Add TLSv1.3 cipher suites (with appropriate guards).

ok beck@ tb@
author: jsing <> 2018-11-07 01:53:36 +0000
committer: jsing <> 2018-11-07 01:53:36 +0000
commit: ce26c3410b909ac6a3b6467a194cd79210869e06 (patch)
tree: ed0c8f5291a5a12ae7b0215521012a3a6f80e62e /src/lib/libssl/s3_lib.c
parent: 6c76feec69da3c4ffea7496b04e0c18edd09d141 (diff)
download: openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.gz
openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.bz2
openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.zip
1 files changed, 55 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1c605613e8..6ca08774b0 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.173 2018/11/05 20:41:30 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.174 2018/11/07 01:53:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -870,6 +870,60 @@ SSL_CIPHER ssl3_ciphers[] = {
        },
 #endif /* OPENSSL_NO_CAMELLIA */
+        /*
+         * TLSv1.3 cipher suites.
+         */
+#ifdef LIBRESSL_HAS_TLS1_3
+        /* Cipher 1301 */
+        {
+                .valid = 1,
+                .name = TLS1_3_TXT_AES_128_GCM_SHA256,
+                .id = TLS1_3_CK_AES_128_GCM_SHA256,
+                .algorithm_mkey = SSL_kTLS1_3,
+                .algorithm_auth = SSL_aTLS1_3,
+                .algorithm_enc = SSL_AES128GCM,
+                .algorithm_mac = SSL_AEAD,
+                .algorithm_ssl = SSL_TLSV1_3,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
+                .strength_bits = 128,
+                .alg_bits = 128,
+        },
+        /* Cipher 1302 */
+        {
+                .valid = 1,
+                .name = TLS1_3_TXT_AES_256_GCM_SHA384,
+                .id = TLS1_3_CK_AES_256_GCM_SHA384,
+                .algorithm_mkey = SSL_kTLS1_3,
+                .algorithm_auth = SSL_aTLS1_3,
+                .algorithm_enc = SSL_AES256GCM,
+                .algorithm_mac = SSL_AEAD,
+                .algorithm_ssl = SSL_TLSV1_3,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, /* XXX */
+                .strength_bits = 256,
+                .alg_bits = 256,
+        },
+        /* Cipher 1303 */
+        {
+                .valid = 1,
+                .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+                .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+                .algorithm_mkey = SSL_kTLS1_3,
+                .algorithm_auth = SSL_aTLS1_3,
+                .algorithm_enc = SSL_CHACHA20POLY1305,
+                .algorithm_mac = SSL_AEAD,
+                .algorithm_ssl = SSL_TLSV1_3,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
+                .strength_bits = 256,
+                .alg_bits = 256,
+        },
+#endif
        /* Cipher C006 */
        {
                .valid = 1,
author	jsing <>	2018-11-07 01:53:36 +0000
committer	jsing <>	2018-11-07 01:53:36 +0000
commit	ce26c3410b909ac6a3b6467a194cd79210869e06 (patch)
tree	ed0c8f5291a5a12ae7b0215521012a3a6f80e62e /src/lib/libssl/s3_lib.c
parent	6c76feec69da3c4ffea7496b04e0c18edd09d141 (diff)
download	openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.gz openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.bz2 openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 1c605613e8..6ca08774b0 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.173 2018/11/05 20:41:30 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.174 2018/11/07 01:53:36 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -870,6 +870,60 @@ SSL_CIPHER ssl3_ciphers[] = {
870	},	870	},
871	#endif /* OPENSSL_NO_CAMELLIA */	871	#endif /* OPENSSL_NO_CAMELLIA */
872		872
		873	/*
		874	* TLSv1.3 cipher suites.
		875	*/
		876
		877	#ifdef LIBRESSL_HAS_TLS1_3
		878	/* Cipher 1301 */
		879	{
		880	.valid = 1,
		881	.name = TLS1_3_TXT_AES_128_GCM_SHA256,
		882	.id = TLS1_3_CK_AES_128_GCM_SHA256,
		883	.algorithm_mkey = SSL_kTLS1_3,
		884	.algorithm_auth = SSL_aTLS1_3,
		885	.algorithm_enc = SSL_AES128GCM,
		886	.algorithm_mac = SSL_AEAD,
		887	.algorithm_ssl = SSL_TLSV1_3,
		888	.algo_strength = SSL_HIGH,
		889	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
		890	.strength_bits = 128,
		891	.alg_bits = 128,
		892	},
		893
		894	/* Cipher 1302 */
		895	{
		896	.valid = 1,
		897	.name = TLS1_3_TXT_AES_256_GCM_SHA384,
		898	.id = TLS1_3_CK_AES_256_GCM_SHA384,
		899	.algorithm_mkey = SSL_kTLS1_3,
		900	.algorithm_auth = SSL_aTLS1_3,
		901	.algorithm_enc = SSL_AES256GCM,
		902	.algorithm_mac = SSL_AEAD,
		903	.algorithm_ssl = SSL_TLSV1_3,
		904	.algo_strength = SSL_HIGH,
		905	.algorithm2 = SSL_HANDSHAKE_MAC_SHA384, /* XXX */
		906	.strength_bits = 256,
		907	.alg_bits = 256,
		908	},
		909
		910	/* Cipher 1303 */
		911	{
		912	.valid = 1,
		913	.name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
		914	.id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
		915	.algorithm_mkey = SSL_kTLS1_3,
		916	.algorithm_auth = SSL_aTLS1_3,
		917	.algorithm_enc = SSL_CHACHA20POLY1305,
		918	.algorithm_mac = SSL_AEAD,
		919	.algorithm_ssl = SSL_TLSV1_3,
		920	.algo_strength = SSL_HIGH,
		921	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
		922	.strength_bits = 256,
		923	.alg_bits = 256,
		924	},
		925	#endif
		926
873	/* Cipher C006 */	927	/* Cipher C006 */
874	{	928	{
875	.valid = 1,	929	.valid = 1,