Add support for Camellia HMAC-Based cipher suites from RFC6367

While RFC6367 focuses on Camellia-GCM cipher suites, it also adds a few cipher suites that use SHA-2 based HMAC that can be very easily added. Tested against gnutls 3.3.5 PR#3443 Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-23 15:03:59 +02:00
parent f2be92b94d
commit 750487899a
3 changed files with 152 additions and 0 deletions
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3033,6 +3033,127 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[]={
 	256,
 	},

+#ifndef OPENSSL_NO_CAMELLIA
+	{ /* Cipher C072 */
+	1,
+	TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHE,
+	SSL_aECDSA,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C073 */
+	1,
+	TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHE,
+	SSL_aECDSA,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+
+	{ /* Cipher C074 */
+	1,
+	TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHe,
+	SSL_aECDH,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C075 */
+	1,
+	TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHe,
+	SSL_aECDH,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+
+	{ /* Cipher C076 */
+	1,
+	TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHE,
+	SSL_aRSA,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C077 */
+	1,
+	TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHE,
+	SSL_aRSA,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+
+	{ /* Cipher C078 */
+	1,
+	TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHr,
+	SSL_aECDH,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C079 */
+	1,
+	TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHr,
+	SSL_aECDH,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+#endif  /* OPENSSL_NO_CAMELLIA */
 #endif /* OPENSSL_NO_ECDH */