Home | History | Annotate | Download | only in openssl
      1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      2  * All rights reserved.
      3  *
      4  * This package is an SSL implementation written
      5  * by Eric Young (eay (at) cryptsoft.com).
      6  * The implementation was written so as to conform with Netscapes SSL.
      7  *
      8  * This library is free for commercial and non-commercial use as long as
      9  * the following conditions are aheared to.  The following conditions
     10  * apply to all code found in this distribution, be it the RC4, RSA,
     11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     12  * included with this distribution is covered by the same copyright terms
     13  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     14  *
     15  * Copyright remains Eric Young's, and as such any Copyright notices in
     16  * the code are not to be removed.
     17  * If this package is used in a product, Eric Young should be given attribution
     18  * as the author of the parts of the library used.
     19  * This can be in the form of a textual message at program startup or
     20  * in documentation (online or textual) provided with the package.
     21  *
     22  * Redistribution and use in source and binary forms, with or without
     23  * modification, are permitted provided that the following conditions
     24  * are met:
     25  * 1. Redistributions of source code must retain the copyright
     26  *    notice, this list of conditions and the following disclaimer.
     27  * 2. Redistributions in binary form must reproduce the above copyright
     28  *    notice, this list of conditions and the following disclaimer in the
     29  *    documentation and/or other materials provided with the distribution.
     30  * 3. All advertising materials mentioning features or use of this software
     31  *    must display the following acknowledgement:
     32  *    "This product includes cryptographic software written by
     33  *     Eric Young (eay (at) cryptsoft.com)"
     34  *    The word 'cryptographic' can be left out if the rouines from the library
     35  *    being used are not cryptographic related :-).
     36  * 4. If you include any Windows specific code (or a derivative thereof) from
     37  *    the apps directory (application code) you must include an acknowledgement:
     38  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     39  *
     40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     50  * SUCH DAMAGE.
     51  *
     52  * The licence and distribution terms for any publically available version or
     53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     54  * copied and put under another distribution licence
     55  * [including the GNU Public Licence.]
     56  */
     57 /* ====================================================================
     58  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
     59  *
     60  * Redistribution and use in source and binary forms, with or without
     61  * modification, are permitted provided that the following conditions
     62  * are met:
     63  *
     64  * 1. Redistributions of source code must retain the above copyright
     65  *    notice, this list of conditions and the following disclaimer.
     66  *
     67  * 2. Redistributions in binary form must reproduce the above copyright
     68  *    notice, this list of conditions and the following disclaimer in
     69  *    the documentation and/or other materials provided with the
     70  *    distribution.
     71  *
     72  * 3. All advertising materials mentioning features or use of this
     73  *    software must display the following acknowledgment:
     74  *    "This product includes software developed by the OpenSSL Project
     75  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     76  *
     77  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     78  *    endorse or promote products derived from this software without
     79  *    prior written permission. For written permission, please contact
     80  *    openssl-core (at) openssl.org.
     81  *
     82  * 5. Products derived from this software may not be called "OpenSSL"
     83  *    nor may "OpenSSL" appear in their names without prior written
     84  *    permission of the OpenSSL Project.
     85  *
     86  * 6. Redistributions of any form whatsoever must retain the following
     87  *    acknowledgment:
     88  *    "This product includes software developed by the OpenSSL Project
     89  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     90  *
     91  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     92  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     93  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     94  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     95  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     96  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     97  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     98  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     99  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    100  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    101  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    102  * OF THE POSSIBILITY OF SUCH DAMAGE.
    103  * ====================================================================
    104  *
    105  * This product includes cryptographic software written by Eric Young
    106  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    107  * Hudson (tjh (at) cryptsoft.com).
    108  *
    109  */
    110 /* ====================================================================
    111  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
    112  *
    113  * Portions of the attached software ("Contribution") are developed by
    114  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
    115  *
    116  * The Contribution is licensed pursuant to the OpenSSL open source
    117  * license provided above.
    118  *
    119  * ECC cipher suite support in OpenSSL originally written by
    120  * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
    121  *
    122  */
    123 /* ====================================================================
    124  * Copyright 2005 Nokia. All rights reserved.
    125  *
    126  * The portions of the attached software ("Contribution") is developed by
    127  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
    128  * license.
    129  *
    130  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
    131  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
    132  * support (see RFC 4279) to OpenSSL.
    133  *
    134  * No patent licenses or other rights except those expressly stated in
    135  * the OpenSSL open source license shall be deemed granted or received
    136  * expressly, by implication, estoppel, or otherwise.
    137  *
    138  * No assurances are provided by Nokia that the Contribution does not
    139  * infringe the patent or other intellectual property rights of any third
    140  * party or that the license provides you with all the necessary rights
    141  * to make use of the Contribution.
    142  *
    143  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
    144  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
    145  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
    146  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
    147  * OTHERWISE.
    148  */
    149 
    150 #ifndef OPENSSL_HEADER_TLS1_H
    151 #define OPENSSL_HEADER_TLS1_H
    152 
    153 #include <openssl/base.h>
    154 
    155 #ifdef  __cplusplus
    156 extern "C" {
    157 #endif
    158 
    159 
    160 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
    161 
    162 #define TLS1_AD_DECRYPTION_FAILED 21
    163 #define TLS1_AD_RECORD_OVERFLOW 22
    164 #define TLS1_AD_UNKNOWN_CA 48    /* fatal */
    165 #define TLS1_AD_ACCESS_DENIED 49 /* fatal */
    166 #define TLS1_AD_DECODE_ERROR 50  /* fatal */
    167 #define TLS1_AD_DECRYPT_ERROR 51
    168 #define TLS1_AD_EXPORT_RESTRICTION 60    /* fatal */
    169 #define TLS1_AD_PROTOCOL_VERSION 70      /* fatal */
    170 #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
    171 #define TLS1_AD_INTERNAL_ERROR 80        /* fatal */
    172 #define TLS1_AD_USER_CANCELLED 90
    173 #define TLS1_AD_NO_RENEGOTIATION 100
    174 /* codes 110-114 are from RFC3546 */
    175 #define TLS1_AD_UNSUPPORTED_EXTENSION 110
    176 #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
    177 #define TLS1_AD_UNRECOGNIZED_NAME 112
    178 #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
    179 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
    180 #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
    181 
    182 /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
    183 #define TLSEXT_TYPE_server_name 0
    184 #define TLSEXT_TYPE_max_fragment_length 1
    185 #define TLSEXT_TYPE_client_certificate_url 2
    186 #define TLSEXT_TYPE_trusted_ca_keys 3
    187 #define TLSEXT_TYPE_truncated_hmac 4
    188 #define TLSEXT_TYPE_status_request 5
    189 /* ExtensionType values from RFC4681 */
    190 #define TLSEXT_TYPE_user_mapping 6
    191 
    192 /* ExtensionType values from RFC5878 */
    193 #define TLSEXT_TYPE_client_authz 7
    194 #define TLSEXT_TYPE_server_authz 8
    195 
    196 /* ExtensionType values from RFC6091 */
    197 #define TLSEXT_TYPE_cert_type 9
    198 
    199 /* ExtensionType values from RFC4492 */
    200 #define TLSEXT_TYPE_elliptic_curves 10
    201 #define TLSEXT_TYPE_ec_point_formats 11
    202 
    203 /* ExtensionType value from RFC5054 */
    204 #define TLSEXT_TYPE_srp 12
    205 
    206 /* ExtensionType values from RFC5246 */
    207 #define TLSEXT_TYPE_signature_algorithms 13
    208 
    209 /* ExtensionType value from RFC5764 */
    210 #define TLSEXT_TYPE_srtp 14
    211 
    212 /* ExtensionType value from RFC5620 */
    213 #define TLSEXT_TYPE_heartbeat 15
    214 
    215 /* ExtensionType value from RFC7301 */
    216 #define TLSEXT_TYPE_application_layer_protocol_negotiation 16
    217 
    218 /* ExtensionType value from RFC7685 */
    219 #define TLSEXT_TYPE_padding 21
    220 
    221 /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */
    222 #define TLSEXT_TYPE_extended_master_secret 23
    223 
    224 /* ExtensionType value from RFC4507 */
    225 #define TLSEXT_TYPE_session_ticket 35
    226 
    227 /* ExtensionType value from RFC5746 */
    228 #define TLSEXT_TYPE_renegotiate 0xff01
    229 
    230 /* ExtensionType value from RFC6962 */
    231 #define TLSEXT_TYPE_certificate_timestamp 18
    232 
    233 /* This is not an IANA defined extension number */
    234 #define TLSEXT_TYPE_next_proto_neg 13172
    235 
    236 /* This is not an IANA defined extension number */
    237 #define TLSEXT_TYPE_channel_id 30032
    238 
    239 /* status request value from RFC 3546 */
    240 #define TLSEXT_STATUSTYPE_ocsp 1
    241 
    242 /* ECPointFormat values from RFC 4492 */
    243 #define TLSEXT_ECPOINTFORMAT_uncompressed 0
    244 #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
    245 #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
    246 
    247 /* Signature and hash algorithms from RFC 5246 */
    248 
    249 #define TLSEXT_signature_anonymous 0
    250 #define TLSEXT_signature_rsa 1
    251 #define TLSEXT_signature_dsa 2
    252 #define TLSEXT_signature_ecdsa 3
    253 
    254 #define TLSEXT_hash_none 0
    255 #define TLSEXT_hash_md5 1
    256 #define TLSEXT_hash_sha1 2
    257 #define TLSEXT_hash_sha224 3
    258 #define TLSEXT_hash_sha256 4
    259 #define TLSEXT_hash_sha384 5
    260 #define TLSEXT_hash_sha512 6
    261 
    262 /* Flag set for unrecognised algorithms */
    263 #define TLSEXT_nid_unknown 0x1000000
    264 
    265 /* ECC curves */
    266 
    267 #define TLSEXT_curve_P_256 23
    268 #define TLSEXT_curve_P_384 24
    269 
    270 
    271 #define TLSEXT_MAXLEN_host_name 255
    272 
    273 /* PSK ciphersuites from 4279 */
    274 #define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
    275 #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
    276 #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
    277 #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
    278 
    279 /* PSK ciphersuites from RFC 5489 */
    280 #define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA          0x0300C035
    281 #define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA          0x0300C036
    282 
    283 /* Additional TLS ciphersuites from expired Internet Draft
    284  * draft-ietf-tls-56-bit-ciphersuites-01.txt
    285  * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
    286  * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
    287  * shouldn't.  Note that the first two are actually not in the IDs. */
    288 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060     /* not in ID */
    289 #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */
    290 #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
    291 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
    292 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
    293 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
    294 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
    295 
    296 /* AES ciphersuites from RFC3268 */
    297 
    298 #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
    299 #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
    300 #define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
    301 #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
    302 #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
    303 #define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
    304 
    305 #define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
    306 #define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
    307 #define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
    308 #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
    309 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
    310 #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
    311 
    312 /* TLS v1.2 ciphersuites */
    313 #define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
    314 #define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
    315 #define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
    316 #define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
    317 #define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
    318 #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
    319 
    320 /* Camellia ciphersuites from RFC4132 */
    321 #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
    322 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
    323 #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
    324 #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
    325 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
    326 #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
    327 
    328 /* TLS v1.2 ciphersuites */
    329 #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
    330 #define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
    331 #define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
    332 #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
    333 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
    334 #define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
    335 #define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
    336 
    337 /* Camellia ciphersuites from RFC4132 */
    338 #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
    339 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
    340 #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
    341 #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
    342 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
    343 #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
    344 
    345 /* SEED ciphersuites from RFC4162 */
    346 #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
    347 #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
    348 #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
    349 #define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
    350 #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
    351 #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
    352 
    353 /* TLS v1.2 GCM ciphersuites from RFC5288 */
    354 #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
    355 #define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
    356 #define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
    357 #define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
    358 #define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
    359 #define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
    360 #define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
    361 #define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
    362 #define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
    363 #define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
    364 #define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
    365 #define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
    366 
    367 /* ECC ciphersuites from RFC4492 */
    368 #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
    369 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
    370 #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
    371 #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
    372 #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
    373 
    374 #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
    375 #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
    376 #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
    377 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
    378 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
    379 
    380 #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
    381 #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
    382 #define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
    383 #define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
    384 #define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
    385 
    386 #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
    387 #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
    388 #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
    389 #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
    390 #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
    391 
    392 #define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
    393 #define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
    394 #define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
    395 #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
    396 #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
    397 
    398 /* SRP ciphersuites from RFC 5054 */
    399 #define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
    400 #define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
    401 #define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
    402 #define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
    403 #define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
    404 #define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
    405 #define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
    406 #define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
    407 #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
    408 
    409 /* ECDH HMAC based ciphersuites from RFC5289 */
    410 
    411 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
    412 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
    413 #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
    414 #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
    415 #define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
    416 #define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
    417 #define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
    418 #define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
    419 
    420 /* ECDH GCM based ciphersuites from RFC5289 */
    421 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
    422 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
    423 #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
    424 #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
    425 #define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
    426 #define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
    427 #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
    428 #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
    429 
    430 #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD 0x0300CC13
    431 #define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD 0x0300CC14
    432 
    433 #define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA8
    434 #define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9
    435 #define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC
    436 
    437 /* TODO(davidben): Remove this. Historically, the CK names for CHACHA20_POLY1305
    438  * were missing 'WITH' and 'SHA256'. */
    439 #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 \
    440   TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    441 
    442 /* XXX
    443  * Inconsistency alert:
    444  * The OpenSSL names of ciphers with ephemeral DH here include the string
    445  * "DHE", while elsewhere it has always been "EDH".
    446  * (The alias for the list of all such ciphers also is "EDH".)
    447  * The specifications speak of "EDH"; maybe we should allow both forms
    448  * for everything. */
    449 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
    450 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
    451 #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
    452 #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA \
    453   "EXP1024-DHE-DSS-DES-CBC-SHA"
    454 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
    455 #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
    456 #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
    457 
    458 /* AES ciphersuites from RFC3268 */
    459 #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
    460 #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
    461 #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
    462 #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
    463 #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
    464 #define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
    465 
    466 #define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
    467 #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
    468 #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
    469 #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
    470 #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
    471 #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
    472 
    473 /* ECC ciphersuites from RFC4492 */
    474 #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
    475 #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
    476 #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
    477 #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
    478 #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
    479 
    480 #define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
    481 #define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
    482 #define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
    483 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
    484 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
    485 
    486 #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
    487 #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
    488 #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
    489 #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
    490 #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
    491 
    492 #define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
    493 #define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
    494 #define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
    495 #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
    496 #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
    497 
    498 #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
    499 #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
    500 #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
    501 #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
    502 #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
    503 
    504 /* PSK ciphersuites from RFC 4279 */
    505 #define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
    506 #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
    507 #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
    508 #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
    509 
    510 /* PSK ciphersuites from RFC 5489 */
    511 #define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA"
    512 #define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA"
    513 
    514 /* SRP ciphersuite from RFC 5054 */
    515 #define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
    516 #define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
    517 #define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
    518 #define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
    519 #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
    520 #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
    521 #define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
    522 #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
    523 #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
    524 
    525 /* Camellia ciphersuites from RFC4132 */
    526 #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
    527 #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
    528 #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
    529 #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
    530 #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
    531 #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
    532 
    533 #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
    534 #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
    535 #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
    536 #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
    537 #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
    538 #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
    539 
    540 /* SEED ciphersuites from RFC4162 */
    541 #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
    542 #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
    543 #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
    544 #define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
    545 #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
    546 #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
    547 
    548 /* TLS v1.2 ciphersuites */
    549 #define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
    550 #define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
    551 #define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
    552 #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
    553 #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
    554 #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
    555 #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
    556 #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
    557 #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
    558 #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
    559 #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
    560 #define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
    561 #define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
    562 
    563 /* TLS v1.2 GCM ciphersuites from RFC5288 */
    564 #define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
    565 #define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
    566 #define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
    567 #define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
    568 #define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
    569 #define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
    570 #define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
    571 #define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
    572 #define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
    573 #define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
    574 #define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
    575 #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
    576 
    577 /* ECDH HMAC based ciphersuites from RFC5289 */
    578 
    579 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
    580 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
    581 #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
    582 #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
    583 #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
    584 #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
    585 #define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
    586 #define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
    587 
    588 /* ECDH GCM based ciphersuites from RFC5289 */
    589 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
    590   "ECDHE-ECDSA-AES128-GCM-SHA256"
    591 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
    592   "ECDHE-ECDSA-AES256-GCM-SHA384"
    593 #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \
    594   "ECDH-ECDSA-AES128-GCM-SHA256"
    595 #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \
    596   "ECDH-ECDSA-AES256-GCM-SHA384"
    597 #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
    598 #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
    599 #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
    600 #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
    601 
    602 /* For convenience, the old and new CHACHA20_POLY1305 ciphers have the same
    603  * name. In cipher strings, both will be selected. This is temporary and will be
    604  * removed when the pre-standard construction is removed. */
    605 #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD \
    606   "ECDHE-RSA-CHACHA20-POLY1305"
    607 #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD \
    608   "ECDHE-ECDSA-CHACHA20-POLY1305"
    609 
    610 #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
    611   "ECDHE-RSA-CHACHA20-POLY1305"
    612 #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
    613   "ECDHE-ECDSA-CHACHA20-POLY1305"
    614 #define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
    615   "ECDHE-PSK-CHACHA20-POLY1305"
    616 
    617 /* TODO(davidben): Remove this. Historically, the TXT names for CHACHA20_POLY1305
    618  * were missing 'SHA256'. */
    619 #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 \
    620   TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    621 
    622 #define TLS_CT_RSA_SIGN 1
    623 #define TLS_CT_DSS_SIGN 2
    624 #define TLS_CT_RSA_FIXED_DH 3
    625 #define TLS_CT_DSS_FIXED_DH 4
    626 #define TLS_CT_ECDSA_SIGN 64
    627 #define TLS_CT_RSA_FIXED_ECDH 65
    628 #define TLS_CT_ECDSA_FIXED_ECDH 66
    629 
    630 #define TLS_MD_MAX_CONST_SIZE 20
    631 #define TLS_MD_CLIENT_FINISH_CONST "client finished"
    632 #define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
    633 #define TLS_MD_SERVER_FINISH_CONST "server finished"
    634 #define TLS_MD_SERVER_FINISH_CONST_SIZE 15
    635 #define TLS_MD_KEY_EXPANSION_CONST "key expansion"
    636 #define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
    637 #define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
    638 #define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
    639 #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
    640 #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
    641 #define TLS_MD_IV_BLOCK_CONST "IV block"
    642 #define TLS_MD_IV_BLOCK_CONST_SIZE 8
    643 #define TLS_MD_MASTER_SECRET_CONST "master secret"
    644 #define TLS_MD_MASTER_SECRET_CONST_SIZE 13
    645 #define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret"
    646 #define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22
    647 
    648 
    649 #ifdef  __cplusplus
    650 }  /* extern C */
    651 #endif
    652 
    653 #endif  /* OPENSSL_HEADER_TLS1_H */
    654