From e23e84e71c85db5dd37817db7f71dc7a202bc74d Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 26 Jan 2015 13:06:39 +0000
Subject: Add AEAD as a "MAC alias" so that it is possible to identify/select
 ciphers that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers
 (effectively the only ciphers that are still considered to be secure) to be
 selected using TLSv1.2+AEAD as a cipher string.

ok bcook@ doug@ miod@
---
 src/lib/libssl/src/ssl/ssl.h      | 3 ++-
 src/lib/libssl/src/ssl/ssl_ciph.c | 6 +++++-
 src/lib/libssl/ssl.h              | 3 ++-
 src/lib/libssl/ssl_ciph.c         | 6 +++++-
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 56344085ad..59ae1b5244 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */
+/* $OpenBSD: ssl.h,v 1.78 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -290,6 +290,7 @@ extern "C" {
 #define SSL_TXT_CAMELLIA	"CAMELLIA"
 #define SSL_TXT_CHACHA20	"CHACHA20"
 
+#define SSL_TXT_AEAD		"AEAD"
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA" /* same as "SHA1" */
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index afc31d7816..ce82c2705c 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.79 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -418,6 +418,10 @@ static const SSL_CIPHER cipher_aliases[] = {
 	},
 
 	/* MAC aliases */
+	{
+		.name = SSL_TXT_AEAD,
+		.algorithm_mac = SSL_AEAD,
+	},
 	{
 		.name = SSL_TXT_MD5,
 		.algorithm_mac = SSL_MD5,
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 56344085ad..59ae1b5244 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */
+/* $OpenBSD: ssl.h,v 1.78 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -290,6 +290,7 @@ extern "C" {
 #define SSL_TXT_CAMELLIA	"CAMELLIA"
 #define SSL_TXT_CHACHA20	"CHACHA20"
 
+#define SSL_TXT_AEAD		"AEAD"
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA" /* same as "SHA1" */
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index afc31d7816..ce82c2705c 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.79 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -418,6 +418,10 @@ static const SSL_CIPHER cipher_aliases[] = {
 	},
 
 	/* MAC aliases */
+	{
+		.name = SSL_TXT_AEAD,
+		.algorithm_mac = SSL_AEAD,
+	},
 	{
 		.name = SSL_TXT_MD5,
 		.algorithm_mac = SSL_MD5,
-- 
cgit v1.2.3-55-g6feb