From: Andy Polyakov Date: Wed, 9 Dec 2015 20:30:56 +0000 (+0100) Subject: crypto/evp: add e_chacha20_poly1305.c. X-Git-Tag: OpenSSL_1_1_0-pre1~17 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=bd989745b7a4796dceff89d93b6b7ac1561c6227;p=oweals%2Fopenssl.git crypto/evp: add e_chacha20_poly1305.c. Reviewed-by: Richard Levitte --- diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index dbaf58aba0..412015853d 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -26,7 +26,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c \ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ - e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c + e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ + e_chacha20_poly1305.c LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ @@ -39,7 +40,8 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o scrypt.o \ e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \ - e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o + e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o \ + e_chacha20_poly1305.o SRC= $(LIBSRC) @@ -248,6 +250,26 @@ e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_cast.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h e_cast.o: e_cast.c evp_locl.h +e_chacha20_poly1305.o: ../../e_os.h ../../include/openssl/asn1.h +e_chacha20_poly1305.o: ../../include/openssl/bio.h +e_chacha20_poly1305.o: ../../include/openssl/buffer.h +e_chacha20_poly1305.o: ../../include/openssl/crypto.h +e_chacha20_poly1305.o: ../../include/openssl/e_os2.h +e_chacha20_poly1305.o: ../../include/openssl/err.h ../../include/openssl/evp.h +e_chacha20_poly1305.o: ../../include/openssl/lhash.h +e_chacha20_poly1305.o: ../../include/openssl/obj_mac.h +e_chacha20_poly1305.o: ../../include/openssl/objects.h +e_chacha20_poly1305.o: ../../include/openssl/opensslconf.h +e_chacha20_poly1305.o: ../../include/openssl/opensslv.h +e_chacha20_poly1305.o: ../../include/openssl/ossl_typ.h +e_chacha20_poly1305.o: ../../include/openssl/safestack.h +e_chacha20_poly1305.o: ../../include/openssl/stack.h +e_chacha20_poly1305.o: ../../include/openssl/symhacks.h +e_chacha20_poly1305.o: ../include/internal/chacha.h +e_chacha20_poly1305.o: ../include/internal/cryptlib.h +e_chacha20_poly1305.o: ../include/internal/evp_int.h +e_chacha20_poly1305.o: ../include/internal/poly1305.h e_chacha20_poly1305.c +e_chacha20_poly1305.o: evp_locl.h e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c new file mode 100644 index 0000000000..bce247d7b5 --- /dev/null +++ b/crypto/evp/e_chacha20_poly1305.c @@ -0,0 +1,490 @@ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include "internal/cryptlib.h" + +#ifndef OPENSSL_NO_CHACHA + +# include +# include +# include "evp_locl.h" +# include "internal/evp_int.h" +# include "internal/chacha.h" + +typedef struct { + union { + double align; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */ + unsigned int d[CHACHA_KEY_SIZE / 4]; + } key; + unsigned int counter[CHACHA_CTR_SIZE / 4]; + unsigned char buf[CHACHA_BLK_SIZE]; + unsigned int partial_len; +} EVP_CHACHA_KEY; + +#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) + +static int chacha_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char user_key[CHACHA_KEY_SIZE], + const unsigned char iv[CHACHA_CTR_SIZE], int enc) +{ + EVP_CHACHA_KEY *key = data(ctx); + unsigned int i; + + if (user_key) + for (i = 0; i < CHACHA_KEY_SIZE; i+=4) { + key->key.d[i/4] = CHACHA_U8TOU32(user_key+i); + } + + if (iv) + for (i = 0; i < CHACHA_CTR_SIZE; i+=4) { + key->counter[i/4] = CHACHA_U8TOU32(iv+i); + } + + key->partial_len = 0; + + return 1; +} + +static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, + const unsigned char *inp, size_t len) +{ + EVP_CHACHA_KEY *key = data(ctx); + unsigned int n, rem, ctr32; + + if ((n = key->partial_len)) { + while (len && n < CHACHA_BLK_SIZE) { + *out++ = *inp++ ^ key->buf[n++]; + len--; + } + key->partial_len = n; + + if (len == 0) + return 1; + + if (n == CHACHA_BLK_SIZE) { + key->partial_len = 0; + key->counter[0]++; + if (key->counter[0] == 0) + key->counter[1]++; + } + } + + rem = (unsigned int)(len % CHACHA_BLK_SIZE); + len -= rem; + ctr32 = key->counter[0]; + while (len >= CHACHA_BLK_SIZE) { + size_t blocks = len / CHACHA_BLK_SIZE; + /* + * 1<<28 is just a not-so-small yet not-so-large number... + * Below condition is practically never met, but it has to + * be checked for code correctness. + */ + if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28)) + blocks = (1U<<28); + + /* + * As ChaCha20_ctr32 operates on 32-bit counter, caller + * has to handle overflow. 'if' below detects the + * overflow, which is then handled by limiting the + * amount of blocks to the exact overflow point... + */ + ctr32 += (unsigned int)blocks; + if (ctr32 < blocks) { + blocks -= ctr32; + ctr32 = 0; + } + blocks *= CHACHA_BLK_SIZE; + ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter); + len -= blocks; + inp += blocks; + out += blocks; + + key->counter[0] = ctr32; + if (ctr32 == 0) key->counter[1]++; + } + + if (rem) { + memset(key->buf, 0, sizeof(key->buf)); + ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE, + key->key.d, key->counter); + for (n = 0; n < rem; n++) + out[n] = inp[n] ^ key->buf[n]; + key->partial_len = rem; + } + + return 1; +} + +static const EVP_CIPHER chacha20 = { + NID_chacha20, + 1, /* block_size */ + CHACHA_KEY_SIZE, /* key_len */ + CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */ + 0, /* flags */ + chacha_init_key, + chacha_cipher, + NULL, + sizeof(EVP_CHACHA_KEY), + NULL, + NULL, + NULL, + NULL +}; + +const EVP_CIPHER *EVP_chacha20(void) +{ + return (&chacha20); +} + +# ifndef OPENSSL_NO_POLY1305 +# include "internal/poly1305.h" + +typedef struct { + EVP_CHACHA_KEY key; + unsigned int nonce[12/4]; + unsigned char tag[POLY1305_BLOCK_SIZE]; + struct { uint64_t aad, text; } len; + int aad, mac_inited, tag_len, nonce_len; + size_t tls_payload_length; +} EVP_CHACHA_AEAD_CTX; + +# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1) +# define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data) +# define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1)) + +static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *inkey, + const unsigned char *iv, int enc) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + unsigned char temp[CHACHA_CTR_SIZE]; + + if (!inkey && !iv) + return 1; + + actx->len.aad = 0; + actx->len.text = 0; + actx->aad = 0; + actx->mac_inited = 0; + actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + + /* pad on the left */ + memset(temp, 0, sizeof(temp)); + if (actx->nonce_len <= CHACHA_CTR_SIZE) + memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); + + chacha_init_key(ctx, inkey, temp, enc); + + actx->nonce[0] = actx->key.counter[1]; + actx->nonce[1] = actx->key.counter[2]; + actx->nonce[2] = actx->key.counter[3]; + + return 1; +} + +static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + size_t rem, plen = actx->tls_payload_length; + static const unsigned char zero[POLY1305_BLOCK_SIZE] = { 0 }; + + if (!actx->mac_inited) { + actx->key.counter[0] = 0; + memset(actx->key.buf, 0, sizeof(actx->key.buf)); + ChaCha20_ctr32(actx->key.buf, actx->key.buf, CHACHA_BLK_SIZE, + actx->key.key.d, actx->key.counter); + Poly1305_Init(POLY1305_ctx(actx), actx->key.buf); + actx->key.counter[0] = 1; + actx->mac_inited = 1; + } + + if (in) { /* aad or text */ + if (out == NULL) { /* aad */ + Poly1305_Update(POLY1305_ctx(actx), in, len); + actx->len.aad += len; + actx->aad = 1; + return len; + } else { /* plain- or ciphertext */ + if (actx->aad) { /* wrap up aad */ + if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) + Poly1305_Update(POLY1305_ctx(actx), zero, + POLY1305_BLOCK_SIZE - rem); + actx->aad = 0; + } + + actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + if (plen == NO_TLS_PAYLOAD_LENGTH) + plen = len; + else if (len != plen + POLY1305_BLOCK_SIZE) + return -1; + + if (ctx->encrypt) { /* plaintext */ + chacha_cipher(ctx, out, in, plen); + Poly1305_Update(POLY1305_ctx(actx), out, plen); + in += plen; + out += plen; + actx->len.text += plen; + } else { /* ciphertext */ + Poly1305_Update(POLY1305_ctx(actx), in, plen); + chacha_cipher(ctx, out, in, plen); + in += plen; + out += plen; + actx->len.text += plen; + } + } + } + if (in == NULL /* explicit final */ + || plen != len) { /* or tls mode */ + const union { + long one; + char little; + } is_endian = { 1 }; + unsigned char temp[POLY1305_BLOCK_SIZE]; + + if (actx->aad) { /* wrap up aad */ + if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) + Poly1305_Update(POLY1305_ctx(actx), zero, + POLY1305_BLOCK_SIZE - rem); + actx->aad = 0; + } + + if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE)) + Poly1305_Update(POLY1305_ctx(actx), zero, + POLY1305_BLOCK_SIZE - rem); + + if (is_endian.little) { + Poly1305_Update(POLY1305_ctx(actx), + (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); + } else { + temp[0] = (unsigned char)(actx->len.aad); + temp[1] = (unsigned char)(actx->len.aad>>8); + temp[2] = (unsigned char)(actx->len.aad>>16); + temp[3] = (unsigned char)(actx->len.aad>>24); + temp[4] = (unsigned char)(actx->len.aad>>32); + temp[5] = (unsigned char)(actx->len.aad>>40); + temp[6] = (unsigned char)(actx->len.aad>>48); + temp[7] = (unsigned char)(actx->len.aad>>56); + + temp[8] = (unsigned char)(actx->len.text); + temp[9] = (unsigned char)(actx->len.text>>8); + temp[10] = (unsigned char)(actx->len.text>>16); + temp[11] = (unsigned char)(actx->len.text>>24); + temp[12] = (unsigned char)(actx->len.text>>32); + temp[13] = (unsigned char)(actx->len.text>>40); + temp[14] = (unsigned char)(actx->len.text>>48); + temp[15] = (unsigned char)(actx->len.text>>56); + + Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE); + } + Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag + : temp); + actx->mac_inited = 0; + + if (in != NULL && len != plen) { /* tls mode */ + if (ctx->encrypt) { + memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); + } else { + if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) { + memset(out, 0, plen); + return -1; + } + } + } + else if (!ctx->encrypt) { + if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len)) + return -1; + } + } + return len; +} + +static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + if (actx) + OPENSSL_cleanse(ctx->cipher_data, sizeof(*ctx) + Poly1305_ctx_size()); + return 1; +} + +static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + + switch(type) { + case EVP_CTRL_INIT: + if (actx == NULL) + actx = ctx->cipher_data + = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size()); + if (actx == NULL) { + EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR); + return 0; + } + actx->len.aad = 0; + actx->len.text = 0; + actx->aad = 0; + actx->mac_inited = 0; + actx->tag_len = 0; + actx->nonce_len = 12; + actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + return 1; + + case EVP_CTRL_COPY: + if (actx) { + if ((((EVP_CIPHER_CTX *)ptr)->cipher_data = + BUF_memdup(actx,sizeof(*actx) + Poly1305_ctx_size())) + == NULL) { + EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR); + return 0; + } + } + return 1; + + case EVP_CTRL_AEAD_SET_IVLEN: + if (arg <= 0 || arg > CHACHA_CTR_SIZE) + return 0; + actx->nonce_len = arg; + return 1; + + case EVP_CTRL_AEAD_SET_IV_FIXED: + if (arg != 12) + return 0; + actx->nonce[0] = actx->key.counter[1] + = CHACHA_U8TOU32((unsigned char *)ptr); + actx->nonce[1] = actx->key.counter[2] + = CHACHA_U8TOU32((unsigned char *)ptr+4); + actx->nonce[2] = actx->key.counter[3] + = CHACHA_U8TOU32((unsigned char *)ptr+8); + return 1; + + case EVP_CTRL_AEAD_SET_TAG: + if (arg <= 0 || arg > POLY1305_BLOCK_SIZE) + return 0; + if (ptr != NULL) { + memcpy(actx->tag, ptr, arg); + actx->tag_len = arg; + } + return 1; + + case EVP_CTRL_AEAD_GET_TAG: + if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt) + return 0; + memcpy(ptr, actx->tag, arg); + return 1; + + case EVP_CTRL_AEAD_TLS1_AAD: + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return 0; + { + unsigned int len; + unsigned char temp[POLY1305_BLOCK_SIZE]; + + /* + * compose padded aad + */ + memset(temp, 0, sizeof(temp)); + memcpy(temp, ptr, EVP_AEAD_TLS1_AAD_LEN); + + len = temp[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | + temp[EVP_AEAD_TLS1_AAD_LEN - 1]; + if (!ctx->encrypt) { + len -= POLY1305_BLOCK_SIZE; /* discount attached tag */ + temp[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); + temp[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; + } + actx->tls_payload_length = len; + + /* + * merge record sequence number as per + * draft-ietf-tls-chacha20-poly1305-03 + */ + actx->key.counter[1] = actx->nonce[0]; + actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(temp); + actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(temp+4); + actx->mac_inited = 0; + chacha20_poly1305_cipher(ctx, NULL, temp, POLY1305_BLOCK_SIZE); + return POLY1305_BLOCK_SIZE; /* tag length */ + } + + case EVP_CTRL_AEAD_SET_MAC_KEY: + /* no-op */ + return 1; + + default: + return -1; + } +} + +static EVP_CIPHER chacha20_poly1305 = { + NID_chacha20_poly1305, + 1, /* block_size */ + CHACHA_KEY_SIZE, /* key_len */ + 12, /* iv_len, 96-bit nonce in the context */ + EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | + EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER, + chacha20_poly1305_init_key, + chacha20_poly1305_cipher, + chacha20_poly1305_cleanup, + 0, /* 0 moves context-specific structure allocation to ctrl */ + NULL, /* set_asn1_parameters */ + NULL, /* get_asn1_parameters */ + chacha20_poly1305_ctrl, + NULL /* app_data */ +}; + +const EVP_CIPHER *EVP_chacha20_poly1305(void) +{ + return(&chacha20_poly1305); +} +# endif +#endif diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index e63b9a037d..94e32b5f89 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -78,6 +78,7 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, + {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"}, {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, @@ -167,10 +168,10 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"}, {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), - "camellia key setup failed"}, + {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"}, + {ERR_REASON(EVP_R_COPY_ERROR), "copy error"}, {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), "ctrl operation not implemented"}, @@ -190,8 +191,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, - {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), - "illegal scrypt parameters"}, + {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), "illegal scrypt parameters"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, @@ -217,8 +217,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, - {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), - "pkcs8 unknown broken type"}, + {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, diff --git a/include/openssl/evp.h b/include/openssl/evp.h index bc9fc8b7e3..969a0fa9d5 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -911,6 +911,12 @@ const EVP_CIPHER *EVP_camellia_256_cfb128(void); const EVP_CIPHER *EVP_camellia_256_ofb(void); const EVP_CIPHER *EVP_camellia_256_ctr(void); # endif +# ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +# ifndef OPENSSL_NO_POLY1305 +const EVP_CIPHER *EVP_chacha20_poly1305(void); +# endif +# endif # ifndef OPENSSL_NO_SEED const EVP_CIPHER *EVP_seed_ecb(void); @@ -1513,6 +1519,7 @@ void ERR_load_EVP_strings(void); # define EVP_F_AES_XTS_CIPHER 175 # define EVP_F_ALG_MODULE_INIT 177 # define EVP_F_CAMELLIA_INIT_KEY 159 +# define EVP_F_CHACHA20_POLY1305_CTRL 182 # define EVP_F_CMAC_INIT 173 # define EVP_F_CMLL_T4_INIT_KEY 179 # define EVP_F_D2I_PKEY 100 @@ -1600,6 +1607,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 # define EVP_R_CIPHER_PARAMETER_ERROR 122 # define EVP_R_COMMAND_NOT_SUPPORTED 147 +# define EVP_R_COPY_ERROR 173 # define EVP_R_CTRL_NOT_IMPLEMENTED 132 # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138