Add support for Camellia HMAC-Based cipher suites from RFC6367 (75048789) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

doc/apps/ciphers.pod

+11 −0

Original line number	Diff line number	Diff line
		@@ -587,6 +587,17 @@ Note: these ciphers can also be used in SSL v3.
		TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256
		TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384

		=head2 Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2

		TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
		TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
		TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256
		TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384
		TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256
		TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384
		TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256
		TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384

		=head2 Pre shared keying (PSK) cipheruites

		TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA

ssl/s3_lib.c

+121 −0

Original line number	Diff line number	Diff line
		@@ -3033,6 +3033,127 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[]={
		256,
		},

		#ifndef OPENSSL_NO_CAMELLIA
		{ /* Cipher C072 */
		1,
		TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kECDHE,
		SSL_aECDSA,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_NOT_EXP\|SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		128,
		128
		},

		{ /* Cipher C073 */
		1,
		TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kECDHE,
		SSL_aECDSA,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_NOT_EXP\|SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384\|TLS1_PRF_SHA384,
		256,
		256
		},

		{ /* Cipher C074 */
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_NOT_EXP\|SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		128,
		128
		},

		{ /* Cipher C075 */
		1,
		TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kECDHe,
		SSL_aECDH,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_NOT_EXP\|SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384\|TLS1_PRF_SHA384,
		256,
		256
		},

		{ /* Cipher C076 */
		1,
		TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kECDHE,
		SSL_aRSA,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_NOT_EXP\|SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		128,
		128
		},

		{ /* Cipher C077 */
		1,
		TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kECDHE,
		SSL_aRSA,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_NOT_EXP\|SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384\|TLS1_PRF_SHA384,
		256,
		256
		},

		{ /* Cipher C078 */
		1,
		TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_CAMELLIA128,
		SSL_SHA256,
		SSL_TLSV1_2,
		SSL_NOT_EXP\|SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		128,
		128
		},

		{ /* Cipher C079 */
		1,
		TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
		TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
		SSL_kECDHr,
		SSL_aECDH,
		SSL_CAMELLIA256,
		SSL_SHA384,
		SSL_TLSV1_2,
		SSL_NOT_EXP\|SSL_HIGH,
		SSL_HANDSHAKE_MAC_SHA384\|TLS1_PRF_SHA384,
		256,
		256
		},
		#endif /* OPENSSL_NO_CAMELLIA */
		#endif /* OPENSSL_NO_ECDH */

ssl/tls1.h

+20 −0

Original line number	Diff line number	Diff line
		@@ -575,6 +575,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
		#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
		#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032

		/* Camellia-CBC ciphersuites from RFC6367 */
		#define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072
		#define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073
		#define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074
		#define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075
		#define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076
		#define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077
		#define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078
		#define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079

		/* XXX
		* Backward compatibility alert:
		* Older versions of OpenSSL gave some DHE ciphers names with "EDH"
		@@ -741,6 +751,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
		#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
		#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"

		/* Camellia-CBC ciphersuites from RFC6367 */
		#define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256"
		#define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384"
		#define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256"
		#define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384"
		#define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256"
		#define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384"
		#define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256"
		#define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384"

		#define TLS_CT_RSA_SIGN 1
		#define TLS_CT_DSS_SIGN 2
		#define TLS_CT_RSA_FIXED_DH 3