Align with OpenSSL on TLS 1.3 cipher suite constants.
Our TLS 1.3 stack predates OpenSSL's. We chose TLS1_CK_* to align with
the existing names. OpenSSL made a new convention, TLS1_3_CK_*. Match
them.
This means that, in the likely event that TLS 1.4 uses the same
constants, they'll have weird names, just as several of our constants
still say SSL3_* but it doesn't particularly matter.
Change-Id: I97f29b224d0d282e946344e4b907f2df2be39ce1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53425
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index a3136c0..d55d905 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -452,9 +452,15 @@
#define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC
// TLS 1.3 ciphersuites from RFC 8446.
-#define TLS1_CK_AES_128_GCM_SHA256 0x03001301
-#define TLS1_CK_AES_256_GCM_SHA384 0x03001302
-#define TLS1_CK_CHACHA20_POLY1305_SHA256 0x03001303
+#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
+#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
+
+// The following constants are legacy aliases of |TLS1_3_CK_*|.
+// TODO(davidben): Migrate callers to the new name and remove these.
+#define TLS1_CK_AES_128_GCM_SHA256 TLS1_3_CK_AES_128_GCM_SHA256
+#define TLS1_CK_AES_256_GCM_SHA384 TLS1_3_CK_AES_256_GCM_SHA384
+#define TLS1_CK_CHACHA20_POLY1305_SHA256 TLS1_3_CK_CHACHA20_POLY1305_SHA256
// XXX
// Inconsistency alert:
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index bb2462f..636d166 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -236,21 +236,21 @@
// hardware support.
if (hs->max_version >= TLS1_3_VERSION) {
const bool include_chacha20 = ssl_tls13_cipher_meets_policy(
- TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff,
+ TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff,
ssl->config->only_fips_cipher_suites_in_tls13);
if (!EVP_has_aes_hardware() && //
include_chacha20 && //
- !CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
+ !CBB_add_u16(&child, TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
return false;
}
- if (!CBB_add_u16(&child, TLS1_CK_AES_128_GCM_SHA256 & 0xffff) ||
- !CBB_add_u16(&child, TLS1_CK_AES_256_GCM_SHA384 & 0xffff)) {
+ if (!CBB_add_u16(&child, TLS1_3_CK_AES_128_GCM_SHA256 & 0xffff) ||
+ !CBB_add_u16(&child, TLS1_3_CK_AES_256_GCM_SHA384 & 0xffff)) {
return false;
}
if (EVP_has_aes_hardware() && //
include_chacha20 && //
- !CBB_add_u16(&child, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
+ !CBB_add_u16(&child, TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
return false;
}
}
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 7678904..4a2ada0 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -411,7 +411,7 @@
// JDK 11 does not support ChaCha20-Poly1305. This is unusual: many modern
// clients implement ChaCha20-Poly1305.
if (ssl_client_cipher_list_contains_cipher(
- client_hello, TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
+ client_hello, TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff)) {
return false;
}
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc
index d0fc6c0..cb831f2 100644
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -697,10 +697,10 @@
}
switch (cipher_id) {
- case TLS1_CK_AES_128_GCM_SHA256 & 0xffff:
- case TLS1_CK_AES_256_GCM_SHA384 & 0xffff:
+ case TLS1_3_CK_AES_128_GCM_SHA256 & 0xffff:
+ case TLS1_3_CK_AES_256_GCM_SHA384 & 0xffff:
return true;
- case TLS1_CK_CHACHA20_POLY1305_SHA256 & 0xffff:
+ case TLS1_3_CK_CHACHA20_POLY1305_SHA256 & 0xffff:
return false;
default:
assert(false);
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index 628dddc..79f33ee 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -266,7 +266,7 @@
{
TLS1_TXT_AES_128_GCM_SHA256,
"TLS_AES_128_GCM_SHA256",
- TLS1_CK_AES_128_GCM_SHA256,
+ TLS1_3_CK_AES_128_GCM_SHA256,
SSL_kGENERIC,
SSL_aGENERIC,
SSL_AES128GCM,
@@ -278,7 +278,7 @@
{
TLS1_TXT_AES_256_GCM_SHA384,
"TLS_AES_256_GCM_SHA384",
- TLS1_CK_AES_256_GCM_SHA384,
+ TLS1_3_CK_AES_256_GCM_SHA384,
SSL_kGENERIC,
SSL_aGENERIC,
SSL_AES256GCM,
@@ -290,7 +290,7 @@
{
TLS1_TXT_CHACHA20_POLY1305_SHA256,
"TLS_CHACHA20_POLY1305_SHA256",
- TLS1_CK_CHACHA20_POLY1305_SHA256,
+ TLS1_3_CK_CHACHA20_POLY1305_SHA256,
SSL_kGENERIC,
SSL_aGENERIC,
SSL_CHACHA20POLY1305,
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index a40de79..fe85840 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -1002,7 +1002,7 @@
NID_sha256,
},
{
- TLS1_CK_AES_256_GCM_SHA384,
+ TLS1_3_CK_AES_256_GCM_SHA384,
"TLS_AES_256_GCM_SHA384",
NID_aes_256_gcm,
NID_undef,
@@ -1011,7 +1011,7 @@
NID_sha384,
},
{
- TLS1_CK_AES_128_GCM_SHA256,
+ TLS1_3_CK_AES_128_GCM_SHA256,
"TLS_AES_128_GCM_SHA256",
NID_aes_128_gcm,
NID_undef,
@@ -1020,7 +1020,7 @@
NID_sha256,
},
{
- TLS1_CK_CHACHA20_POLY1305_SHA256,
+ TLS1_3_CK_CHACHA20_POLY1305_SHA256,
"TLS_CHACHA20_POLY1305_SHA256",
NID_chacha20_poly1305,
NID_undef,