commit bdb5edec449f3ed4157f93bc6cb5155d2157985e
author Kazuho Oku <kazuhooku@gmail.com> Fri Feb 10 16:01:54 2023 +0900
committer Kazuho Oku <kazuhooku@gmail.com> Fri Feb 10 16:21:42 2023 +0900
tree 151ce5bbdeae3e043a59f099fc51072455a934f2
parent 8ce58363dec3e854743192666303a22ddeb5520a

resurrect chacha20 ctr code by @jedisct1 in a structured way

lib/openssl.c

diff --git a/lib/openssl.c b/lib/openssl.c
index 5611773..c7111f1 100644
--- a/lib/openssl.c
+++ b/lib/openssl.c
@@ -999,6 +999,49 @@
 }
 
 #if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
+#ifdef OPENSSL_IS_BORINGSSL
+
+struct boringssl_chacha20_context_t {
+    ptls_cipher_context_t super;
+    uint8_t key[PTLS_CHACHA20_KEY_SIZE];
+    uint8_t iv[PTLS_CHACHA20_IV_SIZE];
+};
+
+static void boringssl_chacha20_dispose(ptls_cipher_context_t *_ctx)
+{
+    struct boringssl_chacha20_context_t *ctx = (struct boringssl_chacha20_context_t *)_ctx;
+
+    ptls_clear_memory(ctx->key, sizeof(ctx->key));
+    ptls_clear_memory(ctx->iv, sizeof(ctx->iv));
+}
+
+static void boringssl_chacha20_init(ptls_cipher_context_t *_ctx, const void *iv)
+{
+    struct boringssl_chacha20_context_t *ctx = (struct boringssl_chacha20_context_t *)_ctx;
+
+    memcpy(ctx->iv, iv, sizeof(ctx->iv));
+}
+
+static void boringssl_chacha20_transform(ptls_cipher_context_t *_ctx, void *output, const void *input, size_t len)
+{
+    struct boringssl_chacha20_context_t *ctx = (struct boringssl_chacha20_context_t *)_ctx;
+
+    CRYPTO_chacha_20(output, input, len, ctx->key, ctx->iv, 0);
+}
+
+static int boringssl_chacha20_setup_crypto(ptls_cipher_context_t *_ctx, int is_enc, const void *key)
+{
+    struct boringssl_chacha20_context_t *ctx = (struct boringssl_chacha20_context_t *)_ctx;
+
+    ctx->super.do_dispose = boringssl_chacha20_dispose;
+    ctx->super.do_init = boringssl_chacha20_init;
+    ctx->super.do_transform = boringssl_chacha20_transform;
+    memcpy(ctx->key, key, sizeof(ctx->key));
+
+    return 0;
+}
+
+#else
 
 static int chacha20_setup_crypto(ptls_cipher_context_t *ctx, int is_enc, const void *key)
 {
@@ -1006,6 +1049,7 @@
 }
 
 #endif
+#endif
 
 #if PTLS_OPENSSL_HAVE_BF
 
@@ -1180,10 +1224,21 @@
 }
 
 #if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
+#ifdef OPENSSL_IS_BORINGSSL
+
+static int boringssl_chacha20poly1305_setup_crypto(ptls_aead_context_t *ctx, int is_enc, const void *key, const void *iv)
+{
+    assert(!"FIXME");
+}
+
+#else
+
 static int aead_chacha20poly1305_setup_crypto(ptls_aead_context_t *ctx, int is_enc, const void *key, const void *iv)
 {
     return aead_setup_crypto(ctx, is_enc, key, iv, EVP_chacha20_poly1305());
 }
+
+#endif
 #endif
 
 #define _sha256_final(ctx, md) SHA256_Final((md), (ctx))
@@ -1977,21 +2032,38 @@
     .hash = &ptls_openssl_sha384};
 #if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
 ptls_cipher_algorithm_t ptls_openssl_chacha20 = {
-    "CHACHA20",           PTLS_CHACHA20_KEY_SIZE, 1 /* block size */, PTLS_CHACHA20_IV_SIZE, sizeof(struct cipher_context_t),
-    chacha20_setup_crypto};
-ptls_aead_algorithm_t ptls_openssl_chacha20poly1305 = {"CHACHA20-POLY1305",
-                                                       PTLS_CHACHA20POLY1305_CONFIDENTIALITY_LIMIT,
-                                                       PTLS_CHACHA20POLY1305_INTEGRITY_LIMIT,
-                                                       &ptls_openssl_chacha20,
-                                                       NULL,
-                                                       PTLS_CHACHA20_KEY_SIZE,
-                                                       PTLS_CHACHA20POLY1305_IV_SIZE,
-                                                       PTLS_CHACHA20POLY1305_TAG_SIZE,
-                                                       {PTLS_TLS12_CHACHAPOLY_FIXED_IV_SIZE, PTLS_TLS12_CHACHAPOLY_RECORD_IV_SIZE},
-                                                       0,
-                                                       0,
-                                                       sizeof(struct aead_crypto_context_t),
-                                                       aead_chacha20poly1305_setup_crypto};
+    .name = "CHACHA20",
+    .key_size = PTLS_CHACHA20_KEY_SIZE,
+    .block_size = 1,
+    .iv_size = PTLS_CHACHA20_IV_SIZE,
+#ifdef OPENSSL_IS_BORINGSSL
+    .context_size = sizeof(struct boringssl_chacha20_context_t),
+    .setup_crypto = boringssl_chacha20_setup_crypto,
+#else
+    .context_size = sizeof(struct cipher_context_t),
+    .setup_crypto = chacha20_setup_crypto,
+#endif
+};
+ptls_aead_algorithm_t ptls_openssl_chacha20poly1305 = {
+    .name = "CHACHA20-POLY1305",
+    .confidentiality_limit = PTLS_CHACHA20POLY1305_CONFIDENTIALITY_LIMIT,
+    .integrity_limit = PTLS_CHACHA20POLY1305_INTEGRITY_LIMIT,
+    .ctr_cipher = &ptls_openssl_chacha20,
+    .ecb_cipher = NULL,
+    .key_size = PTLS_CHACHA20_KEY_SIZE,
+    .iv_size = PTLS_CHACHA20POLY1305_IV_SIZE,
+    .tag_size = PTLS_CHACHA20POLY1305_TAG_SIZE,
+    .tls12 = {.fixed_iv_size = PTLS_TLS12_CHACHAPOLY_FIXED_IV_SIZE, .record_iv_size = PTLS_TLS12_CHACHAPOLY_RECORD_IV_SIZE},
+    .non_temporal = 0,
+    .align_bits = 0,
+#ifdef OPENSSL_IS_BORINGSSL
+    .context_size = sizeof("FIXME"),
+    .setup_crypto = boringssl_chacha20poly1305_setup_crypto,
+#else
+    .context_size = sizeof(struct aead_crypto_context_t),
+    .setup_crypto = aead_chacha20poly1305_setup_crypto,
+#endif
+};
 ptls_cipher_suite_t ptls_openssl_chacha20poly1305sha256 = {.id = PTLS_CIPHER_SUITE_CHACHA20_POLY1305_SHA256,
                                                            .name = PTLS_CIPHER_SUITE_NAME_CHACHA20_POLY1305_SHA256,
                                                            .aead = &ptls_openssl_chacha20poly1305,