summaryrefslogtreecommitdiffstats
path: root/src/ssl/ssl_cipher.c
diff options
context:
space:
mode:
authorAdam Langley <agl@google.com>2015-06-15 13:52:15 -0700
committerKenny Root <kroot@google.com>2015-06-15 22:47:39 +0000
commit0e6bb1c72014c26289d09f4deea9c25706be5824 (patch)
tree628396a74d34d7b719b81d76410e7801111b6d40 /src/ssl/ssl_cipher.c
parenta4be71cee108bfed76ddb37552b7e48945d91b49 (diff)
downloadexternal_boringssl-0e6bb1c72014c26289d09f4deea9c25706be5824.zip
external_boringssl-0e6bb1c72014c26289d09f4deea9c25706be5824.tar.gz
external_boringssl-0e6bb1c72014c26289d09f4deea9c25706be5824.tar.bz2
Add ECDHE-PSK-AES{128,256}-SHA cipher suites.
If we're going to have PSK and use standard cipher suites, this might be the best that we can do for the moment. (This is a cherry-pick of BoringSSL's 85bc5601.) Bug: 21522548 Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb
Diffstat (limited to 'src/ssl/ssl_cipher.c')
-rw-r--r--src/ssl/ssl_cipher.c23
1 files changed, 22 insertions, 1 deletions
diff --git a/src/ssl/ssl_cipher.c b/src/ssl/ssl_cipher.c
index 2f1548a..8d03c9e 100644
--- a/src/ssl/ssl_cipher.c
+++ b/src/ssl/ssl_cipher.c
@@ -240,6 +240,8 @@ const SSL_CIPHER kCiphers[] = {
SSL_HANDSHAKE_MAC_SHA256, 256, 256,
},
+ /* PSK cipher suites. */
+
/* Cipher 8A */
{
TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK,
@@ -261,7 +263,6 @@ const SSL_CIPHER kCiphers[] = {
SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
},
-
/* GCM ciphersuites from RFC5288 */
/* Cipher 9C */
@@ -429,6 +430,26 @@ const SSL_CIPHER kCiphers[] = {
256, 256,
},
+ /* ECDHE-PSK cipher suites. */
+
+ /* Cipher C035 */
+ {
+ TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT, 128, 128,
+ },
+
+ /* Cipher C036 */
+ {
+ TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_DEFAULT, 256, 256,
+ },
+
+ /* ChaCha20-Poly1305 cipher suites. */
+
#if !defined(ANDROID)
{
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,