summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-06-13 13:28:53 +0000
committerjsing <>2014-06-13 13:28:53 +0000
commit1b457449c180438027e5a01bd91548b9c39cdcb5 (patch)
tree438ba40d37fa8918a8cbfba204604048af3118cc /src
parentf783149b42dde459053d469f10461a7db0238550 (diff)
downloadopenbsd-1b457449c180438027e5a01bd91548b9c39cdcb5.tar.gz
openbsd-1b457449c180438027e5a01bd91548b9c39cdcb5.tar.bz2
openbsd-1b457449c180438027e5a01bd91548b9c39cdcb5.zip
Add ChaCha20-Poly1305 based ciphersuites.
Based on Adam Langley's chromium patches. Tested by and ok sthen@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/s3_lib.c53
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c53
-rw-r--r--src/lib/libssl/src/ssl/ssl.h3
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c16
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/src/ssl/tls1.h13
-rw-r--r--src/lib/libssl/ssl.h3
-rw-r--r--src/lib/libssl/ssl_ciph.c16
-rw-r--r--src/lib/libssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/tls1.h13
10 files changed, 162 insertions, 14 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 939557e48e..fa7df59779 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.60 2014/06/13 13:21:09 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.61 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2287,6 +2287,57 @@ SSL_CIPHER ssl3_ciphers[] = {
2287 .alg_bits = 256 2287 .alg_bits = 256
2288 }, 2288 },
2289#endif 2289#endif
2290
2291#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2292 {
2293 .valid = 1,
2294 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2295 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
2296 .algorithm_mkey = SSL_kEECDH,
2297 .algorithm_auth = SSL_aRSA,
2298 .algorithm_enc = SSL_CHACHA20POLY1305,
2299 .algorithm_mac = SSL_AEAD,
2300 .algorithm_ssl = SSL_TLSV1_2,
2301 .algo_strength = SSL_NOT_EXP|SSL_HIGH,
2302 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2303 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
2304 .strength_bits = 256,
2305 .alg_bits = 0,
2306 },
2307
2308 {
2309 .valid = 1,
2310 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2311 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
2312 .algorithm_mkey = SSL_kEECDH,
2313 .algorithm_auth = SSL_aECDSA,
2314 .algorithm_enc = SSL_CHACHA20POLY1305,
2315 .algorithm_mac = SSL_AEAD,
2316 .algorithm_ssl = SSL_TLSV1_2,
2317 .algo_strength = SSL_NOT_EXP|SSL_HIGH,
2318 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2319 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
2320 .strength_bits = 256,
2321 .alg_bits = 0,
2322 },
2323
2324 {
2325 .valid = 1,
2326 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2327 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
2328 .algorithm_mkey = SSL_kEDH,
2329 .algorithm_auth = SSL_aRSA,
2330 .algorithm_enc = SSL_CHACHA20POLY1305,
2331 .algorithm_mac = SSL_AEAD,
2332 .algorithm_ssl = SSL_TLSV1_2,
2333 .algo_strength = SSL_NOT_EXP|SSL_HIGH,
2334 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2335 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
2336 .strength_bits = 256,
2337 .alg_bits = 0,
2338 },
2339#endif
2340
2290 /* end of list */ 2341 /* end of list */
2291}; 2342};
2292 2343
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 939557e48e..fa7df59779 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.60 2014/06/13 13:21:09 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.61 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2287,6 +2287,57 @@ SSL_CIPHER ssl3_ciphers[] = {
2287 .alg_bits = 256 2287 .alg_bits = 256
2288 }, 2288 },
2289#endif 2289#endif
2290
2291#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2292 {
2293 .valid = 1,
2294 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
2295 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
2296 .algorithm_mkey = SSL_kEECDH,
2297 .algorithm_auth = SSL_aRSA,
2298 .algorithm_enc = SSL_CHACHA20POLY1305,
2299 .algorithm_mac = SSL_AEAD,
2300 .algorithm_ssl = SSL_TLSV1_2,
2301 .algo_strength = SSL_NOT_EXP|SSL_HIGH,
2302 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2303 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
2304 .strength_bits = 256,
2305 .alg_bits = 0,
2306 },
2307
2308 {
2309 .valid = 1,
2310 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
2311 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
2312 .algorithm_mkey = SSL_kEECDH,
2313 .algorithm_auth = SSL_aECDSA,
2314 .algorithm_enc = SSL_CHACHA20POLY1305,
2315 .algorithm_mac = SSL_AEAD,
2316 .algorithm_ssl = SSL_TLSV1_2,
2317 .algo_strength = SSL_NOT_EXP|SSL_HIGH,
2318 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2319 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
2320 .strength_bits = 256,
2321 .alg_bits = 0,
2322 },
2323
2324 {
2325 .valid = 1,
2326 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
2327 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
2328 .algorithm_mkey = SSL_kEDH,
2329 .algorithm_auth = SSL_aRSA,
2330 .algorithm_enc = SSL_CHACHA20POLY1305,
2331 .algorithm_mac = SSL_AEAD,
2332 .algorithm_ssl = SSL_TLSV1_2,
2333 .algo_strength = SSL_NOT_EXP|SSL_HIGH,
2334 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
2335 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
2336 .strength_bits = 256,
2337 .alg_bits = 0,
2338 },
2339#endif
2340
2290 /* end of list */ 2341 /* end of list */
2291}; 2342};
2292 2343
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 1a2bdf7628..3e09bd3521 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.55 2014/06/13 11:52:03 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.56 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -289,6 +289,7 @@ extern "C" {
289#define SSL_TXT_CAMELLIA128 "CAMELLIA128" 289#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
290#define SSL_TXT_CAMELLIA256 "CAMELLIA256" 290#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
291#define SSL_TXT_CAMELLIA "CAMELLIA" 291#define SSL_TXT_CAMELLIA "CAMELLIA"
292#define SSL_TXT_CHACHA20 "CHACHA20"
292 293
293#define SSL_TXT_MD5 "MD5" 294#define SSL_TXT_MD5 "MD5"
294#define SSL_TXT_SHA1 "SHA1" 295#define SSL_TXT_SHA1 "SHA1"
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 25291bfd4a..a89c8253c8 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.52 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.53 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -916,6 +916,11 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
916 *aead = EVP_aead_aes_256_gcm(); 916 *aead = EVP_aead_aes_256_gcm();
917 return 1; 917 return 1;
918#endif 918#endif
919#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
920 case SSL_CHACHA20POLY1305:
921 *aead = EVP_aead_chacha20_poly1305();
922 return 1;
923#endif
919 default: 924 default:
920 break; 925 break;
921 } 926 }
@@ -1617,7 +1622,11 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1617 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1622 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1618 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1623 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1619 1624
1620 /* AES is our preferred symmetric cipher */ 1625 /*
1626 * CHACHA20 is fast and safe on all hardware and is thus our preferred
1627 * symmetric cipher, with AES second.
1628 */
1629 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1621 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1630 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1622 1631
1623 /* Temporarily enable everything else for sorting */ 1632 /* Temporarily enable everything else for sorting */
@@ -1871,6 +1880,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1871 case SSL_SEED: 1880 case SSL_SEED:
1872 enc="SEED(128)"; 1881 enc="SEED(128)";
1873 break; 1882 break;
1883 case SSL_CHACHA20POLY1305:
1884 enc = "ChaCha20-Poly1305";
1885 break;
1874 default: 1886 default:
1875 enc="unknown"; 1887 enc="unknown";
1876 break; 1888 break;
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index ea5f8c3d4e..6ce2e17a15 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.50 2014/06/13 10:52:24 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.51 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -296,6 +296,7 @@
296#define SSL_SEED 0x00000800L 296#define SSL_SEED 0x00000800L
297#define SSL_AES128GCM 0x00001000L 297#define SSL_AES128GCM 0x00001000L
298#define SSL_AES256GCM 0x00002000L 298#define SSL_AES256GCM 0x00002000L
299#define SSL_CHACHA20POLY1305 0x00004000L
299 300
300#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) 301#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
301#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) 302#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
index dbe8979a88..3bbb2acc2f 100644
--- a/src/lib/libssl/src/ssl/tls1.h
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls1.h,v 1.18 2014/06/13 04:29:13 miod Exp $ */ 1/* $OpenBSD: tls1.h,v 1.19 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -479,7 +479,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
479#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 479#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
480 480
481/* ECDH HMAC based ciphersuites from RFC5289 */ 481/* ECDH HMAC based ciphersuites from RFC5289 */
482
483#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 482#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
484#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 483#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
485#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 484#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
@@ -499,6 +498,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
499#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 498#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
500#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 499#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
501 500
501/* ChaCha20-Poly1305 based ciphersuites. */
502#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CC13
503#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CC14
504#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CC15
505
502/* XXX 506/* XXX
503 * Inconsistency alert: 507 * Inconsistency alert:
504 * The OpenSSL names of ciphers with ephemeral DH here include the string 508 * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -650,6 +654,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
650#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" 654#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
651#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" 655#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
652 656
657/* ChaCha20-Poly1305 based ciphersuites. */
658#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305"
659#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
660#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
661
653#define TLS_CT_RSA_SIGN 1 662#define TLS_CT_RSA_SIGN 1
654#define TLS_CT_DSS_SIGN 2 663#define TLS_CT_DSS_SIGN 2
655#define TLS_CT_RSA_FIXED_DH 3 664#define TLS_CT_RSA_FIXED_DH 3
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 1a2bdf7628..3e09bd3521 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.55 2014/06/13 11:52:03 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.56 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -289,6 +289,7 @@ extern "C" {
289#define SSL_TXT_CAMELLIA128 "CAMELLIA128" 289#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
290#define SSL_TXT_CAMELLIA256 "CAMELLIA256" 290#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
291#define SSL_TXT_CAMELLIA "CAMELLIA" 291#define SSL_TXT_CAMELLIA "CAMELLIA"
292#define SSL_TXT_CHACHA20 "CHACHA20"
292 293
293#define SSL_TXT_MD5 "MD5" 294#define SSL_TXT_MD5 "MD5"
294#define SSL_TXT_SHA1 "SHA1" 295#define SSL_TXT_SHA1 "SHA1"
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 25291bfd4a..a89c8253c8 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.52 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.53 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -916,6 +916,11 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
916 *aead = EVP_aead_aes_256_gcm(); 916 *aead = EVP_aead_aes_256_gcm();
917 return 1; 917 return 1;
918#endif 918#endif
919#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
920 case SSL_CHACHA20POLY1305:
921 *aead = EVP_aead_chacha20_poly1305();
922 return 1;
923#endif
919 default: 924 default:
920 break; 925 break;
921 } 926 }
@@ -1617,7 +1622,11 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1617 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1622 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1618 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); 1623 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1619 1624
1620 /* AES is our preferred symmetric cipher */ 1625 /*
1626 * CHACHA20 is fast and safe on all hardware and is thus our preferred
1627 * symmetric cipher, with AES second.
1628 */
1629 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1621 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); 1630 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1622 1631
1623 /* Temporarily enable everything else for sorting */ 1632 /* Temporarily enable everything else for sorting */
@@ -1871,6 +1880,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1871 case SSL_SEED: 1880 case SSL_SEED:
1872 enc="SEED(128)"; 1881 enc="SEED(128)";
1873 break; 1882 break;
1883 case SSL_CHACHA20POLY1305:
1884 enc = "ChaCha20-Poly1305";
1885 break;
1874 default: 1886 default:
1875 enc="unknown"; 1887 enc="unknown";
1876 break; 1888 break;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index ea5f8c3d4e..6ce2e17a15 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.50 2014/06/13 10:52:24 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.51 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -296,6 +296,7 @@
296#define SSL_SEED 0x00000800L 296#define SSL_SEED 0x00000800L
297#define SSL_AES128GCM 0x00001000L 297#define SSL_AES128GCM 0x00001000L
298#define SSL_AES256GCM 0x00002000L 298#define SSL_AES256GCM 0x00002000L
299#define SSL_CHACHA20POLY1305 0x00004000L
299 300
300#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) 301#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
301#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) 302#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index dbe8979a88..3bbb2acc2f 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls1.h,v 1.18 2014/06/13 04:29:13 miod Exp $ */ 1/* $OpenBSD: tls1.h,v 1.19 2014/06/13 13:28:53 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -479,7 +479,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
479#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 479#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
480 480
481/* ECDH HMAC based ciphersuites from RFC5289 */ 481/* ECDH HMAC based ciphersuites from RFC5289 */
482
483#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 482#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
484#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 483#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
485#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 484#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
@@ -499,6 +498,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
499#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 498#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
500#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 499#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
501 500
501/* ChaCha20-Poly1305 based ciphersuites. */
502#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CC13
503#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CC14
504#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CC15
505
502/* XXX 506/* XXX
503 * Inconsistency alert: 507 * Inconsistency alert:
504 * The OpenSSL names of ciphers with ephemeral DH here include the string 508 * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -650,6 +654,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
650#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" 654#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
651#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" 655#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
652 656
657/* ChaCha20-Poly1305 based ciphersuites. */
658#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305"
659#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
660#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
661
653#define TLS_CT_RSA_SIGN 1 662#define TLS_CT_RSA_SIGN 1
654#define TLS_CT_DSS_SIGN 2 663#define TLS_CT_DSS_SIGN 2
655#define TLS_CT_RSA_FIXED_DH 3 664#define TLS_CT_RSA_FIXED_DH 3
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 23:02:23 +0000