Add AEAD as a "MAC alias" so that it is possible to identify/select ciphers

that use AEAD instead of a MAC. This allows for TLSv1.2 AEAD ciphers
(effectively the only ciphers that are still considered to be secure) to be
selected using TLSv1.2+AEAD as a cipher string.

ok bcook@ doug@ miod@

2 files changed, 7 insertions, 2 deletions

diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h
index 56344085ada..59ae1b52445 100644
--- a/lib/libssl/src/ssl/ssl.h
+++ b/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.77 2015/01/22 09:12:57 reyk Exp $ */
+/* $OpenBSD: ssl.h,v 1.78 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -290,6 +290,7 @@ extern "C" {
 #define SSL_TXT_CAMELLIA	"CAMELLIA"
 #define SSL_TXT_CHACHA20	"CHACHA20"
 
+#define SSL_TXT_AEAD		"AEAD"
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA" /* same as "SHA1" */
diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index afc31d78162..ce82c2705cb 100644
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.79 2014/12/14 15:30:50 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.80 2015/01/26 13:06:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -419,6 +419,10 @@ static const SSL_CIPHER cipher_aliases[] = {
 
 	/* MAC aliases */
 	{
+		.name = SSL_TXT_AEAD,
+		.algorithm_mac = SSL_AEAD,
+	},
+	{
 		.name = SSL_TXT_MD5,
 		.algorithm_mac = SSL_MD5,
 	},