1 files changed, 16 insertions, 6 deletions

diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index 5d1d568ff84..526d98e2937 100644
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.85 2016/04/28 16:06:53 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.86 2016/04/28 16:39:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -414,7 +414,7 @@ static const SSL_CIPHER cipher_aliases[] = {
 	},
 	{
 		.name = SSL_TXT_CHACHA20,
-		.algorithm_enc = SSL_CHACHA20POLY1305,
+		.algorithm_enc = SSL_CHACHA20POLY1305|SSL_CHACHA20POLY1305_OLD,
 	},
 
 	/* MAC aliases */
@@ -731,6 +731,9 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
 #endif
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
 	case SSL_CHACHA20POLY1305:
+		*aead = EVP_aead_chacha20_poly1305();
+		return 1;
+	case SSL_CHACHA20POLY1305_OLD:
 		*aead = EVP_aead_chacha20_poly1305_old();
 		return 1;
 #endif
@@ -1423,15 +1426,19 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 		 */
 		ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
 		    CIPHER_ADD, -1, &head, &tail);
-		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0,
-		    CIPHER_ADD, -1, &head, &tail);
+		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
+		    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD,
+		    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
 	} else {
 		/*
 		 * CHACHA20 is fast and safe on all hardware and is thus our
 		 * preferred symmetric cipher, with AES second.
 		 */
-		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0,
-		    CIPHER_ADD, -1, &head, &tail);
+		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
+		    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+		ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD,
+		    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
 		ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
 		    CIPHER_ADD, -1, &head, &tail);
 	}
@@ -1667,6 +1674,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_CHACHA20POLY1305:
 		enc = "ChaCha20-Poly1305";
 		break;
+	case SSL_CHACHA20POLY1305_OLD:
+		enc = "ChaCha20-Poly1305-Old";
+		break;
 	case SSL_eGOST2814789CNT:
 		enc = "GOST-28178-89-CNT";
 		break;