From: Dr. Stephen Henson Date: Sun, 28 Jun 2015 23:44:39 +0000 (+0100) Subject: Add RFC4785 ciphersuites X-Git-Tag: OpenSSL_1_1_0-pre1~881 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5516fcc0c9dad543aee4c9bf849d759bb58a0644;p=openssl Add RFC4785 ciphersuites Reviewed-by: Matt Caswell --- diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 7350e72512..a1ce2c0a51 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -442,6 +442,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 # define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 +/* NULL PSK ciphersuites from RFC4785 */ + +# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E + /* AES ciphersuites from RFC3268 */ # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F @@ -603,6 +609,8 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 # define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 +/* NULL PSK ciphersuites from RFC4785 */ + # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B @@ -631,6 +639,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" # define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" +# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" + /* AES ciphersuites from RFC3268 */ # define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" # define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 4a75b5c7ed..a5bfda7c3c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -600,6 +600,53 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 112, 168, }, +#ifndef OPENSSL_NO_PSK + /* Cipher 2C */ + { + 1, + TLS1_TXT_PSK_WITH_NULL_SHA, + TLS1_CK_PSK_WITH_NULL_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + /* Cipher 2D */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_NULL_SHA, + TLS1_CK_DHE_PSK_WITH_NULL_SHA, + SSL_kDHEPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, + /* Cipher 2E */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_NULL_SHA, + TLS1_CK_RSA_PSK_WITH_NULL_SHA, + SSL_kRSAPSK, + SSL_aRSA, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, + 0, + 0, + }, +#endif /* New AES ciphersuites */ /* Cipher 2F */