From 600680c6c399c53893f5b8849092326640698c14 Mon Sep 17 00:00:00 2001 From: christos Date: Mon, 13 Nov 2006 21:55:36 +0000 Subject: [PATCH] merge conflicts. --- crypto/dist/openssl/CHANGES | 160 ++++++++++++++++ crypto/dist/openssl/FAQ | 7 +- crypto/dist/openssl/apps/enc.c | 8 +- crypto/dist/openssl/apps/openssl.c | 10 +- crypto/dist/openssl/apps/progs.h | 18 ++ crypto/dist/openssl/apps/smime.c | 18 +- crypto/dist/openssl/apps/speed.c | 113 +++++++++++- crypto/dist/openssl/crypto/aes/aes.h | 11 ++ crypto/dist/openssl/crypto/asn1/tasn_dec.c | 7 +- crypto/dist/openssl/crypto/dh/dh.h | 3 +- crypto/dist/openssl/crypto/dh/dh_err.c | 1 + crypto/dist/openssl/crypto/dh/dh_key.c | 2 +- crypto/dist/openssl/crypto/dsa/dsa.h | 1 - crypto/dist/openssl/crypto/dsa/dsa_err.c | 6 +- crypto/dist/openssl/crypto/ec/ec.h | 7 + crypto/dist/openssl/crypto/err/err.c | 15 +- crypto/dist/openssl/crypto/evp/c_allc.c | 28 +++ crypto/dist/openssl/crypto/evp/evp.h | 25 +++ crypto/dist/openssl/crypto/opensslconf.h | 6 + crypto/dist/openssl/crypto/opensslv.h | 6 +- crypto/dist/openssl/crypto/pkcs7/pk7_smime.c | 4 +- crypto/dist/openssl/crypto/rsa/rsa.h | 7 +- crypto/dist/openssl/crypto/rsa/rsa_eay.c | 81 ++++++-- crypto/dist/openssl/crypto/rsa/rsa_err.c | 1 + crypto/dist/openssl/crypto/rsa/rsa_sign.c | 2 +- crypto/dist/openssl/doc/apps/ciphers.pod | 26 ++- crypto/dist/openssl/doc/apps/smime.pod | 11 +- crypto/dist/openssl/ms/mingw32.bat | 184 ++++++++++--------- crypto/dist/openssl/ssl/s2_clnt.c | 4 +- crypto/dist/openssl/ssl/s2_lib.c | 2 +- crypto/dist/openssl/ssl/s3_lib.c | 174 +++++++++++++++++- crypto/dist/openssl/ssl/ssl.h | 9 +- crypto/dist/openssl/ssl/ssl_cert.c | 28 ++- crypto/dist/openssl/ssl/ssl_ciph.c | 178 ++++++++++++++---- crypto/dist/openssl/ssl/ssl_locl.h | 5 +- crypto/dist/openssl/util/mkdef.pl | 7 +- 36 files changed, 974 insertions(+), 201 deletions(-) diff --git a/crypto/dist/openssl/CHANGES b/crypto/dist/openssl/CHANGES index ce9de568caac..b25fde566438 100644 --- a/crypto/dist/openssl/CHANGES +++ b/crypto/dist/openssl/CHANGES @@ -2,6 +2,108 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8c and 0.9.8d [28 Sep 2006] + + *) Introduce limits to prevent malicious keys being able to + cause a denial of service. (CVE-2006-2940) + [Steve Henson, Bodo Moeller] + + *) Fix ASN.1 parsing of certain invalid structures that can result + in a denial of service. (CVE-2006-2937) [Steve Henson] + + *) Fix buffer overflow in SSL_get_shared_ciphers() function. + (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Fix SSL client code which could crash if connecting to a + malicious SSLv2 server. (CVE-2006-4343) + [Tavis Ormandy and Will Drewry, Google Security Team] + + *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites + match only those. Before that, "AES256-SHA" would be interpreted + as a pattern and match "AES128-SHA" too (since AES128-SHA got + the same strength classification in 0.9.7h) as we currently only + have a single AES bit in the ciphersuite description bitmap. + That change, however, also applied to ciphersuite strings such as + "RC4-MD5" that intentionally matched multiple ciphersuites -- + namely, SSL 2.0 ciphersuites in addition to the more common ones + from SSL 3.0/TLS 1.0. + + So we change the selection algorithm again: Naming an explicit + ciphersuite selects this one ciphersuite, and any other similar + ciphersuite (same bitmap) from *other* protocol versions. + Thus, "RC4-MD5" again will properly select both the SSL 2.0 + ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite. + + Since SSL 2.0 does not have any ciphersuites for which the + 128/256 bit distinction would be relevant, this works for now. + The proper fix will be to use different bits for AES128 and + AES256, which would have avoided the problems from the beginning; + however, bits are scarce, so we can only do this in a new release + (not just a patchlevel) when we can change the SSL_CIPHER + definition to split the single 'unsigned long mask' bitmap into + multiple values to extend the available space. + + [Bodo Moeller] + + Changes between 0.9.8b and 0.9.8c [05 Sep 2006] + + *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher + (CVE-2006-4339) [Ben Laurie and Google Security Team] + + *) Add AES IGE and biIGE modes. + [Ben Laurie] + + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + + *) Disable "ECCdraft" ciphersuites more thoroughly. Now special + treatment in ssl/ssl_ciph.s makes sure that these ciphersuites + cannot be implicitly activated as part of, e.g., the "AES" alias. + However, please upgrade to OpenSSL 0.9.9[-dev] for + non-experimental use of the ECC ciphersuites to get TLS extension + support, which is required for curve and point format negotiation + to avoid potential handshake problems. + [Bodo Moeller] + + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactive the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + + *) Fix RSA blinding Heisenbug (problems sometimes occured on + dual-core machines) and other potential thread-safety issues. + [Bodo Moeller] + + *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key + versions), which is now available for royalty-free use + (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html). + Also, add Camellia TLS ciphersuites from RFC 4132. + + To minimize changes between patchlevels in the OpenSSL 0.9.8 + series, Camellia remains excluded from compilation unless OpenSSL + is configured with 'enable-camellia'. + [NTT] + + *) Disable the padding bug check when compression is in use. The padding + bug check assumes the first packet is of even length, this is not + necessarily true if compresssion is enabled and can result in false + positives causing handshake failure. The actual bug test is ancient + code so it is hoped that implementations will either have fixed it by + now or any which still have the bug do not support compression. + [Steve Henson] + Changes between 0.9.8a and 0.9.8b [04 May 2006] *) When applying a cipher rule check to see if string match is an explicit @@ -84,6 +186,9 @@ Changes between 0.9.7h and 0.9.8 [05 Jul 2005] + [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after + OpenSSL 0.9.8.] + *) Add libcrypto.pc and libssl.pc for those who feel they need them. [Richard Levitte] @@ -901,6 +1006,61 @@ differing sizes. [Richard Levitte] + Changes between 0.9.7k and 0.9.7l [xx XXX xxxx] + + *) Change ciphersuite string processing so that an explicit + ciphersuite selects this one ciphersuite (so that "AES256-SHA" + will no longer include "AES128-SHA"), and any other similar + ciphersuite (same bitmap) from *other* protocol versions (so that + "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the + SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining + changes from 0.9.8b and 0.9.8d. + [Bodo Moeller] + + Changes between 0.9.7j and 0.9.7k [05 Sep 2006] + + *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher + (CVE-2006-4339) [Ben Laurie and Google Security Team] + + *) Change the Unix randomness entropy gathering to use poll() when + possible instead of select(), since the latter has some + undesirable limitations. + [Darryl Miles via Richard Levitte and Bodo Moeller] + + *) Disable rogue ciphersuites: + + - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5") + - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5") + - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5") + + The latter two were purportedly from + draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really + appear there. + + Also deactive the remaining ciphersuites from + draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as + unofficial, and the ID has long expired. + [Bodo Moeller] + + *) Fix RSA blinding Heisenbug (problems sometimes occured on + dual-core machines) and other potential thread-safety issues. + [Bodo Moeller] + + Changes between 0.9.7i and 0.9.7j [04 May 2006] + + *) Adapt fipsld and the build system to link against the validated FIPS + module in FIPS mode. + [Steve Henson] + + *) Fixes for VC++ 2005 build under Windows. + [Steve Henson] + + *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make + from a Windows bash shell such as MSYS. It is autodetected from the + "config" script when run from a VC++ environment. Modify standard VC++ + build to use fipscanister.o from the GNU make build. + [Steve Henson] + Changes between 0.9.7h and 0.9.7i [14 Oct 2005] *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS. diff --git a/crypto/dist/openssl/FAQ b/crypto/dist/openssl/FAQ index c31c1ee36ed9..bee5094c50e2 100644 --- a/crypto/dist/openssl/FAQ +++ b/crypto/dist/openssl/FAQ @@ -74,7 +74,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.8b was released on May 4th, 2006. +OpenSSL 0.9.8d was released on September 28th, 2006. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at name != NULL; fp++) { nl=0; +#ifdef OPENSSL_NO_CAMELLIA if (((i++) % 5) == 0) +#else + if (((i++) % 4) == 0) +#endif { BIO_printf(bio_err,"\n"); nl=1; @@ -466,7 +470,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n"); } } +#ifdef OPENSSL_NO_CAMELLIA BIO_printf(bio_err,"%-15s",fp->name); +#else + BIO_printf(bio_err,"%-18s",fp->name); +#endif } BIO_printf(bio_err,"\n\n"); ret=0; diff --git a/crypto/dist/openssl/apps/progs.h b/crypto/dist/openssl/apps/progs.h index dc665c53a704..011974b216e0 100644 --- a/crypto/dist/openssl/apps/progs.h +++ b/crypto/dist/openssl/apps/progs.h @@ -165,6 +165,24 @@ FUNCTION functions[] = { #endif #ifndef OPENSSL_NO_AES {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main}, +#endif +#ifndef OPENSSL_NO_CAMELLIA + {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main}, #endif {FUNC_TYPE_CIPHER,"base64",enc_main}, #ifndef OPENSSL_NO_DES diff --git a/crypto/dist/openssl/apps/smime.c b/crypto/dist/openssl/apps/smime.c index 250fd69a981b..830f18cd8479 100644 --- a/crypto/dist/openssl/apps/smime.c +++ b/crypto/dist/openssl/apps/smime.c @@ -160,6 +160,14 @@ int MAIN(int argc, char **argv) cipher = EVP_aes_192_cbc(); else if (!strcmp(*args,"-aes256")) cipher = EVP_aes_256_cbc(); +#endif +#ifndef OPENSSL_NO_CAMELLIA + else if (!strcmp(*args,"-camellia128")) + cipher = EVP_camellia_128_cbc(); + else if (!strcmp(*args,"-camellia192")) + cipher = EVP_camellia_192_cbc(); + else if (!strcmp(*args,"-camellia256")) + cipher = EVP_camellia_256_cbc(); #endif else if (!strcmp (*args, "-text")) flags |= PKCS7_TEXT; @@ -423,6 +431,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); +#endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); + BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); #endif BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); BIO_printf (bio_err, "-nosigs don't verify message signature\n"); @@ -638,12 +650,6 @@ int MAIN(int argc, char **argv) if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) flags |= PKCS7_STREAM; p7 = PKCS7_sign(signer, key, other, in, flags); - /* Don't need to rewind for partial signing */ - if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) - { - BIO_printf(bio_err, "Can't rewind input file\n"); - goto end; - } } else { diff --git a/crypto/dist/openssl/apps/speed.c b/crypto/dist/openssl/apps/speed.c index e8b61dc41586..1c3acf548244 100644 --- a/crypto/dist/openssl/apps/speed.c +++ b/crypto/dist/openssl/apps/speed.c @@ -164,6 +164,9 @@ #ifndef OPENSSL_NO_AES #include #endif +#ifndef OPENSSL_NO_CAMELLIA +#include +#endif #ifndef OPENSSL_NO_MD2 #include #endif @@ -269,7 +272,7 @@ static void print_result(int alg,int run_no,int count,double time_used); static int do_multi(int multi); #endif -#define ALGOR_NUM 21 +#define ALGOR_NUM 24 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 @@ -281,7 +284,9 @@ static const char *names[ALGOR_NUM]={ "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", "des cbc","des ede3","idea cbc", "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", - "aes-128 cbc","aes-192 cbc","aes-256 cbc","evp","sha256","sha512"}; + "aes-128 cbc","aes-192 cbc","aes-256 cbc", + "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", + "evp","sha256","sha512"}; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static double rsa_results[RSA_NUM][2]; @@ -548,6 +553,17 @@ int MAIN(int argc, char **argv) 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; #endif +#ifndef OPENSSL_NO_CAMELLIA + static const unsigned char ckey24[24]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; + static const unsigned char ckey32[32]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, + 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; +#endif #ifndef OPENSSL_NO_AES #define MAX_BLOCK_SIZE 128 #else @@ -567,6 +583,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES AES_KEY aes_ks1, aes_ks2, aes_ks3; #endif +#ifndef OPENSSL_NO_CAMELLIA + CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3; +#endif #define D_MD2 0 #define D_MDC2 1 #define D_MD4 2 @@ -585,9 +604,12 @@ int MAIN(int argc, char **argv) #define D_CBC_128_AES 15 #define D_CBC_192_AES 16 #define D_CBC_256_AES 17 -#define D_EVP 18 -#define D_SHA256 19 -#define D_SHA512 20 +#define D_CBC_128_CML 18 +#define D_CBC_192_CML 19 +#define D_CBC_256_CML 20 +#define D_EVP 21 +#define D_SHA256 22 +#define D_SHA512 23 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 @@ -930,6 +952,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; else #endif +#ifndef OPENSSL_NO_CAMELLIA + if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1; + else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1; + else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1; + else +#endif #ifndef OPENSSL_NO_RSA #if 0 /* was: #ifdef RSAref */ if (strcmp(*argv,"rsaref") == 0) @@ -1000,6 +1028,15 @@ int MAIN(int argc, char **argv) } else #endif +#ifndef OPENSSL_NO_CAMELLIA + if (strcmp(*argv,"camellia") == 0) + { + doit[D_CBC_128_CML]=1; + doit[D_CBC_192_CML]=1; + doit[D_CBC_256_CML]=1; + } + else +#endif #ifndef OPENSSL_NO_RSA if (strcmp(*argv,"rsa") == 0) { @@ -1126,6 +1163,10 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); #endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc "); +#endif #ifndef OPENSSL_NO_RC4 BIO_printf(bio_err,"rc4"); #endif @@ -1163,6 +1204,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_AES BIO_printf(bio_err,"aes "); #endif +#ifndef OPENSSL_NO_CAMELLIA + BIO_printf(bio_err,"camellia "); +#endif #ifndef OPENSSL_NO_RSA BIO_printf(bio_err,"rsa "); #endif @@ -1171,7 +1215,8 @@ int MAIN(int argc, char **argv) #endif #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \ - !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) + !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) || \ + !defined(OPENSSL_NO_CAMELLIA) BIO_printf(bio_err,"\n"); #endif @@ -1265,6 +1310,11 @@ int MAIN(int argc, char **argv) AES_set_encrypt_key(key24,192,&aes_ks2); AES_set_encrypt_key(key32,256,&aes_ks3); #endif +#ifndef OPENSSL_NO_CAMELLIA + Camellia_set_key(key16,128,&camellia_ks1); + Camellia_set_key(ckey24,192,&camellia_ks2); + Camellia_set_key(ckey32,256,&camellia_ks3); +#endif #ifndef OPENSSL_NO_IDEA idea_set_encrypt_key(key16,&idea_ks); #endif @@ -1318,6 +1368,9 @@ int MAIN(int argc, char **argv) c[D_CBC_128_AES][0]=count; c[D_CBC_192_AES][0]=count; c[D_CBC_256_AES][0]=count; + c[D_CBC_128_CML][0]=count; + c[D_CBC_192_CML][0]=count; + c[D_CBC_256_CML][0]=count; c[D_SHA256][0]=count; c[D_SHA512][0]=count; @@ -1350,6 +1403,9 @@ int MAIN(int argc, char **argv) c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1; c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1; c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1; + c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1; + c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1; + c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1; } #ifndef OPENSSL_NO_RSA rsa_c[R_RSA_512][0]=count/2000; @@ -1743,6 +1799,51 @@ int MAIN(int argc, char **argv) } } +#endif +#ifndef OPENSSL_NO_CAMELLIA + if (doit[D_CBC_128_CML]) + { + for (j=0; j #endif - + #ifndef OPENSSL_DH_MAX_MODULUS_BITS # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -225,6 +225,7 @@ void ERR_load_DH_strings(void); /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 #define DH_R_INVALID_PUBKEY 102 +#define DH_R_MODULUS_TOO_LARGE 103 #define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_MODULUS_TOO_LARGE 103 diff --git a/crypto/dist/openssl/crypto/dh/dh_err.c b/crypto/dist/openssl/crypto/dh/dh_err.c index a77911fc050b..7a5482374ce5 100644 --- a/crypto/dist/openssl/crypto/dh/dh_err.c +++ b/crypto/dist/openssl/crypto/dh/dh_err.c @@ -85,6 +85,7 @@ static ERR_STRING_DATA DH_str_reasons[]= {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {0,NULL} }; diff --git a/crypto/dist/openssl/crypto/dh/dh_key.c b/crypto/dist/openssl/crypto/dh/dh_key.c index e8dd663df061..cb5abdcf47c4 100644 --- a/crypto/dist/openssl/crypto/dh/dh_key.c +++ b/crypto/dist/openssl/crypto/dh/dh_key.c @@ -182,7 +182,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); - return -1; + goto err; } ctx = BN_CTX_new(); diff --git a/crypto/dist/openssl/crypto/dsa/dsa.h b/crypto/dist/openssl/crypto/dsa/dsa.h index 3b0b5b4d7c8f..3a8fe5b56bbd 100644 --- a/crypto/dist/openssl/crypto/dsa/dsa.h +++ b/crypto/dist/openssl/crypto/dsa/dsa.h @@ -279,7 +279,6 @@ void ERR_load_DSA_strings(void); #define DSA_R_MISSING_PARAMETERS 101 #define DSA_R_MODULUS_TOO_LARGE 103 - #ifdef __cplusplus } #endif diff --git a/crypto/dist/openssl/crypto/dsa/dsa_err.c b/crypto/dist/openssl/crypto/dsa/dsa_err.c index e08fc7816111..d7fac691546d 100644 --- a/crypto/dist/openssl/crypto/dsa/dsa_err.c +++ b/crypto/dist/openssl/crypto/dsa/dsa_err.c @@ -89,10 +89,10 @@ static ERR_STRING_DATA DSA_str_functs[]= static ERR_STRING_DATA DSA_str_reasons[]= { -{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, +{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, -{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, -{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, +{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {0,NULL} }; diff --git a/crypto/dist/openssl/crypto/ec/ec.h b/crypto/dist/openssl/crypto/ec/ec.h index 919c736388dc..3c96fbd0d86d 100644 --- a/crypto/dist/openssl/crypto/ec/ec.h +++ b/crypto/dist/openssl/crypto/ec/ec.h @@ -93,6 +93,10 @@ extern "C" { #endif +#ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +#endif + typedef enum { /* values as defined in X9.62 (ECDSA) and elsewhere */ POINT_CONVERSION_COMPRESSED = 2, @@ -482,6 +486,7 @@ void ERR_load_EC_strings(void); #define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 #define EC_R_DISCRIMINANT_IS_ZERO 118 #define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +#define EC_R_FIELD_TOO_LARGE 138 #define EC_R_GROUP2PKPARAMETERS_FAILURE 120 #define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 #define EC_R_INCOMPATIBLE_OBJECTS 101 @@ -492,7 +497,9 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_FIELD 103 #define EC_R_INVALID_FORM 104 #define EC_R_INVALID_GROUP_ORDER 122 +#define EC_R_INVALID_PENTANOMIAL_BASIS 132 #define EC_R_INVALID_PRIVATE_KEY 123 +#define EC_R_INVALID_TRINOMIAL_BASIS 137 #define EC_R_MISSING_PARAMETERS 124 #define EC_R_MISSING_PRIVATE_KEY 125 #define EC_R_NOT_A_NIST_PRIME 135 diff --git a/crypto/dist/openssl/crypto/err/err.c b/crypto/dist/openssl/crypto/err/err.c index 72e3f3a26c7c..96bd255e50e8 100644 --- a/crypto/dist/openssl/crypto/err/err.c +++ b/crypto/dist/openssl/crypto/err/err.c @@ -548,9 +548,20 @@ static void build_SYS_str_reasons(void) int i; static int init = 1; - if (!init) return; - + CRYPTO_r_lock(CRYPTO_LOCK_ERR); + if (!init) + { + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + return; + } + + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); CRYPTO_w_lock(CRYPTO_LOCK_ERR); + if (!init) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + return; + } for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { diff --git a/crypto/dist/openssl/crypto/evp/c_allc.c b/crypto/dist/openssl/crypto/evp/c_allc.c index fc968123657e..9ba4d0c6e0a4 100644 --- a/crypto/dist/openssl/crypto/evp/c_allc.c +++ b/crypto/dist/openssl/crypto/evp/c_allc.c @@ -183,6 +183,34 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); #endif + +#ifndef OPENSSL_NO_CAMELLIA + EVP_add_cipher(EVP_camellia_128_ecb()); + EVP_add_cipher(EVP_camellia_128_cbc()); + EVP_add_cipher(EVP_camellia_128_cfb()); + EVP_add_cipher(EVP_camellia_128_cfb1()); + EVP_add_cipher(EVP_camellia_128_cfb8()); + EVP_add_cipher(EVP_camellia_128_ofb()); + EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128"); + EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128"); + EVP_add_cipher(EVP_camellia_192_ecb()); + EVP_add_cipher(EVP_camellia_192_cbc()); + EVP_add_cipher(EVP_camellia_192_cfb()); + EVP_add_cipher(EVP_camellia_192_cfb1()); + EVP_add_cipher(EVP_camellia_192_cfb8()); + EVP_add_cipher(EVP_camellia_192_ofb()); + EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192"); + EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192"); + EVP_add_cipher(EVP_camellia_256_ecb()); + EVP_add_cipher(EVP_camellia_256_cbc()); + EVP_add_cipher(EVP_camellia_256_cfb()); + EVP_add_cipher(EVP_camellia_256_cfb1()); + EVP_add_cipher(EVP_camellia_256_cfb8()); + EVP_add_cipher(EVP_camellia_256_ofb()); + EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); + EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); +#endif + PKCS12_PBE_add(); PKCS5_PBE_add(); } diff --git a/crypto/dist/openssl/crypto/evp/evp.h b/crypto/dist/openssl/crypto/evp/evp.h index 116a12ff9489..1b09bd8dfe04 100644 --- a/crypto/dist/openssl/crypto/evp/evp.h +++ b/crypto/dist/openssl/crypto/evp/evp.h @@ -738,6 +738,29 @@ const EVP_CIPHER *EVP_aes_256_ofb(void); const EVP_CIPHER *EVP_aes_256_ctr(void); #endif #endif +#ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +#endif void OPENSSL_add_all_algorithms_noconf(void); void OPENSSL_add_all_algorithms_conf(void); @@ -854,6 +877,7 @@ void ERR_load_EVP_strings(void); /* Function codes. */ #define EVP_F_AES_INIT_KEY 133 +#define EVP_F_CAMELLIA_INIT_KEY 159 #define EVP_F_D2I_PKEY 100 #define EVP_F_DSAPKEY2PKCS8 134 #define EVP_F_DSA_PKEY2PKCS8 135 @@ -897,6 +921,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_BAD_KEY_LENGTH 137 #define EVP_R_BN_DECODE_ERROR 112 #define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 #define EVP_R_CIPHER_PARAMETER_ERROR 122 #define EVP_R_CTRL_NOT_IMPLEMENTED 132 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 diff --git a/crypto/dist/openssl/crypto/opensslconf.h b/crypto/dist/openssl/crypto/opensslconf.h index bf2d185f8d54..430635651458 100644 --- a/crypto/dist/openssl/crypto/opensslconf.h +++ b/crypto/dist/openssl/crypto/opensslconf.h @@ -4,6 +4,9 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif #ifndef OPENSSL_NO_GMP # define OPENSSL_NO_GMP #endif @@ -29,6 +32,9 @@ who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) # define NO_GMP # endif diff --git a/crypto/dist/openssl/crypto/opensslv.h b/crypto/dist/openssl/crypto/opensslv.h index 04d08335f522..ec254a577b6d 100644 --- a/crypto/dist/openssl/crypto/opensslv.h +++ b/crypto/dist/openssl/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090802fL +#define OPENSSL_VERSION_NUMBER 0x0090804f #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8b-fips 04 May 2006" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8d-fips 28 Sep 2006" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8b 04 May 2006" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8d 28 Sep 2006" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/dist/openssl/crypto/pkcs7/pk7_smime.c b/crypto/dist/openssl/crypto/pkcs7/pk7_smime.c index 1f4a0a17952f..dc835e5b8a45 100644 --- a/crypto/dist/openssl/crypto/pkcs7/pk7_smime.c +++ b/crypto/dist/openssl/crypto/pkcs7/pk7_smime.c @@ -127,9 +127,12 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, } } + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); + if (flags & PKCS7_STREAM) return p7; + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); PKCS7_free(p7); @@ -138,7 +141,6 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, SMIME_crlf_copy(data, p7bio, flags); - if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); if (!PKCS7_dataFinal(p7,p7bio)) { PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); diff --git a/crypto/dist/openssl/crypto/rsa/rsa.h b/crypto/dist/openssl/crypto/rsa/rsa.h index 0c3bcc2ccccc..7d25d909aa63 100644 --- a/crypto/dist/openssl/crypto/rsa/rsa.h +++ b/crypto/dist/openssl/crypto/rsa/rsa.h @@ -160,14 +160,14 @@ struct rsa_st }; #ifndef OPENSSL_RSA_MAX_MODULUS_BITS -# define OPENSSL_RSA_MAX_MODULUS_BITS 16400 +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS -# define OPENSSL_RSA_SMALL_MODULUS_BITS 4112 +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 #endif #ifndef OPENSSL_RSA_MAX_PUBEXP_BITS -# define OPENSSL_RSA_MAX_PUBEXP_BITS 72 /* exponent limit enforced for "large" modulus only */ +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ #endif #define RSA_3 0x3L @@ -419,6 +419,7 @@ void ERR_load_RSA_strings(void); #define RSA_R_KEY_SIZE_TOO_SMALL 120 #define RSA_R_MODULUS_TOO_LARGE 105 #define RSA_R_LAST_OCTET_INVALID 134 +#define RSA_R_MODULUS_TOO_LARGE 105 #define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 diff --git a/crypto/dist/openssl/crypto/rsa/rsa_eay.c b/crypto/dist/openssl/crypto/rsa/rsa_eay.c index b728f68207d3..f5c57c932887 100644 --- a/crypto/dist/openssl/crypto/rsa/rsa_eay.c +++ b/crypto/dist/openssl/crypto/rsa/rsa_eay.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -168,6 +168,28 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *buf=NULL; BN_CTX *ctx=NULL; + if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); + return -1; + } + + if (BN_ucmp(rsa->n, rsa->e) <= 0) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); + return -1; + } + + /* for large moduli, enforce exponent limit */ + if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) + { + if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); + return -1; + } + } + if ((ctx=BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); @@ -238,40 +260,63 @@ err: return(r); } -static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx) +static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) { BN_BLINDING *ret; + int got_write_lock = 0; + + CRYPTO_r_lock(CRYPTO_LOCK_RSA); if (rsa->blinding == NULL) { + CRYPTO_r_unlock(CRYPTO_LOCK_RSA); + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + got_write_lock = 1; + if (rsa->blinding == NULL) - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->blinding == NULL) - rsa->blinding = RSA_setup_blinding(rsa, ctx); - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } + rsa->blinding = RSA_setup_blinding(rsa, ctx); } ret = rsa->blinding; if (ret == NULL) - return NULL; + goto err; - if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id()) + if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) { - *local = 0; + /* rsa->blinding is ours! */ + + *local = 1; + } + else + { + /* resort to rsa->mt_blinding instead */ + + *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() + * that the BN_BLINDING is shared, meaning that accesses + * require locks, and that the blinding factor must be + * stored outside the BN_BLINDING + */ + if (rsa->mt_blinding == NULL) { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (!got_write_lock) + { + CRYPTO_r_unlock(CRYPTO_LOCK_RSA); + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + got_write_lock = 1; + } + if (rsa->mt_blinding == NULL) rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); } ret = rsa->mt_blinding; } - else - *local = 1; + err: + if (got_write_lock) + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + else + CRYPTO_r_unlock(CRYPTO_LOCK_RSA); return ret; } @@ -358,7 +403,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { - blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); + blinding = rsa_get_blinding(rsa, &local_blinding, ctx); if (blinding == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); @@ -501,7 +546,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { - blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); + blinding = rsa_get_blinding(rsa, &local_blinding, ctx); if (blinding == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); @@ -617,7 +662,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, return -1; } } - + if((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); diff --git a/crypto/dist/openssl/crypto/rsa/rsa_err.c b/crypto/dist/openssl/crypto/rsa/rsa_err.c index 3466f1aac5fa..d595ab386933 100644 --- a/crypto/dist/openssl/crypto/rsa/rsa_err.c +++ b/crypto/dist/openssl/crypto/rsa/rsa_err.c @@ -138,6 +138,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modululs too large"}, {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, +{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, diff --git a/crypto/dist/openssl/crypto/rsa/rsa_sign.c b/crypto/dist/openssl/crypto/rsa/rsa_sign.c index aa757acdec27..71aabeea1bd7 100644 --- a/crypto/dist/openssl/crypto/rsa/rsa_sign.c +++ b/crypto/dist/openssl/crypto/rsa/rsa_sign.c @@ -196,7 +196,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, /* Parameters to the signature algorithm can also be used to create forgeries */ if(sig->algor->parameter - && sig->algor->parameter->type != V_ASN1_NULL) + && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) { RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; diff --git a/crypto/dist/openssl/doc/apps/ciphers.pod b/crypto/dist/openssl/doc/apps/ciphers.pod index 81a2c43893ef..5a071f5da38c 100644 --- a/crypto/dist/openssl/doc/apps/ciphers.pod +++ b/crypto/dist/openssl/doc/apps/ciphers.pod @@ -125,11 +125,11 @@ the cipher suites not enabled by B, currently being B. =item B "high" encryption cipher suites. This currently means those with key lengths larger -than 128 bits. +than 128 bits, and some cipher suites with 128-bit keys. =item B -"medium" encryption cipher suites, currently those using 128 bit encryption. +"medium" encryption cipher suites, currently some of those using 128 bit encryption. =item B @@ -235,6 +235,10 @@ cipher suites using MD5. cipher suites using SHA1. +=item B + +cipher suites using Camellia. + =back =head1 CIPHER SUITE NAMES @@ -330,6 +334,24 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA +=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0 + + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA + + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented. + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented. + + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA + + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA + =head2 Additional Export 1024 and other cipher suites Note: these ciphers can also be used in SSL v3. diff --git a/crypto/dist/openssl/doc/apps/smime.pod b/crypto/dist/openssl/doc/apps/smime.pod index 84b673f791ea..caf2d2689e62 100644 --- a/crypto/dist/openssl/doc/apps/smime.pod +++ b/crypto/dist/openssl/doc/apps/smime.pod @@ -20,6 +20,9 @@ B B [B<-aes128>] [B<-aes192>] [B<-aes256>] +[B<-camellia128>] +[B<-camellia192>] +[B<-camellia256>] [B<-in file>] [B<-certfile file>] [B<-signer file>] @@ -129,10 +132,10 @@ B<-verify>. This directory must be a standard certificate directory: that is a hash of each subject name (using B) should be linked to each certificate. -=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256> +=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256> the encryption algorithm to use. DES (56 bits), triple DES (168 bits), -40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not +40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively. If not specified 40 bit RC2 is used. Only used with B<-encrypt>. =item B<-nointern> @@ -354,6 +357,10 @@ alternatively you can base64 decode the signature and use openssl smime -verify -inform DER -in signature.der -content content.txt +Create an encrypted message using 128 bit Camellia: + + openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem + =head1 BUGS The MIME parser isn't very clever: it seems to handle most messages that I've thrown diff --git a/crypto/dist/openssl/ms/mingw32.bat b/crypto/dist/openssl/ms/mingw32.bat index 8c7c63e0f265..f9377a86959c 100644 --- a/crypto/dist/openssl/ms/mingw32.bat +++ b/crypto/dist/openssl/ms/mingw32.bat @@ -1,90 +1,94 @@ -@rem OpenSSL with Mingw32+GNU as -@rem --------------------------- - -perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8 - -@echo off - -perl -e "exit 1 if '%1' eq 'no-asm'" -if errorlevel 1 goto noasm - -echo Generating x86 for GNU assember - -echo Bignum -cd crypto\bn\asm -perl bn-586.pl gaswin > bn-win32.s -perl co-586.pl gaswin > co-win32.s -cd ..\..\.. - -echo DES -cd crypto\des\asm -perl des-586.pl gaswin > d-win32.s -cd ..\..\.. - -echo crypt -cd crypto\des\asm -perl crypt586.pl gaswin > y-win32.s -cd ..\..\.. - -echo Blowfish -cd crypto\bf\asm -perl bf-586.pl gaswin > b-win32.s -cd ..\..\.. - -echo CAST5 -cd crypto\cast\asm -perl cast-586.pl gaswin > c-win32.s -cd ..\..\.. - -echo RC4 -cd crypto\rc4\asm -perl rc4-586.pl gaswin > r4-win32.s -cd ..\..\.. - -echo MD5 -cd crypto\md5\asm -perl md5-586.pl gaswin > m5-win32.s -cd ..\..\.. - -echo SHA1 -cd crypto\sha\asm -perl sha1-586.pl gaswin > s1-win32.s -cd ..\..\.. - -echo RIPEMD160 -cd crypto\ripemd\asm -perl rmd-586.pl gaswin > rm-win32.s -cd ..\..\.. - -echo RC5\32 -cd crypto\rc5\asm -perl rc5-586.pl gaswin > r5-win32.s -cd ..\..\.. - -:noasm - -echo Generating makefile -perl util\mkfiles.pl >MINFO -perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak -echo Generating DLL definition files -perl util\mkdef.pl 32 libeay >ms\libeay32.def -if errorlevel 1 goto end -perl util\mkdef.pl 32 ssleay >ms\ssleay32.def -if errorlevel 1 goto end - -rem copy ms\tlhelp32.h outinc - -echo Building the libraries -mingw32-make -f ms/mingw32a.mak -if errorlevel 1 goto end - -echo Generating the DLLs and input libraries -dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32 -if errorlevel 1 goto end -dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a -if errorlevel 1 goto end - -echo Done compiling OpenSSL - -:end - +@rem OpenSSL with Mingw32+GNU as +@rem --------------------------- + +perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8 + +@echo off + +perl -e "exit 1 if '%1' eq 'no-asm'" +if errorlevel 1 goto noasm + +echo Generating x86 for GNU assember + +echo Bignum +cd crypto\bn\asm +perl bn-586.pl gaswin > bn-win32.s +perl co-586.pl gaswin > co-win32.s +cd ..\..\.. + +echo DES +cd crypto\des\asm +perl des-586.pl gaswin > d-win32.s +cd ..\..\.. + +echo crypt +cd crypto\des\asm +perl crypt586.pl gaswin > y-win32.s +cd ..\..\.. + +echo Blowfish +cd crypto\bf\asm +perl bf-586.pl gaswin > b-win32.s +cd ..\..\.. + +echo CAST5 +cd crypto\cast\asm +perl cast-586.pl gaswin > c-win32.s +cd ..\..\.. + +echo RC4 +cd crypto\rc4\asm +perl rc4-586.pl gaswin > r4-win32.s +cd ..\..\.. + +echo MD5 +cd crypto\md5\asm +perl md5-586.pl gaswin > m5-win32.s +cd ..\..\.. + +echo SHA1 +cd crypto\sha\asm +perl sha1-586.pl gaswin > s1-win32.s +cd ..\..\.. + +echo RIPEMD160 +cd crypto\ripemd\asm +perl rmd-586.pl gaswin > rm-win32.s +cd ..\..\.. + +echo RC5\32 +cd crypto\rc5\asm +perl rc5-586.pl gaswin > r5-win32.s +cd ..\..\.. +echo CPUID +cd crypto +perl x86cpuid.pl gaswin > cpu-win32.s +cd .. + +:noasm + +echo Generating makefile +perl util\mkfiles.pl >MINFO +perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak +echo Generating DLL definition files +perl util\mkdef.pl 32 libeay >ms\libeay32.def +if errorlevel 1 goto end +perl util\mkdef.pl 32 ssleay >ms\ssleay32.def +if errorlevel 1 goto end + +rem copy ms\tlhelp32.h outinc + +echo Building the libraries +mingw32-make -f ms/mingw32a.mak +if errorlevel 1 goto end + +echo Generating the DLLs and input libraries +dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32 +if errorlevel 1 goto end +dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a +if errorlevel 1 goto end + +echo Done compiling OpenSSL + +:end + diff --git a/crypto/dist/openssl/ssl/s2_clnt.c b/crypto/dist/openssl/ssl/s2_clnt.c index 3e21a480bef7..ce60de630a7a 100644 --- a/crypto/dist/openssl/ssl/s2_clnt.c +++ b/crypto/dist/openssl/ssl/s2_clnt.c @@ -520,8 +520,8 @@ static int get_server_hello(SSL *s) CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); } - if (s->session->sess_cert == NULL - || s->session->peer != s->session->sess_cert->peer_key->x509) + if (s->session->sess_cert == NULL + || s->session->peer != s->session->sess_cert->peer_key->x509) /* can't happen */ { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); diff --git a/crypto/dist/openssl/ssl/s2_lib.c b/crypto/dist/openssl/ssl/s2_lib.c index d2cce7546d2e..def3a6e89afd 100644 --- a/crypto/dist/openssl/ssl/s2_lib.c +++ b/crypto/dist/openssl/ssl/s2_lib.c @@ -178,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL_ALL_STRENGTHS, }, /* RC4_64_WITH_MD5 */ -#if 1 +#if 0 { 1, SSL2_TXT_RC4_64_WITH_MD5, diff --git a/crypto/dist/openssl/ssl/s3_lib.c b/crypto/dist/openssl/ssl/s3_lib.c index 401ddd7d3d04..0eff243c1298 100644 --- a/crypto/dist/openssl/ssl/s3_lib.c +++ b/crypto/dist/openssl/ssl/s3_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -902,8 +902,92 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, +#ifndef OPENSSL_NO_CAMELLIA + /* Camellia ciphersuites from RFC4132 (128-bit portion) */ + + /* Cipher 41 */ + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 42 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 43 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 44 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 45 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 46 */ + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 128, + 128, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, +#endif /* OPENSSL_NO_CAMELLIA */ + #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES - /* New TLS Export CipherSuites */ + /* New TLS Export CipherSuites from expired ID */ +#if 0 /* Cipher 60 */ { 1, @@ -930,6 +1014,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, +#endif /* Cipher 62 */ { 1, @@ -996,6 +1081,90 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS }, #endif + +#ifndef OPENSSL_NO_CAMELLIA + /* Camellia ciphersuites from RFC4132 (256-bit portion) */ + + /* Cipher 84 */ + { + 1, + TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 85 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 86 */ + { + 0, /* not implemented (non-ephemeral DH) */ + TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 87 */ + { + 1, + TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 88 */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, + /* Cipher 89 */ + { + 1, + TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_HIGH, + 0, + 256, + 256, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS + }, +#endif /* OPENSSL_NO_CAMELLIA */ + #ifndef OPENSSL_NO_ECDH /* Cipher C001 */ { @@ -1348,6 +1517,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, #endif /* OPENSSL_NO_ECDH */ + /* end of list */ }; diff --git a/crypto/dist/openssl/ssl/ssl.h b/crypto/dist/openssl/ssl/ssl.h index c87e5f8429d0..83f1fee80461 100644 --- a/crypto/dist/openssl/ssl/ssl.h +++ b/crypto/dist/openssl/ssl/ssl.h @@ -109,7 +109,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -282,6 +282,7 @@ extern "C" { #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" #define SSL_TXT_AES "AES" +#define SSL_TXT_CAMELLIA "CAMELLIA" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" @@ -315,7 +316,11 @@ extern "C" { /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#ifdef OPENSSL_NO_CAMELLIA +# define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#else +# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:-ECCdraft:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ +#endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ #define SSL_SENT_SHUTDOWN 1 diff --git a/crypto/dist/openssl/ssl/ssl_cert.c b/crypto/dist/openssl/ssl/ssl_cert.c index 452a0822d9a3..fb080093e550 100644 --- a/crypto/dist/openssl/ssl/ssl_cert.c +++ b/crypto/dist/openssl/ssl/ssl_cert.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -73,12 +73,12 @@ * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. + * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written @@ -87,7 +87,7 @@ * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -102,6 +102,11 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. @@ -130,21 +135,28 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void) { static volatile int ssl_x509_store_ctx_idx= -1; + int got_write_lock = 0; + + CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); if (ssl_x509_store_ctx_idx < 0) { - /* any write lock will do; usually this branch - * will only be taken once anyway */ + CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + got_write_lock = 1; if (ssl_x509_store_ctx_idx < 0) { ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( 0,"SSL for verify callback",NULL,NULL,NULL); } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); } + + if (got_write_lock) + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + else + CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + return ssl_x509_store_ctx_idx; } diff --git a/crypto/dist/openssl/ssl/ssl_ciph.c b/crypto/dist/openssl/ssl/ssl_ciph.c index dab0c8e34234..6e30a6152871 100644 --- a/crypto/dist/openssl/ssl/ssl_ciph.c +++ b/crypto/dist/openssl/ssl/ssl_ciph.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * ECC cipher suite support in OpenSSL originally developed by @@ -75,6 +128,11 @@ #define SSL_ENC_AES128_IDX 7 #define SSL_ENC_AES256_IDX 8 #define SSL_ENC_NUM_IDX 9 +#define SSL_ENC_CAMELLIA128_IDX 9 +#define SSL_ENC_CAMELLIA256_IDX 10 +#undef SSL_ENC_NUM_IDX +#define SSL_ENC_NUM_IDX 11 + static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL @@ -141,6 +199,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, + {0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, @@ -185,6 +244,10 @@ void ssl_load_ciphers(void) EVP_get_cipherbyname(SN_aes_128_cbc); ssl_cipher_methods[SSL_ENC_AES256_IDX]= EVP_get_cipherbyname(SN_aes_256_cbc); + ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= + EVP_get_cipherbyname(SN_camellia_128_cbc); + ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= + EVP_get_cipherbyname(SN_camellia_256_cbc); ssl_digest_methods[SSL_MD_MD5_IDX]= EVP_get_digestbyname(SN_md5); @@ -203,36 +266,46 @@ static int sk_comp_cmp(const SSL_COMP * const *a, static void load_builtin_compressions(void) { - if (ssl_comp_methods != NULL) - return; + int got_write_lock = 0; - CRYPTO_w_lock(CRYPTO_LOCK_SSL); + CRYPTO_r_lock(CRYPTO_LOCK_SSL); if (ssl_comp_methods == NULL) { - SSL_COMP *comp = NULL; - - MemCheck_off(); - ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) + CRYPTO_r_unlock(CRYPTO_LOCK_SSL); + CRYPTO_w_lock(CRYPTO_LOCK_SSL); + got_write_lock = 1; + + if (ssl_comp_methods == NULL) { - comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) + SSL_COMP *comp = NULL; + + MemCheck_off(); + ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); + if (ssl_comp_methods != NULL) { - comp->method=COMP_zlib(); - if (comp->method - && comp->method->type == NID_undef) - OPENSSL_free(comp); - else + comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); + if (comp != NULL) { - comp->id=SSL_COMP_ZLIB_IDX; - comp->name=comp->method->name; - sk_SSL_COMP_push(ssl_comp_methods,comp); + comp->method=COMP_zlib(); + if (comp->method + && comp->method->type == NID_undef) + OPENSSL_free(comp); + else + { + comp->id=SSL_COMP_ZLIB_IDX; + comp->name=comp->method->name; + sk_SSL_COMP_push(ssl_comp_methods,comp); + } } } + MemCheck_on(); } - MemCheck_on(); } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); + + if (got_write_lock) + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); + else + CRYPTO_r_unlock(CRYPTO_LOCK_SSL); } #endif @@ -293,6 +366,15 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, default: i=-1; break; } break; + case SSL_CAMELLIA: + switch(c->alg_bits) + { + case 128: i=SSL_ENC_CAMELLIA128_IDX; break; + case 256: i=SSL_ENC_CAMELLIA256_IDX; break; + default: i=-1; break; + } + break; + default: i= -1; break; @@ -381,6 +463,7 @@ static unsigned long ssl_cipher_get_disabled(void) mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; + mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0; mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; @@ -482,7 +565,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, *ca_curr = NULL; /* end of list */ } -static void ssl_cipher_apply_rule(unsigned long cipher_id, +static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version, unsigned long algorithms, unsigned long mask, unsigned long algo_strength, unsigned long mask_strength, int rule, int strength_bits, CIPHER_ORDER *co_list, @@ -509,9 +592,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, cp = curr->cipher; - /* If explicit cipher suite match that one only */ + /* If explicit cipher suite, match only that one for its own protocol version. + * Usual selection criteria will be used for similar ciphersuites from other version! */ - if (cipher_id) + if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) { if (cp->id != cipher_id) continue; @@ -552,8 +636,22 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, { if (!curr->active) { - ll_append_tail(&head, curr, &tail); - curr->active = 1; + int add_this_cipher = 1; + + if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0)) + { + /* Make sure "ECCdraft" ciphersuites are activated only if + * *explicitly* requested, but not implicitly (such as + * as part of the "AES" alias). */ + + add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0; + } + + if (add_this_cipher) + { + ll_append_tail(&head, curr, &tail); + curr->active = 1; + } } } /* Move the added cipher to this location */ @@ -634,7 +732,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, */ for (i = max_strength_bits; i >= 0; i--) if (number_uses[i] > 0) - ssl_cipher_apply_rule(0, 0, 0, 0, 0, CIPHER_ORD, i, + ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, co_list, head_p, tail_p); OPENSSL_free(number_uses); @@ -648,7 +746,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, unsigned long algorithms, mask, algo_strength, mask_strength; const char *l, *start, *buf; int j, multi, found, rule, retval, ok, buflen; - unsigned long cipher_id; + unsigned long cipher_id = 0, ssl_version = 0; char ch; retval = 1; @@ -739,6 +837,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, */ j = found = 0; cipher_id = 0; + ssl_version = 0; while (ca_list[j]) { if (!strncmp(buf, ca_list[j]->name, buflen) && @@ -753,12 +852,6 @@ static int ssl_cipher_process_rulestr(const char *rule_str, if (!found) break; /* ignore this entry */ - if (ca_list[j]->valid) - { - cipher_id = ca_list[j]->id; - break; - } - /* New algorithms: * 1 - any old restrictions apply outside new mask * 2 - any new restrictions apply outside old mask @@ -773,6 +866,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, (algo_strength & ca_list[j]->algo_strength); mask_strength |= ca_list[j]->mask_strength; + /* explicit ciphersuite found */ + if (ca_list[j]->valid) + { + cipher_id = ca_list[j]->id; + ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK; + break; + } + if (!multi) break; } @@ -802,7 +903,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, } else if (found) { - ssl_cipher_apply_rule(cipher_id, algorithms, mask, + ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask, algo_strength, mask_strength, rule, -1, co_list, head_p, tail_p); } @@ -1067,6 +1168,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) default: enc="AES(?""?""?)"; break; } break; + case SSL_CAMELLIA: + switch(cipher->strength_bits) + { + case 128: enc="Camellia(128)"; break; + case 256: enc="Camellia(256)"; break; + default: enc="Camellia(?""?""?)"; break; + } + break; + default: enc="unknown"; break; diff --git a/crypto/dist/openssl/ssl/ssl_locl.h b/crypto/dist/openssl/ssl/ssl_locl.h index 0bebaf02bcd0..786d9886b43b 100644 --- a/crypto/dist/openssl/ssl/ssl_locl.h +++ b/crypto/dist/openssl/ssl/ssl_locl.h @@ -278,7 +278,7 @@ #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) -#define SSL_ENC_MASK 0x043F8000L +#define SSL_ENC_MASK 0x0C3F8000L #define SSL_DES 0x00008000L #define SSL_3DES 0x00010000L #define SSL_RC4 0x00020000L @@ -287,6 +287,7 @@ #define SSL_eFZA 0x00100000L #define SSL_eNULL 0x00200000L #define SSL_AES 0x04000000L +#define SSL_CAMELLIA 0x08000000L #define SSL_MAC_MASK 0x00c00000L #define SSL_MD5 0x00400000L @@ -298,7 +299,7 @@ #define SSL_SSLV3 0x02000000L #define SSL_TLSV1 SSL_SSLV3 /* for now */ -/* we have used 07ffffff - 5 bits left to go. */ +/* we have used 0fffffff - 4 bits left to go. */ /* * Export and cipher strength information. For each cipher we have to decide diff --git a/crypto/dist/openssl/util/mkdef.pl b/crypto/dist/openssl/util/mkdef.pl index 24386009bfbb..38b92bcedfa8 100755 --- a/crypto/dist/openssl/util/mkdef.pl +++ b/crypto/dist/openssl/util/mkdef.pl @@ -84,7 +84,7 @@ my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "SHA256", "SHA512", "RIPEMD", - "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", + "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", # Envelope "algorithms" "EVP", "X509", "ASN1_TYPEDEFS", # Helper "algorithms" @@ -111,7 +111,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; +my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; @@ -175,6 +175,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-ecdh$/) { $no_ecdh=1; } elsif (/^no-hmac$/) { $no_hmac=1; } elsif (/^no-aes$/) { $no_aes=1; } + elsif (/^no-camellia$/) { $no_camellia=1; } elsif (/^no-evp$/) { $no_evp=1; } elsif (/^no-lhash$/) { $no_lhash=1; } elsif (/^no-stack$/) { $no_stack=1; } @@ -240,6 +241,7 @@ $crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2; $crypto.=" crypto/sha/sha.h" ; # unless $no_sha; $crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd; $crypto.=" crypto/aes/aes.h" ; # unless $no_aes; +$crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia; $crypto.=" crypto/bn/bn.h"; $crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa; @@ -1089,6 +1091,7 @@ sub is_valid if ($keyword eq "ECDH" && $no_ecdh) { return 0; } if ($keyword eq "HMAC" && $no_hmac) { return 0; } if ($keyword eq "AES" && $no_aes) { return 0; } + if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; } if ($keyword eq "EVP" && $no_evp) { return 0; } if ($keyword eq "LHASH" && $no_lhash) { return 0; } if ($keyword eq "STACK" && $no_stack) { return 0; }