diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2018-11-07 01:53:37 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2018-11-07 01:53:37 +0000 |
commit | fe3c5a21fe9b31e50b1be12a0641448fe19283bc (patch) | |
tree | f868c076f90480089cb851336ad5a221b2acc657 /lib/libssl | |
parent | aacef90d63834a0602bf1dc9c729cdb8a2e05c53 (diff) |
Add TLSv1.3 cipher suites (with appropriate guards).
ok beck@ tb@
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/s3_lib.c | 56 | ||||
-rw-r--r-- | lib/libssl/ssl.h | 5 | ||||
-rw-r--r-- | lib/libssl/ssl_ciph.c | 15 | ||||
-rw-r--r-- | lib/libssl/ssl_lib.c | 7 | ||||
-rw-r--r-- | lib/libssl/ssl_locl.h | 5 | ||||
-rw-r--r-- | lib/libssl/tls1.h | 21 |
6 files changed, 100 insertions, 9 deletions
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 1c605613e8a..6ca08774b0c 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.173 2018/11/05 20:41:30 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.174 2018/11/07 01:53:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -870,6 +870,60 @@ SSL_CIPHER ssl3_ciphers[] = { }, #endif /* OPENSSL_NO_CAMELLIA */ + /* + * TLSv1.3 cipher suites. + */ + +#ifdef LIBRESSL_HAS_TLS1_3 + /* Cipher 1301 */ + { + .valid = 1, + .name = TLS1_3_TXT_AES_128_GCM_SHA256, + .id = TLS1_3_CK_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kTLS1_3, + .algorithm_auth = SSL_aTLS1_3, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_3, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */ + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher 1302 */ + { + .valid = 1, + .name = TLS1_3_TXT_AES_256_GCM_SHA384, + .id = TLS1_3_CK_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kTLS1_3, + .algorithm_auth = SSL_aTLS1_3, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_3, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, /* XXX */ + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher 1303 */ + { + .valid = 1, + .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, + .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256, + .algorithm_mkey = SSL_kTLS1_3, + .algorithm_auth = SSL_aTLS1_3, + .algorithm_enc = SSL_CHACHA20POLY1305, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_3, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */ + .strength_bits = 256, + .alg_bits = 256, + }, +#endif + /* Cipher C006 */ { .valid = 1, diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 8d4fcc442ff..4c8328fb80b 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.160 2018/11/06 01:37:23 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.161 2018/11/07 01:53:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -306,6 +306,9 @@ extern "C" { #define SSL_TXT_TLSV1 "TLSv1" #define SSL_TXT_TLSV1_1 "TLSv1.1" #define SSL_TXT_TLSV1_2 "TLSv1.2" +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_TXT_TLSV1_3 "TLSv1.3" +#endif #define SSL_TXT_EXP "EXP" #define SSL_TXT_EXPORT "EXPORT" diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index e54fbacdd87..bbae6a63d9b 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.105 2018/09/08 14:39:41 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.106 2018/11/07 01:53:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -426,6 +426,10 @@ static const SSL_CIPHER cipher_aliases[] = { .name = SSL_TXT_TLSV1_2, .algorithm_ssl = SSL_TLSV1_2, }, + { + .name = SSL_TXT_TLSV1_3, + .algorithm_ssl = SSL_TLSV1_3, + }, /* strength classes */ { @@ -1318,8 +1322,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, - disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, - co_list, &head, &tail); + disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, + co_list, &head, &tail); /* Now arrange all ciphers by preference: */ @@ -1375,6 +1379,9 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, /* Now disable everything (maintaining the ordering!) */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); + /* TLSv1.3 first. */ + ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_ADD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_DEL, -1, &head, &tail); /* * We also need cipher aliases for selecting based on the rule_str. @@ -1489,6 +1496,8 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) ver = "SSLv3"; else if (alg_ssl & SSL_TLSV1_2) ver = "TLSv1.2"; + else if (alg_ssl & SSL_TLSV1_3) + ver = "TLSv1.3"; else ver = "unknown"; diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index d8415bcf6d8..3c4d1169194 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.189 2018/09/05 16:58:59 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.190 2018/11/07 01:53:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1424,6 +1424,11 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb) if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL) return 0; + /* Skip TLS v1.3 only ciphersuites if lower than v1.3 */ + if ((cipher->algorithm_ssl & SSL_TLSV1_3) && + (TLS1_get_client_version(s) < TLS1_3_VERSION)) + continue; + /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ if ((cipher->algorithm_ssl & SSL_TLSV1_2) && (TLS1_get_client_version(s) < TLS1_2_VERSION)) diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 95858339ea5..8aa29e7e598 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.219 2018/11/05 20:41:30 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.220 2018/11/07 01:53:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -208,6 +208,7 @@ __BEGIN_HIDDEN_DECLS #define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ #define SSL_kGOST 0x00000200L /* GOST key exchange */ +#define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */ /* Bits for algorithm_auth (server authentication) */ #define SSL_aRSA 0x00000001L /* RSA auth */ @@ -215,6 +216,7 @@ __BEGIN_HIDDEN_DECLS #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ +#define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */ /* Bits for algorithm_enc (symmetric encryption) */ #define SSL_DES 0x00000001L @@ -251,6 +253,7 @@ __BEGIN_HIDDEN_DECLS #define SSL_SSLV3 0x00000002L #define SSL_TLSV1 SSL_SSLV3 /* for now */ #define SSL_TLSV1_2 0x00000004L +#define SSL_TLSV1_3 0x00000008L /* Bits for algorithm2 (handshake digests and other extra flags) */ diff --git a/lib/libssl/tls1.h b/lib/libssl/tls1.h index c0b14b20995..603201ad17a 100644 --- a/lib/libssl/tls1.h +++ b/lib/libssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.35 2018/11/06 20:48:08 jsing Exp $ */ +/* $OpenBSD: tls1.h,v 1.36 2018/11/07 01:53:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -497,6 +497,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 +/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +#define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +#define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 +#endif + /* ECC ciphersuites from RFC 4492. */ #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 @@ -703,7 +712,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" /* ECDH HMAC based ciphersuites from RFC 5289. */ - #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" @@ -728,6 +736,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" #define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define TLS1_3_TXT_AES_128_GCM_SHA256 "AEAD-AES128-GCM-SHA256" +#define TLS1_3_TXT_AES_256_GCM_SHA384 "AEAD-AES256-GCM-SHA384" +#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" +#define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256" +#define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256" +#endif + #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 |