From 547dba74f3c07a5d3bdac3e6436207061d781118 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 17 Jun 2015 14:47:53 +0100 Subject: [PATCH] Add PSK GCM ciphersuites from RFC5487 Reviewed-by: Matt Caswell --- include/openssl/tls1.h | 8 ++++++++ ssl/s3_lib.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 40205e1141..a172af3880 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -480,6 +480,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 # define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 + /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ # define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA # define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB @@ -736,6 +740,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" # define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" +/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" + /* Camellia-CBC ciphersuites from RFC6367 */ # define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" # define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index bc780c1f14..0550471f95 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1612,6 +1612,40 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#ifndef OPENSSL_NO_PSK + /* Cipher A8 */ + { + 1, + TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_PSK_WITH_AES_128_GCM_SHA256, + SSL_kPSK, + SSL_aPSK, + SSL_AES128GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, + + /* Cipher A9 */ + { + 1, + TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384, + TLS1_CK_PSK_WITH_AES_256_GCM_SHA384, + SSL_kPSK, + SSL_aPSK, + SSL_AES256GCM, + SSL_AEAD, + SSL_TLSV1_2, + SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256, + }, + +#endif #ifndef OPENSSL_NO_CAMELLIA /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ -- 2.40.0