From e18eef3d7ab9a6b4f229d95c8d32d25c66243103 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Fri, 9 Jun 2006 15:42:21 +0000 Subject: [PATCH] Camellia cipher, contributed by NTT Submitted by: Masashi Fujita Reviewed by: Bodo Moeller --- CHANGES | 10 +++ Configure | 3 +- Makefile.org | 2 +- apps/Makefile | 41 ++++----- apps/dsa.c | 7 ++ apps/gendsa.c | 12 +++ apps/genrsa.c | 12 +++ apps/openssl.c | 10 ++- apps/pkcs12.c | 11 ++- apps/progs.h | 18 ++++ apps/progs.pl | 4 + apps/rsa.c | 7 ++ apps/smime.c | 12 +++ apps/speed.c | 113 ++++++++++++++++++++++-- config | 2 +- crypto/evp/Makefile | 13 ++- crypto/evp/c_allc.c | 28 ++++++ crypto/evp/evp.h | 25 ++++++ crypto/evp/evp_err.c | 2 + crypto/evp/evp_test.c | 7 ++ crypto/evp/evptests.txt | 129 ++++++++++++++++++++++++++++ crypto/objects/obj_dat.h | 100 ++++++++++++++++++++-- crypto/objects/obj_mac.h | 88 +++++++++++++++++++ crypto/objects/obj_mac.num | 18 ++++ crypto/objects/objects.txt | 38 +++++++++ doc/apps/ciphers.pod | 22 +++++ doc/apps/smime.pod | 11 ++- ssl/s3_lib.c | 170 ++++++++++++++++++++++++++++++++++++- ssl/ssl.h | 1 + ssl/ssl_algs.c | 9 ++ ssl/ssl_ciph.c | 29 +++++++ ssl/ssl_locl.h | 5 +- ssl/tls1.h | 31 +++++++ util/libeay.num | 29 +++++++ util/mk1mf.pl | 9 +- util/mkdef.pl | 7 +- util/mkfiles.pl | 1 + 37 files changed, 989 insertions(+), 47 deletions(-) diff --git a/CHANGES b/CHANGES index c9c1c50cdb..518a462b6b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,16 @@ Changes between 0.9.8b and 0.9.8c [xx XXX xxxx] + *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key + versions), which is now available for royalty-free use + (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). + Also, add Camellia TLS ciphersuites from RFC 4132. + + To minimize changes between patchlevels in the OpenSSL 0.9.8 + series, Camellia remains excluded from compilation unless OpenSSL + is configured with 'enable-camellia'. + [NTT] + *) Disable the padding bug check when compression is in use. The padding bug check assumes the first packet is of even length, this is not necessarily true if compresssion is enabled and can result in false diff --git a/Configure b/Configure index d661b3fbda..dce472ac63 100755 --- a/Configure +++ b/Configure @@ -600,6 +600,7 @@ my $perl; # All of the following is disabled by default (RC5 was enabled before 0.9.8): my %disabled = ( # "what" => "comment" + "camellia" => "default", "gmp" => "default", "mdc2" => "default", "rc5" => "default", @@ -613,7 +614,7 @@ my %disabled = ( # "what" => "comment" # For symmetry, "disable-..." is a synonym for "no-...". # This is what $depflags will look like with the above default: -my $default_depflags = "-DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 "; +my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 "; my $no_sse2=0; diff --git a/Makefile.org b/Makefile.org index eaa9a11f9c..c1334c6e1e 100644 --- a/Makefile.org +++ b/Makefile.org @@ -111,7 +111,7 @@ SHLIBDIRS= crypto ssl SDIRS= \ objects \ md2 md4 md5 sha mdc2 hmac ripemd \ - des aes rc2 rc4 rc5 idea bf cast \ + des aes rc2 rc4 rc5 idea bf cast camellia \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ diff --git a/apps/Makefile b/apps/Makefile index 79ea8a7337..b6bd617565 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -815,26 +815,27 @@ smime.o: ../include/openssl/x509v3.h apps.h smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h -speed.o: ../include/openssl/cast.h ../include/openssl/conf.h -speed.o: ../include/openssl/crypto.h ../include/openssl/des.h -speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h -speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -speed.o: ../include/openssl/engine.h ../include/openssl/err.h -speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h -speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h -speed.o: ../include/openssl/md2.h ../include/openssl/md4.h -speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h -speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h -speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h +speed.o: ../include/openssl/camellia.h ../include/openssl/cast.h +speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h +speed.o: ../include/openssl/des.h ../include/openssl/des_old.h +speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +speed.o: ../include/openssl/err.h ../include/openssl/evp.h +speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h +speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h +speed.o: ../include/openssl/md4.h ../include/openssl/md5.h +speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h +speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h +speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +speed.o: ../include/openssl/sha.h ../include/openssl/stack.h +speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c +speed.o: testdsa.h testrsa.h spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h diff --git a/apps/dsa.c b/apps/dsa.c index a5ec5d7e6c..d503031ec3 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -84,6 +84,9 @@ * -aes128 - encrypt output if PEM format * -aes192 - encrypt output if PEM format * -aes256 - encrypt output if PEM format + * -camellia128 - encrypt output if PEM format + * -camellia192 - encrypt output if PEM format + * -camellia256 - encrypt output if PEM format * -text - print a text version * -modulus - print the DSA public key */ @@ -211,6 +214,10 @@ bad: #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); diff --git a/apps/gendsa.c b/apps/gendsa.c index 828e27f1c0..936a42b810 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -147,6 +147,14 @@ int MAIN(int argc, char **argv) enc=EVP_aes_192_cbc(); else if (strcmp(*argv,"-aes256") == 0) enc=EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(*argv,"-camellia128") == 0) + enc=EVP_camellia_128_cbc(); + else if (strcmp(*argv,"-camellia192") == 0) + enc=EVP_camellia_192_cbc(); + else if (strcmp(*argv,"-camellia256") == 0) + enc=EVP_camellia_256_cbc(); #endif else if (**argv != '-' && dsaparams == NULL) { @@ -174,6 +182,10 @@ bad: BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); +#endif #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); #endif diff --git a/apps/genrsa.c b/apps/genrsa.c index 4f62cfd04f..d716a3cde3 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -167,6 +167,14 @@ int MAIN(int argc, char **argv) enc=EVP_aes_192_cbc(); else if (strcmp(*argv,"-aes256") == 0) enc=EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (strcmp(*argv,"-camellia128") == 0) + enc=EVP_camellia_128_cbc(); + else if (strcmp(*argv,"-camellia192") == 0) + enc=EVP_camellia_192_cbc(); + else if (strcmp(*argv,"-camellia256") == 0) + enc=EVP_camellia_256_cbc(); #endif else if (strcmp(*argv,"-passout") == 0) { @@ -190,6 +198,10 @@ bad: #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -out file output the key to 'file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); diff --git a/apps/openssl.c b/apps/openssl.c index 02d86d546d..47aee5b712 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -445,7 +445,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) for (fp=functions; fp->name != NULL; fp++) { nl=0; +#ifdef OPENSSL_NO_CAMELLIA if (((i++) % 5) == 0) +#else + if (((i++) % 4) == 0) +#endif { BIO_printf(bio_err,"\n"); nl=1; @@ -466,7 +470,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); } } +#ifdef OPENSSL_NO_CAMELLIA BIO_printf(bio_err,"%-15s",fp->name); +#else + BIO_printf(bio_err,"%-18s",fp->name); +#endif } BIO_printf(bio_err,"\n\n"); ret=0; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 5205002041..308f9208a1 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -3,7 +3,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -161,6 +161,11 @@ int MAIN(int argc, char **argv) else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc(); + else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc(); + else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc(); #endif else if (!strcmp (*args, "-noiter")) iter = 1; else if (!strcmp (*args, "-maciter")) @@ -303,6 +308,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); #endif BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); diff --git a/apps/progs.h b/apps/progs.h index dc665c53a7..011974b216 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -165,6 +165,24 @@ FUNCTION functions[] = { #endif #ifndef OPENSSL_NO_AES {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main}, #endif {FUNC_TYPE_CIPHER,"base64",enc_main}, #ifndef OPENSSL_NO_DES diff --git a/apps/progs.pl b/apps/progs.pl index 36569d2661..7b1de74bef 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -57,6 +57,9 @@ foreach ( "aes-128-cbc", "aes-128-ecb", "aes-192-cbc", "aes-192-ecb", "aes-256-cbc", "aes-256-ecb", + "camellia-128-cbc", "camellia-128-ecb", + "camellia-192-cbc", "camellia-192-ecb", + "camellia-256-cbc", "camellia-256-ecb", "base64", "des", "des3", "desx", "idea", "rc4", "rc4-40", "rc2", "bf", "cast", "rc5", @@ -75,6 +78,7 @@ foreach ( $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } + elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; } elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; } elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; } diff --git a/apps/rsa.c b/apps/rsa.c index d5cb7b7212..cf09a190ca 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -84,6 +84,9 @@ * -aes128 - encrypt output if PEM format * -aes192 - encrypt output if PEM format * -aes256 - encrypt output if PEM format + * -camellia128 - encrypt output if PEM format + * -camellia192 - encrypt output if PEM format + * -camellia256 - encrypt output if PEM format * -text - print a text version * -modulus - print the RSA key modulus * -check - verify key consistency @@ -211,6 +214,10 @@ bad: #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); + BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); diff --git a/apps/smime.c b/apps/smime.c index 250fd69a98..06efef0913 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -160,6 +160,14 @@ int MAIN(int argc, char **argv) cipher = EVP_aes_192_cbc(); else if (!strcmp(*args,"-aes256")) cipher = EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (!strcmp(*args,"-camellia128")) + cipher = EVP_camellia_128_cbc(); + else if (!strcmp(*args,"-camellia192")) + cipher = EVP_camellia_192_cbc(); + else if (!strcmp(*args,"-camellia256")) + cipher = EVP_camellia_256_cbc(); #endif else if (!strcmp (*args, "-text")) flags |= PKCS7_TEXT; @@ -423,6 +431,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); #endif BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); BIO_printf (bio_err, "-nosigs don't verify message signature\n"); diff --git a/apps/speed.c b/apps/speed.c index 7082c37ccc..7858aee76e 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -164,6 +164,9 @@ #ifndef OPENSSL_NO_AES #include #endif +#ifndef OPENSSL_NO_CAMELLIA +#include +#endif #ifndef OPENSSL_NO_MD2 #include #endif @@ -269,7 +272,7 @@ static void print_result(int alg,int run_no,int count,double time_used); static int do_multi(int multi); #endif -#define ALGOR_NUM 21 +#define ALGOR_NUM 24 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 @@ -281,7 +284,9 @@ static const char *names[ALGOR_NUM]={ "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", "des cbc","des ede3","idea cbc", "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", - "aes-128 cbc","aes-192 cbc","aes-256 cbc","evp","sha256","sha512"}; + "aes-128 cbc","aes-192 cbc","aes-256 cbc", + "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", + "evp","sha256","sha512"}; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static double rsa_results[RSA_NUM][2]; @@ -548,6 +553,17 @@ int MAIN(int argc, char **argv) 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; #endif +#ifndef OPENSSL_NO_CAMELLIA + static const unsigned char ckey24[24]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; + static const unsigned char ckey32[32]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, + 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; +#endif #ifndef OPENSSL_NO_AES #define MAX_BLOCK_SIZE 128 #else @@ -567,6 +583,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES AES_KEY aes_ks1, aes_ks2, aes_ks3; #endif +#ifndef OPENSSL_NO_CAMELLIA + CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3; +#endif #define D_MD2 0 #define D_MDC2 1 #define D_MD4 2 @@ -585,9 +604,12 @@ int MAIN(int argc, char **argv) #define D_CBC_128_AES 15 #define D_CBC_192_AES 16 #define D_CBC_256_AES 17 -#define D_EVP 18 -#define D_SHA256 19 -#define D_SHA512 20 +#define D_CBC_128_CML 18 +#define D_CBC_192_CML 19 +#define D_CBC_256_CML 20 +#define D_EVP 21 +#define D_SHA256 22 +#define D_SHA512 23 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 @@ -930,6 +952,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; else #endif +#ifndef OPENSSL_NO_CAMELLIA + if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1; + else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1; + else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1; + else +#endif #ifndef OPENSSL_NO_RSA #if 0 /* was: #ifdef RSAref */ if (strcmp(*argv,"rsaref") == 0) @@ -1000,6 +1028,15 @@ int MAIN(int argc, char **argv) } else #endif +#ifndef OPENSSL_NO_CAMELLIA + if (strcmp(*argv,"camellia") == 0) + { + doit[D_CBC_128_CML]=1; + doit[D_CBC_192_CML]=1; + doit[D_CBC_256_CML]=1; + } + else +#endif #ifndef OPENSSL_NO_RSA if (strcmp(*argv,"rsa") == 0) { @@ -1126,6 +1163,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); #endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc "); +#endif #ifndef OPENSSL_NO_RC4 BIO_printf(bio_err,"rc4"); #endif @@ -1163,6 +1204,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf(bio_err,"aes "); #endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err,"camellia "); +#endif #ifndef OPENSSL_NO_RSA BIO_printf(bio_err,"rsa "); #endif @@ -1171,7 +1215,8 @@ int MAIN(int argc, char **argv) #endif #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \ - !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) + !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) || \ + !defined(OPENSSL_NO_CAMELLIA) BIO_printf(bio_err,"\n"); #endif @@ -1265,6 +1310,11 @@ int MAIN(int argc, char **argv) AES_set_encrypt_key(key24,192,&aes_ks2); AES_set_encrypt_key(key32,256,&aes_ks3); #endif +#ifndef OPENSSL_NO_CAMELLIA + Camellia_set_key(key16,128,&camellia_ks1); + Camellia_set_key(ckey24,192,&camellia_ks2); + Camellia_set_key(ckey32,256,&camellia_ks3); +#endif #ifndef OPENSSL_NO_IDEA idea_set_encrypt_key(key16,&idea_ks); #endif @@ -1318,6 +1368,9 @@ int MAIN(int argc, char **argv) c[D_CBC_128_AES][0]=count; c[D_CBC_192_AES][0]=count; c[D_CBC_256_AES][0]=count; + c[D_CBC_128_CML][0]=count; + c[D_CBC_192_CML][0]=count; + c[D_CBC_256_CML][0]=count; c[D_SHA256][0]=count; c[D_SHA512][0]=count; @@ -1350,6 +1403,9 @@ int MAIN(int argc, char **argv) c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1; c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1; c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1; + c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1; + c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1; + c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1; } #ifndef OPENSSL_NO_RSA rsa_c[R_RSA_512][0]=count/2000; @@ -1743,6 +1799,51 @@ int MAIN(int argc, char **argv) } } +#endif +#ifndef OPENSSL_NO_CAMELLIA + if (doit[D_CBC_128_CML]) + { + for (j=0; j + +cipher suites using Camellia. + =back =head1 CIPHER SUITE NAMES @@ -330,6 +334,24 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA +=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0 + + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA + + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented. + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented. + + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA + + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA + =head2 Additional Export 1024 and other cipher suites Note: these ciphers can also be used in SSL v3. diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index 84b673f791..caf2d2689e 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -20,6 +20,9 @@ B B [B<-aes128>] [B<-aes192>] [B<-aes256>] +[B<-camellia128>] +[B<-camellia192>] +[B<-camellia256>] [B<-in file>] [B<-certfile file>] [B<-signer file>] @@ -129,10 +132,10 @@ B<-verify>. This directory must be a standard certificate directory: that is a hash of each subject name (using B) should be linked to each certificate. -=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256> +=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256> the encryption algorithm to use. DES (56 bits), triple DES (168 bits), -40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not +40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively. If not specified 40 bit RC2 is used. Only used with B<-encrypt>. =item B<-nointern> @@ -354,6 +357,10 @@ alternatively you can base64 decode the signature and use openssl smime -verify -inform DER -in signature.der -content content.txt +Create an encrypted message using 128 bit Camellia: + + openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem + =head1 BUGS The MIME parser isn't very clever: it seems to handle most messages that I've thrown diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 401ddd7d3d..ca38c86158 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -902,6 +902,89 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, +#ifndef OPENSSL_NO_CAMELLIA + /* Camellia ciphersuites from RFC4132 (128-bit portion) */ + + /* Cipher 41 */ + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 42 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 43 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 44 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 45 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 46 */ + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, +#endif /* OPENSSL_NO_CAMELLIA */ + #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES /* New TLS Export CipherSuites */ /* Cipher 60 */ @@ -996,6 +1079,90 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS }, #endif + +#ifndef OPENSSL_NO_CAMELLIA + /* Camellia ciphersuites from RFC4132 (256-bit portion) */ + + /* Cipher 84 */ + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 85 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 86 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 87 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 88 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 89 */ + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, +#endif /* OPENSSL_NO_CAMELLIA */ + #ifndef OPENSSL_NO_ECDH /* Cipher C001 */ { @@ -1348,6 +1515,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, #endif /* OPENSSL_NO_ECDH */ + /* end of list */ }; diff --git a/ssl/ssl.h b/ssl/ssl.h index c87e5f8429..66e9a4d6c4 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -282,6 +282,7 @@ extern "C" { #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" #define SSL_TXT_AES "AES" +#define SSL_TXT_CAMELLIA "CAMELLIA" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index ac82d45a9c..3d93c5ab78 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -82,6 +82,15 @@ int SSL_library_init(void) EVP_add_cipher(EVP_aes_192_cbc()); EVP_add_cipher(EVP_aes_256_cbc()); #endif + + +/* The Camellia algorithm is registered in the management table of EVP. */ +#ifndef OPENSSL_NO_CAMELLIA + EVP_add_cipher(EVP_camellia_128_cbc()); + EVP_add_cipher(EVP_camellia_256_cbc()); +#endif + + #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 441507f494..1f884c5a6b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -75,6 +75,11 @@ #define SSL_ENC_AES128_IDX 7 #define SSL_ENC_AES256_IDX 8 #define SSL_ENC_NUM_IDX 9 +#define SSL_ENC_CAMELLIA128_IDX 9 +#define SSL_ENC_CAMELLIA256_IDX 10 +#undef SSL_ENC_NUM_IDX +#define SSL_ENC_NUM_IDX 11 + static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ NULL,NULL,NULL,NULL,NULL,NULL, @@ -141,6 +146,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, @@ -185,6 +191,10 @@ void ssl_load_ciphers(void) EVP_get_cipherbyname(SN_aes_128_cbc); ssl_cipher_methods[SSL_ENC_AES256_IDX]= EVP_get_cipherbyname(SN_aes_256_cbc); + ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= + EVP_get_cipherbyname(SN_camellia_128_cbc); + ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= + EVP_get_cipherbyname(SN_camellia_256_cbc); ssl_digest_methods[SSL_MD_MD5_IDX]= EVP_get_digestbyname(SN_md5); @@ -293,6 +303,15 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, default: i=-1; break; } break; + case SSL_CAMELLIA: + switch(c->alg_bits) + { + case 128: i=SSL_ENC_CAMELLIA128_IDX; break; + case 256: i=SSL_ENC_CAMELLIA256_IDX; break; + default: i=-1; break; + } + break; + default: i= -1; break; @@ -381,6 +400,7 @@ static unsigned long ssl_cipher_get_disabled(void) mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; + mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0; mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; @@ -1067,6 +1087,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) default: enc="AES(?""?""?)"; break; } break; + case SSL_CAMELLIA: + switch(cipher->strength_bits) + { + case 128: enc="Camellia(128)"; break; + case 256: enc="Camellia(256)"; break; + default: enc="Camellia(?""?""?)"; break; + } + break; + default: enc="unknown"; break; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 0bebaf02bc..786d9886b4 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -278,7 +278,7 @@ #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) -#define SSL_ENC_MASK 0x043F8000L +#define SSL_ENC_MASK 0x0C3F8000L #define SSL_DES 0x00008000L #define SSL_3DES 0x00010000L #define SSL_RC4 0x00020000L @@ -287,6 +287,7 @@ #define SSL_eFZA 0x00100000L #define SSL_eNULL 0x00200000L #define SSL_AES 0x04000000L +#define SSL_CAMELLIA 0x08000000L #define SSL_MAC_MASK 0x00c00000L #define SSL_MD5 0x00400000L @@ -298,7 +299,7 @@ #define SSL_SSLV3 0x02000000L #define SSL_TLSV1 SSL_SSLV3 /* for now */ -/* we have used 07ffffff - 5 bits left to go. */ +/* we have used 0fffffff - 4 bits left to go. */ /* * Export and cipher strength information. For each cipher we have to decide diff --git a/ssl/tls1.h b/ssl/tls1.h index f8a215e6e9..c3155e6fa8 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -125,6 +125,21 @@ extern "C" { #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A +/* Camellia ciphersuites from RFC4132 */ +#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 @@ -217,6 +232,22 @@ extern "C" { #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" +/* Camellia ciphersuites form RFC4132 */ +#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + + #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 diff --git a/util/libeay.num b/util/libeay.num index f8555a1a45..aa059f68d5 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3380,3 +3380,32 @@ get_rfc2409_prime_768 3780 EXIST::FUNCTION: X509_VERIFY_PARAM_get_flags 3781 EXIST::FUNCTION: EVP_CIPHER_CTX_new 3782 EXIST::FUNCTION: EVP_CIPHER_CTX_free 3783 EXIST::FUNCTION: +Camellia_cbc_encrypt 3784 EXIST::FUNCTION:CAMELLIA +Camellia_cfb128_encrypt 3785 EXIST::FUNCTION:CAMELLIA +Camellia_cfb1_encrypt 3786 EXIST::FUNCTION:CAMELLIA +Camellia_cfb8_encrypt 3787 EXIST::FUNCTION:CAMELLIA +Camellia_ctr128_encrypt 3788 EXIST::FUNCTION:CAMELLIA +Camellia_cfbr_encrypt_block 3789 EXIST::FUNCTION:CAMELLIA +Camellia_decrypt 3790 EXIST::FUNCTION:CAMELLIA +Camellia_ecb_encrypt 3791 EXIST::FUNCTION:CAMELLIA +Camellia_encrypt 3792 EXIST::FUNCTION:CAMELLIA +Camellia_ofb128_encrypt 3793 EXIST::FUNCTION:CAMELLIA +Camellia_set_key 3794 EXIST::FUNCTION:CAMELLIA +EVP_camellia_128_cbc 3795 EXIST::FUNCTION:CAMELLIA +EVP_camellia_128_cfb128 3796 EXIST::FUNCTION:CAMELLIA +EVP_camellia_128_cfb1 3797 EXIST::FUNCTION:CAMELLIA +EVP_camellia_128_cfb8 3798 EXIST::FUNCTION:CAMELLIA +EVP_camellia_128_ecb 3799 EXIST::FUNCTION:CAMELLIA +EVP_camellia_128_ofb 3800 EXIST::FUNCTION:CAMELLIA +EVP_camellia_192_cbc 3801 EXIST::FUNCTION:CAMELLIA +EVP_camellia_192_cfb128 3802 EXIST::FUNCTION:CAMELLIA +EVP_camellia_192_cfb1 3803 EXIST::FUNCTION:CAMELLIA +EVP_camellia_192_cfb8 3804 EXIST::FUNCTION:CAMELLIA +EVP_camellia_192_ecb 3805 EXIST::FUNCTION:CAMELLIA +EVP_camellia_192_ofb 3806 EXIST::FUNCTION:CAMELLIA +EVP_camellia_256_cbc 3807 EXIST::FUNCTION:CAMELLIA +EVP_camellia_256_cfb128 3808 EXIST::FUNCTION:CAMELLIA +EVP_camellia_256_cfb1 3809 EXIST::FUNCTION:CAMELLIA +EVP_camellia_256_cfb8 3810 EXIST::FUNCTION:CAMELLIA +EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA +EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA diff --git a/util/mk1mf.pl b/util/mk1mf.pl index dc5416af4d..eb61417955 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -63,7 +63,7 @@ and [options] can be one of no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest no-ripemd no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher - no-bf no-cast no-aes + no-bf no-cast no-aes no-camellia no-rsa no-dsa no-dh - Skip this public key cipher no-ssl2 no-ssl3 - Skip this version of SSL just-ssl - remove all non-ssl keys/digest @@ -197,6 +197,7 @@ $cflags= "$xcflags$cflags" if $xcflags ne ""; $cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; $cflags.=" -DOPENSSL_NO_AES" if $no_aes; +$cflags.=" -DOPENSSL_NO_CAMELLIA" if $no_camellia; $cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; $cflags.=" -DOPENSSL_NO_RC4" if $no_rc4; $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5; @@ -728,6 +729,7 @@ sub var_add return("") if $no_hw && $dir =~ /\/hw/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; + return("") if $no_camellia && $dir =~ /\/camellia/; return("") if $no_rc2 && $dir =~ /\/rc2/; return("") if $no_rc4 && $dir =~ /\/rc4/; return("") if $no_rc5 && $dir =~ /\/rc5/; @@ -761,6 +763,7 @@ sub var_add @a=grep(!/^e_.*_bf$/,@a) if $no_bf; @a=grep(!/^e_.*_c$/,@a) if $no_cast; @a=grep(!/^e_rc4$/,@a) if $no_rc4; + @a=grep(!/^e_camellia$/,@a) if $no_camellia; @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; @@ -972,6 +975,7 @@ sub read_options "no-rc5" => \$no_rc5, "no-idea" => \$no_idea, "no-aes" => \$no_aes, + "no-camellia" => \$no_camellia, "no-des" => \$no_des, "no-bf" => \$no_bf, "no-cast" => \$no_cast, @@ -989,6 +993,7 @@ sub read_options "no-dh" => \$no_dh, "no-hmac" => \$no_hmac, "no-aes" => \$no_aes, + "no-camellia" => \$no_camellia, "no-asm" => \$no_asm, "nasm" => \$nasm, "nw-nasm" => \$nw_nasm, @@ -1008,7 +1013,7 @@ sub read_options [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5, - \$no_aes], + \$no_aes, \$no_camellia], "rsaref" => 0, "gcc" => \$gcc, "debug" => \$debug, diff --git a/util/mkdef.pl b/util/mkdef.pl index 24386009bf..38b92bcedf 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -84,7 +84,7 @@ my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "SHA256", "SHA512", "RIPEMD", - "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", + "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", # Envelope "algorithms" "EVP", "X509", "ASN1_TYPEDEFS", # Helper "algorithms" @@ -111,7 +111,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; +my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; @@ -175,6 +175,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-ecdh$/) { $no_ecdh=1; } elsif (/^no-hmac$/) { $no_hmac=1; } elsif (/^no-aes$/) { $no_aes=1; } + elsif (/^no-camellia$/) { $no_camellia=1; } elsif (/^no-evp$/) { $no_evp=1; } elsif (/^no-lhash$/) { $no_lhash=1; } elsif (/^no-stack$/) { $no_stack=1; } @@ -240,6 +241,7 @@ $crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2; $crypto.=" crypto/sha/sha.h" ; # unless $no_sha; $crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd; $crypto.=" crypto/aes/aes.h" ; # unless $no_aes; +$crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia; $crypto.=" crypto/bn/bn.h"; $crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa; @@ -1089,6 +1091,7 @@ sub is_valid if ($keyword eq "ECDH" && $no_ecdh) { return 0; } if ($keyword eq "HMAC" && $no_hmac) { return 0; } if ($keyword eq "AES" && $no_aes) { return 0; } + if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; } if ($keyword eq "EVP" && $no_evp) { return 0; } if ($keyword eq "LHASH" && $no_lhash) { return 0; } if ($keyword eq "STACK" && $no_stack) { return 0; } diff --git a/util/mkfiles.pl b/util/mkfiles.pl index cb0e282fa8..f55d5b695b 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -24,6 +24,7 @@ my @dirs = ( "crypto/bf", "crypto/cast", "crypto/aes", +"crypto/camellia", "crypto/bn", "crypto/rsa", "crypto/dsa", -- 2.25.1