CAMELLIA PSK ciphersuites from RFC6367 (69a3a9f5) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

doc/apps/ciphers.pod

+12 −0

Original line number	Diff line number	Diff line
		@@ -645,6 +645,18 @@ Note: these ciphers can also be used in SSL v3.
		ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256
		ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384

		PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256
		PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384

		DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256
		DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384

		RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256
		RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384

		ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256
		ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384

		=head1 NOTES

		Some compiled versions of OpenSSL may not include all the ciphers

include/openssl/tls1.h

+18 −0

Original line number	Diff line number	Diff line
		@@ -625,6 +625,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
		# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078
		# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079

		# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094
		# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095
		# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096
		# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097
		# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098
		# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099
		# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A
		# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B

		/*
		* XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
		* ciphers names with "EDH" instead of "DHE". Going forward, we should be
		@@ -768,6 +777,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
		# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256"
		# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256"

		# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256"
		# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384"
		# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256"
		# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384"
		# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256"
		# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384"
		# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256"
		# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384"

		/* SEED ciphersuites from RFC4162 */
		# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
		# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"

ssl/s3_lib.c

+114 −0

Original line number	Diff line number	Diff line
		@@ -3362,6 +3362,120 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
		# endif /* OPENSSL_NO_CAMELLIA */
		#endif /* OPENSSL_NO_EC */

		#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_PSK)
		{ /* Cipher C094 */
		1,
		TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kPSK,
		SSL_aPSK,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128},

		{ /* Cipher C095 */
		1,
		TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kPSK,
		SSL_aPSK,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},

		{ /* Cipher C096 */
		1,
		TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kDHEPSK,
		SSL_aPSK,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128},

		{ /* Cipher C097 */
		1,
		TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kDHEPSK,
		SSL_aPSK,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},

		{ /* Cipher C098 */
		1,
		TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kRSAPSK,
		SSL_aRSA,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128},

		{ /* Cipher C099 */
		1,
		TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kRSAPSK,
		SSL_aRSA,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},

		{ /* Cipher C09A */
		1,
		TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kECDHEPSK,
		SSL_aPSK,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_DEFAULT \| TLS1_PRF,
		128,
		128},

		{ /* Cipher C09B */
		1,
		TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kECDHEPSK,
		SSL_aPSK,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1,
		SSL_NOT_EXP \| SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384 \| TLS1_PRF_SHA384,
		256,
		256},
		#endif

		#ifdef TEMP_GOST_TLS
		/* Cipher FF00 */
		{