diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-07-25 20:41:32 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-07-25 20:41:32 +0000 |
commit | d09677ac4525d107669447c07f4fa2fe58a13fc8 (patch) | |
tree | b9051252ace2ec617683abdde694fa7ed6145986 /ssl/ssl_locl.h | |
parent | 2667162d33ab21b6477f224040106c1d460e9249 (diff) | |
download | openssl-d09677ac4525d107669447c07f4fa2fe58a13fc8.tar.gz |
Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
prohibit use of these ciphersuites for TLS < 1.2
Diffstat (limited to 'ssl/ssl_locl.h')
-rw-r--r-- | ssl/ssl_locl.h | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index ca881993c9..726be3532e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -328,11 +328,13 @@ #define SSL_GOST94 0x00000004L #define SSL_GOST89MAC 0x00000008L #define SSL_SHA256 0x00000010L +#define SSL_SHA384 0x00000020L /* Bits for algorithm_ssl (protocol version) */ #define SSL_SSLV2 0x00000001L #define SSL_SSLV3 0x00000002L #define SSL_TLSV1 SSL_SSLV3 /* for now */ +#define SSL_TLSV1_2 0x00000004L /* Bits for algorithm2 (handshake digests and other extra flags) */ @@ -341,16 +343,18 @@ #define SSL_HANDSHAKE_MAC_SHA 0x20 #define SSL_HANDSHAKE_MAC_GOST94 0x40 #define SSL_HANDSHAKE_MAC_SHA256 0x80 +#define SSL_HANDSHAKE_MAC_SHA384 0x100 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX * make sure to update this constant too */ -#define SSL_MAX_DIGEST 5 +#define SSL_MAX_DIGEST 6 -#define TLS1_PRF_DGST_SHIFT 8 +#define TLS1_PRF_DGST_SHIFT 10 #define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) +#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) |