Date: Tue, 24 Aug 2021 01:01:51 GMT From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: b08bb7f8961d - stable/13 - OpenSSL: Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD. Message-ID: <202108240101.17O11p86026351@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=b08bb7f8961d1df15b41754a454d45aa333bb118 commit b08bb7f8961d1df15b41754a454d45aa333bb118 Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2021-08-17 21:40:16 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2021-08-24 00:59:35 +0000 OpenSSL: Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD. FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3. NB: This commit has not yet been merged upstream as it is deemed a new feature and did not make the feature freeze cutoff for OpenSSL 3.0. Reviewed by: jkim Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D31443 (cherry picked from commit 6372fd253e3266c6eb271f49159f1632d527c9bd) --- crypto/openssl/include/internal/ktls.h | 5 +++++ crypto/openssl/ssl/ktls.c | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/crypto/openssl/include/internal/ktls.h b/crypto/openssl/include/internal/ktls.h index e824cf3f3f92..5f9e3f91edb2 100644 --- a/crypto/openssl/include/internal/ktls.h +++ b/crypto/openssl/include/internal/ktls.h @@ -38,6 +38,11 @@ # define OPENSSL_KTLS_AES_GCM_128 # define OPENSSL_KTLS_AES_GCM_256 # define OPENSSL_KTLS_TLS13 +# ifdef TLS_CHACHA20_IV_LEN +# ifndef OPENSSL_NO_CHACHA +# define OPENSSL_KTLS_CHACHA20_POLY1305 +# endif +# endif typedef struct tls_enable ktls_crypto_info_t; diff --git a/crypto/openssl/ssl/ktls.c b/crypto/openssl/ssl/ktls.c index 47328a7c7c73..c7a440b79bd2 100644 --- a/crypto/openssl/ssl/ktls.c +++ b/crypto/openssl/ssl/ktls.c @@ -37,6 +37,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, case SSL_AES128GCM: case SSL_AES256GCM: return 1; +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + case SSL_CHACHA20POLY1305: + return 1; +# endif case SSL_AES128: case SSL_AES256: if (s->ext.use_etm) @@ -71,6 +75,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, else crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + case SSL_CHACHA20POLY1305: + crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305; + crypto_info->iv_len = EVP_CIPHER_CTX_iv_length(dd); + break; +# endif case SSL_AES128: case SSL_AES256: switch (s->s3->tmp.new_cipher->algorithm_mac) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108240101.17O11p86026351>