summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2018-11-07 01:53:36 +0000
committerjsing <>2018-11-07 01:53:36 +0000
commitce26c3410b909ac6a3b6467a194cd79210869e06 (patch)
treeed0c8f5291a5a12ae7b0215521012a3a6f80e62e
parent6c76feec69da3c4ffea7496b04e0c18edd09d141 (diff)
downloadopenbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.gz
openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.bz2
openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.zip
Add TLSv1.3 cipher suites (with appropriate guards).
ok beck@ tb@
Diffstat
-rw-r--r--src/lib/libssl/s3_lib.c56
-rw-r--r--src/lib/libssl/ssl.h5
-rw-r--r--src/lib/libssl/ssl_ciph.c15
-rw-r--r--src/lib/libssl/ssl_lib.c7
-rw-r--r--src/lib/libssl/ssl_locl.h5
-rw-r--r--src/lib/libssl/tls1.h21
6 files changed, 100 insertions, 9 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1c605613e8..6ca08774b0 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.173 2018/11/05 20:41:30 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.174 2018/11/07 01:53:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -870,6 +870,60 @@ SSL_CIPHER ssl3_ciphers[] = {
870 }, 870 },
871#endif /* OPENSSL_NO_CAMELLIA */ 871#endif /* OPENSSL_NO_CAMELLIA */
872 872
873 /*
874 * TLSv1.3 cipher suites.
875 */
876
877#ifdef LIBRESSL_HAS_TLS1_3
878 /* Cipher 1301 */
879 {
880 .valid = 1,
881 .name = TLS1_3_TXT_AES_128_GCM_SHA256,
882 .id = TLS1_3_CK_AES_128_GCM_SHA256,
883 .algorithm_mkey = SSL_kTLS1_3,
884 .algorithm_auth = SSL_aTLS1_3,
885 .algorithm_enc = SSL_AES128GCM,
886 .algorithm_mac = SSL_AEAD,
887 .algorithm_ssl = SSL_TLSV1_3,
888 .algo_strength = SSL_HIGH,
889 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
890 .strength_bits = 128,
891 .alg_bits = 128,
892 },
893
894 /* Cipher 1302 */
895 {
896 .valid = 1,
897 .name = TLS1_3_TXT_AES_256_GCM_SHA384,
898 .id = TLS1_3_CK_AES_256_GCM_SHA384,
899 .algorithm_mkey = SSL_kTLS1_3,
900 .algorithm_auth = SSL_aTLS1_3,
901 .algorithm_enc = SSL_AES256GCM,
902 .algorithm_mac = SSL_AEAD,
903 .algorithm_ssl = SSL_TLSV1_3,
904 .algo_strength = SSL_HIGH,
905 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, /* XXX */
906 .strength_bits = 256,
907 .alg_bits = 256,
908 },
909
910 /* Cipher 1303 */
911 {
912 .valid = 1,
913 .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
914 .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
915 .algorithm_mkey = SSL_kTLS1_3,
916 .algorithm_auth = SSL_aTLS1_3,
917 .algorithm_enc = SSL_CHACHA20POLY1305,
918 .algorithm_mac = SSL_AEAD,
919 .algorithm_ssl = SSL_TLSV1_3,
920 .algo_strength = SSL_HIGH,
921 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
922 .strength_bits = 256,
923 .alg_bits = 256,
924 },
925#endif
926
873 /* Cipher C006 */ 927 /* Cipher C006 */
874 { 928 {
875 .valid = 1, 929 .valid = 1,
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 8d4fcc442f..4c8328fb80 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.160 2018/11/06 01:37:23 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.161 2018/11/07 01:53:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -306,6 +306,9 @@ extern "C" {
306#define SSL_TXT_TLSV1 "TLSv1" 306#define SSL_TXT_TLSV1 "TLSv1"
307#define SSL_TXT_TLSV1_1 "TLSv1.1" 307#define SSL_TXT_TLSV1_1 "TLSv1.1"
308#define SSL_TXT_TLSV1_2 "TLSv1.2" 308#define SSL_TXT_TLSV1_2 "TLSv1.2"
309#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
310#define SSL_TXT_TLSV1_3 "TLSv1.3"
311#endif
309 312
310#define SSL_TXT_EXP "EXP" 313#define SSL_TXT_EXP "EXP"
311#define SSL_TXT_EXPORT "EXPORT" 314#define SSL_TXT_EXPORT "EXPORT"
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index e54fbacdd8..bbae6a63d9 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.105 2018/09/08 14:39:41 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.106 2018/11/07 01:53:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -426,6 +426,10 @@ static const SSL_CIPHER cipher_aliases[] = {
426 .name = SSL_TXT_TLSV1_2, 426 .name = SSL_TXT_TLSV1_2,
427 .algorithm_ssl = SSL_TLSV1_2, 427 .algorithm_ssl = SSL_TLSV1_2,
428 }, 428 },
429 {
430 .name = SSL_TXT_TLSV1_3,
431 .algorithm_ssl = SSL_TLSV1_3,
432 },
429 433
430 /* strength classes */ 434 /* strength classes */
431 { 435 {
@@ -1318,8 +1322,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1318 } 1322 }
1319 1323
1320 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, 1324 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1321 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, 1325 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1322 co_list, &head, &tail); 1326 co_list, &head, &tail);
1323 1327
1324 1328
1325 /* Now arrange all ciphers by preference: */ 1329 /* Now arrange all ciphers by preference: */
@@ -1375,6 +1379,9 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1375 /* Now disable everything (maintaining the ordering!) */ 1379 /* Now disable everything (maintaining the ordering!) */
1376 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1380 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1377 1381
1382 /* TLSv1.3 first. */
1383 ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_ADD, -1, &head, &tail);
1384 ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_DEL, -1, &head, &tail);
1378 1385
1379 /* 1386 /*
1380 * We also need cipher aliases for selecting based on the rule_str. 1387 * We also need cipher aliases for selecting based on the rule_str.
@@ -1489,6 +1496,8 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1489 ver = "SSLv3"; 1496 ver = "SSLv3";
1490 else if (alg_ssl & SSL_TLSV1_2) 1497 else if (alg_ssl & SSL_TLSV1_2)
1491 ver = "TLSv1.2"; 1498 ver = "TLSv1.2";
1499 else if (alg_ssl & SSL_TLSV1_3)
1500 ver = "TLSv1.3";
1492 else 1501 else
1493 ver = "unknown"; 1502 ver = "unknown";
1494 1503
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index d8415bcf6d..3c4d116919 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.189 2018/09/05 16:58:59 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.190 2018/11/07 01:53:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1424,6 +1424,11 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
1424 if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) 1424 if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
1425 return 0; 1425 return 0;
1426 1426
1427 /* Skip TLS v1.3 only ciphersuites if lower than v1.3 */
1428 if ((cipher->algorithm_ssl & SSL_TLSV1_3) &&
1429 (TLS1_get_client_version(s) < TLS1_3_VERSION))
1430 continue;
1431
1427 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ 1432 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1428 if ((cipher->algorithm_ssl & SSL_TLSV1_2) && 1433 if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
1429 (TLS1_get_client_version(s) < TLS1_2_VERSION)) 1434 (TLS1_get_client_version(s) < TLS1_2_VERSION))
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 95858339ea..8aa29e7e59 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.219 2018/11/05 20:41:30 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.220 2018/11/07 01:53:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -208,6 +208,7 @@ __BEGIN_HIDDEN_DECLS
208#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ 208#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
209#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ 209#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
210#define SSL_kGOST 0x00000200L /* GOST key exchange */ 210#define SSL_kGOST 0x00000200L /* GOST key exchange */
211#define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */
211 212
212/* Bits for algorithm_auth (server authentication) */ 213/* Bits for algorithm_auth (server authentication) */
213#define SSL_aRSA 0x00000001L /* RSA auth */ 214#define SSL_aRSA 0x00000001L /* RSA auth */
@@ -215,6 +216,7 @@ __BEGIN_HIDDEN_DECLS
215#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ 216#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
216#define SSL_aECDSA 0x00000040L /* ECDSA auth*/ 217#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
217#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ 218#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
219#define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */
218 220
219/* Bits for algorithm_enc (symmetric encryption) */ 221/* Bits for algorithm_enc (symmetric encryption) */
220#define SSL_DES 0x00000001L 222#define SSL_DES 0x00000001L
@@ -251,6 +253,7 @@ __BEGIN_HIDDEN_DECLS
251#define SSL_SSLV3 0x00000002L 253#define SSL_SSLV3 0x00000002L
252#define SSL_TLSV1 SSL_SSLV3 /* for now */ 254#define SSL_TLSV1 SSL_SSLV3 /* for now */
253#define SSL_TLSV1_2 0x00000004L 255#define SSL_TLSV1_2 0x00000004L
256#define SSL_TLSV1_3 0x00000008L
254 257
255 258
256/* Bits for algorithm2 (handshake digests and other extra flags) */ 259/* Bits for algorithm2 (handshake digests and other extra flags) */
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index c0b14b2099..603201ad17 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls1.h,v 1.35 2018/11/06 20:48:08 jsing Exp $ */ 1/* $OpenBSD: tls1.h,v 1.36 2018/11/07 01:53:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -497,6 +497,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
497#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 497#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4
498#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 498#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5
499 499
500/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
501#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
502#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
503#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
504#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
505#define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
506#define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
507#endif
508
500/* ECC ciphersuites from RFC 4492. */ 509/* ECC ciphersuites from RFC 4492. */
501#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 510#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
502#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 511#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
@@ -703,7 +712,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
703#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" 712#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
704 713
705/* ECDH HMAC based ciphersuites from RFC 5289. */ 714/* ECDH HMAC based ciphersuites from RFC 5289. */
706
707#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" 715#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
708#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" 716#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
709#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" 717#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
@@ -728,6 +736,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
728#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" 736#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
729#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" 737#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
730 738
739/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
740#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
741#define TLS1_3_TXT_AES_128_GCM_SHA256 "AEAD-AES128-GCM-SHA256"
742#define TLS1_3_TXT_AES_256_GCM_SHA384 "AEAD-AES256-GCM-SHA384"
743#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256"
744#define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256"
745#define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256"
746#endif
747
731#define TLS_CT_RSA_SIGN 1 748#define TLS_CT_RSA_SIGN 1
732#define TLS_CT_DSS_SIGN 2 749#define TLS_CT_DSS_SIGN 2
733#define TLS_CT_RSA_FIXED_DH 3 750#define TLS_CT_RSA_FIXED_DH 3
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:48:31 +0000