From 750487899ad2b794078ed998b513a4a14f60f2cc Mon Sep 17 00:00:00 2001
From: Hubert Kario <hkario@redhat.com>
Date: Wed, 23 Jul 2014 15:03:59 +0200
Subject: Add support for Camellia HMAC-Based cipher suites from RFC6367

While RFC6367 focuses on Camellia-GCM cipher suites, it also adds a few
cipher suites that use SHA-2 based HMAC that can be very easily
added.

Tested against gnutls 3.3.5

PR#3443

Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 ssl/s3_lib.c | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)

(limited to 'ssl/s3_lib.c')

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a4fa1ea4de..6504487c45 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3033,6 +3033,127 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[]={
 	256,
 	},
 
+#ifndef OPENSSL_NO_CAMELLIA
+	{ /* Cipher C072 */
+	1,
+	TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHE,
+	SSL_aECDSA,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C073 */
+	1,
+	TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHE,
+	SSL_aECDSA,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+
+	{ /* Cipher C074 */
+	1,
+	TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHe,
+	SSL_aECDH,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C075 */
+	1,
+	TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHe,
+	SSL_aECDH,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+
+	{ /* Cipher C076 */
+	1,
+	TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHE,
+	SSL_aRSA,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C077 */
+	1,
+	TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHE,
+	SSL_aRSA,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+
+	{ /* Cipher C078 */
+	1,
+	TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHr,
+	SSL_aECDH,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C079 */
+	1,
+	TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHr,
+	SSL_aECDH,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+#endif  /* OPENSSL_NO_CAMELLIA */
 #endif /* OPENSSL_NO_ECDH */
 
 
-- 
cgit v1.2.3