 4 | ||||
| -rw-r--r-- | include/openssl/ssl.h | 3 | ||||
| -rw-r--r-- | include/openssl/ssl3.h | 2 | ||||
| -rw-r--r-- | include/openssl/sslerr.h | 2 |
4 files changed, 11 insertions, 0 deletions
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index 86a8981d36..aee8cfdbe4 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -26,6 +26,10 @@ extern "C" { # define DTLS_ANY_VERSION 0x1FFFF /* lengths of messages */ +/* + * Actually the max cookie length in DTLS is 255. But we can't change this now + * due to compatibility concerns. + */ # define DTLS1_COOKIE_LENGTH 256 # define DTLS1_RT_HEADER_LENGTH 13 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 05a07eb98d..7aa98dab67 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -546,6 +546,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); # define SSL_CONF_TYPE_DIR 0x3 # define SSL_CONF_TYPE_NONE 0x4 +/* Length of a TLSv1.3 cookie */ +# define SSL_COOKIE_LENGTH 255 + /* * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they * cannot be used to clear bits. diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index b781f61dab..6e8ef6b729 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -284,6 +284,8 @@ extern "C" { # define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 +# define TLS1_FLAGS_STATELESS 0x0800 + # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index fdb17a533c..2431b492d1 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -322,6 +322,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492 # define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451 # define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374 +# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613 # define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452 # define SSL_F_TLS_CONSTRUCT_STOC_DONE 375 # define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 531 @@ -351,6 +352,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566 # define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449 # define SSL_F_TLS_PARSE_CTOS_ALPN 567 +# define SSL_F_TLS_PARSE_CTOS_COOKIE 614 # define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568 # define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569 # define SSL_F_TLS_PARSE_CTOS_EMS 570 |