Loading include/openssl/ssl.h +39 −39 Original line number Diff line number Diff line Loading @@ -357,17 +357,17 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, size_t inlen, int *al, void *parse_arg); /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U /* Removed from OpenSSL 0.9.8q and 1.0.0c */ /* Dead forever, see CVE-2010-4180. */ # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0L # define SSL_OP_TLSEXT_PADDING 0x00000010L # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L # define SSL_OP_TLS_D5_BUG 0x00000100L # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U # define SSL_OP_TLSEXT_PADDING 0x00000010U # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080U # define SSL_OP_TLS_D5_BUG 0x00000100U /* Removed from OpenSSL 1.1.0 */ # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0L # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 Loading @@ -385,55 +385,55 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, * SSL_OP_ALL. */ /* added in 0.9.6e */ # define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L # define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U /* * SSL_OP_ALL: various bug workarounds that should be rather harmless. This * used to be 0x000FFFFFL before 0.9.7. */ # define SSL_OP_ALL 0x80000BFFL # define SSL_OP_ALL 0x80000BFFU /* DTLS options */ # define SSL_OP_NO_QUERY_MTU 0x00001000L # define SSL_OP_NO_QUERY_MTU 0x00001000U /* Turn on Cookie Exchange (on relevant for servers) */ # define SSL_OP_COOKIE_EXCHANGE 0x00002000L # define SSL_OP_COOKIE_EXCHANGE 0x00002000U /* Don't use RFC4507 ticket extension */ # define SSL_OP_NO_TICKET 0x00004000L # define SSL_OP_NO_TICKET 0x00004000U /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ # define SSL_OP_CISCO_ANYCONNECT 0x00008000L # define SSL_OP_CISCO_ANYCONNECT 0x00008000U /* As server, disallow session resumption on renegotiation */ # define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L # define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U /* Don't use compression even if supported */ # define SSL_OP_NO_COMPRESSION 0x00020000L # define SSL_OP_NO_COMPRESSION 0x00020000U /* Permit unsafe legacy renegotiation */ # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U /* If set, always create a new key when using tmp_ecdh parameters */ # define SSL_OP_SINGLE_ECDH_USE 0x00080000L # define SSL_OP_SINGLE_ECDH_USE 0x00080000U /* If set, always create a new key when using tmp_dh parameters */ # define SSL_OP_SINGLE_DH_USE 0x00100000L # define SSL_OP_SINGLE_DH_USE 0x00100000U /* Does nothing: retained for compatibiity */ # define SSL_OP_EPHEMERAL_RSA 0x0 /* * Set on servers to choose the cipher according to the server's preferences */ # define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L # define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U /* * If set, a server will allow a client to issue a SSLv3.0 version number as * latest version supported in the premaster secret, even when TLSv1.0 * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ # define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L # define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U # define SSL_OP_NO_SSLv2 0x00000000L # define SSL_OP_NO_SSLv3 0x02000000L # define SSL_OP_NO_TLSv1 0x04000000L # define SSL_OP_NO_TLSv1_2 0x08000000L # define SSL_OP_NO_TLSv1_1 0x10000000L # define SSL_OP_NO_SSLv2 0x00000000U # define SSL_OP_NO_SSLv3 0x02000000U # define SSL_OP_NO_TLSv1 0x04000000U # define SSL_OP_NO_TLSv1_2 0x08000000U # define SSL_OP_NO_TLSv1_1 0x10000000U # define SSL_OP_NO_DTLSv1 0x04000000L # define SSL_OP_NO_DTLSv1_2 0x08000000L # define SSL_OP_NO_DTLSv1 0x04000000U # define SSL_OP_NO_DTLSv1_2 0x08000000U # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) Loading @@ -442,45 +442,45 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_PKCS1_CHECK_1 0x0 # define SSL_OP_PKCS1_CHECK_2 0x0 # define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0L # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0U /* * Make server add server-hello extension from early version of cryptopro * draft, when GOST ciphersuite is negotiated. Required for interoperability * with CryptoPro CSP 3.x */ # define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L # define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U /* * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ # define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L # define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U /* * Make it possible to retry SSL_write() with changed buffer location (buffer * contents must stay the same!); this is not the default to avoid the * misconception that non-blocking SSL_write() behaves like non-blocking * write(): */ # define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L # define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U /* * Never bother the application with retries if the transport is blocking: */ # define SSL_MODE_AUTO_RETRY 0x00000004L # define SSL_MODE_AUTO_RETRY 0x00000004U /* Don't attempt to automatically build certificate chain */ # define SSL_MODE_NO_AUTO_CHAIN 0x00000008L # define SSL_MODE_NO_AUTO_CHAIN 0x00000008U /* * Save RAM by releasing read and write buffers when they're empty. (SSL3 and * TLS only.) "Released" buffers are put onto a free-list in the context or * just freed (depending on the context's setting for freelist_max_len). */ # define SSL_MODE_RELEASE_BUFFERS 0x00000010L # define SSL_MODE_RELEASE_BUFFERS 0x00000010U /* * Send the current time in the Random fields of the ClientHello and * ServerHello records for compatibility with hypothetical implementations * that require it. */ # define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L # define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L # define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U # define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U /* * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications * that reconnect with a downgraded protocol version; see Loading @@ -489,14 +489,14 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, * fallback retries, following the guidance in * draft-ietf-tls-downgrade-scsv-00. */ # define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L # define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U /* Cert related flags */ /* * Many implementations ignore some aspects of the TLS standards such as * enforcing certifcate chain algorithms. When this is set we enforce them. */ # define SSL_CERT_FLAG_TLS_STRICT 0x00000001L # define SSL_CERT_FLAG_TLS_STRICT 0x00000001U /* Suite B modes, takes same values as certificate verify flags */ # define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 Loading ssl/ssl_locl.h +62 −62 Original line number Diff line number Diff line Loading @@ -293,33 +293,33 @@ /* Bits for algorithm_mkey (key exchange algorithm) */ /* RSA key exchange */ # define SSL_kRSA 0x00000001L # define SSL_kRSA 0x00000001U /* DH cert, RSA CA cert */ # define SSL_kDHr 0x00000002L # define SSL_kDHr 0x00000002U /* DH cert, DSA CA cert */ # define SSL_kDHd 0x00000004L # define SSL_kDHd 0x00000004U /* tmp DH key no DH cert */ # define SSL_kDHE 0x00000008L # define SSL_kDHE 0x00000008U /* synonym */ # define SSL_kEDH SSL_kDHE /* ECDH cert, RSA CA cert */ # define SSL_kECDHr 0x00000020L # define SSL_kECDHr 0x00000020U /* ECDH cert, ECDSA CA cert */ # define SSL_kECDHe 0x00000040L # define SSL_kECDHe 0x00000040U /* ephemeral ECDH */ # define SSL_kECDHE 0x00000080L # define SSL_kECDHE 0x00000080U /* synonym */ # define SSL_kEECDH SSL_kECDHE /* PSK */ # define SSL_kPSK 0x00000100L # define SSL_kPSK 0x00000100U /* GOST key exchange */ # define SSL_kGOST 0x00000200L # define SSL_kGOST 0x00000200U /* SRP */ # define SSL_kSRP 0x00000400L # define SSL_kSRP 0x00000400U # define SSL_kRSAPSK 0x00000800L # define SSL_kECDHEPSK 0x00001000L # define SSL_kDHEPSK 0x00002000L # define SSL_kRSAPSK 0x00000800U # define SSL_kECDHEPSK 0x00001000U # define SSL_kDHEPSK 0x00002000U /* all PSK */ Loading @@ -327,62 +327,62 @@ /* Bits for algorithm_auth (server authentication) */ /* RSA auth */ # define SSL_aRSA 0x00000001L # define SSL_aRSA 0x00000001U /* DSS auth */ # define SSL_aDSS 0x00000002L # define SSL_aDSS 0x00000002U /* no auth (i.e. use ADH or AECDH) */ # define SSL_aNULL 0x00000004L # define SSL_aNULL 0x00000004U /* Fixed DH auth (kDHd or kDHr) */ # define SSL_aDH 0x00000008L # define SSL_aDH 0x00000008U /* Fixed ECDH auth (kECDHe or kECDHr) */ # define SSL_aECDH 0x00000010L # define SSL_aECDH 0x00000010U /* ECDSA auth*/ # define SSL_aECDSA 0x00000040L # define SSL_aECDSA 0x00000040U /* PSK auth */ # define SSL_aPSK 0x00000080L # define SSL_aPSK 0x00000080U /* GOST R 34.10-2001 signature auth */ # define SSL_aGOST01 0x00000200L # define SSL_aGOST01 0x00000200U /* SRP auth */ # define SSL_aSRP 0x00000400L # define SSL_aSRP 0x00000400U /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001L # define SSL_3DES 0x00000002L # define SSL_RC4 0x00000004L # define SSL_RC2 0x00000008L # define SSL_IDEA 0x00000010L # define SSL_eNULL 0x00000020L # define SSL_AES128 0x00000040L # define SSL_AES256 0x00000080L # define SSL_CAMELLIA128 0x00000100L # define SSL_CAMELLIA256 0x00000200L # define SSL_eGOST2814789CNT 0x00000400L # define SSL_SEED 0x00000800L # define SSL_AES128GCM 0x00001000L # define SSL_AES256GCM 0x00002000L # define SSL_AES128CCM 0x00004000L # define SSL_AES256CCM 0x00008000L # define SSL_AES128CCM8 0x00010000L # define SSL_AES256CCM8 0x00020000L # define SSL_DES 0x00000001U # define SSL_3DES 0x00000002U # define SSL_RC4 0x00000004U # define SSL_RC2 0x00000008U # define SSL_IDEA 0x00000010U # define SSL_eNULL 0x00000020U # define SSL_AES128 0x00000040U # define SSL_AES256 0x00000080U # define SSL_CAMELLIA128 0x00000100U # define SSL_CAMELLIA256 0x00000200U # define SSL_eGOST2814789CNT 0x00000400U # define SSL_SEED 0x00000800U # define SSL_AES128GCM 0x00001000U # define SSL_AES256GCM 0x00002000U # define SSL_AES128CCM 0x00004000U # define SSL_AES256CCM 0x00008000U # define SSL_AES128CCM8 0x00010000U # define SSL_AES256CCM8 0x00020000U # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) /* Bits for algorithm_mac (symmetric authentication) */ # define SSL_MD5 0x00000001L # define SSL_SHA1 0x00000002L # define SSL_GOST94 0x00000004L # define SSL_GOST89MAC 0x00000008L # define SSL_SHA256 0x00000010L # define SSL_SHA384 0x00000020L # define SSL_MD5 0x00000001U # define SSL_SHA1 0x00000002U # define SSL_GOST94 0x00000004U # define SSL_GOST89MAC 0x00000008U # define SSL_SHA256 0x00000010U # define SSL_SHA384 0x00000020U /* Not a real MAC, just an indication it is part of cipher */ # define SSL_AEAD 0x00000040L # define SSL_AEAD 0x00000040U /* Bits for algorithm_ssl (protocol version) */ # define SSL_SSLV3 0x00000002L # define SSL_SSLV3 0x00000002U # define SSL_TLSV1 SSL_SSLV3/* for now */ # define SSL_TLSV1_2 0x00000004L # define SSL_TLSV1_2 0x00000004U /* Bits for algorithm2 (handshake digests and other extra flags) */ Loading Loading @@ -428,24 +428,24 @@ * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would * be possible. */ # define SSL_EXP_MASK 0x00000003L # define SSL_STRONG_MASK 0x000001fcL # define SSL_DEFAULT_MASK 0X00000200L # define SSL_EXP_MASK 0x00000003U # define SSL_STRONG_MASK 0x000001fcU # define SSL_DEFAULT_MASK 0X00000200U # define SSL_NOT_EXP 0x00000001L # define SSL_EXPORT 0x00000002L # define SSL_NOT_EXP 0x00000001U # define SSL_EXPORT 0x00000002U # define SSL_STRONG_NONE 0x00000004L # define SSL_EXP40 0x00000008L # define SSL_STRONG_NONE 0x00000004U # define SSL_EXP40 0x00000008U # define SSL_MICRO (SSL_EXP40) # define SSL_EXP56 0x00000010L # define SSL_EXP56 0x00000010U # define SSL_MINI (SSL_EXP56) # define SSL_LOW 0x00000020L # define SSL_MEDIUM 0x00000040L # define SSL_HIGH 0x00000080L # define SSL_FIPS 0x00000100L # define SSL_LOW 0x00000020U # define SSL_MEDIUM 0x00000040U # define SSL_HIGH 0x00000080U # define SSL_FIPS 0x00000100U # define SSL_NOT_DEFAULT 0x00000200L # define SSL_NOT_DEFAULT 0x00000200U /* we have used 000003ff - 22 bits left to go */ Loading Loading
include/openssl/ssl.h +39 −39 Original line number Diff line number Diff line Loading @@ -357,17 +357,17 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, size_t inlen, int *al, void *parse_arg); /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U /* Removed from OpenSSL 0.9.8q and 1.0.0c */ /* Dead forever, see CVE-2010-4180. */ # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0L # define SSL_OP_TLSEXT_PADDING 0x00000010L # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L # define SSL_OP_TLS_D5_BUG 0x00000100L # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U # define SSL_OP_TLSEXT_PADDING 0x00000010U # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080U # define SSL_OP_TLS_D5_BUG 0x00000100U /* Removed from OpenSSL 1.1.0 */ # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0L # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 Loading @@ -385,55 +385,55 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, * SSL_OP_ALL. */ /* added in 0.9.6e */ # define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L # define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U /* * SSL_OP_ALL: various bug workarounds that should be rather harmless. This * used to be 0x000FFFFFL before 0.9.7. */ # define SSL_OP_ALL 0x80000BFFL # define SSL_OP_ALL 0x80000BFFU /* DTLS options */ # define SSL_OP_NO_QUERY_MTU 0x00001000L # define SSL_OP_NO_QUERY_MTU 0x00001000U /* Turn on Cookie Exchange (on relevant for servers) */ # define SSL_OP_COOKIE_EXCHANGE 0x00002000L # define SSL_OP_COOKIE_EXCHANGE 0x00002000U /* Don't use RFC4507 ticket extension */ # define SSL_OP_NO_TICKET 0x00004000L # define SSL_OP_NO_TICKET 0x00004000U /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ # define SSL_OP_CISCO_ANYCONNECT 0x00008000L # define SSL_OP_CISCO_ANYCONNECT 0x00008000U /* As server, disallow session resumption on renegotiation */ # define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L # define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U /* Don't use compression even if supported */ # define SSL_OP_NO_COMPRESSION 0x00020000L # define SSL_OP_NO_COMPRESSION 0x00020000U /* Permit unsafe legacy renegotiation */ # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U /* If set, always create a new key when using tmp_ecdh parameters */ # define SSL_OP_SINGLE_ECDH_USE 0x00080000L # define SSL_OP_SINGLE_ECDH_USE 0x00080000U /* If set, always create a new key when using tmp_dh parameters */ # define SSL_OP_SINGLE_DH_USE 0x00100000L # define SSL_OP_SINGLE_DH_USE 0x00100000U /* Does nothing: retained for compatibiity */ # define SSL_OP_EPHEMERAL_RSA 0x0 /* * Set on servers to choose the cipher according to the server's preferences */ # define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L # define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U /* * If set, a server will allow a client to issue a SSLv3.0 version number as * latest version supported in the premaster secret, even when TLSv1.0 * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ # define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L # define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U # define SSL_OP_NO_SSLv2 0x00000000L # define SSL_OP_NO_SSLv3 0x02000000L # define SSL_OP_NO_TLSv1 0x04000000L # define SSL_OP_NO_TLSv1_2 0x08000000L # define SSL_OP_NO_TLSv1_1 0x10000000L # define SSL_OP_NO_SSLv2 0x00000000U # define SSL_OP_NO_SSLv3 0x02000000U # define SSL_OP_NO_TLSv1 0x04000000U # define SSL_OP_NO_TLSv1_2 0x08000000U # define SSL_OP_NO_TLSv1_1 0x10000000U # define SSL_OP_NO_DTLSv1 0x04000000L # define SSL_OP_NO_DTLSv1_2 0x08000000L # define SSL_OP_NO_DTLSv1 0x04000000U # define SSL_OP_NO_DTLSv1_2 0x08000000U # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) Loading @@ -442,45 +442,45 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_PKCS1_CHECK_1 0x0 # define SSL_OP_PKCS1_CHECK_2 0x0 # define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0L # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0U /* * Make server add server-hello extension from early version of cryptopro * draft, when GOST ciphersuite is negotiated. Required for interoperability * with CryptoPro CSP 3.x */ # define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L # define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U /* * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ # define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L # define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U /* * Make it possible to retry SSL_write() with changed buffer location (buffer * contents must stay the same!); this is not the default to avoid the * misconception that non-blocking SSL_write() behaves like non-blocking * write(): */ # define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L # define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U /* * Never bother the application with retries if the transport is blocking: */ # define SSL_MODE_AUTO_RETRY 0x00000004L # define SSL_MODE_AUTO_RETRY 0x00000004U /* Don't attempt to automatically build certificate chain */ # define SSL_MODE_NO_AUTO_CHAIN 0x00000008L # define SSL_MODE_NO_AUTO_CHAIN 0x00000008U /* * Save RAM by releasing read and write buffers when they're empty. (SSL3 and * TLS only.) "Released" buffers are put onto a free-list in the context or * just freed (depending on the context's setting for freelist_max_len). */ # define SSL_MODE_RELEASE_BUFFERS 0x00000010L # define SSL_MODE_RELEASE_BUFFERS 0x00000010U /* * Send the current time in the Random fields of the ClientHello and * ServerHello records for compatibility with hypothetical implementations * that require it. */ # define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L # define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L # define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U # define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U /* * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications * that reconnect with a downgraded protocol version; see Loading @@ -489,14 +489,14 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, * fallback retries, following the guidance in * draft-ietf-tls-downgrade-scsv-00. */ # define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L # define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U /* Cert related flags */ /* * Many implementations ignore some aspects of the TLS standards such as * enforcing certifcate chain algorithms. When this is set we enforce them. */ # define SSL_CERT_FLAG_TLS_STRICT 0x00000001L # define SSL_CERT_FLAG_TLS_STRICT 0x00000001U /* Suite B modes, takes same values as certificate verify flags */ # define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 Loading
ssl/ssl_locl.h +62 −62 Original line number Diff line number Diff line Loading @@ -293,33 +293,33 @@ /* Bits for algorithm_mkey (key exchange algorithm) */ /* RSA key exchange */ # define SSL_kRSA 0x00000001L # define SSL_kRSA 0x00000001U /* DH cert, RSA CA cert */ # define SSL_kDHr 0x00000002L # define SSL_kDHr 0x00000002U /* DH cert, DSA CA cert */ # define SSL_kDHd 0x00000004L # define SSL_kDHd 0x00000004U /* tmp DH key no DH cert */ # define SSL_kDHE 0x00000008L # define SSL_kDHE 0x00000008U /* synonym */ # define SSL_kEDH SSL_kDHE /* ECDH cert, RSA CA cert */ # define SSL_kECDHr 0x00000020L # define SSL_kECDHr 0x00000020U /* ECDH cert, ECDSA CA cert */ # define SSL_kECDHe 0x00000040L # define SSL_kECDHe 0x00000040U /* ephemeral ECDH */ # define SSL_kECDHE 0x00000080L # define SSL_kECDHE 0x00000080U /* synonym */ # define SSL_kEECDH SSL_kECDHE /* PSK */ # define SSL_kPSK 0x00000100L # define SSL_kPSK 0x00000100U /* GOST key exchange */ # define SSL_kGOST 0x00000200L # define SSL_kGOST 0x00000200U /* SRP */ # define SSL_kSRP 0x00000400L # define SSL_kSRP 0x00000400U # define SSL_kRSAPSK 0x00000800L # define SSL_kECDHEPSK 0x00001000L # define SSL_kDHEPSK 0x00002000L # define SSL_kRSAPSK 0x00000800U # define SSL_kECDHEPSK 0x00001000U # define SSL_kDHEPSK 0x00002000U /* all PSK */ Loading @@ -327,62 +327,62 @@ /* Bits for algorithm_auth (server authentication) */ /* RSA auth */ # define SSL_aRSA 0x00000001L # define SSL_aRSA 0x00000001U /* DSS auth */ # define SSL_aDSS 0x00000002L # define SSL_aDSS 0x00000002U /* no auth (i.e. use ADH or AECDH) */ # define SSL_aNULL 0x00000004L # define SSL_aNULL 0x00000004U /* Fixed DH auth (kDHd or kDHr) */ # define SSL_aDH 0x00000008L # define SSL_aDH 0x00000008U /* Fixed ECDH auth (kECDHe or kECDHr) */ # define SSL_aECDH 0x00000010L # define SSL_aECDH 0x00000010U /* ECDSA auth*/ # define SSL_aECDSA 0x00000040L # define SSL_aECDSA 0x00000040U /* PSK auth */ # define SSL_aPSK 0x00000080L # define SSL_aPSK 0x00000080U /* GOST R 34.10-2001 signature auth */ # define SSL_aGOST01 0x00000200L # define SSL_aGOST01 0x00000200U /* SRP auth */ # define SSL_aSRP 0x00000400L # define SSL_aSRP 0x00000400U /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001L # define SSL_3DES 0x00000002L # define SSL_RC4 0x00000004L # define SSL_RC2 0x00000008L # define SSL_IDEA 0x00000010L # define SSL_eNULL 0x00000020L # define SSL_AES128 0x00000040L # define SSL_AES256 0x00000080L # define SSL_CAMELLIA128 0x00000100L # define SSL_CAMELLIA256 0x00000200L # define SSL_eGOST2814789CNT 0x00000400L # define SSL_SEED 0x00000800L # define SSL_AES128GCM 0x00001000L # define SSL_AES256GCM 0x00002000L # define SSL_AES128CCM 0x00004000L # define SSL_AES256CCM 0x00008000L # define SSL_AES128CCM8 0x00010000L # define SSL_AES256CCM8 0x00020000L # define SSL_DES 0x00000001U # define SSL_3DES 0x00000002U # define SSL_RC4 0x00000004U # define SSL_RC2 0x00000008U # define SSL_IDEA 0x00000010U # define SSL_eNULL 0x00000020U # define SSL_AES128 0x00000040U # define SSL_AES256 0x00000080U # define SSL_CAMELLIA128 0x00000100U # define SSL_CAMELLIA256 0x00000200U # define SSL_eGOST2814789CNT 0x00000400U # define SSL_SEED 0x00000800U # define SSL_AES128GCM 0x00001000U # define SSL_AES256GCM 0x00002000U # define SSL_AES128CCM 0x00004000U # define SSL_AES256CCM 0x00008000U # define SSL_AES128CCM8 0x00010000U # define SSL_AES256CCM8 0x00020000U # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) /* Bits for algorithm_mac (symmetric authentication) */ # define SSL_MD5 0x00000001L # define SSL_SHA1 0x00000002L # define SSL_GOST94 0x00000004L # define SSL_GOST89MAC 0x00000008L # define SSL_SHA256 0x00000010L # define SSL_SHA384 0x00000020L # define SSL_MD5 0x00000001U # define SSL_SHA1 0x00000002U # define SSL_GOST94 0x00000004U # define SSL_GOST89MAC 0x00000008U # define SSL_SHA256 0x00000010U # define SSL_SHA384 0x00000020U /* Not a real MAC, just an indication it is part of cipher */ # define SSL_AEAD 0x00000040L # define SSL_AEAD 0x00000040U /* Bits for algorithm_ssl (protocol version) */ # define SSL_SSLV3 0x00000002L # define SSL_SSLV3 0x00000002U # define SSL_TLSV1 SSL_SSLV3/* for now */ # define SSL_TLSV1_2 0x00000004L # define SSL_TLSV1_2 0x00000004U /* Bits for algorithm2 (handshake digests and other extra flags) */ Loading Loading @@ -428,24 +428,24 @@ * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would * be possible. */ # define SSL_EXP_MASK 0x00000003L # define SSL_STRONG_MASK 0x000001fcL # define SSL_DEFAULT_MASK 0X00000200L # define SSL_EXP_MASK 0x00000003U # define SSL_STRONG_MASK 0x000001fcU # define SSL_DEFAULT_MASK 0X00000200U # define SSL_NOT_EXP 0x00000001L # define SSL_EXPORT 0x00000002L # define SSL_NOT_EXP 0x00000001U # define SSL_EXPORT 0x00000002U # define SSL_STRONG_NONE 0x00000004L # define SSL_EXP40 0x00000008L # define SSL_STRONG_NONE 0x00000004U # define SSL_EXP40 0x00000008U # define SSL_MICRO (SSL_EXP40) # define SSL_EXP56 0x00000010L # define SSL_EXP56 0x00000010U # define SSL_MINI (SSL_EXP56) # define SSL_LOW 0x00000020L # define SSL_MEDIUM 0x00000040L # define SSL_HIGH 0x00000080L # define SSL_FIPS 0x00000100L # define SSL_LOW 0x00000020U # define SSL_MEDIUM 0x00000040U # define SSL_HIGH 0x00000080U # define SSL_FIPS 0x00000100U # define SSL_NOT_DEFAULT 0x00000200L # define SSL_NOT_DEFAULT 0x00000200U /* we have used 000003ff - 22 bits left to go */ Loading
Andy Polyakov <appro@openssl.org>Andy Polyakov <appro@openssl.org>