diff options
author | John Baldwin <jhb@FreeBSD.org> | 2020-12-23 14:09:51 -0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-02-04 11:06:13 +0100 |
commit | 77f3936928068bee9d7e0c6939709ac179cb1059 (patch) | |
tree | d0a7cb083855c2f9aaeb8d8c0e1197af83e75271 /ssl | |
parent | 8e012cdc896ec6a98b45119b127b230cbbb6e93b (diff) | |
download | openssl-77f3936928068bee9d7e0c6939709ac179cb1059.tar.gz |
Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD.
FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13752)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ktls.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ssl/ktls.c b/ssl/ktls.c index 79d980959e..fd0a903878 100644 --- a/ssl/ktls.c +++ b/ssl/ktls.c @@ -37,6 +37,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, case SSL_AES128GCM: case SSL_AES256GCM: return 1; +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + case SSL_CHACHA20POLY1305: + return 1; +# endif case SSL_AES128: case SSL_AES256: if (s->ext.use_etm) @@ -71,6 +75,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, else crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + case SSL_CHACHA20POLY1305: + crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305; + crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); + break; +# endif case SSL_AES128: case SSL_AES256: switch (s->s3.tmp.new_cipher->algorithm_mac) { |