[openssl] master update
tomas at openssl.org
tomas at openssl.org
Fri Feb 4 10:06:41 UTC 2022
The branch master has been updated
via 77f3936928068bee9d7e0c6939709ac179cb1059 (commit)
from 8e012cdc896ec6a98b45119b127b230cbbb6e93b (commit)
- Log -----------------------------------------------------------------
commit 77f3936928068bee9d7e0c6939709ac179cb1059
Author: John Baldwin <jhb at FreeBSD.org>
Date: Wed Dec 23 14:09:51 2020 -0800
Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD.
FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13752)
-----------------------------------------------------------------------
Summary of changes:
include/internal/ktls.h | 5 +++++
ssl/ktls.c | 10 ++++++++++
2 files changed, 15 insertions(+)
diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index 95492fd065..3c82cae26b 100644
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -40,6 +40,11 @@
# define OPENSSL_KTLS_AES_GCM_128
# define OPENSSL_KTLS_AES_GCM_256
# define OPENSSL_KTLS_TLS13
+# ifdef TLS_CHACHA20_IV_LEN
+# ifndef OPENSSL_NO_CHACHA
+# define OPENSSL_KTLS_CHACHA20_POLY1305
+# endif
+# endif
typedef struct tls_enable ktls_crypto_info_t;
diff --git a/ssl/ktls.c b/ssl/ktls.c
index 79d980959e..fd0a903878 100644
--- a/ssl/ktls.c
+++ b/ssl/ktls.c
@@ -37,6 +37,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
case SSL_AES128GCM:
case SSL_AES256GCM:
return 1;
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ case SSL_CHACHA20POLY1305:
+ return 1;
+# endif
case SSL_AES128:
case SSL_AES256:
if (s->ext.use_etm)
@@ -71,6 +75,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
else
crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
break;
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+ case SSL_CHACHA20POLY1305:
+ crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
+ crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd);
+ break;
+# endif
case SSL_AES128:
case SSL_AES256:
switch (s->s3.tmp.new_cipher->algorithm_mac) {
More information about the openssl-commits
mailing list