510 lines
21 KiB
Diff
510 lines
21 KiB
Diff
|
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
|
||
|
|
index 086b3c4d51..5699901f7d 100644
|
||
|
|
--- a/crypto/evp/c_allc.c
|
||
|
|
+++ b/crypto/evp/c_allc.c
|
||
|
|
@@ -261,6 +261,7 @@ void openssl_add_all_ciphers_int(void)
|
||
|
|
EVP_add_cipher(EVP_chacha20());
|
||
|
|
# ifndef OPENSSL_NO_POLY1305
|
||
|
|
EVP_add_cipher(EVP_chacha20_poly1305());
|
||
|
|
+ EVP_add_cipher(EVP_chacha20_poly1305_draft());
|
||
|
|
# endif
|
||
|
|
#endif
|
||
|
|
}
|
||
|
|
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
|
||
|
|
index c1917bb86a..ea64c6b70e 100644
|
||
|
|
--- a/crypto/evp/e_chacha20_poly1305.c
|
||
|
|
+++ b/crypto/evp/e_chacha20_poly1305.c
|
||
|
|
@@ -154,6 +154,7 @@ typedef struct {
|
||
|
|
struct { uint64_t aad, text; } len;
|
||
|
|
int aad, mac_inited, tag_len, nonce_len;
|
||
|
|
size_t tls_payload_length;
|
||
|
|
+ unsigned char draft:1;
|
||
|
|
} EVP_CHACHA_AEAD_CTX;
|
||
|
|
|
||
|
|
# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
|
||
|
|
@@ -174,6 +175,7 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
|
||
|
|
actx->aad = 0;
|
||
|
|
actx->mac_inited = 0;
|
||
|
|
actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
|
||
|
|
+ actx->draft = 0;
|
||
|
|
|
||
|
|
if (iv != NULL) {
|
||
|
|
unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
|
||
|
|
@@ -195,6 +197,27 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
|
||
|
|
return 1;
|
||
|
|
}
|
||
|
|
|
||
|
|
+static int chacha20_poly1305_draft_init_key(EVP_CIPHER_CTX *ctx,
|
||
|
|
+ const unsigned char *inkey,
|
||
|
|
+ const unsigned char *iv, int enc)
|
||
|
|
+{
|
||
|
|
+ EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
|
||
|
|
+
|
||
|
|
+ if (!inkey)
|
||
|
|
+ return 1;
|
||
|
|
+
|
||
|
|
+ actx->len.aad = 0;
|
||
|
|
+ actx->len.text = 0;
|
||
|
|
+ actx->aad = 0;
|
||
|
|
+ actx->mac_inited = 0;
|
||
|
|
+ actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
|
||
|
|
+ actx->draft = 1;
|
||
|
|
+
|
||
|
|
+ chacha_init_key(ctx, inkey, NULL, enc);
|
||
|
|
+
|
||
|
|
+ return 1;
|
||
|
|
+}
|
||
|
|
+
|
||
|
|
# if !defined(OPENSSL_SMALL_FOOTPRINT)
|
||
|
|
|
||
|
|
# if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
|
||
|
|
@@ -365,10 +388,11 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||
|
|
{
|
||
|
|
EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
|
||
|
|
size_t rem, plen = actx->tls_payload_length;
|
||
|
|
+ uint64_t thirteen = EVP_AEAD_TLS1_AAD_LEN;
|
||
|
|
|
||
|
|
if (!actx->mac_inited) {
|
||
|
|
# if !defined(OPENSSL_SMALL_FOOTPRINT)
|
||
|
|
- if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL)
|
||
|
|
+ if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL && !actx->draft)
|
||
|
|
return chacha20_poly1305_tls_cipher(ctx, out, in, len);
|
||
|
|
# endif
|
||
|
|
actx->key.counter[0] = 0;
|
||
|
|
@@ -395,9 +419,14 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||
|
|
return len;
|
||
|
|
} else { /* plain- or ciphertext */
|
||
|
|
if (actx->aad) { /* wrap up aad */
|
||
|
|
- if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
|
||
|
|
- Poly1305_Update(POLY1305_ctx(actx), zero,
|
||
|
|
- POLY1305_BLOCK_SIZE - rem);
|
||
|
|
+ if (actx->draft) {
|
||
|
|
+ thirteen = actx->len.aad;
|
||
|
|
+ Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
|
||
|
|
+ } else {
|
||
|
|
+ if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
|
||
|
|
+ Poly1305_Update(POLY1305_ctx(actx), zero,
|
||
|
|
+ POLY1305_BLOCK_SIZE - rem);
|
||
|
|
+ }
|
||
|
|
actx->aad = 0;
|
||
|
|
}
|
||
|
|
|
||
|
|
@@ -430,40 +459,52 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||
|
|
} is_endian = { 1 };
|
||
|
|
unsigned char temp[POLY1305_BLOCK_SIZE];
|
||
|
|
|
||
|
|
+ if (actx->draft) {
|
||
|
|
+ thirteen = actx->len.text;
|
||
|
|
+ Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
if (actx->aad) { /* wrap up aad */
|
||
|
|
- if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
|
||
|
|
- Poly1305_Update(POLY1305_ctx(actx), zero,
|
||
|
|
- POLY1305_BLOCK_SIZE - rem);
|
||
|
|
+ if (actx->draft) {
|
||
|
|
+ thirteen = actx->len.aad;
|
||
|
|
+ Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
|
||
|
|
+ } else {
|
||
|
|
+ if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
|
||
|
|
+ Poly1305_Update(POLY1305_ctx(actx), zero,
|
||
|
|
+ POLY1305_BLOCK_SIZE - rem);
|
||
|
|
+ }
|
||
|
|
actx->aad = 0;
|
||
|
|
}
|
||
|
|
|
||
|
|
- if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
|
||
|
|
- Poly1305_Update(POLY1305_ctx(actx), zero,
|
||
|
|
- POLY1305_BLOCK_SIZE - rem);
|
||
|
|
+ if (!actx->draft) {
|
||
|
|
+ if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
|
||
|
|
+ Poly1305_Update(POLY1305_ctx(actx), zero,
|
||
|
|
+ POLY1305_BLOCK_SIZE - rem);
|
||
|
|
|
||
|
|
- if (is_endian.little) {
|
||
|
|
- Poly1305_Update(POLY1305_ctx(actx),
|
||
|
|
- (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
|
||
|
|
- } else {
|
||
|
|
- temp[0] = (unsigned char)(actx->len.aad);
|
||
|
|
- temp[1] = (unsigned char)(actx->len.aad>>8);
|
||
|
|
- temp[2] = (unsigned char)(actx->len.aad>>16);
|
||
|
|
- temp[3] = (unsigned char)(actx->len.aad>>24);
|
||
|
|
- temp[4] = (unsigned char)(actx->len.aad>>32);
|
||
|
|
- temp[5] = (unsigned char)(actx->len.aad>>40);
|
||
|
|
- temp[6] = (unsigned char)(actx->len.aad>>48);
|
||
|
|
- temp[7] = (unsigned char)(actx->len.aad>>56);
|
||
|
|
-
|
||
|
|
- temp[8] = (unsigned char)(actx->len.text);
|
||
|
|
- temp[9] = (unsigned char)(actx->len.text>>8);
|
||
|
|
- temp[10] = (unsigned char)(actx->len.text>>16);
|
||
|
|
- temp[11] = (unsigned char)(actx->len.text>>24);
|
||
|
|
- temp[12] = (unsigned char)(actx->len.text>>32);
|
||
|
|
- temp[13] = (unsigned char)(actx->len.text>>40);
|
||
|
|
- temp[14] = (unsigned char)(actx->len.text>>48);
|
||
|
|
- temp[15] = (unsigned char)(actx->len.text>>56);
|
||
|
|
-
|
||
|
|
- Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
|
||
|
|
+ if (is_endian.little) {
|
||
|
|
+ Poly1305_Update(POLY1305_ctx(actx),
|
||
|
|
+ (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
|
||
|
|
+ } else {
|
||
|
|
+ temp[0] = (unsigned char)(actx->len.aad);
|
||
|
|
+ temp[1] = (unsigned char)(actx->len.aad>>8);
|
||
|
|
+ temp[2] = (unsigned char)(actx->len.aad>>16);
|
||
|
|
+ temp[3] = (unsigned char)(actx->len.aad>>24);
|
||
|
|
+ temp[4] = (unsigned char)(actx->len.aad>>32);
|
||
|
|
+ temp[5] = (unsigned char)(actx->len.aad>>40);
|
||
|
|
+ temp[6] = (unsigned char)(actx->len.aad>>48);
|
||
|
|
+ temp[7] = (unsigned char)(actx->len.aad>>56);
|
||
|
|
+
|
||
|
|
+ temp[8] = (unsigned char)(actx->len.text);
|
||
|
|
+ temp[9] = (unsigned char)(actx->len.text>>8);
|
||
|
|
+ temp[10] = (unsigned char)(actx->len.text>>16);
|
||
|
|
+ temp[11] = (unsigned char)(actx->len.text>>24);
|
||
|
|
+ temp[12] = (unsigned char)(actx->len.text>>32);
|
||
|
|
+ temp[13] = (unsigned char)(actx->len.text>>40);
|
||
|
|
+ temp[14] = (unsigned char)(actx->len.text>>48);
|
||
|
|
+ temp[15] = (unsigned char)(actx->len.text>>56);
|
||
|
|
+
|
||
|
|
+ Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
|
||
|
|
+ }
|
||
|
|
}
|
||
|
|
Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
|
||
|
|
: temp);
|
||
|
|
@@ -533,12 +574,14 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||
|
|
return 1;
|
||
|
|
|
||
|
|
case EVP_CTRL_AEAD_SET_IVLEN:
|
||
|
|
+ if (actx->draft) return -1;
|
||
|
|
if (arg <= 0 || arg > CHACHA_CTR_SIZE)
|
||
|
|
return 0;
|
||
|
|
actx->nonce_len = arg;
|
||
|
|
return 1;
|
||
|
|
|
||
|
|
case EVP_CTRL_AEAD_SET_IV_FIXED:
|
||
|
|
+ if (actx->draft) return -1;
|
||
|
|
if (arg != 12)
|
||
|
|
return 0;
|
||
|
|
actx->nonce[0] = actx->key.counter[1]
|
||
|
|
@@ -622,9 +665,32 @@ static EVP_CIPHER chacha20_poly1305 = {
|
||
|
|
NULL /* app_data */
|
||
|
|
};
|
||
|
|
|
||
|
|
+static EVP_CIPHER chacha20_poly1305_draft = {
|
||
|
|
+ NID_chacha20_poly1305_draft,
|
||
|
|
+ 1, /* block_size */
|
||
|
|
+ CHACHA_KEY_SIZE, /* key_len */
|
||
|
|
+ 0, /* iv_len, none */
|
||
|
|
+ EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
|
||
|
|
+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
|
||
|
|
+ EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,
|
||
|
|
+ chacha20_poly1305_draft_init_key,
|
||
|
|
+ chacha20_poly1305_cipher,
|
||
|
|
+ chacha20_poly1305_cleanup,
|
||
|
|
+ 0, /* 0 moves context-specific structure allocation to ctrl */
|
||
|
|
+ NULL, /* set_asn1_parameters */
|
||
|
|
+ NULL, /* get_asn1_parameters */
|
||
|
|
+ chacha20_poly1305_ctrl,
|
||
|
|
+ NULL /* app_data */
|
||
|
|
+};
|
||
|
|
+
|
||
|
|
const EVP_CIPHER *EVP_chacha20_poly1305(void)
|
||
|
|
{
|
||
|
|
return(&chacha20_poly1305);
|
||
|
|
}
|
||
|
|
+
|
||
|
|
+const EVP_CIPHER *EVP_chacha20_poly1305_draft(void)
|
||
|
|
+{
|
||
|
|
+ return(&chacha20_poly1305_draft);
|
||
|
|
+}
|
||
|
|
# endif
|
||
|
|
#endif
|
||
|
|
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
|
||
|
|
index 7d058fce01..b8e6cc2c83 100644
|
||
|
|
--- a/crypto/objects/obj_dat.h
|
||
|
|
+++ b/crypto/objects/obj_dat.h
|
||
|
|
@@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
|
||
|
|
0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */
|
||
|
|
};
|
||
|
|
|
||
|
|
-#define NUM_NID 1198
|
||
|
|
+#define NUM_NID 1199
|
||
|
|
static const ASN1_OBJECT nid_objs[NUM_NID] = {
|
||
|
|
{"UNDEF", "undefined", NID_undef},
|
||
|
|
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
|
||
|
|
@@ -2279,9 +2279,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
|
||
|
|
{"GMAC", "gmac", NID_gmac, 5, &so[7761]},
|
||
|
|
{"KMAC128", "kmac128", NID_kmac128},
|
||
|
|
{"KMAC256", "kmac256", NID_kmac256},
|
||
|
|
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
|
||
|
|
};
|
||
|
|
|
||
|
|
-#define NUM_SN 1189
|
||
|
|
+#define NUM_SN 1190
|
||
|
|
static const unsigned int sn_objs[NUM_SN] = {
|
||
|
|
364, /* "AD_DVCS" */
|
||
|
|
419, /* "AES-128-CBC" */
|
||
|
|
@@ -2399,6 +2400,7 @@ static const unsigned int sn_objs[NUM_SN] = {
|
||
|
|
417, /* "CSPName" */
|
||
|
|
1019, /* "ChaCha20" */
|
||
|
|
1018, /* "ChaCha20-Poly1305" */
|
||
|
|
+ 1198, /* "chacha20-poly1305-draft" */
|
||
|
|
367, /* "CrlID" */
|
||
|
|
391, /* "DC" */
|
||
|
|
31, /* "DES-CBC" */
|
||
|
|
@@ -3474,7 +3476,7 @@ static const unsigned int sn_objs[NUM_SN] = {
|
||
|
|
1093, /* "x509ExtAdmission" */
|
||
|
|
};
|
||
|
|
|
||
|
|
-#define NUM_LN 1189
|
||
|
|
+#define NUM_LN 1190
|
||
|
|
static const unsigned int ln_objs[NUM_LN] = {
|
||
|
|
363, /* "AD Time Stamping" */
|
||
|
|
405, /* "ANSI X9.62" */
|
||
|
|
@@ -3853,6 +3855,7 @@ static const unsigned int ln_objs[NUM_LN] = {
|
||
|
|
883, /* "certificateRevocationList" */
|
||
|
|
1019, /* "chacha20" */
|
||
|
|
1018, /* "chacha20-poly1305" */
|
||
|
|
+ 1198, /* "ChaCha20-Poly1305-D" */
|
||
|
|
54, /* "challengePassword" */
|
||
|
|
407, /* "characteristic-two-field" */
|
||
|
|
395, /* "clearance" */
|
||
|
|
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
|
||
|
|
index ad47750f5d..c6b6bd79cc 100644
|
||
|
|
--- a/crypto/objects/obj_mac.num
|
||
|
|
+++ b/crypto/objects/obj_mac.num
|
||
|
|
@@ -1195,3 +1195,4 @@ hmacWithSHA512_256 1194
|
||
|
|
gmac 1195
|
||
|
|
kmac128 1196
|
||
|
|
kmac256 1197
|
||
|
|
+chacha20_poly1305_draft 1198
|
||
|
|
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
|
||
|
|
index 590bbe9a13..39a76eb2e1 100644
|
||
|
|
--- a/crypto/objects/objects.txt
|
||
|
|
+++ b/crypto/objects/objects.txt
|
||
|
|
@@ -1541,6 +1541,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
|
||
|
|
: AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
|
||
|
|
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
|
||
|
|
: ChaCha20-Poly1305 : chacha20-poly1305
|
||
|
|
+ : ChaCha20-Poly1305-D : chacha20-poly1305-draft
|
||
|
|
: ChaCha20 : chacha20
|
||
|
|
|
||
|
|
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
|
||
|
|
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
||
|
|
index 36249b4201..4896155729 100644
|
||
|
|
--- a/include/openssl/evp.h
|
||
|
|
+++ b/include/openssl/evp.h
|
||
|
|
@@ -918,6 +918,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
|
||
|
|
const EVP_CIPHER *EVP_chacha20(void);
|
||
|
|
# ifndef OPENSSL_NO_POLY1305
|
||
|
|
const EVP_CIPHER *EVP_chacha20_poly1305(void);
|
||
|
|
+const EVP_CIPHER *EVP_chacha20_poly1305_draft(void);
|
||
|
|
# endif
|
||
|
|
# endif
|
||
|
|
|
||
|
|
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
|
||
|
|
index e977a24c66..280efb665e 100644
|
||
|
|
--- a/include/openssl/obj_mac.h
|
||
|
|
+++ b/include/openssl/obj_mac.h
|
||
|
|
@@ -4824,6 +4824,10 @@
|
||
|
|
#define LN_chacha20 "chacha20"
|
||
|
|
#define NID_chacha20 1019
|
||
|
|
|
||
|
|
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
|
||
|
|
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
|
||
|
|
+#define NID_chacha20_poly1305_draft 1198
|
||
|
|
+
|
||
|
|
#define SN_dhpublicnumber "dhpublicnumber"
|
||
|
|
#define LN_dhpublicnumber "X9.42 DH"
|
||
|
|
#define NID_dhpublicnumber 920
|
||
|
|
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
|
||
|
|
index fe2e479028..da1ff8f855 100644
|
||
|
|
--- a/include/openssl/ssl.h
|
||
|
|
+++ b/include/openssl/ssl.h
|
||
|
|
@@ -125,6 +125,7 @@ extern "C" {
|
||
|
|
# define SSL_TXT_CAMELLIA256 "CAMELLIA256"
|
||
|
|
# define SSL_TXT_CAMELLIA "CAMELLIA"
|
||
|
|
# define SSL_TXT_CHACHA20 "CHACHA20"
|
||
|
|
+# define SSL_TXT_CHACHA20_D "CHACHA20-D"
|
||
|
|
# define SSL_TXT_GOST "GOST89"
|
||
|
|
# define SSL_TXT_ARIA "ARIA"
|
||
|
|
# define SSL_TXT_ARIA_GCM "ARIAGCM"
|
||
|
|
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
|
||
|
|
index 434dff1500..e1603867d0 100644
|
||
|
|
--- a/include/openssl/tls1.h
|
||
|
|
+++ b/include/openssl/tls1.h
|
||
|
|
@@ -597,7 +597,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
|
||
|
|
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A
|
||
|
|
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B
|
||
|
|
|
||
|
|
-/* draft-ietf-tls-chacha20-poly1305-03 */
|
||
|
|
+/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */
|
||
|
|
+# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D 0x0300CC13
|
||
|
|
+# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D 0x0300CC14
|
||
|
|
+# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D 0x0300CC15
|
||
|
|
+
|
||
|
|
+/* Chacha20-Poly1305 ciphersuites from RFC7905 */
|
||
|
|
# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8
|
||
|
|
# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9
|
||
|
|
# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA
|
||
|
|
@@ -762,6 +767,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
|
||
|
|
# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
|
||
|
|
# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
|
||
|
|
# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
|
||
|
|
+# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D "OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
|
||
|
|
+# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D "OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
|
||
|
|
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D "OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
|
||
|
|
# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
|
||
|
|
# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
|
||
|
|
# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
|
||
|
|
@@ -1090,7 +1098,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
|
||
|
|
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256"
|
||
|
|
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384"
|
||
|
|
|
||
|
|
-/* draft-ietf-tls-chacha20-poly1305-03 */
|
||
|
|
+/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */
|
||
|
|
+# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D "ECDHE-RSA-CHACHA20-POLY1305-OLD"
|
||
|
|
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D "ECDHE-ECDSA-CHACHA20-POLY1305-OLD"
|
||
|
|
+# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D "DHE-RSA-CHACHA20-POLY1305-OLD"
|
||
|
|
+
|
||
|
|
+/* Chacha20-Poly1305 ciphersuites from RFC7905 */
|
||
|
|
# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305"
|
||
|
|
# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
|
||
|
|
# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
|
||
|
|
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
|
||
|
|
index a5b3dbbfd5..a5a7993065 100644
|
||
|
|
--- a/ssl/s3_lib.c
|
||
|
|
+++ b/ssl/s3_lib.c
|
||
|
|
@@ -2082,6 +2082,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||
|
|
256,
|
||
|
|
256,
|
||
|
|
},
|
||
|
|
+ {
|
||
|
|
+ 1,
|
||
|
|
+ TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D,
|
||
|
|
+ TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D,
|
||
|
|
+ TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D,
|
||
|
|
+ SSL_kDHE,
|
||
|
|
+ SSL_aRSA,
|
||
|
|
+ SSL_CHACHA20POLY1305_D,
|
||
|
|
+ SSL_AEAD,
|
||
|
|
+ TLS1_2_VERSION, TLS1_2_VERSION,
|
||
|
|
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
|
||
|
|
+ SSL_HIGH,
|
||
|
|
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||
|
|
+ 256,
|
||
|
|
+ 256,
|
||
|
|
+ },
|
||
|
|
+ {
|
||
|
|
+ 1,
|
||
|
|
+ TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
|
||
|
|
+ TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
|
||
|
|
+ TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
|
||
|
|
+ SSL_kECDHE,
|
||
|
|
+ SSL_aRSA,
|
||
|
|
+ SSL_CHACHA20POLY1305_D,
|
||
|
|
+ SSL_AEAD,
|
||
|
|
+ TLS1_2_VERSION, TLS1_2_VERSION,
|
||
|
|
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
|
||
|
|
+ SSL_HIGH,
|
||
|
|
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||
|
|
+ 256,
|
||
|
|
+ 256,
|
||
|
|
+ },
|
||
|
|
+ {
|
||
|
|
+ 1,
|
||
|
|
+ TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
|
||
|
|
+ TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
|
||
|
|
+ TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
|
||
|
|
+ SSL_kECDHE,
|
||
|
|
+ SSL_aECDSA,
|
||
|
|
+ SSL_CHACHA20POLY1305_D,
|
||
|
|
+ SSL_AEAD,
|
||
|
|
+ TLS1_2_VERSION, TLS1_2_VERSION,
|
||
|
|
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
|
||
|
|
+ SSL_HIGH,
|
||
|
|
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
|
||
|
|
+ 256,
|
||
|
|
+ 256,
|
||
|
|
+ },
|
||
|
|
{
|
||
|
|
1,
|
||
|
|
TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
|
||
|
|
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
|
||
|
|
index bd97c0fdab..020ba7ac63 100644
|
||
|
|
--- a/ssl/ssl_ciph.c
|
||
|
|
+++ b/ssl/ssl_ciph.c
|
||
|
|
@@ -43,7 +43,8 @@
|
||
|
|
#define SSL_ENC_CHACHA_IDX 19
|
||
|
|
#define SSL_ENC_ARIA128GCM_IDX 20
|
||
|
|
#define SSL_ENC_ARIA256GCM_IDX 21
|
||
|
|
-#define SSL_ENC_NUM_IDX 22
|
||
|
|
+#define SSL_ENC_CHACHA20_D_IDX 22
|
||
|
|
+#define SSL_ENC_NUM_IDX 23
|
||
|
|
|
||
|
|
/* NB: make sure indices in these tables match values above */
|
||
|
|
|
||
|
|
@@ -76,6 +77,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
|
||
|
|
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
|
||
|
|
{SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
|
||
|
|
{SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
|
||
|
|
+ {SSL_CHACHA20POLY1305_D, NID_chacha20_poly1305_draft}, /* SSL_ENC_CHACHA20POLY1305_IDX 22 */
|
||
|
|
};
|
||
|
|
|
||
|
|
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
|
||
|
|
@@ -273,6 +275,7 @@ static const SSL_CIPHER cipher_aliases[] = {
|
||
|
|
{0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
|
||
|
|
{0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
|
||
|
|
{0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
|
||
|
|
+ {0, SSL_TXT_CHACHA20_D, NULL, 0, 0, 0, SSL_CHACHA20POLY1305_D},
|
||
|
|
|
||
|
|
{0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
|
||
|
|
{0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
|
||
|
|
@@ -1789,6 +1792,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||
|
|
case SSL_CHACHA20POLY1305:
|
||
|
|
enc = "CHACHA20/POLY1305(256)";
|
||
|
|
break;
|
||
|
|
+ case SSL_CHACHA20POLY1305_D:
|
||
|
|
+ enc = "CHACHA20/POLY1305-Draft(256)";
|
||
|
|
+ break;
|
||
|
|
default:
|
||
|
|
enc = "unknown";
|
||
|
|
break;
|
||
|
|
@@ -2113,7 +2119,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
|
||
|
|
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
|
||
|
|
} else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
|
||
|
|
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
|
||
|
|
- } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) {
|
||
|
|
+ } else if (c->algorithm_enc & (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D)) {
|
||
|
|
out = 16;
|
||
|
|
} else if (c->algorithm_mac & SSL_AEAD) {
|
||
|
|
/* We're supposed to have handled all the AEAD modes above */
|
||
|
|
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
|
||
|
|
index 98e8e8a46d..d64dd57d78 100644
|
||
|
|
--- a/ssl/ssl_locl.h
|
||
|
|
+++ b/ssl/ssl_locl.h
|
||
|
|
@@ -230,12 +230,13 @@
|
||
|
|
# define SSL_CHACHA20POLY1305 0x00080000U
|
||
|
|
# define SSL_ARIA128GCM 0x00100000U
|
||
|
|
# define SSL_ARIA256GCM 0x00200000U
|
||
|
|
+# define SSL_CHACHA20POLY1305_D 0x00400000U
|
||
|
|
|
||
|
|
# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM)
|
||
|
|
# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
|
||
|
|
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
|
||
|
|
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
|
||
|
|
-# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
|
||
|
|
+# define SSL_CHACHA20 (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D)
|
||
|
|
# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM)
|
||
|
|
# define SSL_ARIA (SSL_ARIAGCM)
|
||
|
|
|
||
|
|
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
||
|
|
index 964f581667..66d7b47dc3 100644
|
||
|
|
--- a/util/libcrypto.num
|
||
|
|
+++ b/util/libcrypto.num
|
||
|
|
@@ -4608,3 +4608,4 @@ OPENSSL_version_minor 4561 3_0_0 EXIST::FUNCTION:
|
||
|
|
OPENSSL_version_patch 4562 3_0_0 EXIST::FUNCTION:
|
||
|
|
OPENSSL_version_pre_release 4563 3_0_0 EXIST::FUNCTION:
|
||
|
|
OPENSSL_version_build_metadata 4564 3_0_0 EXIST::FUNCTION:
|
||
|
|
+EVP_chacha20_poly1305_draft 4565 1_1_0 EXIST::FUNCTION:CHACHA,POLY1305_DRAFT
|