Commit 96afc1cf authored by Bodo Möller's avatar Bodo Möller
Browse files

Add SEED encryption algorithm. 

PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
parent 24a8c25a

CHANGES

+14 −0
Original line number Diff line number Diff line
@@ -501,6 +501,20 @@ 


 Changes between 0.9.8e and 0.9.8f  [xx XXX xxxx]



  *) Add the Korean symmetric 128-bit cipher SEED (see

     http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and

     add SEED ciphersuites from RFC 4162:



        TLS_RSA_WITH_SEED_CBC_SHA      =  "SEED-SHA"

        TLS_DHE_DSS_WITH_SEED_CBC_SHA  =  "DHE-DSS-SEED-SHA"

        TLS_DHE_RSA_WITH_SEED_CBC_SHA  =  "DHE-RSA-SEED-SHA"

        TLS_DH_anon_WITH_SEED_CBC_SHA  =  "ADH-SEED-SHA"



     To minimize changes between patchlevels in the OpenSSL 0.9.8

     series, SEED remains excluded from compilation unless OpenSSL

     is configured with 'enable-seed'.

     [KISA, Bodo Moeller]



  *) Mitigate branch prediction attacks, which can be practical if a

     single processor is shared, allowing a spy process to extract

     information.  For detailed background information, see

Makefile.org

+1 −1
Original line number Diff line number Diff line
@@ -113,7 +113,7 @@ SHLIBDIRS= crypto ssl 
SDIRS=  \

	objects \

	md2 md4 md5 sha mdc2 hmac ripemd whrlpool \

	des aes rc2 rc4 rc5 idea bf cast camellia \

	des aes rc2 rc4 rc5 idea bf cast camellia seed \

	bn ec rsa dsa ecdsa dh ecdh dso engine \

	buffer bio stack lhash rand err \

	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \

apps/Makefile

+13 −11
Original line number Diff line number Diff line
@@ -288,14 +288,15 @@ dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 
dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h

dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h

dgst.o: ../include/openssl/err.h ../include/openssl/evp.h

dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h

dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h

dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h

dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h

dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h

dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h

dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c

dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h

dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h

dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h

dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h

dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h

dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h

dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c

dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h

dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -879,9 +880,10 @@ speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h 
speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h

speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h

speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h

speed.o: ../include/openssl/sha.h ../include/openssl/stack.h

speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h

speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h

speed.o: ../include/openssl/seed.h ../include/openssl/sha.h

speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h

speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h

speed.o: ../include/openssl/ui_compat.h ../include/openssl/whrlpool.h

speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c

speed.o: testdsa.h testrsa.h

spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h

apps/dsa.c

+4 −0
Original line number Diff line number Diff line
@@ -87,6 +87,7 @@ 
 * -camellia128 - encrypt output if PEM format

 * -camellia192 - encrypt output if PEM format

 * -camellia256 - encrypt output if PEM format

 * -seed        - encrypt output if PEM format

 * -text	- print a text version

 * -modulus	- print the DSA public key

 */
@@ -226,6 +227,9 @@ bad: 
#ifndef OPENSSL_NO_CAMELLIA

		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");

		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");

#endif

#ifndef OPENSSL_NO_SEED

		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");

#endif

		BIO_printf(bio_err," -text           print the key in text\n");

		BIO_printf(bio_err," -noout          don't print key out\n");

apps/gendsa.c

+8 −0
Original line number Diff line number Diff line
@@ -140,6 +140,10 @@ int MAIN(int argc, char **argv) 
		else if (strcmp(*argv,"-idea") == 0)

			enc=EVP_idea_cbc();

#endif

#ifndef OPENSSL_NO_SEED

		else if (strcmp(*argv,"-seed") == 0)

			enc=EVP_seed_cbc();

#endif

#ifndef OPENSSL_NO_AES

		else if (strcmp(*argv,"-aes128") == 0)

			enc=EVP_aes_128_cbc();
@@ -178,6 +182,10 @@ bad: 
#ifndef OPENSSL_NO_IDEA

		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");

#endif

#ifndef OPENSSL_NO_SEED

		BIO_printf(bio_err," -seed\n");

		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");

#endif

#ifndef OPENSSL_NO_AES

		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");

		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");