Fix daily CI failure for no-chacha and no-poly1305 builds plus some HPKE refactoring

[t8m]

When investigating daily CI failure for no-chacha and no-poly1305 builds I've realized there is some inefficiency in the HPKE seal/open functions.

[t8m]

@sftcd might perhaps want to look too

[t8m]

@mattcaswell rebase was needed after merging coverity fixes. Please re-approve

[sftcd]

On 29/11/2022 13:26, Matt Caswell wrote:

@mattcaswell approved this pull request.

I had a look at those changes and they all seem fine to me too fwiw.

Also - once this one lands I plan to create a PR to suggest a way to add the restrictions on nonce re-use for senders as discussed/promised last week.

'case it's useful or someone else wants to incorporate it here, there's a HPKE-nonce branch that I'll rebase and turn into a PR once this one's done.

S.

[t8m]

@mattcaswell please, one more re-approval needed for the fixup.

[t8m]

Ping for second review.

[t8m]

If we knew if we were doing a seal or open operation beforehand the init of the cipher and key could be done even earlier..

Yeah, I was thinking about this too. How would it work with multiple seal() or open() calls. And is it possible an application might want to do both to exchange some data with the peer?

[sftcd]

On 01/12/2022 21:11, Shane wrote:

If we knew if we were doing a seal or open operation beforehand the init of the cipher and key could be done even earlier.. Not sure what you're thinking there, but it probably overlaps with the changes I'll be proposing for nonce re-use in [1], so we could discuss it in the PR I'll make for that shortly.

S.

[1] https://github.com/openssl/openssl/compare/master...sftcd:openssl:HPKE-nonce

[openssl-machine]

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

[t8m]

Merged to master branch. Thank you for the reviews.