diff -urN openssl-0.9.8j-psk/ssl/s3_lib.c openssl-0.9.8j-psk-null-cipher/ssl/s3_lib.c --- openssl-0.9.8j-psk/ssl/s3_lib.c 2009-02-25 15:26:20.000000000 +0200 +++ openssl-0.9.8j-psk-null-cipher/ssl/s3_lib.c 2009-02-26 10:18:48.000000000 +0200 @@ -766,6 +766,22 @@ }, #endif /* OPENSSL_NO_KRB5 */ +#ifndef OPENSSL_NO_PSK + /* Cipher 2C */ + { + 1, + TLS1_TXT_PSK_WITH_NULL_SHA, + TLS1_CK_PSK_WITH_NULL_SHA, + SSL_kPSK|SSL_aPSK|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE, + 0, + 0, + 0, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +#endif /* OPENSSL_NO_PSK */ + /* New AES ciphersuites */ /* Cipher 2F */ { @@ -1687,6 +1703,23 @@ }, #endif /* OPENSSL_NO_ECDH */ +#ifndef OPENSSL_NO_PSK +/* Nonstandard NULL PSK ciphersuite - Intel(R) AMT 2.x only */ + /* Cipher FF9E */ + { + 1, + TLS1_TXT_PSK_INTEL_AMT_WITH_NULL_SHA, + TLS1_CK_PSK_INTEL_AMT_WITH_NULL_SHA, + SSL_kPSK|SSL_aPSK|SSL_eNULL|SSL_SHA|SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE, + 0, + 0, + 0, + SSL_ALL_CIPHERS, + SSL_ALL_STRENGTHS, + }, +#endif /* OPENSSL_NO_PSK */ + /* end of list */ }; diff -urN openssl-0.9.8j-psk/ssl/tls1.h openssl-0.9.8j-psk-null-cipher/ssl/tls1.h --- openssl-0.9.8j-psk/ssl/tls1.h 2009-02-25 15:26:21.000000000 +0200 +++ openssl-0.9.8j-psk-null-cipher/ssl/tls1.h 2009-02-26 10:18:50.000000000 +0200 @@ -216,6 +216,12 @@ #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +/* PSK ciphersuite from 4785 */ +#define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C + +/* Nonstandard NULL PSK ciphersuite - Intel(R) AMT 2.x only */ +#define TLS1_CK_PSK_INTEL_AMT_WITH_NULL_SHA 0x0300FF9E + /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably @@ -388,6 +394,13 @@ #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" +/* PSK ciphersuite from 4785 */ +#define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" + +/* Nonstandard NULL PSK ciphersuite - Intel(R) AMT 2.x only */ +#define TLS1_TXT_PSK_INTEL_AMT_WITH_NULL_SHA "PSK-INTEL-AMT-NULL-SHA" + + #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3
Greetings. Attached is a patch that adds RFC 4785 null cipher support for PSK/PKI, as well as support for a proprietary null cipher used by older versions of Intel(r) AMT. Thanks, Aharon (Arnold) Robbins. Intel Israel Software Design Center, Jerusalem Email: Pick one: aharon.robb...@intel.com<mailto:aharon.robb...@intel.com> or arnold.robb...@intel.com<mailto:arnold.robb...@intel.com> Links: My Intel Blog<http://software.intel.com/en-us/blogs/author/aharon-robbins/> My Personal Home page<http://www.skeeve.com/> Books I've Written<http://www.amazon.com/s/ref=nb_ss_gw?url=search-alias%3Dstripbooks&field-keywords=Arnold+Robbins> (more links coming soon) --------------------------------------------------------------------- Intel Israel (74) Limited This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
Greetings. Attached is a patch that adds RFC 4785 null cipher support
for PSK/PKI, as well as support for a proprietary null cipher used by older
versions of Intel® AMT. Thanks, Aharon (Arnold) Robbins. Email: Pick one: aharon.robb...@intel.com
or arnold.robb...@intel.com Links: My Intel
Blog My Personal Home page Books
I've Written (more links coming soon) --------------------------------------------------------------------- Intel Israel (74) Limited This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. |