* The feature that stopped alpine from saving passwords in the password

file prevented users from actually saving their passwords in Windows and MAC OS. Fix the code so that passwords will be saved. Also, update the documentation of this feature. * Fix a buffer overflow bug in the XOAUTH2 code (off by one error). * Update PC-Alpine to work with Libressl version 3.0.2 instead of version 2.5.5 (update build.bat and lib files from the LibreSSL build). * Erase SSLXXXXXX file. * ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c. The file ssl_libressl.c is the file ssl_unix.c from the unix osdep directory. The file ssl_win.c is the native SSL windows code. The Unix side provides S/MIME support for Alpine and the latest encryption protocols support for Alpine when connecting to a secure server, while the windows side provide TLSv1_3 support for Alpine, but not S/MIME support. In order to provide unix code for TLSv1_3 (once LibreSSL supports it) edit the file os_nt.c and remove the comments on the #ifdef section. This would provide both TLSv1_3 and S/MIME support with unix code. On the other hand, when we provide TLSv1_3 with the Windows code we need to undefine DF_ENCRYPTION_RANGE, and this is done in the file include/config.wnt.h. The way this is done as of this moment is by commenting an #else directive that preceedes this #undefine. * Update makefile.nt and friends in the windows side to account for the addition of XOAUTH2, and the use of only ssl_nt.c when dealing with Alpine. * Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these certificates be considered while checking a digital S/MIME signature. * Improvements to the SMARTTIME24 token to account for changes in year.
author: Eduardo Chappa <chappa@washington.edu> 2020-01-04 20:08:32 -0700
committer: Eduardo Chappa <chappa@washington.edu> 2020-01-04 20:08:32 -0700
commit: f398f615b6df385aec2b3553310cc237b29e068a (patch)
tree: 5af79c6a9a180c72c58a9d9cd2d79a1d7657d152 /libressl/include/openssl/tls1.h
parent: 77191bf3e4e049603fb6a0547876259c29c71dbd (diff)
download: alpine-f398f615b6df385aec2b3553310cc237b29e068a.tar.xz
1 files changed, 51 insertions, 37 deletions
diff --git a/libressl/include/openssl/tls1.h b/libressl/include/openssl/tls1.h
index d06a1969..cb68bbb5 100644
--- a/libressl/include/openssl/tls1.h
+++ b/libressl/include/openssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.29 2017/03/25 14:15:11 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.39 2019/03/19 16:53:03 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -151,6 +151,8 @@
 #ifndef HEADER_TLS1_H
 #define HEADER_TLS1_H
 
+#include <openssl/opensslconf.h>
+
 #include <openssl/buffer.h>
 
 #ifdef  __cplusplus
@@ -159,6 +161,10 @@ extern "C" {
 
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
 
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_VERSION			0x0304
+#endif
+
 #define TLS1_2_VERSION			0x0303
 #define TLS1_2_VERSION_MAJOR		0x03
 #define TLS1_2_VERSION_MINOR		0x03
@@ -230,14 +236,19 @@ extern "C" {
 /* ExtensionType values from RFC 6091. */
 #define TLSEXT_TYPE_cert_type		9
 
+/* ExtensionType values from RFC 7919. */
+#define TLSEXT_TYPE_supported_groups		10
+
 /* ExtensionType values from RFC 4492. */
-#define TLSEXT_TYPE_elliptic_curves		10
+#ifndef LIBRESSL_INTERNAL
+#define TLSEXT_TYPE_elliptic_curves		TLSEXT_TYPE_supported_groups
+#endif
 #define TLSEXT_TYPE_ec_point_formats		11
 
 /* ExtensionType value from RFC 5054. */
 #define TLSEXT_TYPE_srp				12
 
-/* ExtensionType values from RFC 5246. */
+/* ExtensionType value from RFC 5246/RFC 8446. */
 #define TLSEXT_TYPE_signature_algorithms	13
 
 /* ExtensionType value from RFC 5764. */
@@ -255,12 +266,23 @@ extern "C" {
 /* ExtensionType value from RFC 4507. */
 #define TLSEXT_TYPE_session_ticket		35
 
+/* ExtensionType values from RFC 8446 section 4.2 */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLSEXT_TYPE_pre_shared_key		41
+#define TLSEXT_TYPE_early_data			42
+#define TLSEXT_TYPE_supported_versions		43
+#define TLSEXT_TYPE_cookie			44
+#define TLSEXT_TYPE_psk_key_exchange_modes	45
+#define TLSEXT_TYPE_certificate_authorities	47
+#define TLSEXT_TYPE_oid_filters			48
+#define TLSEXT_TYPE_post_handshake_auth		49
+#define TLSEXT_TYPE_signature_algorithms_cert	50
+#define TLSEXT_TYPE_key_share			51
+#endif
+
 /* Temporary extension type */
 #define TLSEXT_TYPE_renegotiate                 0xff01
 
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_next_proto_neg		13172
-
 /* NameType value from RFC 3546. */
 #define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */
@@ -273,29 +295,6 @@ extern "C" {
 #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2	2
 #define TLSEXT_ECPOINTFORMAT_last			2
 
-/* Signature and hash algorithms from RFC 5246. */
-
-#define TLSEXT_signature_anonymous			0
-#define TLSEXT_signature_rsa				1
-#define TLSEXT_signature_dsa				2
-#define TLSEXT_signature_ecdsa				3
-/* FIXME IANA */
-#define TLSEXT_signature_gostr01			237
-#define TLSEXT_signature_gostr12_256			238
-#define TLSEXT_signature_gostr12_512			239
-
-#define TLSEXT_hash_none				0
-#define TLSEXT_hash_md5					1
-#define TLSEXT_hash_sha1				2
-#define TLSEXT_hash_sha224				3
-#define TLSEXT_hash_sha256				4
-#define TLSEXT_hash_sha384				5
-#define TLSEXT_hash_sha512				6
-/* FIXME IANA */
-#define TLSEXT_hash_gost94				237
-#define TLSEXT_hash_streebog_256			238
-#define TLSEXT_hash_streebog_512			239
-
 #define TLSEXT_MAXLEN_host_name 255
 
 const char *SSL_get_servername(const SSL *s, const int type);
@@ -357,11 +356,15 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
 #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
 	SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
 
+#define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
 #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
 
+#define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg)
 #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg)
 
 #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
@@ -471,6 +474,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256	0x030000C4
 #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256	0x030000C5
 
+/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_CK_AES_128_GCM_SHA256			0x03001301
+#define TLS1_3_CK_AES_256_GCM_SHA384			0x03001302
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256		0x03001303
+#define TLS1_3_CK_AES_128_CCM_SHA256			0x03001304
+#define TLS1_3_CK_AES_128_CCM_8_SHA256			0x03001305
+#endif
+
 /* ECC ciphersuites from RFC 4492. */
 #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
@@ -534,9 +546,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
 
 /* ChaCha20-Poly1305 based ciphersuites. */
-#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD		0x0300CC13
-#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD	0x0300CC14
-#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD		0x0300CC15
 #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305		0x0300CCA8
 #define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305		0x0300CCA9
 #define TLS1_CK_DHE_RSA_CHACHA20_POLY1305		0x0300CCAA
@@ -680,7 +689,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384		"ADH-AES256-GCM-SHA384"
 
 /* ECDH HMAC based ciphersuites from RFC 5289. */
-
 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
 #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
@@ -701,13 +709,19 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
 
 /* ChaCha20-Poly1305 based ciphersuites. */
-#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD	"ECDHE-RSA-CHACHA20-POLY1305-OLD"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD	"ECDHE-ECDSA-CHACHA20-POLY1305-OLD"
-#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_OLD	"DHE-RSA-CHACHA20-POLY1305-OLD"
 #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305	"ECDHE-RSA-CHACHA20-POLY1305"
 #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305	"ECDHE-ECDSA-CHACHA20-POLY1305"
 #define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305		"DHE-RSA-CHACHA20-POLY1305"
 
+/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_TXT_AES_128_GCM_SHA256			"AEAD-AES128-GCM-SHA256"
+#define TLS1_3_TXT_AES_256_GCM_SHA384			"AEAD-AES256-GCM-SHA384"
+#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256		"AEAD-CHACHA20-POLY1305-SHA256"
+#define TLS1_3_TXT_AES_128_CCM_SHA256			"AEAD-AES128-CCM-SHA256"
+#define TLS1_3_TXT_AES_128_CCM_8_SHA256			"AEAD-AES128-CCM-8-SHA256"
+#endif
+
 #define TLS_CT_RSA_SIGN			1
 #define TLS_CT_DSS_SIGN			2
 #define TLS_CT_RSA_FIXED_DH		3
author	Eduardo Chappa <chappa@washington.edu>	2020-01-04 20:08:32 -0700
committer	Eduardo Chappa <chappa@washington.edu>	2020-01-04 20:08:32 -0700
commit	f398f615b6df385aec2b3553310cc237b29e068a (patch)
tree	5af79c6a9a180c72c58a9d9cd2d79a1d7657d152 /libressl/include/openssl/tls1.h
parent	77191bf3e4e049603fb6a0547876259c29c71dbd (diff)
download	alpine-f398f615b6df385aec2b3553310cc237b29e068a.tar.xz