diff options
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 101 | ||||
-rw-r--r-- | ssl/ssl.h | 1 | ||||
-rw-r--r-- | ssl/ssl_algs.c | 4 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 15 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 1 | ||||
-rw-r--r-- | ssl/tls1.h | 17 |
6 files changed, 136 insertions, 3 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6e4ce00caf..4b7eaeefd9 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1453,6 +1453,107 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, #endif /* OPENSSL_NO_PSK */ +#ifndef OPENSSL_NO_SEED + /* SEED ciphersuites from RFC4162 */ + + /* Cipher 96 */ + { + 1, + TLS1_TXT_RSA_WITH_SEED_SHA, + TLS1_CK_RSA_WITH_SEED_SHA, + SSL_kRSA, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + }, + + /* Cipher 97 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_SEED_SHA, + TLS1_CK_DH_DSS_WITH_SEED_SHA, + SSL_kDHd, + SSL_aDH, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + }, + + /* Cipher 98 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_SEED_SHA, + TLS1_CK_DH_RSA_WITH_SEED_SHA, + SSL_kDHr, + SSL_aDH, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + }, + + /* Cipher 99 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_SEED_SHA, + TLS1_CK_DHE_DSS_WITH_SEED_SHA, + SSL_kEDH, + SSL_aDSS, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + }, + + /* Cipher 9A */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_SEED_SHA, + TLS1_CK_DHE_RSA_WITH_SEED_SHA, + SSL_kEDH, + SSL_aRSA, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + }, + + /* Cipher 9B */ + { + 1, + TLS1_TXT_ADH_WITH_SEED_SHA, + TLS1_CK_ADH_WITH_SEED_SHA, + SSL_kEDH, + SSL_aNULL, + SSL_SEED, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_MEDIUM, + 0, + 128, + 128, + }, + +#endif /* OPENSSL_NO_SEED */ + #ifndef OPENSSL_NO_ECDH /* Cipher C001 */ { @@ -275,6 +275,7 @@ extern "C" { #define SSL_TXT_RC4 "RC4" #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" +#define SSL_TXT_SEED "SEED" #define SSL_TXT_AES128 "AES128" #define SSL_TXT_AES256 "AES256" #define SSL_TXT_AES "AES" diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 052e939629..bd68999a5a 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -87,6 +87,10 @@ int SSL_library_init(void) EVP_add_cipher(EVP_camellia_256_cbc()); #endif +#ifndef OPENSSL_NO_SEED + EVP_add_cipher(EVP_seed_cbc()); +#endif + #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index aa7893b346..0a56042931 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -156,7 +156,8 @@ #define SSL_ENC_CAMELLIA128_IDX 8 #define SSL_ENC_CAMELLIA256_IDX 9 #define SSL_ENC_GOST89_IDX 10 -#define SSL_ENC_NUM_IDX 11 +#define SSL_ENC_SEED_IDX 11 +#define SSL_ENC_NUM_IDX 12 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ @@ -252,6 +253,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, + {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, {0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0}, {0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0}, @@ -307,7 +309,9 @@ void ssl_load_ciphers(void) ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= EVP_get_cipherbyname(SN_camellia_256_cbc); ssl_cipher_methods[SSL_ENC_GOST89_IDX]= - EVP_get_cipherbyname(SN_gost89_cnt); + EVP_get_cipherbyname(SN_gost89_cnt); + ssl_cipher_methods[SSL_ENC_SEED_IDX]= + EVP_get_cipherbyname(SN_seed_cbc); ssl_digest_methods[SSL_MD_MD5_IDX]= EVP_get_digestbyname(SN_md5); @@ -433,6 +437,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, case SSL_eGOST2814789CNT: i=SSL_ENC_GOST89_IDX; break; + case SSL_SEED: + i=SSL_ENC_SEED_IDX; + break; default: i= -1; break; @@ -556,6 +563,7 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0; *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0; *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0; + *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; @@ -1444,6 +1452,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_CAMELLIA256: enc="Camellia(256)"; break; + case SSL_SEED: + enc="SEED(128)"; + break; default: enc="unknown"; break; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6dbcef3de1..8488a6153f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -311,6 +311,7 @@ #define SSL_CAMELLIA128 0x00000100L #define SSL_CAMELLIA256 0x00000200L #define SSL_eGOST2814789CNT 0x00000400L +#define SSL_SEED 0x00000800L #define SSL_AES (SSL_AES128|SSL_AES256) #define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) diff --git a/ssl/tls1.h b/ssl/tls1.h index d6687a8fe4..05d74f5416 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -260,7 +260,7 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A -/* Camellia ciphersuites form RFC4132 */ +/* Camellia ciphersuites from RFC4132 */ #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 @@ -275,6 +275,14 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 +/* SEED ciphersuites from RFC4162 */ +#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 @@ -388,6 +396,13 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" +/* SEED ciphersuites from RFC4162 */ +#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 |