From 58162c983c06ccc26752ceb2f047f12ffc0d518e Mon Sep 17 00:00:00 2001 From: jsing Date: Mon, 26 Jan 2015 13:06:39 +0000 Subject: [PATCH] Add AEAD as a "MAC alias" so that it is possible to identify/select ciphers that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers (effectively the only ciphers that are still considered to be secure) to be selected using TLSv1.2+AEAD as a cipher string. ok bcook@ doug@ miod@ --- lib/libssl/src/ssl/ssl.h | 3 ++- lib/libssl/src/ssl/ssl_ciph.c | 6 +++++- lib/libssl/ssl.h | 3 ++- lib/libssl/ssl_ciph.c | 6 +++++- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h index 56344085ada..59ae1b52445 100644 --- a/lib/libssl/src/ssl/ssl.h +++ b/lib/libssl/src/ssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */ +/* $OpenBSD: ssl.h,v 1.78 2015/01/26 13:06:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -290,6 +290,7 @@ extern "C" { #define SSL_TXT_CAMELLIA "CAMELLIA" #define SSL_TXT_CHACHA20 "CHACHA20" +#define SSL_TXT_AEAD "AEAD" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" /* same as "SHA1" */ diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c index afc31d78162..ce82c2705cb 100644 --- a/lib/libssl/src/ssl/ssl_ciph.c +++ b/lib/libssl/src/ssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.79 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -418,6 +418,10 @@ static const SSL_CIPHER cipher_aliases[] = { }, /* MAC aliases */ + { + .name = SSL_TXT_AEAD, + .algorithm_mac = SSL_AEAD, + }, { .name = SSL_TXT_MD5, .algorithm_mac = SSL_MD5, diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 56344085ada..59ae1b52445 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */ +/* $OpenBSD: ssl.h,v 1.78 2015/01/26 13:06:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -290,6 +290,7 @@ extern "C" { #define SSL_TXT_CAMELLIA "CAMELLIA" #define SSL_TXT_CHACHA20 "CHACHA20" +#define SSL_TXT_AEAD "AEAD" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" /* same as "SHA1" */ diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index afc31d78162..ce82c2705cb 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.79 2014/12/14 15:30:50 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -418,6 +418,10 @@ static const SSL_CIPHER cipher_aliases[] = { }, /* MAC aliases */ + { + .name = SSL_TXT_AEAD, + .algorithm_mac = SSL_AEAD, + }, { .name = SSL_TXT_MD5, .algorithm_mac = SSL_MD5, -- 2.20.1