diff options
| author | jsing <> | 2015-01-26 13:06:39 +0000 |
|---|---|---|
| committer | jsing <> | 2015-01-26 13:06:39 +0000 |
| commit | e23e84e71c85db5dd37817db7f71dc7a202bc74d (patch) | |
| tree | 55223ef44f1c40cb3c640481670b74a12ab5802f | |
| parent | e7b94f3e0e803b7bea11d0c8a568dafe4a462f3b (diff) | |
| download | openbsd-e23e84e71c85db5dd37817db7f71dc7a202bc74d.tar.gz openbsd-e23e84e71c85db5dd37817db7f71dc7a202bc74d.tar.bz2 openbsd-e23e84e71c85db5dd37817db7f71dc7a202bc74d.zip | |
Add AEAD as a "MAC alias" so that it is possible to identify/select ciphers
that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers
(effectively the only ciphers that are still considered to be secure) to be
selected using TLSv1.2+AEAD as a cipher string.
ok bcook@ doug@ miod@
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_ciph.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/ssl.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 6 |
4 files changed, 14 insertions, 4 deletions
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 56344085ad..59ae1b5244 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.78 2015/01/26 13:06:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -290,6 +290,7 @@ extern "C" { | |||
| 290 | #define SSL_TXT_CAMELLIA "CAMELLIA" | 290 | #define SSL_TXT_CAMELLIA "CAMELLIA" |
| 291 | #define SSL_TXT_CHACHA20 "CHACHA20" | 291 | #define SSL_TXT_CHACHA20 "CHACHA20" |
| 292 | 292 | ||
| 293 | #define SSL_TXT_AEAD "AEAD" | ||
| 293 | #define SSL_TXT_MD5 "MD5" | 294 | #define SSL_TXT_MD5 "MD5" |
| 294 | #define SSL_TXT_SHA1 "SHA1" | 295 | #define SSL_TXT_SHA1 "SHA1" |
| 295 | #define SSL_TXT_SHA "SHA" /* same as "SHA1" */ | 296 | #define SSL_TXT_SHA "SHA" /* same as "SHA1" */ |
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index afc31d7816..ce82c2705c 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.79 2014/12/14 15:30:50 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -419,6 +419,10 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 419 | 419 | ||
| 420 | /* MAC aliases */ | 420 | /* MAC aliases */ |
| 421 | { | 421 | { |
| 422 | .name = SSL_TXT_AEAD, | ||
| 423 | .algorithm_mac = SSL_AEAD, | ||
| 424 | }, | ||
| 425 | { | ||
| 422 | .name = SSL_TXT_MD5, | 426 | .name = SSL_TXT_MD5, |
| 423 | .algorithm_mac = SSL_MD5, | 427 | .algorithm_mac = SSL_MD5, |
| 424 | }, | 428 | }, |
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 56344085ad..59ae1b5244 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.78 2015/01/26 13:06:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -290,6 +290,7 @@ extern "C" { | |||
| 290 | #define SSL_TXT_CAMELLIA "CAMELLIA" | 290 | #define SSL_TXT_CAMELLIA "CAMELLIA" |
| 291 | #define SSL_TXT_CHACHA20 "CHACHA20" | 291 | #define SSL_TXT_CHACHA20 "CHACHA20" |
| 292 | 292 | ||
| 293 | #define SSL_TXT_AEAD "AEAD" | ||
| 293 | #define SSL_TXT_MD5 "MD5" | 294 | #define SSL_TXT_MD5 "MD5" |
| 294 | #define SSL_TXT_SHA1 "SHA1" | 295 | #define SSL_TXT_SHA1 "SHA1" |
| 295 | #define SSL_TXT_SHA "SHA" /* same as "SHA1" */ | 296 | #define SSL_TXT_SHA "SHA" /* same as "SHA1" */ |
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index afc31d7816..ce82c2705c 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.79 2014/12/14 15:30:50 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -419,6 +419,10 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 419 | 419 | ||
| 420 | /* MAC aliases */ | 420 | /* MAC aliases */ |
| 421 | { | 421 | { |
| 422 | .name = SSL_TXT_AEAD, | ||
| 423 | .algorithm_mac = SSL_AEAD, | ||
| 424 | }, | ||
| 425 | { | ||
| 422 | .name = SSL_TXT_MD5, | 426 | .name = SSL_TXT_MD5, |
| 423 | .algorithm_mac = SSL_MD5, | 427 | .algorithm_mac = SSL_MD5, |
| 424 | }, | 428 | }, |