From 259810e05bfcb465469a326cbfb939661a2fbcb9 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Tue, 6 Feb 2001 14:09:13 +0000 Subject: Rijdael CBC mode and partial undebugged SSL support. --- ssl/s3_lib.c | 13 +++++++++++++ ssl/ssl.h | 1 + ssl/ssl_algs.c | 7 +++++-- ssl/ssl_ciph.c | 31 ++++++++++++++++++++++++++++++- ssl/ssl_locl.h | 3 ++- ssl/tls1.h | 4 ++++ 6 files changed, 55 insertions(+), 4 deletions(-) (limited to 'ssl') diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 47768cc281..c4239f3ca6 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -708,6 +708,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS }, + /* Cipher ?? */ + { + 1, + TLS1_TXT_RSA_WITH_RD_128_SHA, + TLS1_CK_RSA_WITH_RD_128_SHA, + SSL_kRSA|SSL_aRSA|SSL_RD|SSL_SHA |SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, #endif /* end of list */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 55f32724ff..c976a866f6 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -153,6 +153,7 @@ extern "C" { #define SSL_TXT_RC4 "RC4" #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" +#define SSL_TXT_RD "RD" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index dde8918fe0..52d127ed67 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -63,6 +63,8 @@ int SSL_library_init(void) { + int k; + #ifndef NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); @@ -75,7 +77,9 @@ int SSL_library_init(void) #endif #ifndef NO_RC2 EVP_add_cipher(EVP_rc2_cbc()); -#endif +#endif + for(k=0 ; k < 2 ; ++k) + EVP_add_cipher(EVP_rijndael_cbc(0,k)); #ifndef NO_MD2 EVP_add_digest(EVP_md2()); @@ -96,7 +100,6 @@ int SSL_library_init(void) EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); #endif - /* If you want support for phased out ciphers, add the following */ #if 0 EVP_add_digest(EVP_sha()); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index a196d5e574..cb9a725327 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -68,7 +68,10 @@ #define SSL_ENC_IDEA_IDX 4 #define SSL_ENC_eFZA_IDX 5 #define SSL_ENC_NULL_IDX 6 -#define SSL_ENC_NUM_IDX 7 +#define SSL_ENC_RD128_IDX 7 +#define SSL_ENC_RD192_IDX 8 +#define SSL_ENC_RD256_IDX 9 +#define SSL_ENC_NUM_IDX 10 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ NULL,NULL,NULL,NULL,NULL,NULL, @@ -124,6 +127,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_RD, 0,SSL_RD, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, @@ -163,6 +167,12 @@ static void load_ciphers(void) EVP_get_cipherbyname(SN_rc2_cbc); ssl_cipher_methods[SSL_ENC_IDEA_IDX]= EVP_get_cipherbyname(SN_idea_cbc); + ssl_cipher_methods[SSL_ENC_RD128_IDX]= + EVP_get_cipherbyname(SN_rd128_cbc_b128); + ssl_cipher_methods[SSL_ENC_RD192_IDX]= + EVP_get_cipherbyname(SN_rd192_cbc_b128); + ssl_cipher_methods[SSL_ENC_RD256_IDX]= + EVP_get_cipherbyname(SN_rd256_cbc_b128); ssl_digest_methods[SSL_MD_MD5_IDX]= EVP_get_digestbyname(SN_md5); @@ -223,6 +233,15 @@ int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc, case SSL_eNULL: i=SSL_ENC_NULL_IDX; break; + case SSL_RD: + switch(c->alg_bits) + { + case 128: i=SSL_ENC_RD128_IDX; break; + case 192: i=SSL_ENC_RD192_IDX; break; + case 256: i=SSL_ENC_RD256_IDX; break; + default: i=-1; break; + } + break; default: i= -1; break; @@ -308,6 +327,7 @@ static unsigned long ssl_cipher_get_disabled(void) mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; + mask |= (ssl_cipher_methods[SSL_ENC_RD128_IDX] == NULL) ? SSL_RD:0; mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; @@ -979,6 +999,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_eNULL: enc="None"; break; + case SSL_RD: + switch(cipher->strength_bits == 128) + { + case 128: enc="Rijndael(128)"; break; + case 192: enc="Rijndael(192)"; break; + case 256: enc="Rijndael(256)"; break; + default: enc="Rijndael(???)"; break; + } + break; default: enc="unknown"; break; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 58bcd1b7ed..3ab23ded24 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -251,7 +251,7 @@ #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) -#define SSL_ENC_MASK 0x0007F000L +#define SSL_ENC_MASK 0x0087F000L #define SSL_DES 0x00001000L #define SSL_3DES 0x00002000L #define SSL_RC4 0x00004000L @@ -259,6 +259,7 @@ #define SSL_IDEA 0x00010000L #define SSL_eFZA 0x00020000L #define SSL_eNULL 0x00040000L +#define SSL_RD 0x00800000L #define SSL_MAC_MASK 0x00180000L #define SSL_MD5 0x00080000L diff --git a/ssl/tls1.h b/ssl/tls1.h index cf92ae034f..0ee8207612 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -95,6 +95,8 @@ extern "C" { #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 + /* not yet real */ +#define TLS1_CK_RSA_WITH_RD_128_SHA 0x03000067 /* XXX * Inconsistency alert: @@ -110,6 +112,8 @@ extern "C" { #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + /* Not yet real */ +#define TLS1_TXT_RSA_WITH_RD_128_SHA "RD128-SHA" #define TLS_CT_RSA_SIGN 1 -- cgit v1.2.3