diff options
author | jsing <> | 2018-11-07 01:53:36 +0000 |
---|---|---|
committer | jsing <> | 2018-11-07 01:53:36 +0000 |
commit | ce26c3410b909ac6a3b6467a194cd79210869e06 (patch) | |
tree | ed0c8f5291a5a12ae7b0215521012a3a6f80e62e /src/lib/libssl/ssl_ciph.c | |
parent | 6c76feec69da3c4ffea7496b04e0c18edd09d141 (diff) | |
download | openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.gz openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.bz2 openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.zip |
Add TLSv1.3 cipher suites (with appropriate guards).
ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r-- | src/lib/libssl/ssl_ciph.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index e54fbacdd8..bbae6a63d9 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_ciph.c,v 1.105 2018/09/08 14:39:41 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.106 2018/11/07 01:53:36 jsing Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -426,6 +426,10 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
426 | .name = SSL_TXT_TLSV1_2, | 426 | .name = SSL_TXT_TLSV1_2, |
427 | .algorithm_ssl = SSL_TLSV1_2, | 427 | .algorithm_ssl = SSL_TLSV1_2, |
428 | }, | 428 | }, |
429 | { | ||
430 | .name = SSL_TXT_TLSV1_3, | ||
431 | .algorithm_ssl = SSL_TLSV1_3, | ||
432 | }, | ||
429 | 433 | ||
430 | /* strength classes */ | 434 | /* strength classes */ |
431 | { | 435 | { |
@@ -1318,8 +1322,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
1318 | } | 1322 | } |
1319 | 1323 | ||
1320 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, | 1324 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, |
1321 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, | 1325 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, |
1322 | co_list, &head, &tail); | 1326 | co_list, &head, &tail); |
1323 | 1327 | ||
1324 | 1328 | ||
1325 | /* Now arrange all ciphers by preference: */ | 1329 | /* Now arrange all ciphers by preference: */ |
@@ -1375,6 +1379,9 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
1375 | /* Now disable everything (maintaining the ordering!) */ | 1379 | /* Now disable everything (maintaining the ordering!) */ |
1376 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | 1380 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
1377 | 1381 | ||
1382 | /* TLSv1.3 first. */ | ||
1383 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_ADD, -1, &head, &tail); | ||
1384 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_DEL, -1, &head, &tail); | ||
1378 | 1385 | ||
1379 | /* | 1386 | /* |
1380 | * We also need cipher aliases for selecting based on the rule_str. | 1387 | * We also need cipher aliases for selecting based on the rule_str. |
@@ -1489,6 +1496,8 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
1489 | ver = "SSLv3"; | 1496 | ver = "SSLv3"; |
1490 | else if (alg_ssl & SSL_TLSV1_2) | 1497 | else if (alg_ssl & SSL_TLSV1_2) |
1491 | ver = "TLSv1.2"; | 1498 | ver = "TLSv1.2"; |
1499 | else if (alg_ssl & SSL_TLSV1_3) | ||
1500 | ver = "TLSv1.3"; | ||
1492 | else | 1501 | else |
1493 | ver = "unknown"; | 1502 | ver = "unknown"; |
1494 | 1503 | ||