6 files changed, 30 insertions, 30 deletions
diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c
index f512837c32..e5395ad8ca 100644
--- a/src/lib/libcrypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.13 2016/04/13 13:25:05 jsing Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.14 2016/04/28 16:06:53 jsing Exp $ */
 /*
 * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -32,7 +32,7 @@
 #include "evp_locl.h"
 #define POLY1305_TAG_LEN 16
-#define CHACHA20_NONCE_LEN 8
+#define CHACHA20_NONCE_LEN_OLD 8
 /*
 * The informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols",
@@ -42,7 +42,7 @@
 */
 #define CHACHA20_CONSTANT_LEN 4
 #define CHACHA20_IV_LEN 8
-#define CHACHA20_NONCE_LEN_IETF (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN)
+#define CHACHA20_NONCE_LEN (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN)
 struct aead_chacha20_poly1305_ctx {
        unsigned char key[32];
@@ -157,7 +157,7 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
                return 0;
        }
-        if (nonce_len == CHACHA20_NONCE_LEN) {
+        if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
                /* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */
                memset(poly1305_key, 0, sizeof(poly1305_key));
@@ -168,7 +168,7 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
                poly1305_update_with_length(&poly1305, ad, ad_len);
                CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
                poly1305_update_with_length(&poly1305, out, in_len);
-        } else if (nonce_len == CHACHA20_NONCE_LEN_IETF) {
+        } else if (nonce_len == CHACHA20_NONCE_LEN) {
                /* RFC 7539, May 2015 */
                ctr = (uint64_t)(nonce[0] | nonce[1] << 8 |
@@ -245,7 +245,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
                return 0;
        }
-        if (nonce_len == CHACHA20_NONCE_LEN) {
+        if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
                /* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */
                memset(poly1305_key, 0, sizeof(poly1305_key));
@@ -255,7 +255,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
                CRYPTO_poly1305_init(&poly1305, poly1305_key);
                poly1305_update_with_length(&poly1305, ad, ad_len);
                poly1305_update_with_length(&poly1305, in, plaintext_len);
-        } else if (nonce_len == CHACHA20_NONCE_LEN_IETF) {
+        } else if (nonce_len == CHACHA20_NONCE_LEN) {
                /* RFC 7539, May 2015 */
                ctr = (uint64_t)(nonce[0] | nonce[1] << 8 |
@@ -297,9 +297,9 @@ static const EVP_AEAD aead_chacha20_poly1305 = {
        .open = aead_chacha20_poly1305_open,
 };
-static const EVP_AEAD aead_chacha20_poly1305_ietf = {
+static const EVP_AEAD aead_chacha20_poly1305_old = {
        .key_len = 32,
-        .nonce_len = CHACHA20_NONCE_LEN_IETF,
+        .nonce_len = CHACHA20_NONCE_LEN_OLD,
        .overhead = POLY1305_TAG_LEN,
        .max_tag_len = POLY1305_TAG_LEN,
@@ -316,9 +316,9 @@ EVP_aead_chacha20_poly1305()
 }
 const EVP_AEAD *
-EVP_aead_chacha20_poly1305_ietf()
+EVP_aead_chacha20_poly1305_old()
 {
-        return &aead_chacha20_poly1305_ietf;
+        return &aead_chacha20_poly1305_old;
 }
 #endif  /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 1ec24879c0..a0adbece01 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.49 2015/11/02 15:40:53 reyk Exp $ */
+/* $OpenBSD: evp.h,v 1.50 2016/04/28 16:06:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1215,7 +1215,7 @@ const EVP_AEAD *EVP_aead_aes_256_gcm(void);
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
 /* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */
 const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
-const EVP_AEAD *EVP_aead_chacha20_poly1305_ietf(void);
+const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void);
 #endif
 /* EVP_AEAD_key_length returns the length of the keys used. */
diff --git a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
index f512837c32..e5395ad8ca 100644
--- a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
+++ b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_chacha20poly1305.c,v 1.13 2016/04/13 13:25:05 jsing Exp $ */
+/* $OpenBSD: e_chacha20poly1305.c,v 1.14 2016/04/28 16:06:53 jsing Exp $ */
 /*
 * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -32,7 +32,7 @@
 #include "evp_locl.h"
 #define POLY1305_TAG_LEN 16
-#define CHACHA20_NONCE_LEN 8
+#define CHACHA20_NONCE_LEN_OLD 8
 /*
 * The informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols",
@@ -42,7 +42,7 @@
 */
 #define CHACHA20_CONSTANT_LEN 4
 #define CHACHA20_IV_LEN 8
-#define CHACHA20_NONCE_LEN_IETF (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN)
+#define CHACHA20_NONCE_LEN (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN)
 struct aead_chacha20_poly1305_ctx {
        unsigned char key[32];
@@ -157,7 +157,7 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
                return 0;
        }
-        if (nonce_len == CHACHA20_NONCE_LEN) {
+        if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
                /* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */
                memset(poly1305_key, 0, sizeof(poly1305_key));
@@ -168,7 +168,7 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,
                poly1305_update_with_length(&poly1305, ad, ad_len);
                CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
                poly1305_update_with_length(&poly1305, out, in_len);
-        } else if (nonce_len == CHACHA20_NONCE_LEN_IETF) {
+        } else if (nonce_len == CHACHA20_NONCE_LEN) {
                /* RFC 7539, May 2015 */
                ctr = (uint64_t)(nonce[0] | nonce[1] << 8 |
@@ -245,7 +245,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
                return 0;
        }
-        if (nonce_len == CHACHA20_NONCE_LEN) {
+        if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
                /* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */
                memset(poly1305_key, 0, sizeof(poly1305_key));
@@ -255,7 +255,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,
                CRYPTO_poly1305_init(&poly1305, poly1305_key);
                poly1305_update_with_length(&poly1305, ad, ad_len);
                poly1305_update_with_length(&poly1305, in, plaintext_len);
-        } else if (nonce_len == CHACHA20_NONCE_LEN_IETF) {
+        } else if (nonce_len == CHACHA20_NONCE_LEN) {
                /* RFC 7539, May 2015 */
                ctr = (uint64_t)(nonce[0] | nonce[1] << 8 |
@@ -297,9 +297,9 @@ static const EVP_AEAD aead_chacha20_poly1305 = {
        .open = aead_chacha20_poly1305_open,
 };
-static const EVP_AEAD aead_chacha20_poly1305_ietf = {
+static const EVP_AEAD aead_chacha20_poly1305_old = {
        .key_len = 32,
-        .nonce_len = CHACHA20_NONCE_LEN_IETF,
+        .nonce_len = CHACHA20_NONCE_LEN_OLD,
        .overhead = POLY1305_TAG_LEN,
        .max_tag_len = POLY1305_TAG_LEN,
@@ -316,9 +316,9 @@ EVP_aead_chacha20_poly1305()
 }
 const EVP_AEAD *
-EVP_aead_chacha20_poly1305_ietf()
+EVP_aead_chacha20_poly1305_old()
 {
-        return &aead_chacha20_poly1305_ietf;
+        return &aead_chacha20_poly1305_old;
 }
 #endif  /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 1ec24879c0..a0adbece01 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.49 2015/11/02 15:40:53 reyk Exp $ */
+/* $OpenBSD: evp.h,v 1.50 2016/04/28 16:06:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1215,7 +1215,7 @@ const EVP_AEAD *EVP_aead_aes_256_gcm(void);
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
 /* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */
 const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
-const EVP_AEAD *EVP_aead_chacha20_poly1305_ietf(void);
+const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void);
 #endif
 /* EVP_AEAD_key_length returns the length of the keys used. */
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 05bfc47c1e..5d1d568ff8 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.84 2015/12/12 22:04:10 mmcc Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.85 2016/04/28 16:06:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -731,7 +731,7 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
 #endif
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
        case SSL_CHACHA20POLY1305:
-                *aead = EVP_aead_chacha20_poly1305();
+                *aead = EVP_aead_chacha20_poly1305_old();
                return 1;
 #endif
        default:
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 05bfc47c1e..5d1d568ff8 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.84 2015/12/12 22:04:10 mmcc Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.85 2016/04/28 16:06:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -731,7 +731,7 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
 #endif
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
        case SSL_CHACHA20POLY1305:
-                *aead = EVP_aead_chacha20_poly1305();
+                *aead = EVP_aead_chacha20_poly1305_old();
                return 1;
 #endif
        default:

diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c index f512837c32..e5395ad8ca 100644 --- a/src/lib/libcrypto/evp/e_chacha20poly1305.c +++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_chacha20poly1305.c,v 1.13 2016/04/13 13:25:05 jsing Exp $ */	1	/* $OpenBSD: e_chacha20poly1305.c,v 1.14 2016/04/28 16:06:53 jsing Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>	4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -32,7 +32,7 @@
32	#include "evp_locl.h"	32	#include "evp_locl.h"
33		33
34	#define POLY1305_TAG_LEN 16	34	#define POLY1305_TAG_LEN 16
35	#define CHACHA20_NONCE_LEN 8	35	#define CHACHA20_NONCE_LEN_OLD 8
36		36
37	/*	37	/*
38	* The informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols",	38	* The informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols",
@@ -42,7 +42,7 @@
42	*/	42	*/
43	#define CHACHA20_CONSTANT_LEN 4	43	#define CHACHA20_CONSTANT_LEN 4
44	#define CHACHA20_IV_LEN 8	44	#define CHACHA20_IV_LEN 8
45	#define CHACHA20_NONCE_LEN_IETF (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN)	45	#define CHACHA20_NONCE_LEN (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN)
46		46
47	struct aead_chacha20_poly1305_ctx {	47	struct aead_chacha20_poly1305_ctx {
48	unsigned char key[32];	48	unsigned char key[32];
@@ -157,7 +157,7 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX ctx, unsigned char out,
157	return 0;	157	return 0;
158	}	158	}
159		159
160	if (nonce_len == CHACHA20_NONCE_LEN) {	160	if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
161	/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */	161	/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */
162		162
163	memset(poly1305_key, 0, sizeof(poly1305_key));	163	memset(poly1305_key, 0, sizeof(poly1305_key));
@@ -168,7 +168,7 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX ctx, unsigned char out,
168	poly1305_update_with_length(&poly1305, ad, ad_len);	168	poly1305_update_with_length(&poly1305, ad, ad_len);
169	CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);	169	CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
170	poly1305_update_with_length(&poly1305, out, in_len);	170	poly1305_update_with_length(&poly1305, out, in_len);
171	} else if (nonce_len == CHACHA20_NONCE_LEN_IETF) {	171	} else if (nonce_len == CHACHA20_NONCE_LEN) {
172	/* RFC 7539, May 2015 */	172	/* RFC 7539, May 2015 */
173		173
174	ctr = (uint64_t)(nonce[0] \| nonce[1] << 8 \|	174	ctr = (uint64_t)(nonce[0] \| nonce[1] << 8 \|
@@ -245,7 +245,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
245	return 0;	245	return 0;
246	}	246	}
247		247
248	if (nonce_len == CHACHA20_NONCE_LEN) {	248	if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
249	/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */	249	/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */
250		250
251	memset(poly1305_key, 0, sizeof(poly1305_key));	251	memset(poly1305_key, 0, sizeof(poly1305_key));
@@ -255,7 +255,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
255	CRYPTO_poly1305_init(&poly1305, poly1305_key);	255	CRYPTO_poly1305_init(&poly1305, poly1305_key);
256	poly1305_update_with_length(&poly1305, ad, ad_len);	256	poly1305_update_with_length(&poly1305, ad, ad_len);
257	poly1305_update_with_length(&poly1305, in, plaintext_len);	257	poly1305_update_with_length(&poly1305, in, plaintext_len);
258	} else if (nonce_len == CHACHA20_NONCE_LEN_IETF) {	258	} else if (nonce_len == CHACHA20_NONCE_LEN) {
259	/* RFC 7539, May 2015 */	259	/* RFC 7539, May 2015 */
260		260
261	ctr = (uint64_t)(nonce[0] \| nonce[1] << 8 \|	261	ctr = (uint64_t)(nonce[0] \| nonce[1] << 8 \|
@@ -297,9 +297,9 @@ static const EVP_AEAD aead_chacha20_poly1305 = {
297	.open = aead_chacha20_poly1305_open,	297	.open = aead_chacha20_poly1305_open,
298	};	298	};
299		299
300	static const EVP_AEAD aead_chacha20_poly1305_ietf = {	300	static const EVP_AEAD aead_chacha20_poly1305_old = {
301	.key_len = 32,	301	.key_len = 32,
302	.nonce_len = CHACHA20_NONCE_LEN_IETF,	302	.nonce_len = CHACHA20_NONCE_LEN_OLD,
303	.overhead = POLY1305_TAG_LEN,	303	.overhead = POLY1305_TAG_LEN,
304	.max_tag_len = POLY1305_TAG_LEN,	304	.max_tag_len = POLY1305_TAG_LEN,
305		305
@@ -316,9 +316,9 @@ EVP_aead_chacha20_poly1305()
316	}	316	}
317		317
318	const EVP_AEAD *	318	const EVP_AEAD *
319	EVP_aead_chacha20_poly1305_ietf()	319	EVP_aead_chacha20_poly1305_old()
320	{	320	{
321	return &aead_chacha20_poly1305_ietf;	321	return &aead_chacha20_poly1305_old;
322	}	322	}
323		323
324	#endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */	324	#endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */


diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 1ec24879c0..a0adbece01 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp.h,v 1.49 2015/11/02 15:40:53 reyk Exp $ */	1	/* $OpenBSD: evp.h,v 1.50 2016/04/28 16:06:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1215,7 +1215,7 @@ const EVP_AEAD *EVP_aead_aes_256_gcm(void);
1215	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)	1215	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1216	/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */	1216	/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */
1217	const EVP_AEAD *EVP_aead_chacha20_poly1305(void);	1217	const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
1218	const EVP_AEAD *EVP_aead_chacha20_poly1305_ietf(void);	1218	const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void);
1219	#endif	1219	#endif
1220		1220
1221	/* EVP_AEAD_key_length returns the length of the keys used. */	1221	/* EVP_AEAD_key_length returns the length of the keys used. */


diff --git a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c index f512837c32..e5395ad8ca 100644 --- a/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c +++ b/src/lib/libssl/src/crypto/evp/e_chacha20poly1305.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_chacha20poly1305.c,v 1.13 2016/04/13 13:25:05 jsing Exp $ */	1	/* $OpenBSD: e_chacha20poly1305.c,v 1.14 2016/04/28 16:06:53 jsing Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>	4	* Copyright (c) 2015 Reyk Floter <reyk@openbsd.org>
@@ -32,7 +32,7 @@
32	#include "evp_locl.h"	32	#include "evp_locl.h"
33		33
34	#define POLY1305_TAG_LEN 16	34	#define POLY1305_TAG_LEN 16
35	#define CHACHA20_NONCE_LEN 8	35	#define CHACHA20_NONCE_LEN_OLD 8
36		36
37	/*	37	/*
38	* The informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols",	38	* The informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols",
@@ -42,7 +42,7 @@
42	*/	42	*/
43	#define CHACHA20_CONSTANT_LEN 4	43	#define CHACHA20_CONSTANT_LEN 4
44	#define CHACHA20_IV_LEN 8	44	#define CHACHA20_IV_LEN 8
45	#define CHACHA20_NONCE_LEN_IETF (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN)	45	#define CHACHA20_NONCE_LEN (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN)
46		46
47	struct aead_chacha20_poly1305_ctx {	47	struct aead_chacha20_poly1305_ctx {
48	unsigned char key[32];	48	unsigned char key[32];
@@ -157,7 +157,7 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX ctx, unsigned char out,
157	return 0;	157	return 0;
158	}	158	}
159		159
160	if (nonce_len == CHACHA20_NONCE_LEN) {	160	if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
161	/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */	161	/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */
162		162
163	memset(poly1305_key, 0, sizeof(poly1305_key));	163	memset(poly1305_key, 0, sizeof(poly1305_key));
@@ -168,7 +168,7 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX ctx, unsigned char out,
168	poly1305_update_with_length(&poly1305, ad, ad_len);	168	poly1305_update_with_length(&poly1305, ad, ad_len);
169	CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);	169	CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
170	poly1305_update_with_length(&poly1305, out, in_len);	170	poly1305_update_with_length(&poly1305, out, in_len);
171	} else if (nonce_len == CHACHA20_NONCE_LEN_IETF) {	171	} else if (nonce_len == CHACHA20_NONCE_LEN) {
172	/* RFC 7539, May 2015 */	172	/* RFC 7539, May 2015 */
173		173
174	ctr = (uint64_t)(nonce[0] \| nonce[1] << 8 \|	174	ctr = (uint64_t)(nonce[0] \| nonce[1] << 8 \|
@@ -245,7 +245,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
245	return 0;	245	return 0;
246	}	246	}
247		247
248	if (nonce_len == CHACHA20_NONCE_LEN) {	248	if (nonce_len == CHACHA20_NONCE_LEN_OLD) {
249	/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */	249	/* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */
250		250
251	memset(poly1305_key, 0, sizeof(poly1305_key));	251	memset(poly1305_key, 0, sizeof(poly1305_key));
@@ -255,7 +255,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX ctx, unsigned char out,
255	CRYPTO_poly1305_init(&poly1305, poly1305_key);	255	CRYPTO_poly1305_init(&poly1305, poly1305_key);
256	poly1305_update_with_length(&poly1305, ad, ad_len);	256	poly1305_update_with_length(&poly1305, ad, ad_len);
257	poly1305_update_with_length(&poly1305, in, plaintext_len);	257	poly1305_update_with_length(&poly1305, in, plaintext_len);
258	} else if (nonce_len == CHACHA20_NONCE_LEN_IETF) {	258	} else if (nonce_len == CHACHA20_NONCE_LEN) {
259	/* RFC 7539, May 2015 */	259	/* RFC 7539, May 2015 */
260		260
261	ctr = (uint64_t)(nonce[0] \| nonce[1] << 8 \|	261	ctr = (uint64_t)(nonce[0] \| nonce[1] << 8 \|
@@ -297,9 +297,9 @@ static const EVP_AEAD aead_chacha20_poly1305 = {
297	.open = aead_chacha20_poly1305_open,	297	.open = aead_chacha20_poly1305_open,
298	};	298	};
299		299
300	static const EVP_AEAD aead_chacha20_poly1305_ietf = {	300	static const EVP_AEAD aead_chacha20_poly1305_old = {
301	.key_len = 32,	301	.key_len = 32,
302	.nonce_len = CHACHA20_NONCE_LEN_IETF,	302	.nonce_len = CHACHA20_NONCE_LEN_OLD,
303	.overhead = POLY1305_TAG_LEN,	303	.overhead = POLY1305_TAG_LEN,
304	.max_tag_len = POLY1305_TAG_LEN,	304	.max_tag_len = POLY1305_TAG_LEN,
305		305
@@ -316,9 +316,9 @@ EVP_aead_chacha20_poly1305()
316	}	316	}
317		317
318	const EVP_AEAD *	318	const EVP_AEAD *
319	EVP_aead_chacha20_poly1305_ietf()	319	EVP_aead_chacha20_poly1305_old()
320	{	320	{
321	return &aead_chacha20_poly1305_ietf;	321	return &aead_chacha20_poly1305_old;
322	}	322	}
323		323
324	#endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */	324	#endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */


diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h index 1ec24879c0..a0adbece01 100644 --- a/src/lib/libssl/src/crypto/evp/evp.h +++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp.h,v 1.49 2015/11/02 15:40:53 reyk Exp $ */	1	/* $OpenBSD: evp.h,v 1.50 2016/04/28 16:06:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1215,7 +1215,7 @@ const EVP_AEAD *EVP_aead_aes_256_gcm(void);
1215	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)	1215	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1216	/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */	1216	/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */
1217	const EVP_AEAD *EVP_aead_chacha20_poly1305(void);	1217	const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
1218	const EVP_AEAD *EVP_aead_chacha20_poly1305_ietf(void);	1218	const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void);
1219	#endif	1219	#endif
1220		1220
1221	/* EVP_AEAD_key_length returns the length of the keys used. */	1221	/* EVP_AEAD_key_length returns the length of the keys used. */


diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index 05bfc47c1e..5d1d568ff8 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_ciph.c,v 1.84 2015/12/12 22:04:10 mmcc Exp $ */	1	/* $OpenBSD: ssl_ciph.c,v 1.85 2016/04/28 16:06:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -731,7 +731,7 @@ ssl_cipher_get_evp_aead(const SSL_SESSION s, const EVP_AEAD *aead)
731	#endif	731	#endif
732	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)	732	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
733	case SSL_CHACHA20POLY1305:	733	case SSL_CHACHA20POLY1305:
734	*aead = EVP_aead_chacha20_poly1305();	734	*aead = EVP_aead_chacha20_poly1305_old();
735	return 1;	735	return 1;
736	#endif	736	#endif
737	default:	737	default:


diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 05bfc47c1e..5d1d568ff8 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_ciph.c,v 1.84 2015/12/12 22:04:10 mmcc Exp $ */	1	/* $OpenBSD: ssl_ciph.c,v 1.85 2016/04/28 16:06:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -731,7 +731,7 @@ ssl_cipher_get_evp_aead(const SSL_SESSION s, const EVP_AEAD *aead)
731	#endif	731	#endif
732	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)	732	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
733	case SSL_CHACHA20POLY1305:	733	case SSL_CHACHA20POLY1305:
734	*aead = EVP_aead_chacha20_poly1305();	734	*aead = EVP_aead_chacha20_poly1305_old();
735	return 1;	735	return 1;
736	#endif	736	#endif
737	default:	737	default: