Put the legacy cipher constants back in tls1.h and ssl3.h
QUICHE expects TLS1_CK_* to be defined in tls1.h, not ssl.h. For now,
just define them in tls1.h as before. Ideally we'd define them in terms
of the other constants, but we'd then either need to move SSL_CIPHER_*
out of ssl.h or merge tls1.h and ssl3.h into ssl.h. The latter is
probably a better direction, but is a much larger change, so start with
this.
This should unbreak the Chromium roll.
Change-Id: Ic403bef7043028d30aa9916b403ebb3721734f32
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82387
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Lily Chen <chlily@google.com>
Commit-Queue: Lily Chen <chlily@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f77d834..d2d6066 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -5276,70 +5276,11 @@
// SSL_CIPHER_get_version returns the string "TLSv1/SSLv3".
OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
-// The following constants are equal to TLS cipher suite values, OR-d with
-// 0x03000000. This is part of OpenSSL's SSL 2.0 legacy. SSL 2.0 has long since
-// been removed from BoringSSL.
-#define TLS1_3_CK_AES_128_GCM_SHA256 (SSL_CIPHER_AES_128_GCM_SHA256 | 0x03000000)
-#define TLS1_3_CK_AES_256_GCM_SHA384 \
- (SSL_CIPHER_AES_256_GCM_SHA384 | 0x03000000)
-#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 \
- (SSL_CIPHER_CHACHA20_POLY1305_SHA256 | 0x03000000)
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
- (SSL_CIPHER_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | 0x03000000)
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
- (SSL_CIPHER_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 0x03000000)
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \
- (SSL_CIPHER_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | 0x03000000)
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \
- (SSL_CIPHER_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | 0x03000000)
-#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
- (SSL_CIPHER_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | 0x03000000)
-#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
- (SSL_CIPHER_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | 0x03000000)
-#define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
- (SSL_CIPHER_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | 0x03000000)
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \
- (SSL_CIPHER_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 0x03000000)
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \
- (SSL_CIPHER_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 0x03000000)
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA \
- (SSL_CIPHER_ECDHE_RSA_WITH_AES_128_CBC_SHA | 0x03000000)
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA \
- (SSL_CIPHER_ECDHE_RSA_WITH_AES_256_CBC_SHA | 0x03000000)
-#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA \
- (SSL_CIPHER_ECDHE_PSK_WITH_AES_128_CBC_SHA | 0x03000000)
-#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA \
- (SSL_CIPHER_ECDHE_PSK_WITH_AES_256_CBC_SHA | 0x03000000)
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \
- (SSL_CIPHER_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 0x03000000)
-#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 \
- (SSL_CIPHER_RSA_WITH_AES_128_GCM_SHA256 | 0x03000000)
-#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 \
- (SSL_CIPHER_RSA_WITH_AES_256_GCM_SHA384 | 0x03000000)
-#define TLS1_CK_RSA_WITH_AES_128_SHA \
- (SSL_CIPHER_RSA_WITH_AES_128_CBC_SHA | 0x03000000)
-#define TLS1_CK_RSA_WITH_AES_256_SHA \
- (SSL_CIPHER_RSA_WITH_AES_256_CBC_SHA | 0x03000000)
-#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA \
- (SSL_CIPHER_PSK_WITH_AES_128_CBC_SHA | 0x03000000)
-#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA \
- (SSL_CIPHER_PSK_WITH_AES_256_CBC_SHA | 0x03000000)
-#define SSL3_CK_RSA_DES_192_CBC3_SHA \
- (SSL_CIPHER_RSA_WITH_3DES_EDE_CBC_SHA | 0x03000000)
-#define SSL3_CK_SCSV (SSL_CIPHER_EMPTY_RENEGOTIATION_INFO_SCSV | 0x03000000)
-#define SSL3_CK_FALLBACK_SCSV (SSL_CIPHER_FALLBACK_SCSV | 0x03000000)
-
// SSL_CIPHER_get_id returns |cipher|'s IANA-assigned number, OR-d with
// 0x03000000. This is part of OpenSSL's SSL 2.0 legacy. SSL 2.0 has long since
// been removed from BoringSSL. Use |SSL_CIPHER_get_protocol_id| instead.
OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
-// The following constants are legacy aliases of |TLS1_3_CK_*|.
-// TODO(davidben): Migrate callers to the new name and remove these.
-#define TLS1_CK_AES_128_GCM_SHA256 TLS1_3_CK_AES_128_GCM_SHA256
-#define TLS1_CK_AES_256_GCM_SHA384 TLS1_3_CK_AES_256_GCM_SHA384
-#define TLS1_CK_CHACHA20_POLY1305_SHA256 TLS1_3_CK_CHACHA20_POLY1305_SHA256
-
typedef void COMP_METHOD;
typedef struct ssl_comp_st SSL_COMP;
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 018ff5d..4e69a60 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -28,6 +28,16 @@
#define SSL2_MT_CLIENT_HELLO 1
#define SSL2_VERSION 0x0002
+// The following constants are equal to TLS cipher suite values, OR-d with
+// 0x03000000. This is part of OpenSSL's SSL 2.0 legacy. SSL 2.0 has long since
+// been removed from BoringSSL.
+// TODO(davidben): Define these in terms of |SSL_CIPHER_*| constants. The
+// challenge is that existing code expects them to be defined in ssl3.h, so we
+// must first merge ssl3.h into ssl.h.
+#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
+#define SSL3_CK_SCSV 0x030000FF
+#define SSL3_CK_FALLBACK_SCSV 0x03005600
+
// The following cipher suites are not implemented by BoringSSL. The constants
// are defined for backwards compatibility. Cipher suites implemented in
// BoringSSL are defined in ssl.h.
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 07631d6..66361fa 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -169,6 +169,42 @@
#define TLSEXT_MAXLEN_host_name 255
+// The following constants are equal to TLS cipher suite values, OR-d with
+// 0x03000000. This is part of OpenSSL's SSL 2.0 legacy. SSL 2.0 has long since
+// been removed from BoringSSL.
+// TODO(davidben): Define these in terms of |SSL_CIPHER_*| constants. The
+// challenge is that existing code expects them to be defined in tls1.h, so we
+// must first merge tls1.h into ssl.h.
+#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
+#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
+#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035
+#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036
+#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
+#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
+#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
+#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0x0300C027
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
+#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA8
+#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0x0300CCA9
+#define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0x0300CCAC
+#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301
+#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302
+#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
+
+// The following constants are legacy aliases of |TLS1_3_CK_*|.
+// TODO(davidben): Migrate callers to the new name and remove these.
+#define TLS1_CK_AES_128_GCM_SHA256 TLS1_3_CK_AES_128_GCM_SHA256
+#define TLS1_CK_AES_256_GCM_SHA384 TLS1_3_CK_AES_256_GCM_SHA384
+#define TLS1_CK_CHACHA20_POLY1305_SHA256 TLS1_3_CK_CHACHA20_POLY1305_SHA256
+
// The following cipher suites are not implemented by BoringSSL. The constants
// are defined for backwards compatibility. Cipher suites implemented in
// BoringSSL are defined in ssl.h.
