New ChaCha/Poly ciphers

Question

New ChaCha/Poly ciphers

drwetter opened this issue 8 years ago · 6 comments

Hi Peter,

there is a set of new chacha/poly ciphers like cca8, cca9, see

https://mta.openssl.org/pipermail/openssl-commits/2015-December/002380.html

Is that possible to have them integrated into this branch and renaming the old ones like https://www.ssllabs.com/ssltest/analyze.html?d=google.de&s=172.217.2.35 ?

Cheers, Dirk

Answer 1 · 2016-03-29T06:39:35.000Z

Hi Dirk,

I'll look into it, whether it's feasible with 1.0.2 or that 'restarting' openssl from master (1.1.x) makes more sense at this point.
Thanks for the request.

Cheers,

Peter

Answer 2 · 2017-01-09T20:03:02.000Z

@PeterMosmans : Have you looked into it? Other than moving away conflicts with the old CHACHA/POLY ciphers it "just" seems to me a few hours of work.

I would love to do this but atm I still have a queue of things I need to work on.

Answer 3 · 2017-01-10T11:01:17.000Z

Hi @drwetter it's still on the TODO list, but, similar to you, there's quite a large queue. Let me know if you want to/have time for this issue. If not, I'll try to finish it as soon as a slot opens up 😉

Cheers,

Peter

Answer 4 · 2017-01-20T15:59:54.000Z

For the record so that it is easier to find the info if somebody will start working on it, see

https://github.com/cloudflare/sslconfig/tree/master/patches (@jvehent 's hint)
see attached the RFC version from openssl 1.1x (first patch, newer ones are probably harder to apply)
chacha-poly.patch.txt

Answer 5 · 2018-09-14T18:18:51.000Z

@PeterMosmans is there a patch at least I can reverse the old ciphers or is https://github.com/PeterMosmans/openssl/files/719816/chacha-poly.patch.txt all I need?

Answer 6 · 2018-09-15T04:01:42.000Z

Hi @drwetter - I went through the logs, but unfortunately the ChaCha implementation is spread out across a number of commits. I don't have the exact commits handy. You might want to try filtering on committer (aka me ;) - , maybe that helps?