diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index a97eaa1685..24112723f0 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -265,6 +265,7 @@ void openssl_add_all_ciphers_int(void) EVP_add_cipher(EVP_chacha20()); # ifndef OPENSSL_NO_POLY1305 EVP_add_cipher(EVP_chacha20_poly1305()); + EVP_add_cipher(EVP_chacha20_poly1305_draft()); # endif #endif } diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 570378b1af..46eb33910a 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -156,6 +156,7 @@ typedef struct { struct { uint64_t aad, text; } len; int aad, mac_inited, tag_len, nonce_len; size_t tls_payload_length; + unsigned char draft:1; } EVP_CHACHA_AEAD_CTX; # define NO_TLS_PAYLOAD_LENGTH ((size_t)-1) @@ -176,6 +177,7 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, actx->aad = 0; actx->mac_inited = 0; actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + actx->draft = 0; if (iv != NULL) { unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; @@ -197,6 +199,27 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, return 1; } +static int chacha20_poly1305_draft_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *inkey, + const unsigned char *iv, int enc) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + + if (!inkey) + return 1; + + actx->len.aad = 0; + actx->len.text = 0; + actx->aad = 0; + actx->mac_inited = 0; + actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + actx->draft = 1; + + chacha_init_key(ctx, inkey, NULL, enc); + + return 1; +} + # if !defined(OPENSSL_SMALL_FOOTPRINT) # if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ @@ -367,10 +390,11 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); size_t rem, plen = actx->tls_payload_length; + uint64_t thirteen = EVP_AEAD_TLS1_AAD_LEN; if (!actx->mac_inited) { # if !defined(OPENSSL_SMALL_FOOTPRINT) - if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL) + if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL && !actx->draft) return chacha20_poly1305_tls_cipher(ctx, out, in, len); # endif actx->key.counter[0] = 0; @@ -397,9 +421,14 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return len; } else { /* plain- or ciphertext */ if (actx->aad) { /* wrap up aad */ - if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) - Poly1305_Update(POLY1305_ctx(actx), zero, - POLY1305_BLOCK_SIZE - rem); + if (actx->draft) { + thirteen = actx->len.aad; + Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen)); + } else { + if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) + Poly1305_Update(POLY1305_ctx(actx), zero, + POLY1305_BLOCK_SIZE - rem); + } actx->aad = 0; } @@ -432,40 +461,52 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } is_endian = { 1 }; unsigned char temp[POLY1305_BLOCK_SIZE]; + if (actx->draft) { + thirteen = actx->len.text; + Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen)); + } + if (actx->aad) { /* wrap up aad */ - if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) - Poly1305_Update(POLY1305_ctx(actx), zero, - POLY1305_BLOCK_SIZE - rem); + if (actx->draft) { + thirteen = actx->len.aad; + Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen)); + } else { + if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) + Poly1305_Update(POLY1305_ctx(actx), zero, + POLY1305_BLOCK_SIZE - rem); + } actx->aad = 0; } - if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE)) - Poly1305_Update(POLY1305_ctx(actx), zero, - POLY1305_BLOCK_SIZE - rem); + if (!actx->draft) { + if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE)) + Poly1305_Update(POLY1305_ctx(actx), zero, + POLY1305_BLOCK_SIZE - rem); - if (is_endian.little) { - Poly1305_Update(POLY1305_ctx(actx), - (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); - } else { - temp[0] = (unsigned char)(actx->len.aad); - temp[1] = (unsigned char)(actx->len.aad>>8); - temp[2] = (unsigned char)(actx->len.aad>>16); - temp[3] = (unsigned char)(actx->len.aad>>24); - temp[4] = (unsigned char)(actx->len.aad>>32); - temp[5] = (unsigned char)(actx->len.aad>>40); - temp[6] = (unsigned char)(actx->len.aad>>48); - temp[7] = (unsigned char)(actx->len.aad>>56); - - temp[8] = (unsigned char)(actx->len.text); - temp[9] = (unsigned char)(actx->len.text>>8); - temp[10] = (unsigned char)(actx->len.text>>16); - temp[11] = (unsigned char)(actx->len.text>>24); - temp[12] = (unsigned char)(actx->len.text>>32); - temp[13] = (unsigned char)(actx->len.text>>40); - temp[14] = (unsigned char)(actx->len.text>>48); - temp[15] = (unsigned char)(actx->len.text>>56); - - Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE); + if (is_endian.little) { + Poly1305_Update(POLY1305_ctx(actx), + (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); + } else { + temp[0] = (unsigned char)(actx->len.aad); + temp[1] = (unsigned char)(actx->len.aad>>8); + temp[2] = (unsigned char)(actx->len.aad>>16); + temp[3] = (unsigned char)(actx->len.aad>>24); + temp[4] = (unsigned char)(actx->len.aad>>32); + temp[5] = (unsigned char)(actx->len.aad>>40); + temp[6] = (unsigned char)(actx->len.aad>>48); + temp[7] = (unsigned char)(actx->len.aad>>56); + + temp[8] = (unsigned char)(actx->len.text); + temp[9] = (unsigned char)(actx->len.text>>8); + temp[10] = (unsigned char)(actx->len.text>>16); + temp[11] = (unsigned char)(actx->len.text>>24); + temp[12] = (unsigned char)(actx->len.text>>32); + temp[13] = (unsigned char)(actx->len.text>>40); + temp[14] = (unsigned char)(actx->len.text>>48); + temp[15] = (unsigned char)(actx->len.text>>56); + + Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE); + } } Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag : temp); @@ -539,12 +580,14 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, return 1; case EVP_CTRL_AEAD_SET_IVLEN: + if (actx->draft) return -1; if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN) return 0; actx->nonce_len = arg; return 1; case EVP_CTRL_AEAD_SET_IV_FIXED: + if (actx->draft) return -1; if (arg != 12) return 0; actx->nonce[0] = actx->key.counter[1] @@ -629,9 +672,32 @@ static EVP_CIPHER chacha20_poly1305 = { NULL /* app_data */ }; +static EVP_CIPHER chacha20_poly1305_draft = { + NID_chacha20_poly1305_draft, + 1, /* block_size */ + CHACHA_KEY_SIZE, /* key_len */ + 0, /* iv_len, none */ + EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | + EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER, + chacha20_poly1305_draft_init_key, + chacha20_poly1305_cipher, + chacha20_poly1305_cleanup, + 0, /* 0 moves context-specific structure allocation to ctrl */ + NULL, /* set_asn1_parameters */ + NULL, /* get_asn1_parameters */ + chacha20_poly1305_ctrl, + NULL /* app_data */ +}; + const EVP_CIPHER *EVP_chacha20_poly1305(void) { return(&chacha20_poly1305); } + +const EVP_CIPHER *EVP_chacha20_poly1305_draft(void) +{ + return(&chacha20_poly1305_draft); +} # endif #endif diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 0beeacfa40..8b3737f363 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1084,7 +1084,7 @@ static const unsigned char so[7813] = { 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7804] OBJ_SM2_with_SM3 */ }; -#define NUM_NID 1208 +#define NUM_NID 1209 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2294,9 +2294,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"SSKDF", "sskdf", NID_sskdf}, {"X963KDF", "x963kdf", NID_x963kdf}, {"X942KDF", "x942kdf", NID_x942kdf}, + {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft}, }; -#define NUM_SN 1199 +#define NUM_SN 1200 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2419,6 +2420,7 @@ static const unsigned int sn_objs[NUM_SN] = { 417, /* "CSPName" */ 1019, /* "ChaCha20" */ 1018, /* "ChaCha20-Poly1305" */ + 1208, /* "ChaCha20-Poly1305-D" */ 367, /* "CrlID" */ 391, /* "DC" */ 31, /* "DES-CBC" */ @@ -3499,7 +3501,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1199 +#define NUM_LN 1200 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3884,6 +3886,7 @@ static const unsigned int ln_objs[NUM_LN] = { 883, /* "certificateRevocationList" */ 1019, /* "chacha20" */ 1018, /* "chacha20-poly1305" */ + 1208, /* "chacha20-poly1305-draft" */ 54, /* "challengePassword" */ 407, /* "characteristic-two-field" */ 395, /* "clearance" */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 022e64277c..4751e56115 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1205,3 +1205,4 @@ SM2_with_SM3 1204 sskdf 1205 x963kdf 1206 x942kdf 1207 +chacha20_poly1305_draft 1208 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 47cf2f183d..660bcd8521 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1545,6 +1545,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256 : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256 : ChaCha20-Poly1305 : chacha20-poly1305 + : ChaCha20-Poly1305-D : chacha20-poly1305-draft : ChaCha20 : chacha20 ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH diff --git a/include/openssl/evp.h b/include/openssl/evp.h index bbdc2b75c1..0c4b51d6c5 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -959,6 +959,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void); const EVP_CIPHER *EVP_chacha20(void); # ifndef OPENSSL_NO_POLY1305 const EVP_CIPHER *EVP_chacha20_poly1305(void); +const EVP_CIPHER *EVP_chacha20_poly1305_draft(void); # endif # endif diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 930a7a919e..d08a9e3b26 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -4837,6 +4837,10 @@ #define LN_chacha20_poly1305 "chacha20-poly1305" #define NID_chacha20_poly1305 1018 +#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D" +#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft" +#define NID_chacha20_poly1305_draft 1208 + #define SN_chacha20 "ChaCha20" #define LN_chacha20 "chacha20" #define NID_chacha20 1019 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 93f6bbc8f8..f11e312b54 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -125,6 +125,7 @@ extern "C" { # define SSL_TXT_CAMELLIA256 "CAMELLIA256" # define SSL_TXT_CAMELLIA "CAMELLIA" # define SSL_TXT_CHACHA20 "CHACHA20" +# define SSL_TXT_CHACHA20_D "CHACHA20-D" # define SSL_TXT_GOST "GOST89" # define SSL_TXT_ARIA "ARIA" # define SSL_TXT_ARIA_GCM "ARIAGCM" diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index f587f2a488..37ea3bdca4 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -567,7 +567,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B -/* draft-ietf-tls-chacha20-poly1305-03 */ +/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D 0x0300CC13 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D 0x0300CC14 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D 0x0300CC15 + +/* Chacha20-Poly1305 ciphersuites from RFC7905 */ # define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 # define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 # define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA @@ -732,6 +737,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" # define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" # define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D "OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D "OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D "OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" # define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" # define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" # define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" @@ -1060,7 +1068,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" -/* draft-ietf-tls-chacha20-poly1305-03 */ +/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D "ECDHE-RSA-CHACHA20-POLY1305-OLD" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D "ECDHE-ECDSA-CHACHA20-POLY1305-OLD" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D "DHE-RSA-CHACHA20-POLY1305-OLD" + +/* Chacha20-Poly1305 ciphersuites from RFC7905 */ # define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" # define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" # define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d23f932ce9..b02cc2d895 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2083,6 +2083,54 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, + { + 1, + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D, + TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D, + TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D, + SSL_kDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305_D, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D, + TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D, + TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D, + SSL_kECDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305_D, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D, + TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D, + TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D, + SSL_kECDHE, + SSL_aECDSA, + SSL_CHACHA20POLY1305_D, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, { 1, TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index e427c407fc..0eb10f35b1 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -44,7 +44,8 @@ #define SSL_ENC_CHACHA_IDX 19 #define SSL_ENC_ARIA128GCM_IDX 20 #define SSL_ENC_ARIA256GCM_IDX 21 -#define SSL_ENC_NUM_IDX 22 +#define SSL_ENC_CHACHA20_D_IDX 22 +#define SSL_ENC_NUM_IDX 23 /* NB: make sure indices in these tables match values above */ @@ -77,6 +78,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */ {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ + {SSL_CHACHA20POLY1305_D, NID_chacha20_poly1305_draft}, /* SSL_ENC_CHACHA20POLY1305_IDX 22 */ }; static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]; @@ -276,6 +278,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256}, {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA}, {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20}, + {0, SSL_TXT_CHACHA20_D, NULL, 0, 0, 0, SSL_CHACHA20POLY1305_D}, {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA}, {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM}, @@ -1799,6 +1802,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_CHACHA20POLY1305: enc = "CHACHA20/POLY1305(256)"; break; + case SSL_CHACHA20POLY1305_D: + enc = "CHACHA20/POLY1305-Draft(256)"; + break; default: enc = "unknown"; break; @@ -2123,7 +2129,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16; } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) { out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8; - } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) { + } else if (c->algorithm_enc & (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D)) { out = 16; } else if (c->algorithm_mac & SSL_AEAD) { /* We're supposed to have handled all the AEAD modes above */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b66979b4da..195267cb5e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -234,12 +234,13 @@ # define SSL_CHACHA20POLY1305 0x00080000U # define SSL_ARIA128GCM 0x00100000U # define SSL_ARIA256GCM 0x00200000U +# define SSL_CHACHA20POLY1305_D 0x00400000U # define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) # define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) -# define SSL_CHACHA20 (SSL_CHACHA20POLY1305) +# define SSL_CHACHA20 (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D) # define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM) # define SSL_ARIA (SSL_ARIAGCM) diff --git a/util/libcrypto.num b/util/libcrypto.num index 1b14b440dc..0c27ed1138 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4764,3 +4764,4 @@ ERR_peek_last_error_data 4880 3_0_0 EXIST::FUNCTION: ERR_peek_last_error_all 4881 3_0_0 EXIST::FUNCTION: EVP_CIPHER_is_a 4882 3_0_0 EXIST::FUNCTION: EVP_MAC_is_a 4883 3_0_0 EXIST::FUNCTION: +EVP_chacha20_poly1305_draft 4884 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305