chacha20-poly1305 AEAD is not available for libressl built

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

chacha20-poly1305 AEAD is not available for libressl built

yorda
Dear erlang community,

Just report a bug:

The openssl that I built OTP 20.3.2 with is Libressl(portable 2.6.4), it does have ciper chacha20-poly1305 as AEAD

$openssl version
LibreSSL 2.6.4
$ openssl ciphers -v | grep chacha20

ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD

but it’s not in erlang

crypto:supports().
[{hashs,[sha,sha224,sha256,sha384,sha512,md4,md5,ripemd160]},
 {ciphers,[des3_cbc,des_ede3,des3_cbf,des3_cfb,aes_cbc,
           aes_cbc128,aes_cfb8,aes_cfb128,aes_cbc256,aes_ctr,aes_ecb,
           aes_gcm,aes_ige256,des_cbc,des_cfb,des_ecb,blowfish_cbc,
           blowfish_cfb64,blowfish_ofb64,blowfish_ecb,rc2_cbc,rc4]},
 {public_keys,[rsa,dss,dh,ec_gf2m,ecdsa,ecdh,srp]},
 {macs,[hmac,cmac]}]

and in the release note of application crypto 4.0, this feature is enabled

"Crypto chacha20-poly1305 as in RFC 7539 enabled for OpenSSL >= 1.1."

so I think it’s a libressl compatibility issue, hope the someone can fix it


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: chacha20-poly1305 AEAD is not available for libressl built

Ingela Andin
Hi !

2018-03-23 22:31 GMT+01:00 mko_io <[hidden email]>:
Dear erlang community,

Just report a bug:


Thanks. I just want to kindly point out that we have a public issue tracker that you can use if you want to report bugs.


 
The openssl that I built OTP 20.3.2 with is Libressl(portable 2.6.4), it does have ciper chacha20-poly1305 as AEAD

$openssl version
LibreSSL 2.6.4
$ openssl ciphers -v | grep chacha20

ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD

but it’s not in erlang

crypto:supports().
[{hashs,[sha,sha224,sha256,sha384,sha512,md4,md5,ripemd160]},
 {ciphers,[des3_cbc,des_ede3,des3_cbf,des3_cfb,aes_cbc,
           aes_cbc128,aes_cfb8,aes_cfb128,aes_cbc256,aes_ctr,aes_ecb,
           aes_gcm,aes_ige256,des_cbc,des_cfb,des_ecb,blowfish_cbc,
           blowfish_cfb64,blowfish_ofb64,blowfish_ecb,rc2_cbc,rc4]},
 {public_keys,[rsa,dss,dh,ec_gf2m,ecdsa,ecdh,srp]},
 {macs,[hmac,cmac]}]

and in the release note of application crypto 4.0, this feature is enabled

"Crypto chacha20-poly1305 as in RFC 7539 enabled for OpenSSL >= 1.1."

so I think it’s a libressl compatibility issue, hope the someone can fix it



Chacha was disabled for LIBRESSL to get  LIBRESSL to work at all, so I guess it might be a compatibility issue between LIBRESSL and OPENSSL.  
Contributions  in this area are welcome.

As as side note. We discovered interop problems with the chacha20-poly1305 cipher and hence we  have removed it from the default cipher list in our ssl application until we are able to  fix it. It is a problem with how crypto calls OpenSSLs crypto lib with subtitles in how padding is handled.

It is still possible to use the cipher by adding it to the the ciphers list  see ssl:cipher_suites/2, ssl:filter_cipher_suites/2, ssl:prepend_cipher_suites/2 ssl:append_cipher_suites/2.  But probably this will only work for erlang client
vs erlang server as they will then do the same thing.

Regards Ingela Erlang/OTP Team - Ericsson AB



 

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions