diff options
author | raja-ashok <rashok.svks@gmail.com> | 2019-01-25 21:04:49 +0530 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-06-12 10:18:34 +0100 |
commit | 9aaecbfc98eb89a03f72b35d343e08f377e7803a (patch) | |
tree | 4f025a6064a0f8f654a486d9ef6be6c9fcb8b2cf /ssl/ssl_locl.h | |
parent | a03749a8f14c397f57ef956650f5db5da6523595 (diff) |
TLS1.3 FFDHE Support
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8178)
Diffstat (limited to 'ssl/ssl_locl.h')
-rw-r--r-- | ssl/ssl_locl.h | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 79b78f093d..0e661d00d7 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1685,14 +1685,19 @@ typedef struct sigalg_lookup_st { typedef struct tls_group_info_st { int nid; /* Curve NID */ int secbits; /* Bits of security (from SP800-57) */ - uint16_t flags; /* Flags: currently just group type */ + uint32_t flags; /* For group type and applicable TLS versions */ + uint16_t group_id; /* Group ID */ } TLS_GROUP_INFO; /* flags values */ -# define TLS_CURVE_TYPE 0x3 /* Mask for group type */ -# define TLS_CURVE_PRIME 0x0 -# define TLS_CURVE_CHAR2 0x1 -# define TLS_CURVE_CUSTOM 0x2 +# define TLS_GROUP_TYPE 0x0000000FU /* Mask for group type */ +# define TLS_GROUP_CURVE_PRIME 0x00000001U +# define TLS_GROUP_CURVE_CHAR2 0x00000002U +# define TLS_GROUP_CURVE_CUSTOM 0x00000004U +# define TLS_GROUP_FFDHE 0x00000008U +# define TLS_GROUP_ONLY_FOR_TLS1_3 0x00000010U + +# define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE|TLS_GROUP_ONLY_FOR_TLS1_3) /* * Structure containing table entry of certificate info corresponding to @@ -2533,6 +2538,7 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats, size_t *num_formats); __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); __owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); +__owur int tls_valid_group(SSL *s, uint16_t group_id, int version); __owur EVP_PKEY *ssl_generate_param_group(uint16_t id); # endif /* OPENSSL_NO_EC */ |