Add AEAD as a "MAC alias" so that it is possible to identify/select ciphers

that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers
(effectively the only ciphers that are still considered to be secure) to be
selected using TLSv1.2+AEAD as a cipher string.

ok bcook@ doug@ miod@

diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h
index 5634408..59ae1b5 100644 (file)
--- a/lib/libssl/src/ssl/ssl.h
+++ b/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */
+/* $OpenBSD: ssl.h,v 1.78 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -290,6 +290,7 @@ extern "C" {
 #define SSL_TXT_CAMELLIA       "CAMELLIA"
 #define SSL_TXT_CHACHA20       "CHACHA20"
 
+#define SSL_TXT_AEAD           "AEAD"
 #define SSL_TXT_MD5            "MD5"
 #define SSL_TXT_SHA1           "SHA1"
 #define SSL_TXT_SHA            "SHA" /* same as "SHA1" */

diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index afc31d7..ce82c27 100644 (file)
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.79 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -418,6 +418,10 @@ static const SSL_CIPHER cipher_aliases[] = {
        },
 
        /* MAC aliases */
+       {
+               .name = SSL_TXT_AEAD,
+               .algorithm_mac = SSL_AEAD,
+       },
        {
                .name = SSL_TXT_MD5,
                .algorithm_mac = SSL_MD5,

diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 5634408..59ae1b5 100644 (file)
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */
+/* $OpenBSD: ssl.h,v 1.78 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -290,6 +290,7 @@ extern "C" {
 #define SSL_TXT_CAMELLIA       "CAMELLIA"
 #define SSL_TXT_CHACHA20       "CHACHA20"
 
+#define SSL_TXT_AEAD           "AEAD"
 #define SSL_TXT_MD5            "MD5"
 #define SSL_TXT_SHA1           "SHA1"
 #define SSL_TXT_SHA            "SHA" /* same as "SHA1" */

diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index afc31d7..ce82c27 100644 (file)
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.79 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -418,6 +418,10 @@ static const SSL_CIPHER cipher_aliases[] = {
        },
 
        /* MAC aliases */
+       {
+               .name = SSL_TXT_AEAD,
+               .algorithm_mac = SSL_AEAD,
+       },
        {
                .name = SSL_TXT_MD5,
                .algorithm_mac = SSL_MD5,