From 5d4d24ed48bfae58d1e947c72284c1f5396f56d8 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 19 Apr 2020 14:54:14 +0000
Subject: Provide TLSv1.3 cipher suite aliases to match the names used in RFC
 8446.

ok beck@ inoguchi@ tb@
---
 src/lib/libssl/ssl_ciph.c | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 9ba8f40437..37417efc08 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.116 2020/04/18 14:41:05 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.117 2020/04/19 14:54:14 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -396,6 +396,28 @@ static const SSL_CIPHER cipher_aliases[] = {
 		.algorithm_ssl = SSL_TLSV1_3,
 	},
 
+	/* cipher suite aliases */
+#ifdef LIBRESSL_HAS_TLS1_3
+	{
+		.valid = 1,
+		.name = "TLS_AES_128_GCM_SHA256",
+		.id = TLS1_3_CK_AES_128_GCM_SHA256,
+		.algorithm_ssl = SSL_TLSV1_3,
+	},
+	{
+		.valid = 1,
+		.name = "TLS_AES_256_GCM_SHA384",
+		.id = TLS1_3_CK_AES_256_GCM_SHA384,
+		.algorithm_ssl = SSL_TLSV1_3,
+	},
+	{
+		.valid = 1,
+		.name = "TLS_CHACHA20_POLY1305_SHA256",
+		.id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+		.algorithm_ssl = SSL_TLSV1_3,
+	},
+#endif
+
 	/* strength classes */
 	{
 		.name = SSL_TXT_LOW,
@@ -961,7 +983,8 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
 			while (((ch >= 'A') && (ch <= 'Z')) ||
 			    ((ch >= '0') && (ch <= '9')) ||
 			    ((ch >= 'a') && (ch <= 'z')) ||
-			    (ch == '-') || (ch == '.')) {
+			    (ch == '-') || (ch == '.') ||
+			    (ch == '_')) {
 				ch = *(++l);
 				buflen++;
 			}
-- 
cgit v1.2.3-55-g6feb