Implement the IETF ChaCha20-Poly1305 cipher suites.

Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix,
effectively replaces the original Google implementation. We continue to
support both the IETF and Google versions, however the existing names
now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04.

Feedback from doug@

1 files changed, 16 insertions, 6 deletions

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 5d1d568ff8..526d98e293 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.85 2016/04/28 16:06:53 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.86 2016/04/28 16:39:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -414,7 +414,7 @@ static const SSL_CIPHER cipher_aliases[] = {
         },
         {
                 .name = SSL_TXT_CHACHA20,
-                .algorithm_enc = SSL_CHACHA20POLY1305,
+                .algorithm_enc = SSL_CHACHA20POLY1305|SSL_CHACHA20POLY1305_OLD,
         },
 
         /* MAC aliases */
@@ -731,6 +731,9 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
 #endif
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
         case SSL_CHACHA20POLY1305:
+                *aead = EVP_aead_chacha20_poly1305();
+                return 1;
+        case SSL_CHACHA20POLY1305_OLD:
                 *aead = EVP_aead_chacha20_poly1305_old();
                 return 1;
 #endif
@@ -1423,15 +1426,19 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                  */
                 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
                     CIPHER_ADD, -1, &head, &tail);
-                ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0,
-                    CIPHER_ADD, -1, &head, &tail);
+                ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
+                    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+                ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD,
+                    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
         } else {
                 /*
                  * CHACHA20 is fast and safe on all hardware and is thus our
                  * preferred symmetric cipher, with AES second.
                  */
-                ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0,
-                    CIPHER_ADD, -1, &head, &tail);
+                ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
+                    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+                ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305_OLD,
+                    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
                 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
                     CIPHER_ADD, -1, &head, &tail);
         }
@@ -1667,6 +1674,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_CHACHA20POLY1305:
                 enc = "ChaCha20-Poly1305";
                 break;
+        case SSL_CHACHA20POLY1305_OLD:
+                enc = "ChaCha20-Poly1305-Old";
+                break;
         case SSL_eGOST2814789CNT:
                 enc = "GOST-28178-89-CNT";
                 break;