summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2018-11-07 01:53:37 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2018-11-07 01:53:37 +0000
commitfe3c5a21fe9b31e50b1be12a0641448fe19283bc (patch)
treef868c076f90480089cb851336ad5a221b2acc657 /lib/libssl
parentaacef90d63834a0602bf1dc9c729cdb8a2e05c53 (diff)
Add TLSv1.3 cipher suites (with appropriate guards).
ok beck@ tb@
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/s3_lib.c56
-rw-r--r--lib/libssl/ssl.h5
-rw-r--r--lib/libssl/ssl_ciph.c15
-rw-r--r--lib/libssl/ssl_lib.c7
-rw-r--r--lib/libssl/ssl_locl.h5
-rw-r--r--lib/libssl/tls1.h21
6 files changed, 100 insertions, 9 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 1c605613e8a..6ca08774b0c 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.173 2018/11/05 20:41:30 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.174 2018/11/07 01:53:36 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -870,6 +870,60 @@ SSL_CIPHER ssl3_ciphers[] = {
},
#endif /* OPENSSL_NO_CAMELLIA */
+ /*
+ * TLSv1.3 cipher suites.
+ */
+
+#ifdef LIBRESSL_HAS_TLS1_3
+ /* Cipher 1301 */
+ {
+ .valid = 1,
+ .name = TLS1_3_TXT_AES_128_GCM_SHA256,
+ .id = TLS1_3_CK_AES_128_GCM_SHA256,
+ .algorithm_mkey = SSL_kTLS1_3,
+ .algorithm_auth = SSL_aTLS1_3,
+ .algorithm_enc = SSL_AES128GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_3,
+ .algo_strength = SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
+ .strength_bits = 128,
+ .alg_bits = 128,
+ },
+
+ /* Cipher 1302 */
+ {
+ .valid = 1,
+ .name = TLS1_3_TXT_AES_256_GCM_SHA384,
+ .id = TLS1_3_CK_AES_256_GCM_SHA384,
+ .algorithm_mkey = SSL_kTLS1_3,
+ .algorithm_auth = SSL_aTLS1_3,
+ .algorithm_enc = SSL_AES256GCM,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_3,
+ .algo_strength = SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, /* XXX */
+ .strength_bits = 256,
+ .alg_bits = 256,
+ },
+
+ /* Cipher 1303 */
+ {
+ .valid = 1,
+ .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
+ .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+ .algorithm_mkey = SSL_kTLS1_3,
+ .algorithm_auth = SSL_aTLS1_3,
+ .algorithm_enc = SSL_CHACHA20POLY1305,
+ .algorithm_mac = SSL_AEAD,
+ .algorithm_ssl = SSL_TLSV1_3,
+ .algo_strength = SSL_HIGH,
+ .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
+ .strength_bits = 256,
+ .alg_bits = 256,
+ },
+#endif
+
/* Cipher C006 */
{
.valid = 1,
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index 8d4fcc442ff..4c8328fb80b 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.160 2018/11/06 01:37:23 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.161 2018/11/07 01:53:36 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -306,6 +306,9 @@ extern "C" {
#define SSL_TXT_TLSV1 "TLSv1"
#define SSL_TXT_TLSV1_1 "TLSv1.1"
#define SSL_TXT_TLSV1_2 "TLSv1.2"
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define SSL_TXT_TLSV1_3 "TLSv1.3"
+#endif
#define SSL_TXT_EXP "EXP"
#define SSL_TXT_EXPORT "EXPORT"
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index e54fbacdd87..bbae6a63d9b 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.105 2018/09/08 14:39:41 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.106 2018/11/07 01:53:36 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -426,6 +426,10 @@ static const SSL_CIPHER cipher_aliases[] = {
.name = SSL_TXT_TLSV1_2,
.algorithm_ssl = SSL_TLSV1_2,
},
+ {
+ .name = SSL_TXT_TLSV1_3,
+ .algorithm_ssl = SSL_TLSV1_3,
+ },
/* strength classes */
{
@@ -1318,8 +1322,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
- disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
- co_list, &head, &tail);
+ disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
+ co_list, &head, &tail);
/* Now arrange all ciphers by preference: */
@@ -1375,6 +1379,9 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
/* Now disable everything (maintaining the ordering!) */
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+ /* TLSv1.3 first. */
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_ADD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_DEL, -1, &head, &tail);
/*
* We also need cipher aliases for selecting based on the rule_str.
@@ -1489,6 +1496,8 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
ver = "SSLv3";
else if (alg_ssl & SSL_TLSV1_2)
ver = "TLSv1.2";
+ else if (alg_ssl & SSL_TLSV1_3)
+ ver = "TLSv1.3";
else
ver = "unknown";
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index d8415bcf6d8..3c4d1169194 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.189 2018/09/05 16:58:59 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.190 2018/11/07 01:53:36 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1424,6 +1424,11 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
return 0;
+ /* Skip TLS v1.3 only ciphersuites if lower than v1.3 */
+ if ((cipher->algorithm_ssl & SSL_TLSV1_3) &&
+ (TLS1_get_client_version(s) < TLS1_3_VERSION))
+ continue;
+
/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
(TLS1_get_client_version(s) < TLS1_2_VERSION))
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 95858339ea5..8aa29e7e598 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.219 2018/11/05 20:41:30 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.220 2018/11/07 01:53:36 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -208,6 +208,7 @@ __BEGIN_HIDDEN_DECLS
#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
#define SSL_kGOST 0x00000200L /* GOST key exchange */
+#define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */
/* Bits for algorithm_auth (server authentication) */
#define SSL_aRSA 0x00000001L /* RSA auth */
@@ -215,6 +216,7 @@ __BEGIN_HIDDEN_DECLS
#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
+#define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */
/* Bits for algorithm_enc (symmetric encryption) */
#define SSL_DES 0x00000001L
@@ -251,6 +253,7 @@ __BEGIN_HIDDEN_DECLS
#define SSL_SSLV3 0x00000002L
#define SSL_TLSV1 SSL_SSLV3 /* for now */
#define SSL_TLSV1_2 0x00000004L
+#define SSL_TLSV1_3 0x00000008L
/* Bits for algorithm2 (handshake digests and other extra flags) */
diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h
index c0b14b20995..603201ad17a 100644
--- a/lib/libssl/tls1.h
+++ b/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.35 2018/11/06 20:48:08 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.36 2018/11/07 01:53:36 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -497,6 +497,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4
#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5
+/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
+#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
+#define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
+#define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
+#endif
+
/* ECC ciphersuites from RFC 4492. */
#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
@@ -703,7 +712,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
/* ECDH HMAC based ciphersuites from RFC 5289. */
-
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
@@ -728,6 +736,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
+/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
+#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
+#define TLS1_3_TXT_AES_128_GCM_SHA256 "AEAD-AES128-GCM-SHA256"
+#define TLS1_3_TXT_AES_256_GCM_SHA384 "AEAD-AES256-GCM-SHA384"
+#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256"
+#define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256"
+#define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256"
+#endif
+
#define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3