Add RFC4785 ciphersuites
authorDr. Stephen Henson <steve@openssl.org>
Sun, 28 Jun 2015 23:44:39 +0000 (00:44 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 30 Jul 2015 13:43:36 +0000 (14:43 +0100)
Reviewed-by: Matt Caswell <matt@openssl.org>
include/openssl/tls1.h
ssl/s3_lib.c

index 7350e72..a1ce2c0 100644 (file)
@@ -442,6 +442,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_RSA_PSK_WITH_NULL_SHA256                0x030000B8
 # define TLS1_CK_RSA_PSK_WITH_NULL_SHA384                0x030000B9
 
+/* NULL PSK ciphersuites from RFC4785 */
+
+# define TLS1_CK_PSK_WITH_NULL_SHA                       0x0300002C
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA                   0x0300002D
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA                   0x0300002E
+
 /* AES ciphersuites from RFC3268 */
 
 # define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
@@ -603,6 +609,8 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256       0x0300C037
 # define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384       0x0300C038
 
+/* NULL PSK ciphersuites from RFC4785 */
+
 # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA                 0x0300C039
 # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256              0x0300C03A
 # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384              0x0300C03B
@@ -631,6 +639,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA     "EXP1024-DHE-DSS-RC4-SHA"
 # define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
 
+# define TLS1_TXT_PSK_WITH_NULL_SHA                      "PSK-NULL-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA                  "DHE-PSK-NULL-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA                  "RSA-PSK-NULL-SHA"
+
 /* AES ciphersuites from RFC3268 */
 # define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
 # define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
index 4a75b5c..a5bfda7 100644 (file)
@@ -600,6 +600,53 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
      112,
      168,
      },
+#ifndef OPENSSL_NO_PSK
+    /* Cipher 2C */
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA,
+     TLS1_CK_PSK_WITH_NULL_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    /* Cipher 2D */
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    /* Cipher 2E */
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+#endif
 
 /* New AES ciphersuites */
 /* Cipher 2F */