diff options
| author | jsing <> | 2018-11-07 01:53:36 +0000 |
|---|---|---|
| committer | jsing <> | 2018-11-07 01:53:36 +0000 |
| commit | ce26c3410b909ac6a3b6467a194cd79210869e06 (patch) | |
| tree | ed0c8f5291a5a12ae7b0215521012a3a6f80e62e /src/lib/libssl/ssl_ciph.c | |
| parent | 6c76feec69da3c4ffea7496b04e0c18edd09d141 (diff) | |
| download | openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.gz openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.bz2 openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.zip | |
Add TLSv1.3 cipher suites (with appropriate guards).
ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index e54fbacdd8..bbae6a63d9 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.105 2018/09/08 14:39:41 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.106 2018/11/07 01:53:36 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -426,6 +426,10 @@ static const SSL_CIPHER cipher_aliases[] = { | |||
| 426 | .name = SSL_TXT_TLSV1_2, | 426 | .name = SSL_TXT_TLSV1_2, |
| 427 | .algorithm_ssl = SSL_TLSV1_2, | 427 | .algorithm_ssl = SSL_TLSV1_2, |
| 428 | }, | 428 | }, |
| 429 | { | ||
| 430 | .name = SSL_TXT_TLSV1_3, | ||
| 431 | .algorithm_ssl = SSL_TLSV1_3, | ||
| 432 | }, | ||
| 429 | 433 | ||
| 430 | /* strength classes */ | 434 | /* strength classes */ |
| 431 | { | 435 | { |
| @@ -1318,8 +1322,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1318 | } | 1322 | } |
| 1319 | 1323 | ||
| 1320 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, | 1324 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, |
| 1321 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, | 1325 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, |
| 1322 | co_list, &head, &tail); | 1326 | co_list, &head, &tail); |
| 1323 | 1327 | ||
| 1324 | 1328 | ||
| 1325 | /* Now arrange all ciphers by preference: */ | 1329 | /* Now arrange all ciphers by preference: */ |
| @@ -1375,6 +1379,9 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1375 | /* Now disable everything (maintaining the ordering!) */ | 1379 | /* Now disable everything (maintaining the ordering!) */ |
| 1376 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | 1380 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
| 1377 | 1381 | ||
| 1382 | /* TLSv1.3 first. */ | ||
| 1383 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_ADD, -1, &head, &tail); | ||
| 1384 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_DEL, -1, &head, &tail); | ||
| 1378 | 1385 | ||
| 1379 | /* | 1386 | /* |
| 1380 | * We also need cipher aliases for selecting based on the rule_str. | 1387 | * We also need cipher aliases for selecting based on the rule_str. |
| @@ -1489,6 +1496,8 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1489 | ver = "SSLv3"; | 1496 | ver = "SSLv3"; |
| 1490 | else if (alg_ssl & SSL_TLSV1_2) | 1497 | else if (alg_ssl & SSL_TLSV1_2) |
| 1491 | ver = "TLSv1.2"; | 1498 | ver = "TLSv1.2"; |
| 1499 | else if (alg_ssl & SSL_TLSV1_3) | ||
| 1500 | ver = "TLSv1.3"; | ||
| 1492 | else | 1501 | else |
| 1493 | ver = "unknown"; | 1502 | ver = "unknown"; |
| 1494 | 1503 | ||