diff options
| author |   jsing <jsing@openbsd.org> | 2016-04-28 16:39:45 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2016-04-28 16:39:45 +0000 |
| commit | f43d4a20f8cf46e5ee7a06dc7edd5ff5d44e0e75 (patch) | |
| tree | 710f6d0c39f9fa716dd78c44b39adc7e7b9bdeff /lib/libssl/src/ssl/ssl_ciph.c | |
| parent | Update AEAD regress to match EVP_aead_chacha20_poly1305() changes. (diff) | |
| download | wireguard-openbsd-f43d4a20f8cf46e5ee7a06dc7edd5ff5d44e0e75.tar.xz wireguard-openbsd-f43d4a20f8cf46e5ee7a06dc7edd5ff5d44e0e75.zip | |
Implement the IETF ChaCha20-Poly1305 cipher suites.
Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix,
effectively replaces the original Google implementation. We continue to
support both the IETF and Google versions, however the existing names
now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04.
Feedback from doug@
Diffstat (limited to 'lib/libssl/src/ssl/ssl_ciph.c')
| -rw-r--r-- | lib/libssl/src/ssl/ssl_ciph.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c index 5d1d568ff84..526d98e2937 100644 --- a/lib/libssl/src/ssl/ssl_ciph.c +++ b/lib/libssl/src/ssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.85 2016/04/28 16:06:53 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.86 2016/04/28 16:39:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -414,7 +414,7 @@ static const SSL_CIPHER cipher_aliases[] = { }, { .name = SSL_TXT_CHACHA20, - .algorithm_enc = SSL_CHACHA20POLY1305, + .algorithm_enc = SSL_CHACHA20POLY1305|SSL_CHACHA20POLY1305_OLD, }, /* MAC aliases */ @@ -731,6 +731,9 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) #endif #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) case SSL_CHACHA20POLY1305: + *aead = EVP_aead_chacha20_poly1305(); + return 1; + case SSL_CHACHA20POLY1305_OLD: *aead = EVP_aead_chacha20_poly1305_old(); return 1; #endif @@ -1423,15 +1426,19 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, */ ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, - CIPHER_ADD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, + 0, 0, 0, CIPHER_ADD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD, + 0, 0, 0, CIPHER_ADD, -1, &head, &tail); } else { /* * CHACHA20 is fast and safe on all hardware and is thus our * preferred symmetric cipher, with AES second. */ - ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, - CIPHER_ADD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, + 0, 0, 0, CIPHER_ADD, -1, &head, &tail); + ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD, + 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); } @@ -1667,6 +1674,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_CHACHA20POLY1305: enc = "ChaCha20-Poly1305"; break; + case SSL_CHACHA20POLY1305_OLD: + enc = "ChaCha20-Poly1305-Old"; + break; case SSL_eGOST2814789CNT: enc = "GOST-28178-89-CNT"; break; |