From nobody Wed Oct 25 00:41:45 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SFVVf1tY7z4xlCb;
	Wed, 25 Oct 2023 00:41:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SFVVf1T72z3Ryj;
	Wed, 25 Oct 2023 00:41:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1698194506;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2TKHeixftVLNGWDMuE0c1tBXhaOlv4blD7gnTW+u0VI=;
	b=XXVO0+aLxetvlcNoKZSjfAa0+/deKFbB2nkwcFgiwsR67mV5wUQ26XGBEQ3d76TBf0NJtA
	iVelQBB+0bcGWqub5+Iht8xnvMYOfy6Q6k+L+5xEEG/vMeU6iQkt4nCJdk/CFWEMWGFrXt
	GGC7NlKPY2B2HacJKtvF5Rold3CBMJDujmlLEaAo7FOokeabNH/iTbbSeFf5+LNE1WWOwR
	K4Q0isb7vj1MGdXe4WIsDp4rOpt1nPpW0bw9tIHL7kOGr6lJSbD/8MtMMJbA4VawinIKMr
	xCOsz0gJ+AYXsP8cO74tlCbrm+kIZUHWgxD4ndzBUbn3rwXjvAzf8IRiO4Zt3A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698194506; a=rsa-sha256; cv=none;
	b=KI8xsBX4SgYGmaiVxAUifOt591/+xpOZDnZ3cQM69xk5sWdcfKDofFdxZ0v+zKSJ6eJEJW
	fAJTGhrVlQhHi6lp6SmR6J8Cs846buJySRfEG1l8CKa3SwG3omtMkvomObwlrzz7bIxFki
	0qqUwvS2a86PuD6Sas18hu6EhA3B6B/iLfnWkpXvu70tpUfyLXDT6gF7l7UbmgRaeCVqj2
	5khjp4A+YDqmKjmoKAtBnjWnd0i9IMsg+7SDenGArKagoHda+EfgkYotQz1ZJt0TpigU0O
	8no38jCl3Cj6ndYZogf21AyeWaxLamJ4yBKHfJ5SoSGS3ZOMG7VMAYNY1ogkXQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1698194506;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2TKHeixftVLNGWDMuE0c1tBXhaOlv4blD7gnTW+u0VI=;
	b=PGePuRk7sEnQpub0RicbLPEuop8EpIAzaO7sc6k1OR9rgTXxsmPEOOvVTVHY+v2slWF6/u
	z2Pi9jBZMz1gM85KmD+uE8yBkg5U007J8iEXpl3Qladsi/FQKDtDO2CjUllskxTS4/PAAU
	LTQZQBAjRWz1RjDXzwZ0DtSHimuwtPElCEUJHSr9lS9Uq9FnD3xCucZWF5wQGYFVpMBuuK
	pboOhMeRJwTTNaSRsEmuNdF05FLR5u7w0KmArCqacvLsjXvcJZZTdOtFwm4B094IL87+aI
	DDfHIWtDsrFwPathvotLxfz9M/2I/M2ALcSoHUQ+AbgJguQTWh0uSHmoGFJIRQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SFVVf0JHxzkmV;
	Wed, 25 Oct 2023 00:41:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 39P0fjb9005714;
	Wed, 25 Oct 2023 00:41:45 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 39P0fjFu005711;
	Wed, 25 Oct 2023 00:41:45 GMT
	(envelope-from git)
Date: Wed, 25 Oct 2023 00:41:45 GMT
Message-Id: <202310250041.39P0fjFu005711@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: 1b098094f086 - releng/14.0 - Add support for
  Chacha20-Poly1305 to kernel TLS on FreeBSD.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/releng/14.0
X-Git-Reftype: branch
X-Git-Commit: 1b098094f08690b1567087cab92692866c1208b7
Auto-Submitted: auto-generated

The branch releng/14.0 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=1b098094f08690b1567087cab92692866c1208b7

commit 1b098094f08690b1567087cab92692866c1208b7
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2020-12-23 22:09:51 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2023-10-24 19:28:00 +0000

    Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD.
    
    FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.
    
    Obtained from:  OpenSSL commit 77f3936928068bee9d7e0c6939709ac179cb1059
    
    (cherry picked from commit 3de4f78d46c58f23017942967ec74cbc3d2e175d)
    (cherry picked from commit c8cf2d16139042dd9eb3ba0324c88c4cfffe7d93)
    
    Approved by:    re (gjb)
---
 crypto/openssl/include/internal/ktls.h |  5 +++++
 crypto/openssl/ssl/ktls.c              | 10 ++++++++++
 2 files changed, 15 insertions(+)

diff --git a/crypto/openssl/include/internal/ktls.h b/crypto/openssl/include/internal/ktls.h
index 95492fd0659f..3c82cae26b47 100644
--- a/crypto/openssl/include/internal/ktls.h
+++ b/crypto/openssl/include/internal/ktls.h
@@ -40,6 +40,11 @@
 #   define OPENSSL_KTLS_AES_GCM_128
 #   define OPENSSL_KTLS_AES_GCM_256
 #   define OPENSSL_KTLS_TLS13
+#   ifdef TLS_CHACHA20_IV_LEN
+#    ifndef OPENSSL_NO_CHACHA
+#     define OPENSSL_KTLS_CHACHA20_POLY1305
+#    endif
+#   endif
 
 typedef struct tls_enable ktls_crypto_info_t;
 
diff --git a/crypto/openssl/ssl/ktls.c b/crypto/openssl/ssl/ktls.c
index ddbfd1447c54..daa758294a4c 100644
--- a/crypto/openssl/ssl/ktls.c
+++ b/crypto/openssl/ssl/ktls.c
@@ -37,6 +37,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c,
     case SSL_AES128GCM:
     case SSL_AES256GCM:
         return 1;
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+    case SSL_CHACHA20POLY1305:
+        return 1;
+# endif
     case SSL_AES128:
     case SSL_AES256:
         if (s->ext.use_etm)
@@ -74,6 +78,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd,
         else
             crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
         break;
+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305
+    case SSL_CHACHA20POLY1305:
+        crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305;
+        crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd);
+        break;
+# endif
     case SSL_AES128:
     case SSL_AES256:
         switch (s->s3.tmp.new_cipher->algorithm_mac) {