diff -urN "C:\OriginalOpenSSL1.0.0\ssl\tls1.h" "C:\NullCipherOpenSSL1.0.0\ssl\tls1.h"
--- C:\OriginalOpenSSL1.0.0\ssl\tls1.h Wed Nov 11 17:51:30 2009 +++ C:\NullCipherOpenSSL1.0.0\ssl\tls1.h Sun May 30 15:37:48 2010 @@ -292,6 +292,12 @@ #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D +/* PSK ciphersuite from 4785 */ +#define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C + +/* Nonstandard NULL PSK ciphersuite - Intel(R) AMT 2.x only */ +#define TLS1_CK_PSK_INTEL_AMT_WITH_NULL_SHA 0x0300FF9E + /* Additional TLS ciphersuites from expired Internet Draft * draft-ietf-tls-56-bit-ciphersuites-01.txt @@ -443,6 +449,12 @@ #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" +/* PSK ciphersuite from RFC 4785 */ +#define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" + +/* Nonstandard NULL PSK ciphersuite - Intel(R) AMT 2.x only */ +#define TLS1_TXT_PSK_INTEL_AMT_WITH_NULL_SHA "PSK-INTEL-AMT-NULL-SHA " + /* Camellia ciphersuites from RFC4132 */ #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" @@ -529,4 +541,4 @@ #ifdef __cplusplus } #endif -#endif +#endif diff -urN "C:\OriginalOpenSSL1.0.0\ssl\s3_lib.c" "C:\NullCipherOpenSSL1.0.0\ssl\s3_lib.c" --- C:\OriginalOpenSSL1.0.0\ssl\s3_lib.c Fri Oct 16 18:24:20 2009 +++ C:\NullCipherOpenSSL1.0.0\ssl\s3_lib.c Sun Jul 04 16:09:47 2010 @@ -1,3 +1,4 @@ + /* ssl/s3_lib.c */ /* Copyright (C) 1995-1998 Eric Young ([email protected]) * All rights reserved. @@ -882,6 +883,22 @@ 40, 128, }, +/* Cipher 2C */ + { + 1,/*valid*/ + TLS1_TXT_PSK_WITH_NULL_SHA,/* text name */ + TLS1_CK_PSK_WITH_NULL_SHA,/* id, 4 bytes, first is version */ + /* what ciphers are used: */ + SSL_kPSK,/* key exchange algorithm */ + SSL_aPSK,/* server authentication */ + SSL_eNULL,/* symmetric encryption */ + SSL_SHA1,/* symmetric authentication */ + SSL_TLSV1,/* (major) protocol version */ + SSL_NOT_EXP|SSL_STRONG_NONE,/* strength and export flags */ + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,/*extra flags*/, + 0,/* Number of bits really used */ + 0,/* Number of bits for algorithm */ + }, #endif /* OPENSSL_NO_KRB5 */ /* New AES ciphersuites */ @@ -2071,7 +2088,24 @@ 256 }, #endif - +#ifndef OPENSSL_NO_PSK +/* Nonstandard NULL PSK ciphersuite - Intel(R) AMT 2.x only */ +/* Cipher FF9E */ + { + 1, + TLS1_TXT_PSK_INTEL_AMT_WITH_NULL_SHA, + TLS1_CK_PSK_INTEL_AMT_WITH_NULL_SHA, + SSL_kPSK, + SSL_aPSK, + SSL_eNULL, + SSL_SHA1, + SSL_TLSV1, + SSL_NOT_EXP|SSL_STRONG_NONE, + SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + 0, + 0, + }, +#endif /* OPENSSL_NO_PSK */ /* end of list */ };
Hi. Attached is a patch that adds RFC 4785 null cipher support for PSK/PKI, as well as support for a proprietary NULL cipher used by older versions of Intel(R) AMT platforms. Thanks, Raizy --------------------------------------------------------------------- Intel Israel (74) Limited This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
Hi.
Attached is a patch that adds RFC 4785 null cipher support for PSK/PKI, as well as support for a proprietary NULL cipher used by older versions of Intel(R) AMT platforms.
Thanks,
Raizy
--------------------------------------------------------------------- Intel Israel (74) Limited This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
