chacha20poly1305

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 22047c3e4191893687e7cd80377762637dcdb212..f5d932ba0d2b45d082434c2df09b07c92ed01641 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -298,6 +298,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
+       {0,SSL_TXT_CHACHA20   ,0,0,0,SSL_CHACHA20POLY1305,0,0,0,0,0,0},
 
        /* MAC aliases */       
        {0,SSL_TXT_MD5,0,     0,0,0,SSL_MD5,   0,0,0,0,0},
@@ -484,32 +485,77 @@ static void load_builtin_compressions(void)
        }
 #endif
 
+/* ssl_cipher_get_comp sets |comp| to the correct SSL_COMP for the given
+ * session and returns 1. On error it returns 0. */
+int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp)
+       {
+       int i;
+
+       SSL_COMP ctmp;
+#ifndef OPENSSL_NO_COMP
+       load_builtin_compressions();
+#endif
+
+       *comp=NULL;
+       ctmp.id=s->compress_meth;
+       if (ssl_comp_methods != NULL)
+               {
+               i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
+               if (i >= 0)
+                       *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
+               else
+                       *comp=NULL;
+               }
+
+       return 1;
+       }
+
+/* ssl_cipher_get_evp_aead sets |*aead| to point to the correct EVP_AEAD object
+ * for |s->cipher|. It returns 1 on success and 0 on error. */
+int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
+       {
+       const SSL_CIPHER *c = s->cipher;
+
+       *aead = NULL;
+
+       if (c == NULL)
+               return 0;
+       if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0)
+               return 0;
+
+       switch (c->algorithm_enc)
+               {
+#ifndef OPENSSL_NO_AES
+       case SSL_AES128GCM:
+               *aead = EVP_aead_aes_128_gcm();
+               return 1;
+       case SSL_AES256GCM:
+               *aead = EVP_aead_aes_256_gcm();
+               return 1;
+#endif
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+       case SSL_CHACHA20POLY1305:
+               *aead = EVP_aead_chacha20_poly1305();
+               return 1;
+#endif
+               }
+
+       return 0;
+       }
+
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-            const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
+            const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size)
        {
        int i;
        const SSL_CIPHER *c;
 
        c=s->cipher;
        if (c == NULL) return(0);
-       if (comp != NULL)
-               {
-               SSL_COMP ctmp;
-#ifndef OPENSSL_NO_COMP
-               load_builtin_compressions();
-#endif
 
-               *comp=NULL;
-               ctmp.id=s->compress_meth;
-               if (ssl_comp_methods != NULL)
-                       {
-                       i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
-                       if (i >= 0)
-                               *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
-                       else
-                               *comp=NULL;
-                       }
-               }
+       /* This function doesn't deal with EVP_AEAD. See
+        * |ssl_cipher_get_aead_evp|. */
+       if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)
+               return(0);
 
        if ((enc == NULL) || (md == NULL)) return(0);
 
@@ -1741,6 +1787,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_SEED:
                enc="SEED(128)";
                break;
+       case SSL_CHACHA20POLY1305:
+               enc="ChaCha20-Poly1305";
+               break;
        default:
                enc="unknown";
                break;