Add TLSv1.3 cipher suites (with appropriate guards).

ok beck@ tb@
author: jsing <> 2018-11-07 01:53:36 +0000
committer: jsing <> 2018-11-07 01:53:36 +0000
commit: ce26c3410b909ac6a3b6467a194cd79210869e06 (patch)
tree: ed0c8f5291a5a12ae7b0215521012a3a6f80e62e /src/lib/libssl/tls1.h
parent: 6c76feec69da3c4ffea7496b04e0c18edd09d141 (diff)
download: openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.gz
openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.bz2
openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.zip
1 files changed, 19 insertions, 2 deletions
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index c0b14b2099..603201ad17 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.35 2018/11/06 20:48:08 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.36 2018/11/07 01:53:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -497,6 +497,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256    0x030000C4
 #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256        0x030000C5
+/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_CK_AES_128_GCM_SHA256                    0x03001301
+#define TLS1_3_CK_AES_256_GCM_SHA384                    0x03001302
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256              0x03001303
+#define TLS1_3_CK_AES_128_CCM_SHA256                    0x03001304
+#define TLS1_3_CK_AES_128_CCM_8_SHA256                  0x03001305
+#endif
 /* ECC ciphersuites from RFC 4492. */
 #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
@@ -703,7 +712,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
 /* ECDH HMAC based ciphersuites from RFC 5289. */
 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
 #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
 #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
@@ -728,6 +736,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305     "ECDHE-ECDSA-CHACHA20-POLY1305"
 #define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305         "DHE-RSA-CHACHA20-POLY1305"
+/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_TXT_AES_128_GCM_SHA256                   "AEAD-AES128-GCM-SHA256"
+#define TLS1_3_TXT_AES_256_GCM_SHA384                   "AEAD-AES256-GCM-SHA384"
+#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256             "AEAD-CHACHA20-POLY1305-SHA256"
+#define TLS1_3_TXT_AES_128_CCM_SHA256                   "AEAD-AES128-CCM-SHA256"
+#define TLS1_3_TXT_AES_128_CCM_8_SHA256                 "AEAD-AES128-CCM-8-SHA256"
+#endif
 #define TLS_CT_RSA_SIGN                 1
 #define TLS_CT_DSS_SIGN                 2
 #define TLS_CT_RSA_FIXED_DH             3
author	jsing <>	2018-11-07 01:53:36 +0000
committer	jsing <>	2018-11-07 01:53:36 +0000
commit	ce26c3410b909ac6a3b6467a194cd79210869e06 (patch)
tree	ed0c8f5291a5a12ae7b0215521012a3a6f80e62e /src/lib/libssl/tls1.h
parent	6c76feec69da3c4ffea7496b04e0c18edd09d141 (diff)
download	openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.gz openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.tar.bz2 openbsd-ce26c3410b909ac6a3b6467a194cd79210869e06.zip