Browse Source

Update CHACHA20 patch.

master
Hakase 2 months ago
parent
commit
0709965a2d
Signed by: Hakase <hakase@hakase.app> GPG Key ID: BB2821A9E0DF48C9
1 changed files with 509 additions and 0 deletions
  1. 509
    0
      openssl-1.1.1b-chacha_draft.patch

+ 509
- 0
openssl-1.1.1b-chacha_draft.patch View File

@@ -0,0 +1,509 @@
1
+diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
2
+index 086b3c4d51..5699901f7d 100644
3
+--- a/crypto/evp/c_allc.c
4
++++ b/crypto/evp/c_allc.c
5
+@@ -261,6 +261,7 @@ void openssl_add_all_ciphers_int(void)
6
+     EVP_add_cipher(EVP_chacha20());
7
+ # ifndef OPENSSL_NO_POLY1305
8
+     EVP_add_cipher(EVP_chacha20_poly1305());
9
++    EVP_add_cipher(EVP_chacha20_poly1305_draft());
10
+ # endif
11
+ #endif
12
+ }
13
+diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
14
+index c1917bb86a..ea64c6b70e 100644
15
+--- a/crypto/evp/e_chacha20_poly1305.c
16
++++ b/crypto/evp/e_chacha20_poly1305.c
17
+@@ -154,6 +154,7 @@ typedef struct {
18
+     struct { uint64_t aad, text; } len;
19
+     int aad, mac_inited, tag_len, nonce_len;
20
+     size_t tls_payload_length;
21
++    unsigned char draft:1;
22
+ } EVP_CHACHA_AEAD_CTX;
23
+ 
24
+ #  define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
25
+@@ -174,6 +175,7 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
26
+     actx->aad = 0;
27
+     actx->mac_inited = 0;
28
+     actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
29
++    actx->draft = 0;
30
+ 
31
+     if (iv != NULL) {
32
+         unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
33
+@@ -195,6 +197,27 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
34
+     return 1;
35
+ }
36
+ 
37
++static int chacha20_poly1305_draft_init_key(EVP_CIPHER_CTX *ctx,
38
++   const unsigned char *inkey,
39
++   const unsigned char *iv, int enc)
40
++{
41
++    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
42
++
43
++    if (!inkey)
44
++        return 1;
45
++
46
++    actx->len.aad = 0;
47
++    actx->len.text = 0;
48
++    actx->aad = 0;
49
++    actx->mac_inited = 0;
50
++    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
51
++    actx->draft = 1;
52
++
53
++    chacha_init_key(ctx, inkey, NULL, enc);
54
++
55
++    return 1;
56
++}
57
++
58
+ #  if !defined(OPENSSL_SMALL_FOOTPRINT)
59
+ 
60
+ #   if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
61
+@@ -365,10 +388,11 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
62
+ {
63
+     EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
64
+     size_t rem, plen = actx->tls_payload_length;
65
++    uint64_t thirteen = EVP_AEAD_TLS1_AAD_LEN;
66
+ 
67
+     if (!actx->mac_inited) {
68
+ #  if !defined(OPENSSL_SMALL_FOOTPRINT)
69
+-        if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL)
70
++        if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL && !actx->draft)
71
+             return chacha20_poly1305_tls_cipher(ctx, out, in, len);
72
+ #  endif
73
+         actx->key.counter[0] = 0;
74
+@@ -395,9 +419,14 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
75
+             return len;
76
+         } else {                                /* plain- or ciphertext */
77
+             if (actx->aad) {                    /* wrap up aad */
78
+-                if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
79
+-                    Poly1305_Update(POLY1305_ctx(actx), zero,
80
+-                                    POLY1305_BLOCK_SIZE - rem);
81
++                if (actx->draft) {
82
++                    thirteen = actx->len.aad;
83
++                    Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
84
++                } else {
85
++                    if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
86
++                        Poly1305_Update(POLY1305_ctx(actx), zero,
87
++                                        POLY1305_BLOCK_SIZE - rem);
88
++                }
89
+                 actx->aad = 0;
90
+             }
91
+ 
92
+@@ -430,40 +459,52 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
93
+         } is_endian = { 1 };
94
+         unsigned char temp[POLY1305_BLOCK_SIZE];
95
+ 
96
++        if (actx->draft) {
97
++            thirteen = actx->len.text;
98
++            Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
99
++        }
100
++
101
+         if (actx->aad) {                        /* wrap up aad */
102
+-            if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
103
+-                Poly1305_Update(POLY1305_ctx(actx), zero,
104
+-                                POLY1305_BLOCK_SIZE - rem);
105
++            if (actx->draft) {
106
++               thirteen = actx->len.aad;
107
++               Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
108
++            } else {
109
++                if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
110
++                    Poly1305_Update(POLY1305_ctx(actx), zero,
111
++                                    POLY1305_BLOCK_SIZE - rem);
112
++            }
113
+             actx->aad = 0;
114
+         }
115
+ 
116
+-        if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
117
+-            Poly1305_Update(POLY1305_ctx(actx), zero,
118
+-                            POLY1305_BLOCK_SIZE - rem);
119
++        if (!actx->draft) {
120
++            if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
121
++                Poly1305_Update(POLY1305_ctx(actx), zero,
122
++                                POLY1305_BLOCK_SIZE - rem);
123
+ 
124
+-        if (is_endian.little) {
125
+-            Poly1305_Update(POLY1305_ctx(actx),
126
+-                            (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
127
+-        } else {
128
+-            temp[0]  = (unsigned char)(actx->len.aad);
129
+-            temp[1]  = (unsigned char)(actx->len.aad>>8);
130
+-            temp[2]  = (unsigned char)(actx->len.aad>>16);
131
+-            temp[3]  = (unsigned char)(actx->len.aad>>24);
132
+-            temp[4]  = (unsigned char)(actx->len.aad>>32);
133
+-            temp[5]  = (unsigned char)(actx->len.aad>>40);
134
+-            temp[6]  = (unsigned char)(actx->len.aad>>48);
135
+-            temp[7]  = (unsigned char)(actx->len.aad>>56);
136
+-
137
+-            temp[8]  = (unsigned char)(actx->len.text);
138
+-            temp[9]  = (unsigned char)(actx->len.text>>8);
139
+-            temp[10] = (unsigned char)(actx->len.text>>16);
140
+-            temp[11] = (unsigned char)(actx->len.text>>24);
141
+-            temp[12] = (unsigned char)(actx->len.text>>32);
142
+-            temp[13] = (unsigned char)(actx->len.text>>40);
143
+-            temp[14] = (unsigned char)(actx->len.text>>48);
144
+-            temp[15] = (unsigned char)(actx->len.text>>56);
145
+-
146
+-            Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
147
++            if (is_endian.little) {
148
++                Poly1305_Update(POLY1305_ctx(actx),
149
++                                (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
150
++            } else {
151
++                temp[0]  = (unsigned char)(actx->len.aad);
152
++                temp[1]  = (unsigned char)(actx->len.aad>>8);
153
++                temp[2]  = (unsigned char)(actx->len.aad>>16);
154
++                temp[3]  = (unsigned char)(actx->len.aad>>24);
155
++                temp[4]  = (unsigned char)(actx->len.aad>>32);
156
++                temp[5]  = (unsigned char)(actx->len.aad>>40);
157
++                temp[6]  = (unsigned char)(actx->len.aad>>48);
158
++                temp[7]  = (unsigned char)(actx->len.aad>>56);
159
++
160
++                temp[8]  = (unsigned char)(actx->len.text);
161
++                temp[9]  = (unsigned char)(actx->len.text>>8);
162
++                temp[10] = (unsigned char)(actx->len.text>>16);
163
++                temp[11] = (unsigned char)(actx->len.text>>24);
164
++                temp[12] = (unsigned char)(actx->len.text>>32);
165
++                temp[13] = (unsigned char)(actx->len.text>>40);
166
++                temp[14] = (unsigned char)(actx->len.text>>48);
167
++                temp[15] = (unsigned char)(actx->len.text>>56);
168
++
169
++                Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
170
++            }
171
+         }
172
+         Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
173
+                                                         : temp);
174
+@@ -533,12 +574,14 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
175
+         return 1;
176
+ 
177
+     case EVP_CTRL_AEAD_SET_IVLEN:
178
++        if (actx->draft) return -1;
179
+         if (arg <= 0 || arg > CHACHA_CTR_SIZE)
180
+             return 0;
181
+         actx->nonce_len = arg;
182
+         return 1;
183
+ 
184
+     case EVP_CTRL_AEAD_SET_IV_FIXED:
185
++        if (actx->draft) return -1;
186
+         if (arg != 12)
187
+             return 0;
188
+         actx->nonce[0] = actx->key.counter[1]
189
+@@ -622,9 +665,32 @@ static EVP_CIPHER chacha20_poly1305 = {
190
+     NULL        /* app_data */
191
+ };
192
+ 
193
++static EVP_CIPHER chacha20_poly1305_draft = {
194
++    NID_chacha20_poly1305_draft,
195
++    1,                  /* block_size */
196
++    CHACHA_KEY_SIZE,    /* key_len */
197
++    0,                 /* iv_len, none */
198
++    EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
199
++    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
200
++    EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,
201
++    chacha20_poly1305_draft_init_key,
202
++    chacha20_poly1305_cipher,
203
++    chacha20_poly1305_cleanup,
204
++    0,          /* 0 moves context-specific structure allocation to ctrl */
205
++    NULL,       /* set_asn1_parameters */
206
++    NULL,       /* get_asn1_parameters */
207
++    chacha20_poly1305_ctrl,
208
++    NULL        /* app_data */
209
++};
210
++
211
+ const EVP_CIPHER *EVP_chacha20_poly1305(void)
212
+ {
213
+     return(&chacha20_poly1305);
214
+ }
215
++
216
++const EVP_CIPHER *EVP_chacha20_poly1305_draft(void)
217
++{
218
++    return(&chacha20_poly1305_draft);
219
++}
220
+ # endif
221
+ #endif
222
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
223
+index 9ab1a14b9e..5c141b9011 100644
224
+--- a/crypto/objects/obj_dat.h
225
++++ b/crypto/objects/obj_dat.h
226
+@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
227
+     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
228
+ };
229
+ 
230
+-#define NUM_NID 1195
231
++#define NUM_NID 1196
232
+ static const ASN1_OBJECT nid_objs[NUM_NID] = {
233
+     {"UNDEF", "undefined", NID_undef},
234
+     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
235
+@@ -2275,9 +2275,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
236
+     {"magma-mac", "magma-mac", NID_magma_mac},
237
+     {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
238
+     {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
239
++    {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
240
+ };
241
+ 
242
+-#define NUM_SN 1186
243
++#define NUM_SN 1187
244
+ static const unsigned int sn_objs[NUM_SN] = {
245
+      364,    /* "AD_DVCS" */
246
+      419,    /* "AES-128-CBC" */
247
+@@ -2395,6 +2396,7 @@ static const unsigned int sn_objs[NUM_SN] = {
248
+      417,    /* "CSPName" */
249
+     1019,    /* "ChaCha20" */
250
+     1018,    /* "ChaCha20-Poly1305" */
251
++    1195,    /* "chacha20-poly1305-draft" */
252
+      367,    /* "CrlID" */
253
+      391,    /* "DC" */
254
+       31,    /* "DES-CBC" */
255
+@@ -3467,7 +3469,7 @@ static const unsigned int sn_objs[NUM_SN] = {
256
+     1093,    /* "x509ExtAdmission" */
257
+ };
258
+ 
259
+-#define NUM_LN 1186
260
++#define NUM_LN 1187
261
+ static const unsigned int ln_objs[NUM_LN] = {
262
+      363,    /* "AD Time Stamping" */
263
+      405,    /* "ANSI X9.62" */
264
+@@ -3846,6 +3848,7 @@ static const unsigned int ln_objs[NUM_LN] = {
265
+      883,    /* "certificateRevocationList" */
266
+     1019,    /* "chacha20" */
267
+     1018,    /* "chacha20-poly1305" */
268
++    1195,    /* "ChaCha20-Poly1305-D" */
269
+       54,    /* "challengePassword" */
270
+      407,    /* "characteristic-two-field" */
271
+      395,    /* "clearance" */
272
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
273
+index 1b6a9c61a1..c81ca25a53 100644
274
+--- a/crypto/objects/obj_mac.num
275
++++ b/crypto/objects/obj_mac.num
276
+@@ -1192,3 +1192,4 @@ magma_cfb		1191
277
+ magma_mac		1192
278
+ hmacWithSHA512_224		1193
279
+ hmacWithSHA512_256		1194
280
++chacha20_poly1305_draft		1195
281
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
282
+index 6dbc41ce37..581169eda8 100644
283
+--- a/crypto/objects/objects.txt
284
++++ b/crypto/objects/objects.txt
285
+@@ -1534,6 +1534,7 @@ sm-scheme 104 7         : SM4-CTR             : sm4-ctr
286
+ 			: AES-192-CBC-HMAC-SHA256	: aes-192-cbc-hmac-sha256
287
+ 			: AES-256-CBC-HMAC-SHA256	: aes-256-cbc-hmac-sha256
288
+ 			: ChaCha20-Poly1305		: chacha20-poly1305
289
++			: ChaCha20-Poly1305-D		: chacha20-poly1305-draft
290
+ 			: ChaCha20			: chacha20
291
+ 
292
+ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
293
+diff --git a/include/openssl/evp.h b/include/openssl/evp.h
294
+index cfc33f6a8c..ea097d8105 100644
295
+--- a/include/openssl/evp.h
296
++++ b/include/openssl/evp.h
297
+@@ -915,6 +915,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
298
+ const EVP_CIPHER *EVP_chacha20(void);
299
+ #  ifndef OPENSSL_NO_POLY1305
300
+ const EVP_CIPHER *EVP_chacha20_poly1305(void);
301
++const EVP_CIPHER *EVP_chacha20_poly1305_draft(void);
302
+ #  endif
303
+ # endif
304
+ 
305
+diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
306
+index 31fad4640f..47ff8270c9 100644
307
+--- a/include/openssl/obj_mac.h
308
++++ b/include/openssl/obj_mac.h
309
+@@ -4811,6 +4811,10 @@
310
+ #define LN_chacha20             "chacha20"
311
+ #define NID_chacha20            1019
312
+ 
313
++#define SN_chacha20_poly1305_draft      "ChaCha20-Poly1305-D"
314
++#define LN_chacha20_poly1305_draft      "chacha20-poly1305-draft"
315
++#define NID_chacha20_poly1305_draft     1195
316
++
317
+ #define SN_dhpublicnumber               "dhpublicnumber"
318
+ #define LN_dhpublicnumber               "X9.42 DH"
319
+ #define NID_dhpublicnumber              920
320
+diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
321
+index d6b1b4e6a6..6d166c94f0 100644
322
+--- a/include/openssl/ssl.h
323
++++ b/include/openssl/ssl.h
324
+@@ -125,6 +125,7 @@ extern "C" {
325
+ # define SSL_TXT_CAMELLIA256     "CAMELLIA256"
326
+ # define SSL_TXT_CAMELLIA        "CAMELLIA"
327
+ # define SSL_TXT_CHACHA20        "CHACHA20"
328
++# define SSL_TXT_CHACHA20_D      "CHACHA20-D"
329
+ # define SSL_TXT_GOST            "GOST89"
330
+ # define SSL_TXT_ARIA            "ARIA"
331
+ # define SSL_TXT_ARIA_GCM        "ARIAGCM"
332
+diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
333
+index e13b5dd4bc..53d43c121e 100644
334
+--- a/include/openssl/tls1.h
335
++++ b/include/openssl/tls1.h
336
+@@ -597,7 +597,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
337
+ # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0x0300C09A
338
+ # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0x0300C09B
339
+ 
340
+-/* draft-ietf-tls-chacha20-poly1305-03 */
341
++/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */
342
++# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D       0x0300CC13
343
++# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D     0x0300CC14
344
++# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D         0x0300CC15
345
++
346
++/* Chacha20-Poly1305 ciphersuites from RFC7905 */
347
+ # define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305         0x0300CCA8
348
+ # define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       0x0300CCA9
349
+ # define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305           0x0300CCAA
350
+@@ -762,6 +767,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
351
+ # define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305         "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
352
+ # define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305       "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
353
+ # define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305     "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
354
++# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D       "OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
355
++# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D     "OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
356
++# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D   "OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
357
+ # define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305             "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
358
+ # define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305       "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
359
+ # define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305         "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
360
+@@ -1090,7 +1098,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
361
+ # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    "ECDH-RSA-CAMELLIA128-SHA256"
362
+ # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    "ECDH-RSA-CAMELLIA256-SHA384"
363
+ 
364
+-/* draft-ietf-tls-chacha20-poly1305-03 */
365
++/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */
366
++# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D       "ECDHE-RSA-CHACHA20-POLY1305-OLD"
367
++# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D     "ECDHE-ECDSA-CHACHA20-POLY1305-OLD"
368
++# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D         "DHE-RSA-CHACHA20-POLY1305-OLD"
369
++
370
++/* Chacha20-Poly1305 ciphersuites from RFC7905 */
371
+ # define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305         "ECDHE-RSA-CHACHA20-POLY1305"
372
+ # define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       "ECDHE-ECDSA-CHACHA20-POLY1305"
373
+ # define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305           "DHE-RSA-CHACHA20-POLY1305"
374
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
375
+index 99ae48199c..7e36a0d7ea 100644
376
+--- a/ssl/s3_lib.c
377
++++ b/ssl/s3_lib.c
378
+@@ -2082,6 +2082,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
379
+      256,
380
+      256,
381
+      },
382
++    {
383
++      1,
384
++      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D,
385
++      TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D,
386
++      TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D,
387
++      SSL_kDHE,
388
++      SSL_aRSA,
389
++      SSL_CHACHA20POLY1305_D,
390
++      SSL_AEAD,
391
++      TLS1_2_VERSION, TLS1_2_VERSION,
392
++      DTLS1_2_VERSION, DTLS1_2_VERSION,
393
++      SSL_HIGH,
394
++      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
395
++      256,
396
++      256,
397
++     },
398
++    {
399
++     1,
400
++     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
401
++     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
402
++     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
403
++     SSL_kECDHE,
404
++     SSL_aRSA,
405
++     SSL_CHACHA20POLY1305_D,
406
++     SSL_AEAD,
407
++     TLS1_2_VERSION, TLS1_2_VERSION,
408
++     DTLS1_2_VERSION, DTLS1_2_VERSION,
409
++     SSL_HIGH,
410
++     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
411
++     256,
412
++     256,
413
++     },
414
++    {
415
++     1,
416
++     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
417
++     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
418
++     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
419
++     SSL_kECDHE,
420
++     SSL_aECDSA,
421
++     SSL_CHACHA20POLY1305_D,
422
++     SSL_AEAD,
423
++     TLS1_2_VERSION, TLS1_2_VERSION,
424
++     DTLS1_2_VERSION, DTLS1_2_VERSION,
425
++     SSL_HIGH,
426
++     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
427
++     256,
428
++     256,
429
++     },
430
+     {
431
+      1,
432
+      TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
433
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
434
+index 044dd3af92..74a80bd643 100644
435
+--- a/ssl/ssl_ciph.c
436
++++ b/ssl/ssl_ciph.c
437
+@@ -43,7 +43,8 @@
438
+ #define SSL_ENC_CHACHA_IDX      19
439
+ #define SSL_ENC_ARIA128GCM_IDX  20
440
+ #define SSL_ENC_ARIA256GCM_IDX  21
441
+-#define SSL_ENC_NUM_IDX         22
442
++#define SSL_ENC_CHACHA20_D_IDX  22
443
++#define SSL_ENC_NUM_IDX         23
444
+ 
445
+ /* NB: make sure indices in these tables match values above */
446
+ 
447
+@@ -76,6 +77,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
448
+     {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
449
+     {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
450
+     {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
451
++    {SSL_CHACHA20POLY1305_D, NID_chacha20_poly1305_draft}, /* SSL_ENC_CHACHA20POLY1305_IDX 22 */
452
+ };
453
+ 
454
+ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
455
+@@ -275,6 +277,7 @@ static const SSL_CIPHER cipher_aliases[] = {
456
+     {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
457
+     {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
458
+     {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
459
++    {0, SSL_TXT_CHACHA20_D, NULL, 0, 0, 0, SSL_CHACHA20POLY1305_D},
460
+ 
461
+     {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
462
+     {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
463
+@@ -1791,6 +1794,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
464
+     case SSL_CHACHA20POLY1305:
465
+         enc = "CHACHA20/POLY1305(256)";
466
+         break;
467
++    case SSL_CHACHA20POLY1305_D:
468
++        enc = "CHACHA20/POLY1305-Draft(256)";
469
++        break;
470
+     default:
471
+         enc = "unknown";
472
+         break;
473
+@@ -2115,7 +2121,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
474
+         out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
475
+     } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
476
+         out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
477
+-    } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) {
478
++    } else if (c->algorithm_enc & (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D)) {
479
+         out = 16;
480
+     } else if (c->algorithm_mac & SSL_AEAD) {
481
+         /* We're supposed to have handled all the AEAD modes above */
482
+diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
483
+index 307131de93..0b1c345b93 100644
484
+--- a/ssl/ssl_locl.h
485
++++ b/ssl/ssl_locl.h
486
+@@ -230,12 +230,13 @@
487
+ # define SSL_CHACHA20POLY1305    0x00080000U
488
+ # define SSL_ARIA128GCM          0x00100000U
489
+ # define SSL_ARIA256GCM          0x00200000U
490
++# define SSL_CHACHA20POLY1305_D  0x00400000U
491
+ 
492
+ # define SSL_AESGCM              (SSL_AES128GCM | SSL_AES256GCM)
493
+ # define SSL_AESCCM              (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
494
+ # define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
495
+ # define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
496
+-# define SSL_CHACHA20            (SSL_CHACHA20POLY1305)
497
++# define SSL_CHACHA20            (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D)
498
+ # define SSL_ARIAGCM             (SSL_ARIA128GCM | SSL_ARIA256GCM)
499
+ # define SSL_ARIA                (SSL_ARIAGCM)
500
+ 
501
+diff --git a/util/libcrypto.num b/util/libcrypto.num
502
+index 32c64cb2c7..c577257d5d 100644
503
+--- a/util/libcrypto.num
504
++++ b/util/libcrypto.num
505
+@@ -4579,3 +4579,4 @@ EVP_PKEY_meth_set_digest_custom         4532	1_1_1	EXIST::FUNCTION:
506
+ EVP_PKEY_meth_get_digest_custom         4533	1_1_1	EXIST::FUNCTION:
507
+ OPENSSL_INIT_set_config_filename        4534	1_1_1b	EXIST::FUNCTION:STDIO
508
+ OPENSSL_INIT_set_config_file_flags      4535	1_1_1b	EXIST::FUNCTION:STDIO
509
++EVP_chacha20_poly1305_draft             4536	1_1_0	EXIST::FUNCTION:CHACHA,POLY1305_DRAFT

Loading…
Cancel
Save