Rijdael CBC mode and partial undebugged SSL support.

apps/enc.c

@@ -442,6 +442,9 @@ bad:
 
 	if (cipher != NULL)
 		{
+		/* Note that str is NULL if a key was passed on the command
+		 * line, so we get no salt in that case. Is this a bug?
+		 */
 		if (str != NULL)
 			{
 			/* Salt handling: if encrypting generate a salt and

crypto/evp/c_allc.c

@@ -150,7 +150,10 @@ void OpenSSL_add_all_ciphers(void)
 #ifndef NO_RIJNDAEL
 	for(i=0 ; i < 3 ; ++i)
 	    for(j=0 ; j < 3 ; ++j)
+		{
 		EVP_add_cipher(EVP_rijndael_ecb(i,j));
+		EVP_add_cipher(EVP_rijndael_cbc(i,j));
+		}
 #endif
 	PKCS12_PBE_add();
 	PKCS5_PBE_add();

crypto/evp/e_rd.c

@@ -56,15 +56,22 @@
 static EVP_CIPHER rd_cipher[3][3];
 
 static int anSizes[]={16,24,32};
-static int anNIDs[3][3]=
+static int anECBNIDs[3][3]=
     {
     { NID_rijndael_ecb_k128_b128,NID_rijndael_ecb_k192_b128,NID_rijndael_ecb_k256_b128 },
     { NID_rijndael_ecb_k128_b192,NID_rijndael_ecb_k192_b192,NID_rijndael_ecb_k256_b192 },
     { NID_rijndael_ecb_k128_b256,NID_rijndael_ecb_k192_b256,NID_rijndael_ecb_k256_b256 }
     };
 
-static int rd_init_ecb(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		       const unsigned char *iv, int enc)
+static int anCBCNIDs[3][3]=
+    {
+    { NID_rd128_cbc_b128,NID_rd192_cbc_b128,NID_rd256_cbc_b128 },
+    { NID_rd128_cbc_b192,NID_rd192_cbc_b192,NID_rd256_cbc_b192 },
+    { NID_rd128_cbc_b256,NID_rd192_cbc_b256,NID_rd256_cbc_b256 }
+    };
+
+static int rd_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		   const unsigned char *iv, int enc)
     {
     RIJNDAEL_KEY *k=&ctx->c.rijndael;
 
@@ -98,6 +105,39 @@ static int rd_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
     return 1;
     }
 
+static int rd_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			 const unsigned char *in, unsigned int inl)
+    {
+    int n;
+    unsigned char tmp[16];
+
+    while(inl > 0)
+	{
+	if(ctx->c.rijndael.enc)
+	    {
+	    for(n=0 ; n < 16 ; ++n)
+		tmp[n]=in[n]^ctx->c.rijndael.iv[n];
+	    rijndaelEncrypt(tmp,out,ctx->c.rijndael.keySched,
+			    ctx->c.rijndael.rounds);
+	    memcpy(ctx->c.rijndael.iv,out,16);
+	    }
+	else
+	    {
+	    rijndaelDecrypt(in,out,ctx->c.rijndael.keySched,
+			    ctx->c.rijndael.rounds);
+	    for(n=0 ; n < 16 ; ++n)
+		out[n]^=ctx->c.rijndael.iv[n];
+	    memcpy(ctx->c.rijndael.iv,in,16);
+	    }
+	inl-=16;
+	in+=16;
+	out+=16;
+	}
+    assert(inl == 0);
+
+    return 1;
+    }
+
 EVP_CIPHER *EVP_rijndael_ecb(int nBlockLength,int nKeyLength)
     {
     EVP_CIPHER *c;
@@ -117,15 +157,47 @@ EVP_CIPHER *EVP_rijndael_ecb(int nBlockLength,int nKeyLength)
 
     memset(c,'\0',sizeof *c);
 
-    c->nid=anNIDs[nBlockLength][nKeyLength];
+    c->nid=anECBNIDs[nBlockLength][nKeyLength];
     c->block_size=anSizes[nBlockLength];
     c->key_len=anSizes[nKeyLength];
     c->iv_len=16;
     c->flags=EVP_CIPH_ECB_MODE;
-    c->init=rd_init_ecb;
+    c->init=rd_init;
     c->do_cipher=rd_cipher_ecb;
     c->ctx_size=sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rijndael));
 
     return c;
     }
+
+EVP_CIPHER *EVP_rijndael_cbc(int nBlockLength,int nKeyLength)
+    {
+    EVP_CIPHER *c;
+
+    if(nBlockLength < 0 || nBlockLength > 2)
+	{
+	EVPerr(EVP_F_EVP_RIJNDAEL,EVP_R_BAD_BLOCK_LENGTH);
+	return NULL;
+	}
+    if(nKeyLength < 0 || nKeyLength > 2)
+	{
+	EVPerr(EVP_F_EVP_RIJNDAEL,EVP_R_BAD_KEY_LENGTH);
+	return NULL;
+	}
+
+    c=&rd_cipher[nKeyLength][nBlockLength];
+
+    memset(c,'\0',sizeof *c);
+
+    c->nid=anCBCNIDs[nBlockLength][nKeyLength];
+    c->block_size=anSizes[nBlockLength];
+    c->key_len=anSizes[nKeyLength];
+    c->iv_len=16;
+    c->flags=EVP_CIPH_CBC_MODE;
+    c->init=rd_init;
+    c->do_cipher=rd_cipher_cbc;
+    c->ctx_size=sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rijndael));
+
+    return c;
+    }

crypto/evp/evp.h

@@ -707,6 +707,7 @@ EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
 #endif
 #ifndef NO_RIJNDAEL
 EVP_CIPHER *EVP_rijndael_ecb(int nBlockLength,int nKeyLength);
+EVP_CIPHER *EVP_rijndael_cbc(int nBlockLength,int nKeyLength);
 #endif
 
 void OpenSSL_add_all_algorithms(void);

crypto/objects/obj_dat.h

@@ -61,9 +61,9 @@
  * perl obj_dat.pl objects.h obj_dat.h
  */
 
-#define NUM_NID 405
-#define NUM_SN 401
-#define NUM_LN 401
+#define NUM_NID 417
+#define NUM_SN 410
+#define NUM_LN 410
 #define NUM_OBJ 366
 
 static unsigned char lvalues[2896]={
@@ -1066,6 +1066,18 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 	NID_rijndael_ecb_k192_b256,0,NULL},
 {"RIJNDAEL-ECB-K256-B256","rijndael-ecb-k256-b256",
 	NID_rijndael_ecb_k256_b256,0,NULL},
+{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL},
+{NULL,NULL,NID_undef,0,NULL},
+{"RD128-CBC-B128","rd128-cbc-b128",NID_rd128_cbc_b128,0,NULL},
+{"RD192-CBC-B128","rd192-cbc-b128",NID_rd192_cbc_b128,0,NULL},
+{"RD256-CBC-B128","rd256-cbc-b128",NID_rd256_cbc_b128,0,NULL},
+{"RD128-CBC-B192","rd128-cbc-b192",NID_rd128_cbc_b192,0,NULL},
+{"RD192-CBC-B192","rd192-cbc-b192",NID_rd192_cbc_b192,0,NULL},
+{"RD256-CBC-B192","rd256-cbc-b192",NID_rd256_cbc_b192,0,NULL},
+{"RD128-CBC-B256","rd128-cbc-b256",NID_rd128_cbc_b256,0,NULL},
+{"RD192-CBC-B256","rd192-cbc-b256",NID_rd192_cbc_b256,0,NULL},
+{"RD256-CBC-B256","rd256-cbc-b256",NID_rd256_cbc_b256,0,NULL},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -1155,6 +1167,15 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[122]),/* "RC5-CFB" */
 &(nid_objs[121]),/* "RC5-ECB" */
 &(nid_objs[123]),/* "RC5-OFB" */
+&(nid_objs[408]),/* "RD128-CBC-B128" */
+&(nid_objs[411]),/* "RD128-CBC-B192" */
+&(nid_objs[414]),/* "RD128-CBC-B256" */
+&(nid_objs[409]),/* "RD192-CBC-B128" */
+&(nid_objs[412]),/* "RD192-CBC-B192" */
+&(nid_objs[415]),/* "RD192-CBC-B256" */
+&(nid_objs[410]),/* "RD256-CBC-B128" */
+&(nid_objs[413]),/* "RD256-CBC-B192" */
+&(nid_objs[416]),/* "RD256-CBC-B256" */
 &(nid_objs[396]),/* "RIJNDAEL-ECB-K128-B128" */
 &(nid_objs[399]),/* "RIJNDAEL-ECB-K128-B192" */
 &(nid_objs[402]),/* "RIJNDAEL-ECB-K128-B256" */
@@ -1834,6 +1855,15 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[122]),/* "rc5-cfb" */
 &(nid_objs[121]),/* "rc5-ecb" */
 &(nid_objs[123]),/* "rc5-ofb" */
+&(nid_objs[408]),/* "rd128-cbc-b128" */
+&(nid_objs[411]),/* "rd128-cbc-b192" */
+&(nid_objs[414]),/* "rd128-cbc-b256" */
+&(nid_objs[409]),/* "rd192-cbc-b128" */
+&(nid_objs[412]),/* "rd192-cbc-b192" */
+&(nid_objs[415]),/* "rd192-cbc-b256" */
+&(nid_objs[410]),/* "rd256-cbc-b128" */
+&(nid_objs[413]),/* "rd256-cbc-b192" */
+&(nid_objs[416]),/* "rd256-cbc-b256" */
 &(nid_objs[396]),/* "rijndael-ecb-k128-b128" */
 &(nid_objs[399]),/* "rijndael-ecb-k128-b192" */
 &(nid_objs[402]),/* "rijndael-ecb-k128-b256" */

crypto/objects/obj_mac.h

@@ -1833,3 +1833,39 @@
 #define LN_rijndael_ecb_k256_b256		"rijndael-ecb-k256-b256"
 #define NID_rijndael_ecb_k256_b256		404
 
+#define SN_rd128_cbc_b128		"RD128-CBC-B128"
+#define LN_rd128_cbc_b128		"rd128-cbc-b128"
+#define NID_rd128_cbc_b128		408
+
+#define SN_rd192_cbc_b128		"RD192-CBC-B128"
+#define LN_rd192_cbc_b128		"rd192-cbc-b128"
+#define NID_rd192_cbc_b128		409
+
+#define SN_rd256_cbc_b128		"RD256-CBC-B128"
+#define LN_rd256_cbc_b128		"rd256-cbc-b128"
+#define NID_rd256_cbc_b128		410
+
+#define SN_rd128_cbc_b192		"RD128-CBC-B192"
+#define LN_rd128_cbc_b192		"rd128-cbc-b192"
+#define NID_rd128_cbc_b192		411
+
+#define SN_rd192_cbc_b192		"RD192-CBC-B192"
+#define LN_rd192_cbc_b192		"rd192-cbc-b192"
+#define NID_rd192_cbc_b192		412
+
+#define SN_rd256_cbc_b192		"RD256-CBC-B192"
+#define LN_rd256_cbc_b192		"rd256-cbc-b192"
+#define NID_rd256_cbc_b192		413
+
+#define SN_rd128_cbc_b256		"RD128-CBC-B256"
+#define LN_rd128_cbc_b256		"rd128-cbc-b256"
+#define NID_rd128_cbc_b256		414
+
+#define SN_rd192_cbc_b256		"RD192-CBC-B256"
+#define LN_rd192_cbc_b256		"rd192-cbc-b256"
+#define NID_rd192_cbc_b256		415
+
+#define SN_rd256_cbc_b256		"RD256-CBC-B256"
+#define LN_rd256_cbc_b256		"rd256-cbc-b256"
+#define NID_rd256_cbc_b256		416
+

crypto/objects/obj_mac.num

@@ -402,3 +402,15 @@ rijndael_ecb_k256_b192		401
 rijndael_ecb_k128_b256		402
 rijndael_ecb_k192_b256		403
 rijndael_ecb_k256_b256		404
+rd128_cbc		405
+rd192_cbc		406
+rd256_cbc		407
+rd128_cbc_b128		408
+rd192_cbc_b128		409
+rd256_cbc_b128		410
+rd128_cbc_b192		411
+rd192_cbc_b192		412
+rd256_cbc_b192		413
+rd128_cbc_b256		414
+rd192_cbc_b256		415
+rd256_cbc_b256		416

crypto/objects/objects.txt

@@ -601,3 +601,12 @@ enterprises 1466 344	: dcobject		: dcObject
 			: RIJNDAEL-ECB-K128-B256: rijndael-ecb-k128-b256
 			: RIJNDAEL-ECB-K192-B256: rijndael-ecb-k192-b256
 			: RIJNDAEL-ECB-K256-B256: rijndael-ecb-k256-b256
+			: RD128-CBC-B128	: rd128-cbc-b128
+			: RD192-CBC-B128	: rd192-cbc-b128
+			: RD256-CBC-B128	: rd256-cbc-b128
+			: RD128-CBC-B192	: rd128-cbc-b192
+			: RD192-CBC-B192	: rd192-cbc-b192
+			: RD256-CBC-B192	: rd256-cbc-b192
+			: RD128-CBC-B256	: rd128-cbc-b256
+			: RD192-CBC-B256	: rd192-cbc-b256
+			: RD256-CBC-B256	: rd256-cbc-b256

crypto/rijndael/Makefile.ssl

@@ -20,7 +20,7 @@ RD_ENC=		rd_enc.o
 # or use
 #DES_ENC=	bx86-elf.o
 
-CFLAGS= $(INCLUDES) $(CFLAG) -DINTERMEDIATE_VALUE_KAT -DBINARY_KEY_MATERIAL
+CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -DINTERMEDIATE_VALUE_KAT -DBINARY_KEY_MATERIAL -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
 
 GENERAL=Makefile
 #TEST=rijndael-test-fst.c table.128 table.192 table.256
@@ -45,6 +45,8 @@ lib:	$(LIBOBJ)
 	$(RANLIB) $(LIB)
 	@touch lib
 
+$(LIBOBJ): $(LIBSRC)
+
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 

ssl/s3_lib.c

@@ -708,6 +708,19 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	    SSL_ALL_CIPHERS,
 	    SSL_ALL_STRENGTHS
 	    },
+	/* Cipher ?? */
+	    {
+	    1,
+	    TLS1_TXT_RSA_WITH_RD_128_SHA,
+	    TLS1_CK_RSA_WITH_RD_128_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_RD|SSL_SHA |SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
 #endif
 
 /* end of list */

ssl/ssl.h

@@ -153,6 +153,7 @@ extern "C" {
 #define SSL_TXT_RC4		"RC4"
 #define SSL_TXT_RC2		"RC2"
 #define SSL_TXT_IDEA		"IDEA"
+#define SSL_TXT_RD		"RD"
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA"

ssl/ssl_algs.c

@@ -63,6 +63,8 @@
 
 int SSL_library_init(void)
 	{
+	int k;
+
 #ifndef NO_DES
 	EVP_add_cipher(EVP_des_cbc());
 	EVP_add_cipher(EVP_des_ede3_cbc());
@@ -75,7 +77,9 @@ int SSL_library_init(void)
 #endif  
 #ifndef NO_RC2
 	EVP_add_cipher(EVP_rc2_cbc());
-#endif  
+#endif
+	for(k=0 ; k < 2 ; ++k)
+	    EVP_add_cipher(EVP_rijndael_cbc(0,k));
 
 #ifndef NO_MD2
 	EVP_add_digest(EVP_md2());
@@ -96,7 +100,6 @@ int SSL_library_init(void)
 	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
 	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
 #endif
-
 	/* If you want support for phased out ciphers, add the following */
 #if 0
 	EVP_add_digest(EVP_sha());

ssl/ssl_ciph.c

@@ -68,7 +68,10 @@
 #define SSL_ENC_IDEA_IDX	4
 #define SSL_ENC_eFZA_IDX	5
 #define SSL_ENC_NULL_IDX	6
-#define SSL_ENC_NUM_IDX		7
+#define SSL_ENC_RD128_IDX	7
+#define SSL_ENC_RD192_IDX	8
+#define SSL_ENC_RD256_IDX	9
+#define SSL_ENC_NUM_IDX		10
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
 	NULL,NULL,NULL,NULL,NULL,NULL,
@@ -124,6 +127,7 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
 	{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
 	{0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_RD,	0,SSL_RD,    0,0,0,0,SSL_ENC_MASK,0},
 
 	{0,SSL_TXT_MD5,	0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
 	{0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
@@ -163,6 +167,12 @@ static void load_ciphers(void)
 		EVP_get_cipherbyname(SN_rc2_cbc);
 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
 		EVP_get_cipherbyname(SN_idea_cbc);
+	ssl_cipher_methods[SSL_ENC_RD128_IDX]=
+	  EVP_get_cipherbyname(SN_rd128_cbc_b128);
+	ssl_cipher_methods[SSL_ENC_RD192_IDX]=
+	  EVP_get_cipherbyname(SN_rd192_cbc_b128);
+	ssl_cipher_methods[SSL_ENC_RD256_IDX]=
+	  EVP_get_cipherbyname(SN_rd256_cbc_b128);
 
 	ssl_digest_methods[SSL_MD_MD5_IDX]=
 		EVP_get_digestbyname(SN_md5);
@@ -223,6 +233,15 @@ int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
 	case SSL_eNULL:
 		i=SSL_ENC_NULL_IDX;
 		break;
+	case SSL_RD:
+		switch(c->alg_bits)
+			{
+		case 128: i=SSL_ENC_RD128_IDX; break;
+		case 192: i=SSL_ENC_RD192_IDX; break;
+		case 256: i=SSL_ENC_RD256_IDX; break;
+		default: i=-1; break;
+			}
+		break;
 	default:
 		i= -1;
 		break;
@@ -308,6 +327,7 @@ static unsigned long ssl_cipher_get_disabled(void)
 	mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
 	mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
 	mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
+	mask |= (ssl_cipher_methods[SSL_ENC_RD128_IDX] == NULL) ? SSL_RD:0;
 
 	mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
 	mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
@@ -979,6 +999,15 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_eNULL:
 		enc="None";
 		break;
+	case SSL_RD:
+		switch(cipher->strength_bits == 128)
+			{
+		case 128: enc="Rijndael(128)"; break;
+		case 192: enc="Rijndael(192)"; break;
+		case 256: enc="Rijndael(256)"; break;
+		default: enc="Rijndael(???)"; break;
+			}
+		break;
 	default:
 		enc="unknown";
 		break;

ssl/ssl_locl.h

@@ -251,7 +251,7 @@
 #define SSL_FZA			(SSL_aFZA|SSL_kFZA|SSL_eFZA)
 #define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
 
-#define SSL_ENC_MASK		0x0007F000L
+#define SSL_ENC_MASK		0x0087F000L
 #define SSL_DES			0x00001000L
 #define SSL_3DES		0x00002000L
 #define SSL_RC4			0x00004000L
@@ -259,6 +259,7 @@
 #define SSL_IDEA		0x00010000L
 #define SSL_eFZA		0x00020000L
 #define SSL_eNULL		0x00040000L
+#define SSL_RD			0x00800000L
 
 #define SSL_MAC_MASK		0x00180000L
 #define SSL_MD5			0x00080000L

ssl/tls1.h

@@ -95,6 +95,8 @@ extern "C" {
 #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA		0x03000064
 #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
+  /* not yet real */
+#define TLS1_CK_RSA_WITH_RD_128_SHA			0x03000067
 
 /* XXX
  * Inconsistency alert:
@@ -110,6 +112,8 @@ extern "C" {
 #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA		"EXP1024-RC4-SHA"
 #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
 #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
+  /* Not yet real */
+#define TLS1_TXT_RSA_WITH_RD_128_SHA			"RD128-SHA"
 
 
 #define TLS_CT_RSA_SIGN			1