diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2017-08-28 17:48:03 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-08-28 17:48:03 +0000 |
| commit | a9c20712d29b7e33fd4197646cc6a43e52b6ab02 (patch) | |
| tree | 3a529c1536a9cabbd9730582f0e06f67638d7a97 /lib | |
| parent | c13aa9221f111000ae8d40e2f317d3c7ab342d9a (diff) | |
Remove EVP_aead_chacha20_poly1305_old() now that the original/old
chacha20-poly1305 cipher suites have been removed from libssl.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/Symbols.list | 1 | ||||
| -rw-r--r-- | lib/libcrypto/evp/e_chacha20poly1305.c | 107 | ||||
| -rw-r--r-- | lib/libcrypto/evp/evp.h | 3 |
3 files changed, 28 insertions, 83 deletions
diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index 53aa96939a8..d8e38c8f044 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -1401,7 +1401,6 @@ EVP_add_digest EVP_aead_aes_128_gcm EVP_aead_aes_256_gcm EVP_aead_chacha20_poly1305 -EVP_aead_chacha20_poly1305_old EVP_aes_128_cbc EVP_aes_128_cbc_hmac_sha1 EVP_aes_128_ccm diff --git a/lib/libcrypto/evp/e_chacha20poly1305.c b/lib/libcrypto/evp/e_chacha20poly1305.c index b709c24270b..089ef12fb3e 100644 --- a/lib/libcrypto/evp/e_chacha20poly1305.c +++ b/lib/libcrypto/evp/e_chacha20poly1305.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_chacha20poly1305.c,v 1.17 2017/05/11 02:26:39 jsg Exp $ */ +/* $OpenBSD: e_chacha20poly1305.c,v 1.18 2017/08/28 17:48:02 jsing Exp $ */ /* * Copyright (c) 2015 Reyk Floter <reyk@openbsd.org> @@ -32,14 +32,7 @@ #include "evp_locl.h" #define POLY1305_TAG_LEN 16 -#define CHACHA20_NONCE_LEN_OLD 8 -/* - * The informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols", - * introduced a modified AEAD construction that is incompatible with the - * common style that has been already used in TLS. The IETF version also - * adds a constant (salt) that is prepended to the nonce. - */ #define CHACHA20_CONSTANT_LEN 4 #define CHACHA20_IV_LEN 8 #define CHACHA20_NONCE_LEN (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN) @@ -155,35 +148,20 @@ aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, return 0; } - if (nonce_len == CHACHA20_NONCE_LEN_OLD) { - /* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */ - - memset(poly1305_key, 0, sizeof(poly1305_key)); - CRYPTO_chacha_20(poly1305_key, poly1305_key, - sizeof(poly1305_key), c20_ctx->key, nonce, 0); - - CRYPTO_poly1305_init(&poly1305, poly1305_key); - poly1305_update_with_length(&poly1305, ad, ad_len); - CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1); - poly1305_update_with_length(&poly1305, out, in_len); - } else if (nonce_len == CHACHA20_NONCE_LEN) { - /* RFC 7539, May 2015 */ - - ctr = (uint64_t)(nonce[0] | nonce[1] << 8 | - nonce[2] << 16 | nonce[3] << 24) << 32; - iv = nonce + CHACHA20_CONSTANT_LEN; - - memset(poly1305_key, 0, sizeof(poly1305_key)); - CRYPTO_chacha_20(poly1305_key, poly1305_key, - sizeof(poly1305_key), c20_ctx->key, iv, ctr); - - CRYPTO_poly1305_init(&poly1305, poly1305_key); - poly1305_update_with_pad16(&poly1305, ad, ad_len); - CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, iv, ctr + 1); - poly1305_update_with_pad16(&poly1305, out, in_len); - poly1305_update_with_length(&poly1305, NULL, ad_len); - poly1305_update_with_length(&poly1305, NULL, in_len); - } + ctr = (uint64_t)(nonce[0] | nonce[1] << 8 | + nonce[2] << 16 | nonce[3] << 24) << 32; + iv = nonce + CHACHA20_CONSTANT_LEN; + + memset(poly1305_key, 0, sizeof(poly1305_key)); + CRYPTO_chacha_20(poly1305_key, poly1305_key, + sizeof(poly1305_key), c20_ctx->key, iv, ctr); + + CRYPTO_poly1305_init(&poly1305, poly1305_key); + poly1305_update_with_pad16(&poly1305, ad, ad_len); + CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, iv, ctr + 1); + poly1305_update_with_pad16(&poly1305, out, in_len); + poly1305_update_with_length(&poly1305, NULL, ad_len); + poly1305_update_with_length(&poly1305, NULL, in_len); if (c20_ctx->tag_len != POLY1305_TAG_LEN) { unsigned char tag[POLY1305_TAG_LEN]; @@ -242,33 +220,19 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, return 0; } - if (nonce_len == CHACHA20_NONCE_LEN_OLD) { - /* Google's draft-agl-tls-chacha20poly1305-04, Nov 2013 */ - - memset(poly1305_key, 0, sizeof(poly1305_key)); - CRYPTO_chacha_20(poly1305_key, poly1305_key, - sizeof(poly1305_key), c20_ctx->key, nonce, 0); + ctr = (uint64_t)(nonce[0] | nonce[1] << 8 | + nonce[2] << 16 | nonce[3] << 24) << 32; + iv = nonce + CHACHA20_CONSTANT_LEN; - CRYPTO_poly1305_init(&poly1305, poly1305_key); - poly1305_update_with_length(&poly1305, ad, ad_len); - poly1305_update_with_length(&poly1305, in, plaintext_len); - } else if (nonce_len == CHACHA20_NONCE_LEN) { - /* RFC 7539, May 2015 */ + memset(poly1305_key, 0, sizeof(poly1305_key)); + CRYPTO_chacha_20(poly1305_key, poly1305_key, + sizeof(poly1305_key), c20_ctx->key, iv, ctr); - ctr = (uint64_t)(nonce[0] | nonce[1] << 8 | - nonce[2] << 16 | nonce[3] << 24) << 32; - iv = nonce + CHACHA20_CONSTANT_LEN; - - memset(poly1305_key, 0, sizeof(poly1305_key)); - CRYPTO_chacha_20(poly1305_key, poly1305_key, - sizeof(poly1305_key), c20_ctx->key, iv, ctr); - - CRYPTO_poly1305_init(&poly1305, poly1305_key); - poly1305_update_with_pad16(&poly1305, ad, ad_len); - poly1305_update_with_pad16(&poly1305, in, plaintext_len); - poly1305_update_with_length(&poly1305, NULL, ad_len); - poly1305_update_with_length(&poly1305, NULL, plaintext_len); - } + CRYPTO_poly1305_init(&poly1305, poly1305_key); + poly1305_update_with_pad16(&poly1305, ad, ad_len); + poly1305_update_with_pad16(&poly1305, in, plaintext_len); + poly1305_update_with_length(&poly1305, NULL, ad_len); + poly1305_update_with_length(&poly1305, NULL, plaintext_len); CRYPTO_poly1305_finish(&poly1305, mac); @@ -282,6 +246,7 @@ aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, return 1; } +/* RFC 7539 */ static const EVP_AEAD aead_chacha20_poly1305 = { .key_len = 32, .nonce_len = CHACHA20_NONCE_LEN, @@ -294,28 +259,10 @@ static const EVP_AEAD aead_chacha20_poly1305 = { .open = aead_chacha20_poly1305_open, }; -static const EVP_AEAD aead_chacha20_poly1305_old = { - .key_len = 32, - .nonce_len = CHACHA20_NONCE_LEN_OLD, - .overhead = POLY1305_TAG_LEN, - .max_tag_len = POLY1305_TAG_LEN, - - .init = aead_chacha20_poly1305_init, - .cleanup = aead_chacha20_poly1305_cleanup, - .seal = aead_chacha20_poly1305_seal, - .open = aead_chacha20_poly1305_open, -}; - const EVP_AEAD * EVP_aead_chacha20_poly1305() { return &aead_chacha20_poly1305; } -const EVP_AEAD * -EVP_aead_chacha20_poly1305_old() -{ - return &aead_chacha20_poly1305_old; -} - #endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */ diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index 68e1049587c..853abe6b8ec 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.52 2017/02/28 14:15:37 jsing Exp $ */ +/* $OpenBSD: evp.h,v 1.53 2017/08/28 17:48:02 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1222,7 +1222,6 @@ const EVP_AEAD *EVP_aead_aes_256_gcm(void); #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) /* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */ const EVP_AEAD *EVP_aead_chacha20_poly1305(void); -const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void); #endif /* EVP_AEAD_key_length returns the length of the keys used. */ |