From 761772d7e19145fa9afb2a0c830ead69a33f3fa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 21 Sep 2007 06:54:24 +0000 Subject: Implement the Opaque PRF Input TLS extension (draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES. --- ssl/ssl_locl.h | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'ssl/ssl_locl.h') diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 2f8f0f837d..50a8acc015 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -330,24 +330,30 @@ #define SSL_SSLV3 0x00000002L #define SSL_TLSV1 SSL_SSLV3 /* for now */ -/* Bits for algorithm2 (handshake digests) */ + +/* Bits for algorithm2 (handshake digests and other extra flags) */ #define SSL_HANDSHAKE_MAC_MD5 0x10 #define SSL_HANDSHAKE_MAC_SHA 0x20 #define SSL_HANDSHAKE_MAC_GOST94 0x40 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) - /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX * make sure to update this constant too */ #define SSL_MAX_DIGEST 4 - #define TLS1_PRF_DGST_SHIFT 8 #define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) + +/* Stream MAC for GOST ciphersuites from cryptopro draft + * (currently this also goes into algorithm2) */ +#define TLS1_STREAM_MAC 0x04 + + + /* * Export and cipher strength information. For each cipher we have to decide * whether it is exportable or not. This information is likely to change -- cgit v1.2.3