Date: Tue, 17 Aug 2021 21:45:57 GMT From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 63c6d3e283eb - main - OpenSSL: ktls: Initial support for ChaCha20-Poly1305 Message-ID: <202108172145.17HLjvHo017744@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=63c6d3e283eb01d32f54e2a153e6719d19e4a80d commit 63c6d3e283eb01d32f54e2a153e6719d19e4a80d Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2021-08-17 21:38:47 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2021-08-17 21:41:19 +0000 OpenSSL: ktls: Initial support for ChaCha20-Poly1305 Linux kernel is going to support ChaCha20-Poly1305 in TLS offload. Add support for this cipher. Reviewed by: jkim Obtained from: OpenSSL (3aa7212e0a4fd1533c8a28b8587dd8b022f3a66f) MFC after: 5 days Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D31439 --- crypto/openssl/include/internal/ktls.h | 8 ++++++++ crypto/openssl/ssl/ktls.c | 21 ++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/crypto/openssl/include/internal/ktls.h b/crypto/openssl/include/internal/ktls.h index 622d7be76d1e..393794298ccd 100644 --- a/crypto/openssl/include/internal/ktls.h +++ b/crypto/openssl/include/internal/ktls.h @@ -219,6 +219,11 @@ static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, # define OPENSSL_KTLS_TLS13 # if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) # define OPENSSL_KTLS_AES_CCM_128 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0) +# ifndef OPENSSL_NO_CHACHA +# define OPENSSL_KTLS_CHACHA20_POLY1305 +# endif +# endif # endif # endif @@ -251,6 +256,9 @@ struct tls_crypto_info_all { # endif # ifdef OPENSSL_KTLS_AES_CCM_128 struct tls12_crypto_info_aes_ccm_128 ccm128; +# endif +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + struct tls12_crypto_info_chacha20_poly1305 chacha20poly1305; # endif }; size_t tls_crypto_info_len; diff --git a/crypto/openssl/ssl/ktls.c b/crypto/openssl/ssl/ktls.c index 7123ecac0051..f82946b260ab 100644 --- a/crypto/openssl/ssl/ktls.c +++ b/crypto/openssl/ssl/ktls.c @@ -126,7 +126,9 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, return 0; } - /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 */ + /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 + * or Chacha20-Poly1305 + */ switch (EVP_CIPHER_nid(c)) { # ifdef OPENSSL_KTLS_AES_CCM_128 @@ -139,6 +141,9 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, # endif # ifdef OPENSSL_KTLS_AES_GCM_256 case NID_aes_256_gcm: +# endif +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + case NID_chacha20_poly1305: # endif return 1; default: @@ -211,6 +216,20 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, if (rec_seq != NULL) *rec_seq = crypto_info->ccm128.rec_seq; return 1; +# endif +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + case NID_chacha20_poly1305: + crypto_info->chacha20poly1305.info.cipher_type = TLS_CIPHER_CHACHA20_POLY1305; + crypto_info->chacha20poly1305.info.version = s->version; + crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305); + memcpy(crypto_info->chacha20poly1305.iv, iiv, + TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE); + memcpy(crypto_info->chacha20poly1305.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence, + TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); + if (rec_seq != NULL) + *rec_seq = crypto_info->chacha20poly1305.rec_seq; + return 1; # endif default: return 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108172145.17HLjvHo017744>