From 1c37fd96d89f95202f2e54db8d2834cbf1fd8b88 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Mon, 28 Dec 2015 09:41:52 -0500 Subject: [PATCH] Add CHACHA20 alias for ciphers. Update ciphers documentation as well (based on -04 rev of ID). Signed-off-by: Kurt Roeckx Reviewed-by: Rich Salz RT: #4206, GH: #642 --- doc/apps/ciphers.pod | 14 ++++++++++++++ ssl/ssl_ciph.c | 4 ++-- ssl/ssl_locl.h | 1 + 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 066f1e6349..e3fa4c04b0 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -280,6 +280,10 @@ while B only references 8 octet ICV. cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit CAMELLIA. +=item B + +cipher suites using ChaCha20. + =item B<3DES> cipher suites using triple DES. @@ -657,6 +661,16 @@ Note: these ciphers can also be used in SSL v3. DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 +=head2 ChaCha20-Poly1305 cipher suites from draft-ietf-tls-chacha20-poly1305-04, extending TLS v1.2 + + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305 + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + =head1 NOTES Some compiled versions of OpenSSL may not include all the ciphers diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index ecefc79b27..8843c41f28 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -375,8 +375,8 @@ static const SSL_CIPHER cipher_aliases[] = { 0, 0}, {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0, - 0, 0, 0}, + {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA, 0, 0, 0, 0, 0, 0}, + {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0 }, /* MAC aliases */ {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b505309375..f10570b50d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -364,6 +364,7 @@ # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) +# define SSL_CHACHA20 (SSL_CHACHA20POLY1305) /* Bits for algorithm_mac (symmetric authentication) */ -- 2.25.1