Commit 43054d3d authored Sep 11, 2017 by Matt Caswell

Add support for sending TLSv1.3 cookies



This just adds the various extension functions. More changes will be
required to actually use them.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4435)

parent 14262ca9

crypto/err/openssl.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -1275,6 +1275,7 @@ SSL_F_TLS_CONSTRUCT_SERVER_HELLO:491:tls_construct_server_hello
		SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE:492:tls_construct_server_key_exchange
		SSL_F_TLS_CONSTRUCT_STOC_ALPN:451:tls_construct_stoc_alpn
		SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE:374:*
		SSL_F_TLS_CONSTRUCT_STOC_COOKIE:613:tls_construct_stoc_cookie
		SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG:452:tls_construct_stoc_cryptopro_bug
		SSL_F_TLS_CONSTRUCT_STOC_DONE:375:*
		SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA:531:tls_construct_stoc_early_data
		@@ -1307,6 +1308,7 @@ SSL_F_TLS_HANDLE_STATUS_REQUEST:563:tls_handle_status_request
		SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES:566:tls_parse_certificate_authorities
		SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT:449:*
		SSL_F_TLS_PARSE_CTOS_ALPN:567:tls_parse_ctos_alpn
		SSL_F_TLS_PARSE_CTOS_COOKIE:614:tls_parse_ctos_cookie
		SSL_F_TLS_PARSE_CTOS_EARLY_DATA:568:tls_parse_ctos_early_data
		SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS:569:tls_parse_ctos_ec_pt_formats
		SSL_F_TLS_PARSE_CTOS_EMS:570:tls_parse_ctos_ems

include/openssl/dtls1.h

+4 −0

Original line number	Diff line number	Diff line
		@@ -26,6 +26,10 @@ extern "C" {
		# define DTLS_ANY_VERSION 0x1FFFF

		/* lengths of messages */
		/*
		* Actually the max cookie length in DTLS is 255. But we can't change this now
		* due to compatibility concerns.
		*/
		# define DTLS1_COOKIE_LENGTH 256

		# define DTLS1_RT_HEADER_LENGTH 13

include/openssl/ssl.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -546,6 +546,9 @@ typedef int (SSL_verify_cb)(int preverify_ok, X509_STORE_CTX x509_ctx);
		# define SSL_CONF_TYPE_DIR 0x3
		# define SSL_CONF_TYPE_NONE 0x4

		/* Length of a TLSv1.3 cookie */
		# define SSL_COOKIE_LENGTH 255

		/*
		* Note: SSL[_CTX]_set_{options,mode} use \|= op on the previous value, they
		* cannot be used to clear bits.

include/openssl/ssl3.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -284,6 +284,8 @@ extern "C" {

		# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400

		# define TLS1_FLAGS_STATELESS 0x0800

		# define SSL3_MT_HELLO_REQUEST 0
		# define SSL3_MT_CLIENT_HELLO 1
		# define SSL3_MT_SERVER_HELLO 2

include/openssl/sslerr.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -322,6 +322,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492
		# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451
		# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374
		# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE 613
		# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452
		# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375
		# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA 531
		@@ -351,6 +352,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES 566
		# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449
		# define SSL_F_TLS_PARSE_CTOS_ALPN 567
		# define SSL_F_TLS_PARSE_CTOS_COOKIE 614
		# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA 568
		# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS 569
		# define SSL_F_TLS_PARSE_CTOS_EMS 570