Test results for AES/CAMELIA 128 vs 256 bit cipherlist mgmt patch

Victor Duchovni Tue, 30 Jan 2007 22:56:23 -0800

On Wed, Jan 31, 2007 at 01:27:23AM -0500, Victor Duchovni wrote:

> Tested by explicitly setting:
> 
>         ssl_cipher_methods[SSL_ENC_AES128_IDX]=
> #ifndef TEST_MASK256
>           EVP_get_cipherbyname(SN_aes_128_cbc);
> #else
>         0;
> #fi
>         ssl_cipher_methods[SSL_ENC_AES256_IDX]=
>           EVP_get_cipherbyname(SN_aes_256_cbc);
>         ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
>           EVP_get_cipherbyname(SN_camellia_128_cbc);
>         ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
> #ifndef TEST_MASK256
>           EVP_get_cipherbyname(SN_camellia_256_cbc);
> #else
>         0;
> #fi
> 
> Compiling with "-DTEST_MASK256" yields the expected results, with all
> cipherlists the normally include AES always missing the AES-128 ciphers
> only, and all cipherlists that normally include CAMELLIA always missing
> the CAMELLIA-256 ciphers only.


Of course with the test rig retyped by hand, after it was removed to
generate the final patch, I got the test rig slightly wrong (#fi instead
of #endif). Here is a simpler version:

        ssl_cipher_methods[SSL_ENC_AES128_IDX]=
          EVP_get_cipherbyname(SN_aes_128_cbc);
        ssl_cipher_methods[SSL_ENC_AES256_IDX]=
          EVP_get_cipherbyname(SN_aes_256_cbc);
        ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
          EVP_get_cipherbyname(SN_camellia_128_cbc);
        ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
          EVP_get_cipherbyname(SN_camellia_256_cbc);
#ifdef TEST_MASK256
        ssl_cipher_methods[SSL_ENC_AES128_IDX]=0;
        ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=0;
#endif

Here is the diffs in the "prod" and "test" outputs of "openssl ciphers
-v" for "ALL", "AES" and "CAMELLIA". "AES" loses 10 128 bits ciphers,
"CAMELLIA" loses 4 256 bits ciphers, and "ALL" naturally loses the
combined 14 ciphers.

--- all.prod    2007-01-31 01:47:32.000000000 -0500
+++ all.test    2007-01-31 01:46:08.000000000 -0500
@@ -7,4 +6,0 @@
-ADH-CAMELLIA256-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(256) Mac=SHA1
-DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
-DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
-CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
@@ -26 +21,0 @@
-AECDH-AES128-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(128)  Mac=SHA1
@@ -28 +22,0 @@
-ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
@@ -30 +23,0 @@
-ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
@@ -32 +24,0 @@
-ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
@@ -34 +25,0 @@
-ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
@@ -36 +26,0 @@
-PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
@@ -42,4 +31,0 @@
-ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
-DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
-DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
-AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

--- aes.prod    2007-01-31 01:47:43.000000000 -0500
+++ aes.test    2007-01-31 01:45:44.000000000 -0500
@@ -11,10 +10,0 @@
-AECDH-AES128-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(128)  Mac=SHA1
-ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
-ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
-ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
-ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
-PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
-ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
-DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
-DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
-AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

--- camellia.prod    2007-01-31 01:47:38.000000000 -0500
+++ camellia.test    2007-01-31 01:45:59.000000000 -0500
@@ -1,4 +0,0 @@
-ADH-CAMELLIA256-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(256) Mac=SHA1
-DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
-DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
-CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Test results for AES/CAMELIA 128 vs 256 bit cipherlist mgmt patch

Reply via email to