Google Git
Sign in
boringssl / boringssl.git / 0080d83b9faf8dd325f5f5f92eb56faa93864e4c^! / . / include / openssl
commit0080d83b9faf8dd325f5f5f92eb56faa93864e4c[log] [tgz]
authorAdam Langley <agl@google.com>Thu Jun 07 16:39:49 2018 -0700
committerAdam Langley <agl@google.com>Mon Jun 18 22:16:11 2018 +0000
tree461fb2eed0bbb68dcf54a7db47d9050fee9ae0e3
parentf6e5d0d5a16e1bbb4116606c1fc04dd31502fa14 [diff]
Implement the client side of certificate compression.

Change-Id: I0aced480af98276ebfe0970b4afb9aa957ee07cb
Reviewed-on: https://boringssl-review.googlesource.com/29024
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/pool.h b/include/openssl/pool.h
index 373952f..2c19c88 100644
--- a/include/openssl/pool.h
+++ b/include/openssl/pool.h

@@ -48,6 +48,16 @@
 OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len,
                                                 CRYPTO_BUFFER_POOL *pool);
 
+// CRYPTO_BUFFER_alloc creates an unpooled |CRYPTO_BUFFER| of the given size and
+// writes the underlying data pointer to |*out_data|. It returns NULL on error.
+//
+// After calling this function, |len| bytes of contents must be written to
+// |out_data| before passing the returned pointer to any other BoringSSL
+// functions. Once initialized, the |CRYPTO_BUFFER| should be treated as
+// immutable.
+OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_alloc(uint8_t **out_data,
+                                                  size_t len);
+
 // CRYPTO_BUFFER_new_from_CBS acts the same as |CRYPTO_BUFFER_new|.
 OPENSSL_EXPORT CRYPTO_BUFFER *CRYPTO_BUFFER_new_from_CBS(
     CBS *cbs, CRYPTO_BUFFER_POOL *pool);

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 2558732..5a44020 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -4793,6 +4793,9 @@
 #define SSL_R_OCSP_CB_ERROR 289
 #define SSL_R_SSL_SESSION_ID_TOO_LONG 290
 #define SSL_R_APPLICATION_DATA_ON_SHUTDOWN 291
+#define SSL_R_CERT_DECOMPRESSION_FAILED 292
+#define SSL_R_UNCOMPRESSED_CERT_TOO_LARGE 293
+#define SSL_R_UNKNOWN_CERT_COMPRESSION_ALG 294
 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index bb9a816..03b218b 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h

@@ -266,6 +266,10 @@
 #define TLSEXT_hash_sha384 5
 #define TLSEXT_hash_sha512 6
 
+// From https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03#section-3
+#define TLSEXT_cert_compression_zlib 1
+#define TLSEXT_cert_compression_brotli 2
+
 #define TLSEXT_MAXLEN_host_name 255
 
 // PSK ciphersuites from 4279