diff options
| author | jsing <> | 2014-06-13 13:28:53 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-13 13:28:53 +0000 |
| commit | 87ae52d3debf27eaa8821085b7f8bff4bd602368 (patch) | |
| tree | 438ba40d37fa8918a8cbfba204604048af3118cc /src/lib/libssl/ssl_ciph.c | |
| parent | 7d40623f11099ca58ea441fa5b5a0080f93eebe5 (diff) | |
| download | openbsd-87ae52d3debf27eaa8821085b7f8bff4bd602368.tar.gz openbsd-87ae52d3debf27eaa8821085b7f8bff4bd602368.tar.bz2 openbsd-87ae52d3debf27eaa8821085b7f8bff4bd602368.zip | |
Add ChaCha20-Poly1305 based ciphersuites.
Based on Adam Langley's chromium patches.
Tested by and ok sthen@
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 25291bfd4a..a89c8253c8 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.52 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.53 2014/06/13 13:28:53 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -916,6 +916,11 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) | |||
| 916 | *aead = EVP_aead_aes_256_gcm(); | 916 | *aead = EVP_aead_aes_256_gcm(); |
| 917 | return 1; | 917 | return 1; |
| 918 | #endif | 918 | #endif |
| 919 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | ||
| 920 | case SSL_CHACHA20POLY1305: | ||
| 921 | *aead = EVP_aead_chacha20_poly1305(); | ||
| 922 | return 1; | ||
| 923 | #endif | ||
| 919 | default: | 924 | default: |
| 920 | break; | 925 | break; |
| 921 | } | 926 | } |
| @@ -1617,7 +1622,11 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1617 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | 1622 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
| 1618 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | 1623 | ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
| 1619 | 1624 | ||
| 1620 | /* AES is our preferred symmetric cipher */ | 1625 | /* |
| 1626 | * CHACHA20 is fast and safe on all hardware and is thus our preferred | ||
| 1627 | * symmetric cipher, with AES second. | ||
| 1628 | */ | ||
| 1629 | ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | ||
| 1621 | ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | 1630 | ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
| 1622 | 1631 | ||
| 1623 | /* Temporarily enable everything else for sorting */ | 1632 | /* Temporarily enable everything else for sorting */ |
| @@ -1871,6 +1880,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1871 | case SSL_SEED: | 1880 | case SSL_SEED: |
| 1872 | enc="SEED(128)"; | 1881 | enc="SEED(128)"; |
| 1873 | break; | 1882 | break; |
| 1883 | case SSL_CHACHA20POLY1305: | ||
| 1884 | enc = "ChaCha20-Poly1305"; | ||
| 1885 | break; | ||
| 1874 | default: | 1886 | default: |
| 1875 | enc="unknown"; | 1887 | enc="unknown"; |
| 1876 | break; | 1888 | break; |