From 93fa6e490aac1cc89e48fa865c65bb240613e0fd Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sat, 5 Feb 2022 18:18:18 +0000
Subject: [PATCH] Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_

OpenSSL chose to break the previous naming convention for ciphers and
to adopt TLS_* "RFC" names instead. Unfortunately, these names are
exposed in several APIs and some language bindings test for these
non-standard names instead of cipher values, which is ... unfortunate
(others would say "plain crazy").

We currently have to maintain patches in regress and ports (p5-Net-SSLeay,
openssl-ruby-tests - which means that Ruby will pick this up at some point)
to work around this difference and that's just not worth the effort.

The old AEAD- names will become aliases and continue to work, but in
openssl ciphers and netcat output the TLS_* names will now be displayed.

"I would be very happy if this gets committed" bluhm
ok beck inoguchi, begrudgingly ok jsing
---
 lib/libssl/s3_lib.c      |  8 ++++----
 lib/libssl/ssl_ciphers.c | 22 +++++++++++-----------
 lib/libssl/tls1.h        |  8 +++++++-
 3 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 916ed4935cc..683a550ad85 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.226 2022/02/05 14:54:10 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.227 2022/02/05 18:18:18 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -882,7 +882,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 	/* Cipher 1301 */
 	{
 		.valid = 1,
-		.name = TLS1_3_TXT_AES_128_GCM_SHA256,
+		.name = TLS1_3_RFC_AES_128_GCM_SHA256,
 		.id = TLS1_3_CK_AES_128_GCM_SHA256,
 		.algorithm_mkey = SSL_kTLS1_3,
 		.algorithm_auth = SSL_aTLS1_3,
@@ -898,7 +898,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 	/* Cipher 1302 */
 	{
 		.valid = 1,
-		.name = TLS1_3_TXT_AES_256_GCM_SHA384,
+		.name = TLS1_3_RFC_AES_256_GCM_SHA384,
 		.id = TLS1_3_CK_AES_256_GCM_SHA384,
 		.algorithm_mkey = SSL_kTLS1_3,
 		.algorithm_auth = SSL_aTLS1_3,
@@ -914,7 +914,7 @@ const SSL_CIPHER ssl3_ciphers[] = {
 	/* Cipher 1303 */
 	{
 		.valid = 1,
-		.name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+		.name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
 		.id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
 		.algorithm_mkey = SSL_kTLS1_3,
 		.algorithm_auth = SSL_aTLS1_3,
diff --git a/lib/libssl/ssl_ciphers.c b/lib/libssl/ssl_ciphers.c
index 7ac40126eda..3174ae9c268 100644
--- a/lib/libssl/ssl_ciphers.c
+++ b/lib/libssl/ssl_ciphers.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_ciphers.c,v 1.12 2022/02/05 14:54:10 jsing Exp $ */
+/*	$OpenBSD: ssl_ciphers.c,v 1.13 2022/02/05 18:18:18 tb Exp $ */
 /*
  * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
  * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
@@ -168,28 +168,28 @@ struct ssl_tls13_ciphersuite {
 
 static const struct ssl_tls13_ciphersuite ssl_tls13_ciphersuites[] = {
 	{
-		.name = TLS1_3_TXT_AES_128_GCM_SHA256,
-		.alias = "TLS_AES_128_GCM_SHA256",
+		.name = TLS1_3_RFC_AES_128_GCM_SHA256,
+		.alias = TLS1_3_TXT_AES_128_GCM_SHA256,
 		.cid = TLS1_3_CK_AES_128_GCM_SHA256,
 	},
 	{
-		.name = TLS1_3_TXT_AES_256_GCM_SHA384,
-		.alias = "TLS_AES_256_GCM_SHA384",
+		.name = TLS1_3_RFC_AES_256_GCM_SHA384,
+		.alias = TLS1_3_TXT_AES_256_GCM_SHA384,
 		.cid = TLS1_3_CK_AES_256_GCM_SHA384,
 	},
 	{
-		.name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
-		.alias = "TLS_CHACHA20_POLY1305_SHA256",
+		.name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+		.alias = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
 		.cid = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
 	},
 	{
-		.name = TLS1_3_TXT_AES_128_CCM_SHA256,
-		.alias = "TLS_AES_128_CCM_SHA256",
+		.name = TLS1_3_RFC_AES_128_CCM_SHA256,
+		.alias = TLS1_3_TXT_AES_128_CCM_SHA256,
 		.cid = TLS1_3_CK_AES_128_CCM_SHA256,
 	},
 	{
-		.name = TLS1_3_TXT_AES_128_CCM_8_SHA256,
-		.alias = "TLS_AES_128_CCM_8_SHA256",
+		.name = TLS1_3_RFC_AES_128_CCM_8_SHA256,
+		.alias = TLS1_3_TXT_AES_128_CCM_8_SHA256,
 		.cid = TLS1_3_CK_AES_128_CCM_8_SHA256,
 	},
 	{
diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h
index 90523dd0f98..547fb86e5df 100644
--- a/lib/libssl/tls1.h
+++ b/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.50 2021/10/15 16:48:47 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.51 2022/02/05 18:18:18 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -722,6 +722,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_3_TXT_CHACHA20_POLY1305_SHA256		"AEAD-CHACHA20-POLY1305-SHA256"
 #define TLS1_3_TXT_AES_128_CCM_SHA256			"AEAD-AES128-CCM-SHA256"
 #define TLS1_3_TXT_AES_128_CCM_8_SHA256			"AEAD-AES128-CCM-8-SHA256"
+
+#define TLS1_3_RFC_AES_128_GCM_SHA256			"TLS_AES_128_GCM_SHA256"
+#define TLS1_3_RFC_AES_256_GCM_SHA384			"TLS_AES_256_GCM_SHA384"
+#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256		"TLS_CHACHA20_POLY1305_SHA256"
+#define TLS1_3_RFC_AES_128_CCM_SHA256			"TLS_AES_128_CCM_SHA256"
+#define TLS1_3_RFC_AES_128_CCM_8_SHA256			"TLS_AES_128_CCM_8_SHA256"
 #endif
 
 #define TLS_CT_RSA_SIGN			1
-- 
2.20.1