[erlang-questions] chacha20-poly1305 AEAD is not available for libressl built

Ingela Andin ingela.andin@REDACTED
Mon Mar 26 12:01:35 CEST 2018 

Hi !

2018-03-23 22:31 GMT+01:00 mko_io <me@REDACTED>:

> Dear erlang community,
>
> Just report a bug:
>
>
Thanks. I just want to kindly point out that we have a public issue tracker
that you can use if you want to report bugs.

https://bugs.erlang.org/secure/Dashboard.jspa



> The openssl that I built OTP 20.3.2 with is Libressl(portable 2.6.4), it
> does have ciper chacha20-poly1305 as AEAD
>
> $openssl version
> LibreSSL 2.6.4
> $ openssl ciphers -v | grep chacha20
>
> ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA
> Enc=ChaCha20-Poly1305 Mac=AEAD
>
> but it’s not in erlang
>
> crypto:supports().
> [{hashs,[sha,sha224,sha256,sha384,sha512,md4,md5,ripemd160]},
>  {ciphers,[des3_cbc,des_ede3,des3_cbf,des3_cfb,aes_cbc,
>            aes_cbc128,aes_cfb8,aes_cfb128,aes_cbc256,aes_ctr,aes_ecb,
>            aes_gcm,aes_ige256,des_cbc,des_cfb,des_ecb,blowfish_cbc,
>            blowfish_cfb64,blowfish_ofb64,blowfish_ecb,rc2_cbc,rc4]},
>  {public_keys,[rsa,dss,dh,ec_gf2m,ecdsa,ecdh,srp]},
>  {macs,[hmac,cmac]}]
>
> and in the release note of application crypto 4.0, this feature is enabled
>
> "Crypto chacha20-poly1305 as in RFC 7539 enabled for OpenSSL >= 1.1."
>
> so I think it’s a libressl compatibility issue, hope the someone can fix it
>
>
>
Chacha was disabled for LIBRESSL to get  LIBRESSL to work at all, so I
guess it might be a compatibility issue between LIBRESSL and OPENSSL.
Contributions  in this area are welcome.

As as side note. We discovered interop problems with the chacha20-poly1305
cipher and hence we  have removed it from the default cipher list in our
ssl application until we are able to  fix it. It is a problem with how
crypto calls OpenSSLs crypto lib with subtitles in how padding is handled.

It is still possible to use the cipher by adding it to the the ciphers
list  see ssl:cipher_suites/2, ssl:filter_cipher_suites/2,
ssl:prepend_cipher_suites/2 ssl:append_cipher_suites/2.  But probably this
will only work for erlang client
vs erlang server as they will then do the same thing.

Regards Ingela Erlang/OTP Team - Ericsson AB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180326/dbfb5c8d/attachment.htm>

More information about the erlang-questions mailing list