[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Wed Jan 20 17:05:53 UTC 2021
The branch master has been updated
via 3aa7212e0a4fd1533c8a28b8587dd8b022f3a66f (commit)
from 5b57aa24c35f78cc11aa91586bc8e8826c2ece5a (commit)
- Log -----------------------------------------------------------------
commit 3aa7212e0a4fd1533c8a28b8587dd8b022f3a66f
Author: Vadim Fedorenko <vadimjunk at gmail.com>
Date: Sun Nov 22 10:02:31 2020 +0000
ktls: Initial support for ChaCha20-Poly1305
Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13475)
-----------------------------------------------------------------------
Summary of changes:
include/internal/ktls.h | 8 ++++++++
ssl/ktls.c | 21 ++++++++++++++++++++-
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index fd439b5718..cf2c813bbc 100644
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -222,6 +222,11 @@ static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off,
# define OPENSSL_KTLS_TLS13
# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0)
# define OPENSSL_KTLS_AES_CCM_128
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0)
+# ifndef OPENSSL_NO_CHACHA
+# define OPENSSL_KTLS_CHACHA20_POLY1305
+# endif
+# endif
# endif
# endif
@@ -254,6 +259,9 @@ struct tls_crypto_info_all {
# endif
# ifdef OPENSSL_KTLS_AES_CCM_128
struct tls12_crypto_info_aes_ccm_128 ccm128;
+# endif
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ struct tls12_crypto_info_chacha20_poly1305 chacha20poly1305;
# endif
};
size_t tls_crypto_info_len;
diff --git a/ssl/ktls.c b/ssl/ktls.c
index dc5bb2bbc3..da42084928 100644
--- a/ssl/ktls.c
+++ b/ssl/ktls.c
@@ -126,7 +126,9 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
return 0;
}
- /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 */
+ /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128
+ * or Chacha20-Poly1305
+ */
switch (EVP_CIPHER_nid(c))
{
# ifdef OPENSSL_KTLS_AES_CCM_128
@@ -139,6 +141,9 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
# endif
# ifdef OPENSSL_KTLS_AES_GCM_256
case NID_aes_256_gcm:
+# endif
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ case NID_chacha20_poly1305:
# endif
return 1;
default:
@@ -212,6 +217,20 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
if (rec_seq != NULL)
*rec_seq = crypto_info->ccm128.rec_seq;
return 1;
+# endif
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ case NID_chacha20_poly1305:
+ crypto_info->chacha20poly1305.info.cipher_type = TLS_CIPHER_CHACHA20_POLY1305;
+ crypto_info->chacha20poly1305.info.version = s->version;
+ crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305);
+ memcpy(crypto_info->chacha20poly1305.iv, iiv,
+ TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE);
+ memcpy(crypto_info->chacha20poly1305.key, key, EVP_CIPHER_key_length(c));
+ memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
+ TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
+ if (rec_seq != NULL)
+ *rec_seq = crypto_info->chacha20poly1305.rec_seq;
+ return 1;
# endif
default:
return 0;
More information about the openssl-commits
mailing list