diff options
| author | tb <> | 2020-01-26 02:39:58 +0000 |
|---|---|---|
| committer | tb <> | 2020-01-26 02:39:58 +0000 |
| commit | 040c69f38462cc412a1cb654f5511253611ca375 (patch) | |
| tree | 3ef3d89fe159d32ae812a103a6f6f811c2cae2c4 | |
| parent | aced6d4969b04817dbded5a60c3375e8b90b9df3 (diff) | |
| download | openbsd-040c69f38462cc412a1cb654f5511253611ca375.tar.gz openbsd-040c69f38462cc412a1cb654f5511253611ca375.tar.bz2 openbsd-040c69f38462cc412a1cb654f5511253611ca375.zip | |
Adjust EVP_chacha20()'s behavior to match OpenSSL's semantics:
The new IV is 128 bit long and is actually the 64 bit counter followed
by 64 the bit initialization vector. This is needed by an upcoming
change in OpenSSH and is a breaking change for all current callers.
There are language bindings for Node.js, Rust and Erlang, but none of
our ports use them.
Note that EVP_chacha20() was first introduced in LibreSSL on May 1, 2014
while the entirely incompatible version in OpenSSL was committed on
Dec 9, 2015.
Initial diff from djm and myself, further refinements by djm.
Ports grepping by sthen
ok jsing
| -rw-r--r-- | src/lib/libcrypto/evp/e_chacha.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/src/lib/libcrypto/evp/e_chacha.c b/src/lib/libcrypto/evp/e_chacha.c index b63f586bba..bc496241e6 100644 --- a/src/lib/libcrypto/evp/e_chacha.c +++ b/src/lib/libcrypto/evp/e_chacha.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: e_chacha.c,v 1.5 2014/08/04 04:16:11 miod Exp $ */ | 1 | /* $OpenBSD: e_chacha.c,v 1.6 2020/01/26 02:39:58 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -34,8 +34,9 @@ static const EVP_CIPHER chacha20_cipher = { | |||
| 34 | .nid = NID_chacha20, | 34 | .nid = NID_chacha20, |
| 35 | .block_size = 1, | 35 | .block_size = 1, |
| 36 | .key_len = 32, | 36 | .key_len = 32, |
| 37 | .iv_len = 8, | 37 | .iv_len = 16, /* OpenSSL has 8 byte counter followed by 8 byte iv */ |
| 38 | .flags = EVP_CIPH_STREAM_CIPHER, | 38 | .flags = EVP_CIPH_STREAM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | |
| 39 | EVP_CIPH_CUSTOM_IV, | ||
| 39 | .init = chacha_init, | 40 | .init = chacha_init, |
| 40 | .do_cipher = chacha_cipher, | 41 | .do_cipher = chacha_cipher, |
| 41 | .ctx_size = sizeof(ChaCha_ctx) | 42 | .ctx_size = sizeof(ChaCha_ctx) |
| @@ -51,10 +52,16 @@ static int | |||
| 51 | chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 52 | chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 52 | const unsigned char *iv, int enc) | 53 | const unsigned char *iv, int enc) |
| 53 | { | 54 | { |
| 54 | ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key, | 55 | if (key != NULL) |
| 55 | EVP_CIPHER_CTX_key_length(ctx) * 8); | 56 | ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key, |
| 56 | if (iv != NULL) | 57 | EVP_CIPHER_CTX_key_length(ctx) * 8); |
| 57 | ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, iv, NULL); | 58 | if (iv != NULL) { |
| 59 | const unsigned char *openssl_iv = iv + 8; | ||
| 60 | const unsigned char *counter = iv; | ||
| 61 | |||
| 62 | ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, openssl_iv, | ||
| 63 | counter); | ||
| 64 | } | ||
| 58 | return 1; | 65 | return 1; |
| 59 | } | 66 | } |
| 60 | 67 | ||