diff options
-rw-r--r-- | include/internal/ktls.h | 5 | ||||
-rw-r--r-- | ssl/ktls.c | 10 |
2 files changed, 15 insertions, 0 deletions
diff --git a/include/internal/ktls.h b/include/internal/ktls.h index 95492fd065..3c82cae26b 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -40,6 +40,11 @@ # define OPENSSL_KTLS_AES_GCM_128 # define OPENSSL_KTLS_AES_GCM_256 # define OPENSSL_KTLS_TLS13 +# ifdef TLS_CHACHA20_IV_LEN +# ifndef OPENSSL_NO_CHACHA +# define OPENSSL_KTLS_CHACHA20_POLY1305 +# endif +# endif typedef struct tls_enable ktls_crypto_info_t; diff --git a/ssl/ktls.c b/ssl/ktls.c index 79d980959e..fd0a903878 100644 --- a/ssl/ktls.c +++ b/ssl/ktls.c @@ -37,6 +37,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, case SSL_AES128GCM: case SSL_AES256GCM: return 1; +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + case SSL_CHACHA20POLY1305: + return 1; +# endif case SSL_AES128: case SSL_AES256: if (s->ext.use_etm) @@ -71,6 +75,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, else crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + case SSL_CHACHA20POLY1305: + crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305; + crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); + break; +# endif case SSL_AES128: case SSL_AES256: switch (s->s3.tmp.new_cipher->algorithm_mac) { |