summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_ciph.c
diff options
context:
space:
mode:
authorjsing <>2018-11-07 01:53:36 +0000
committerjsing <>2018-11-07 01:53:36 +0000
commitce26c3410b909ac6a3b6467a194cd79210869e06 (patch)
treeed0c8f5291a5a12ae7b0215521012a3a6f80e62e /src/lib/libssl/ssl_ciph.c
parent6c76feec69da3c4ffea7496b04e0c18edd09d141 (diff)
downloadopenbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.gz
openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.bz2
openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.zip
Add TLSv1.3 cipher suites (with appropriate guards).
ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
-rw-r--r--src/lib/libssl/ssl_ciph.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index e54fbacdd8..bbae6a63d9 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.105 2018/09/08 14:39:41 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.106 2018/11/07 01:53:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -426,6 +426,10 @@ static const SSL_CIPHER cipher_aliases[] = {
426 .name = SSL_TXT_TLSV1_2, 426 .name = SSL_TXT_TLSV1_2,
427 .algorithm_ssl = SSL_TLSV1_2, 427 .algorithm_ssl = SSL_TLSV1_2,
428 }, 428 },
429 {
430 .name = SSL_TXT_TLSV1_3,
431 .algorithm_ssl = SSL_TLSV1_3,
432 },
429 433
430 /* strength classes */ 434 /* strength classes */
431 { 435 {
@@ -1318,8 +1322,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1318 } 1322 }
1319 1323
1320 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, 1324 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1321 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, 1325 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1322 co_list, &head, &tail); 1326 co_list, &head, &tail);
1323 1327
1324 1328
1325 /* Now arrange all ciphers by preference: */ 1329 /* Now arrange all ciphers by preference: */
@@ -1375,6 +1379,9 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1375 /* Now disable everything (maintaining the ordering!) */ 1379 /* Now disable everything (maintaining the ordering!) */
1376 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1380 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1377 1381
1382 /* TLSv1.3 first. */
1383 ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_ADD, -1, &head, &tail);
1384 ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_DEL, -1, &head, &tail);
1378 1385
1379 /* 1386 /*
1380 * We also need cipher aliases for selecting based on the rule_str. 1387 * We also need cipher aliases for selecting based on the rule_str.
@@ -1489,6 +1496,8 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1489 ver = "SSLv3"; 1496 ver = "SSLv3";
1490 else if (alg_ssl & SSL_TLSV1_2) 1497 else if (alg_ssl & SSL_TLSV1_2)
1491 ver = "TLSv1.2"; 1498 ver = "TLSv1.2";
1499 else if (alg_ssl & SSL_TLSV1_3)
1500 ver = "TLSv1.3";
1492 else 1501 else
1493 ver = "unknown"; 1502 ver = "unknown";
1494 1503