Add remaining TLS1.3 ciphersuites

author Dr. Stephen Henson <steve@openssl.org>

Thu, 2 Feb 2017 23:11:07 +0000 (23:11 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 8 Feb 2017 02:16:27 +0000 (02:16 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 2 Feb 2017 23:11:07 +0000 (23:11 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 8 Feb 2017 02:16:27 +0000 (02:16 +0000)
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h

index a4258ac886cd79a88dd8561ca39ad94ef2f44f0f..6902f5010c32a134edfc616942eeac893f0e5b65 100644 (file)
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -622,6 +622,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
  
  /* TLS v1.3 ciphersuites */
  # define TLS1_3_CK_AES_128_GCM_SHA256                     0x03001301
+# define TLS1_3_CK_AES_256_GCM_SHA384                     0x03001302
+# define TLS1_3_CK_CHACHA20_POLY1305_SHA256               0x03001303
+# define TLS1_3_CK_AES_128_CCM_SHA256                     0x03001304
+# define TLS1_3_CK_AES_128_CCM_8_SHA256                   0x03001305
  
  /*
   * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
@@ -898,6 +902,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
   * cipherstring selection process for these ciphers
   */
  # define TLS1_3_TXT_AES_128_GCM_SHA256                     "TLS13-AES-128-GCM-SHA256"
+# define TLS1_3_TXT_AES_256_GCM_SHA384                     "TLS13-AES-256-GCM-SHA384"
+# define TLS1_3_TXT_CHACHA20_POLY1305_SHA256               "TLS13-CHACHA20-POLY1305-SHA256"
+# define TLS1_3_TXT_AES_128_CCM_SHA256                     "TLS13-AES-128-CCM-SHA256"
+# define TLS1_3_TXT_AES_128_CCM_8_SHA256                   "TLS13-AES-128-CCM-8-SHA256"
  
  # define TLS_CT_RSA_SIGN                 1
  # define TLS_CT_DSS_SIGN                 2
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 0d8421032f2750c8faf251f9355e597e4855a66a..8065e15cb62b4746f7cc1536fdc16819897a02cc 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -842,9 +842,72 @@ static SSL_CIPHER ssl3_ciphers[] = {
       SSL_AES128GCM,
       SSL_AEAD,
       TLS1_3_VERSION, TLS1_3_VERSION,
+     SSL_kANY,
+     SSL_aANY,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_3_TXT_AES_256_GCM_SHA384,
+     TLS1_3_CK_AES_256_GCM_SHA384,
+     SSL_kANY,
+     SSL_aANY,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_3_VERSION, TLS1_3_VERSION,
       0, 0,
       SSL_HIGH,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     SSL_HANDSHAKE_MAC_SHA384,
+     256,
+     256,
+     },
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    {
+     1,
+     TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+     TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+     SSL_kANY,
+     SSL_aANY,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_3_VERSION, TLS1_3_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256,
+     256,
+     256,
+     },
+#endif
+    {
+     1,
+     TLS1_3_TXT_AES_128_CCM_SHA256,
+     TLS1_3_CK_AES_128_CCM_SHA256,
+     SSL_kANY,
+     SSL_aANY,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_3_VERSION, TLS1_3_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_3_TXT_AES_128_CCM_8_SHA256,
+     TLS1_3_CK_AES_128_CCM_8_SHA256,
+     SSL_kANY,
+     SSL_aANY,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_3_VERSION, TLS1_3_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256,
       128,
       128,
       },
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 2 Feb 2017 23:11:07 +0000 (23:11 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 8 Feb 2017 02:16:27 +0000 (02:16 +0000)
include/openssl/tls1.h		patch \| blob \| history
ssl/s3_lib.c		patch \| blob \| history