Commit f68521ee authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add remaining TLS1.3 ciphersuites 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
parent 00212c66

include/openssl/tls1.h

+8 −0
Original line number Diff line number Diff line
@@ -622,6 +622,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 


/* TLS v1.3 ciphersuites */

# define TLS1_3_CK_AES_128_GCM_SHA256                     0x03001301

# define TLS1_3_CK_AES_256_GCM_SHA384                     0x03001302

# define TLS1_3_CK_CHACHA20_POLY1305_SHA256               0x03001303

# define TLS1_3_CK_AES_128_CCM_SHA256                     0x03001304

# define TLS1_3_CK_AES_128_CCM_8_SHA256                   0x03001305



/*

 * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
@@ -898,6 +902,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 
 * cipherstring selection process for these ciphers

 */

# define TLS1_3_TXT_AES_128_GCM_SHA256                     "TLS13-AES-128-GCM-SHA256"

# define TLS1_3_TXT_AES_256_GCM_SHA384                     "TLS13-AES-256-GCM-SHA384"

# define TLS1_3_TXT_CHACHA20_POLY1305_SHA256               "TLS13-CHACHA20-POLY1305-SHA256"

# define TLS1_3_TXT_AES_128_CCM_SHA256                     "TLS13-AES-128-CCM-SHA256"

# define TLS1_3_TXT_AES_128_CCM_8_SHA256                   "TLS13-AES-128-CCM-8-SHA256"



# define TLS_CT_RSA_SIGN                 1

# define TLS_CT_DSS_SIGN                 2

ssl/s3_lib.c

+64 −1
Original line number Diff line number Diff line
@@ -842,9 +842,72 @@ static SSL_CIPHER ssl3_ciphers[] = { 
     SSL_AES128GCM,

     SSL_AEAD,

     TLS1_3_VERSION, TLS1_3_VERSION,

     SSL_kANY,

     SSL_aANY,

     SSL_HIGH,

     SSL_HANDSHAKE_MAC_SHA256,

     128,

     128,

     },

    {

     1,

     TLS1_3_TXT_AES_256_GCM_SHA384,

     TLS1_3_CK_AES_256_GCM_SHA384,

     SSL_kANY,

     SSL_aANY,

     SSL_AES256GCM,

     SSL_AEAD,

     TLS1_3_VERSION, TLS1_3_VERSION,

     0, 0,

     SSL_HIGH,

     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,

     SSL_HANDSHAKE_MAC_SHA384,

     256,

     256,

     },

#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)

    {

     1,

     TLS1_3_TXT_CHACHA20_POLY1305_SHA256,

     TLS1_3_CK_CHACHA20_POLY1305_SHA256,

     SSL_kANY,

     SSL_aANY,

     SSL_CHACHA20POLY1305,

     SSL_AEAD,

     TLS1_3_VERSION, TLS1_3_VERSION,

     0, 0,

     SSL_HIGH,

     SSL_HANDSHAKE_MAC_SHA256,

     256,

     256,

     },

#endif

    {

     1,

     TLS1_3_TXT_AES_128_CCM_SHA256,

     TLS1_3_CK_AES_128_CCM_SHA256,

     SSL_kANY,

     SSL_aANY,

     SSL_AES128CCM,

     SSL_AEAD,

     TLS1_3_VERSION, TLS1_3_VERSION,

     0, 0,

     SSL_NOT_DEFAULT | SSL_HIGH,

     SSL_HANDSHAKE_MAC_SHA256,

     128,

     128,

     },

    {

     1,

     TLS1_3_TXT_AES_128_CCM_8_SHA256,

     TLS1_3_CK_AES_128_CCM_8_SHA256,

     SSL_kANY,

     SSL_aANY,

     SSL_AES128CCM8,

     SSL_AEAD,

     TLS1_3_VERSION, TLS1_3_VERSION,

     0, 0,

     SSL_NOT_DEFAULT | SSL_HIGH,

     SSL_HANDSHAKE_MAC_SHA256,

     128,

     128,

     },