diff options
| author |   jsing <jsing@openbsd.org> | 2014-06-13 13:28:53 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-06-13 13:28:53 +0000 |
| commit | 12fc33de51667f44bceb50217dd9653817d9edd7 (patch) | |
| tree | 45d050ee3055d9a212876b3f8460e1030f79a005 /lib/libssl/src/ssl/tls1.h | |
| parent | Switch the AES-GCM cipher suites to SSL_CIPHER_ALGORITHM2_AEAD. (diff) | |
| download | wireguard-openbsd-12fc33de51667f44bceb50217dd9653817d9edd7.tar.xz wireguard-openbsd-12fc33de51667f44bceb50217dd9653817d9edd7.zip | |
Add ChaCha20-Poly1305 based ciphersuites.
Based on Adam Langley's chromium patches.
Tested by and ok sthen@
Diffstat (limited to 'lib/libssl/src/ssl/tls1.h')
| -rw-r--r-- | lib/libssl/src/ssl/tls1.h | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/lib/libssl/src/ssl/tls1.h b/lib/libssl/src/ssl/tls1.h index dbe8979a883..3bbb2acc2ff 100644 --- a/lib/libssl/src/ssl/tls1.h +++ b/lib/libssl/src/ssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.18 2014/06/13 04:29:13 miod Exp $ */ +/* $OpenBSD: tls1.h,v 1.19 2014/06/13 13:28:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -479,7 +479,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 /* ECDH HMAC based ciphersuites from RFC5289 */ - #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 @@ -499,6 +498,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 +/* ChaCha20-Poly1305 based ciphersuites. */ +#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CC13 +#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CC14 +#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CC15 + /* XXX * Inconsistency alert: * The OpenSSL names of ciphers with ephemeral DH here include the string @@ -650,6 +654,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" +/* ChaCha20-Poly1305 based ciphersuites. */ +#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" + #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 |