1 files changed, 20 insertions, 7 deletions

diff --git a/src/include/openssl/tls1.h b/src/include/openssl/tls1.h
index 92210f6..92d2752 100644
--- a/src/include/openssl/tls1.h
+++ b/src/include/openssl/tls1.h
@@ -430,12 +430,14 @@ extern "C" {
 #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD 0x0300CC13
 #define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD 0x0300CC14
 
-/* TODO(davidben): Remove these once WebRTC is no longer using them, so they
- * may point to the future RFC 7539 variant. */
+#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA8
+#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9
+#define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC
+
+/* TODO(davidben): Remove this. Historically, the CK names for CHACHA20_POLY1305
+ * were missing 'WITH' and 'SHA256'. */
 #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 \
-    TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD
-#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 \
-    TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD
+  TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 
 /* XXX
  * Inconsistency alert:
@@ -597,14 +599,25 @@ extern "C" {
 #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
 #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
 
+/* For convenience, the old and new CHACHA20_POLY1305 ciphers have the same
+ * name. In cipher strings, both will be selected. This is temporary and will be
+ * removed when the pre-standard construction is removed. */
 #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD \
   "ECDHE-RSA-CHACHA20-POLY1305"
 #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_OLD \
   "ECDHE-ECDSA-CHACHA20-POLY1305"
 
-/* TODO(davidben): Remove this once QUIC has switched to the '_OLD' name. */
+#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
+  "ECDHE-RSA-CHACHA20-POLY1305"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
+  "ECDHE-ECDSA-CHACHA20-POLY1305"
+#define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
+  "ECDHE-PSK-CHACHA20-POLY1305"
+
+/* TODO(davidben): Remove this. Historically, the TXT names for CHACHA20_POLY1305
+ * were missing 'SHA256'. */
 #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 \
-    TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_OLD
+  TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 
 #define TLS_CT_RSA_SIGN 1
 #define TLS_CT_DSS_SIGN 2