From 4ebf794a08de04ebf1c520f07bff3f8fdf48819a Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Tue, 21 May 2024 09:42:12 -0700
Subject: [PATCH] cryptocheck: Don't test Chacha20-Poly1305 with an IV size of
 8

OpenSSL 3.0+ doesn't support an IV size of 8 either for the Chacha20
stream cipher or the AEAD combination with Poly1305.  This did work
previously with OpenSSL 1.1.

Reviewed by:	markj
Sponsored by:	AFRL, DARPA
Differential Revision:	https://reviews.freebsd.org/D45280
---
 tools/tools/crypto/cryptocheck.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c
index 2db283e4f65b..ef3e225e94f6 100644
--- a/tools/tools/crypto/cryptocheck.c
+++ b/tools/tools/crypto/cryptocheck.c
@@ -136,7 +136,7 @@
  *	aes-ccm128	128-bit AES-CCM
  *	aes-ccm192	192-bit AES-CCM
  *	aes-ccm256	256-bit AES-CCM
- *	chacha20-poly1305 Chacha20 with Poly1305 per RFC 8439
+ *	chacha20-poly1305 Chacha20 (96 bit nonce) with Poly1305 per RFC 8439
  */
 
 #include <sys/param.h>
@@ -253,7 +253,7 @@ static const struct alg {
 	  .evp_cipher = EVP_aes_256_ccm },
 	{ .name = "chacha20-poly1305", .cipher = CRYPTO_CHACHA20_POLY1305,
 	  .type = T_AEAD, .tag_len = POLY1305_HASH_LEN,
-	  .iv_sizes = { CHACHA20_POLY1305_IV_LEN, 8 },
+	  .iv_sizes = { CHACHA20_POLY1305_IV_LEN },
 	  .evp_cipher = EVP_chacha20_poly1305 },
 };