Add RFC4785 ciphersuites

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-29 00:44:39 +01:00 · 2015-06-29 00:44:39 +01:00 · 5516fcc0c9
commit 5516fcc0c9
parent ea6114c6d0
2 changed files with 59 additions and 0 deletions
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@ -442,6 +442,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_RSA_PSK_WITH_NULL_SHA256                0x030000B8
 # define TLS1_CK_RSA_PSK_WITH_NULL_SHA384                0x030000B9

+/* NULL PSK ciphersuites from RFC4785 */
+
+# define TLS1_CK_PSK_WITH_NULL_SHA                       0x0300002C
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA                   0x0300002D
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA                   0x0300002E
+
 /* AES ciphersuites from RFC3268 */

 # define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
@ -603,6 +609,8 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256       0x0300C037
 # define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384       0x0300C038

+/* NULL PSK ciphersuites from RFC4785 */
+
 # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA                 0x0300C039
 # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256              0x0300C03A
 # define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384              0x0300C03B
@ -631,6 +639,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA     "EXP1024-DHE-DSS-RC4-SHA"
 # define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"

+# define TLS1_TXT_PSK_WITH_NULL_SHA                      "PSK-NULL-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA                  "DHE-PSK-NULL-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA                  "RSA-PSK-NULL-SHA"
+
 /* AES ciphersuites from RFC3268 */
 # define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
 # define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -600,6 +600,53 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
     112,
     168,
     },
+#ifndef OPENSSL_NO_PSK
+    /* Cipher 2C */
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA,
+     TLS1_CK_PSK_WITH_NULL_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    /* Cipher 2D */
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    /* Cipher 2E */
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+#endif

 /* New AES ciphersuites */
 /* Cipher 2F */