Now that we have Camellia support in libcrypto, bring in the SHA256 flavour of

the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.
author: miod <> 2014-12-16 05:47:28 +0000
committer: miod <> 2014-12-16 05:47:28 +0000
commit: a63238a908c7339f2847ad8ec606486c57f77c58 (patch)
tree: 03a6199fcaffc9b432abb94e85c13118ebe8f1be /src/lib/libssl/s3_lib.c
parent: 3b17dd2b93326115c99733ff57ea69db5eee0f94 (diff)
download: openbsd-a63238a908c7339f2847ad8ec606486c57f77c58.tar.gz
openbsd-a63238a908c7339f2847ad8ec606486c57f77c58.tar.bz2
openbsd-a63238a908c7339f2847ad8ec606486c57f77c58.zip
1 files changed, 133 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f372b6523c..98eff97131 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.90 2014/12/14 16:07:26 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.91 2014/12/16 05:47:28 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -996,6 +996,138 @@ SSL_CIPHER ssl3_ciphers[] = {
                .alg_bits = 256,
        },
+#ifndef OPENSSL_NO_CAMELLIA
+        /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+        /* Cipher BA */
+        {
+                .valid = 1,
+                .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+                .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+                .algorithm_mkey = SSL_kRSA,
+                .algorithm_auth = SSL_aRSA,
+                .algorithm_enc = SSL_CAMELLIA128,
+                .algorithm_mac = SSL_SHA256,
+                .algorithm_ssl = SSL_TLSV1_2,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+                .strength_bits = 128,
+                .alg_bits = 128,
+        },
+        /* Cipher BD */
+        {
+                .valid = 1,
+                .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+                .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+                .algorithm_mkey = SSL_kDHE,
+                .algorithm_auth = SSL_aDSS,
+                .algorithm_enc = SSL_CAMELLIA128,
+                .algorithm_mac = SSL_SHA256,
+                .algorithm_ssl = SSL_TLSV1_2,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+                .strength_bits = 128,
+                .alg_bits = 128,
+        },
+        /* Cipher BE */
+        {
+                .valid = 1,
+                .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+                .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+                .algorithm_mkey = SSL_kDHE,
+                .algorithm_auth = SSL_aRSA,
+                .algorithm_enc = SSL_CAMELLIA128,
+                .algorithm_mac = SSL_SHA256,
+                .algorithm_ssl = SSL_TLSV1_2,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+                .strength_bits = 128,
+                .alg_bits = 128,
+        },
+        /* Cipher BF */
+        {
+                .valid = 1,
+                .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+                .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+                .algorithm_mkey = SSL_kDHE,
+                .algorithm_auth = SSL_aNULL,
+                .algorithm_enc = SSL_CAMELLIA128,
+                .algorithm_mac = SSL_SHA256,
+                .algorithm_ssl = SSL_TLSV1_2,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+                .strength_bits = 128,
+                .alg_bits = 128,
+        },
+        /* Cipher C0 */
+        {
+                .valid = 1,
+                .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+                .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+                .algorithm_mkey = SSL_kRSA,
+                .algorithm_auth = SSL_aRSA,
+                .algorithm_enc = SSL_CAMELLIA256,
+                .algorithm_mac = SSL_SHA256,
+                .algorithm_ssl = SSL_TLSV1_2,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+                .strength_bits = 256,
+                .alg_bits = 256,
+        },
+        /* Cipher C3 */
+        {
+                .valid = 1,
+                .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+                .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+                .algorithm_mkey = SSL_kDHE,
+                .algorithm_auth = SSL_aDSS,
+                .algorithm_enc = SSL_CAMELLIA256,
+                .algorithm_mac = SSL_SHA256,
+                .algorithm_ssl = SSL_TLSV1_2,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+                .strength_bits = 256,
+                .alg_bits = 256,
+        },
+        /* Cipher C4 */
+        {
+                .valid = 1,
+                .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+                .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+                .algorithm_mkey = SSL_kDHE,
+                .algorithm_auth = SSL_aRSA,
+                .algorithm_enc = SSL_CAMELLIA256,
+                .algorithm_mac = SSL_SHA256,
+                .algorithm_ssl = SSL_TLSV1_2,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+                .strength_bits = 256,
+                .alg_bits = 256,
+        },
+        /* Cipher C5 */
+        {
+                .valid = 1,
+                .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+                .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+                .algorithm_mkey = SSL_kDHE,
+                .algorithm_auth = SSL_aNULL,
+                .algorithm_enc = SSL_CAMELLIA256,
+                .algorithm_mac = SSL_SHA256,
+                .algorithm_ssl = SSL_TLSV1_2,
+                .algo_strength = SSL_HIGH,
+                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+                .strength_bits = 256,
+                .alg_bits = 256,
+        },
+#endif /* OPENSSL_NO_CAMELLIA */
        /* Cipher C001 */
        {
                .valid = 1,
author	miod <>	2014-12-16 05:47:28 +0000
committer	miod <>	2014-12-16 05:47:28 +0000
commit	a63238a908c7339f2847ad8ec606486c57f77c58 (patch)
tree	03a6199fcaffc9b432abb94e85c13118ebe8f1be /src/lib/libssl/s3_lib.c
parent	3b17dd2b93326115c99733ff57ea69db5eee0f94 (diff)
download	openbsd-a63238a908c7339f2847ad8ec606486c57f77c58.tar.gz openbsd-a63238a908c7339f2847ad8ec606486c57f77c58.tar.bz2 openbsd-a63238a908c7339f2847ad8ec606486c57f77c58.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index f372b6523c..98eff97131 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.90 2014/12/14 16:07:26 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.91 2014/12/16 05:47:28 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -996,6 +996,138 @@ SSL_CIPHER ssl3_ciphers[] = {
996	.alg_bits = 256,	996	.alg_bits = 256,
997	},	997	},
998		998
		999	#ifndef OPENSSL_NO_CAMELLIA
		1000	/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
		1001
		1002	/* Cipher BA */
		1003	{
		1004	.valid = 1,
		1005	.name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		1006	.id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		1007	.algorithm_mkey = SSL_kRSA,
		1008	.algorithm_auth = SSL_aRSA,
		1009	.algorithm_enc = SSL_CAMELLIA128,
		1010	.algorithm_mac = SSL_SHA256,
		1011	.algorithm_ssl = SSL_TLSV1_2,
		1012	.algo_strength = SSL_HIGH,
		1013	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		1014	.strength_bits = 128,
		1015	.alg_bits = 128,
		1016	},
		1017
		1018	/* Cipher BD */
		1019	{
		1020	.valid = 1,
		1021	.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
		1022	.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
		1023	.algorithm_mkey = SSL_kDHE,
		1024	.algorithm_auth = SSL_aDSS,
		1025	.algorithm_enc = SSL_CAMELLIA128,
		1026	.algorithm_mac = SSL_SHA256,
		1027	.algorithm_ssl = SSL_TLSV1_2,
		1028	.algo_strength = SSL_HIGH,
		1029	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		1030	.strength_bits = 128,
		1031	.alg_bits = 128,
		1032	},
		1033
		1034	/* Cipher BE */
		1035	{
		1036	.valid = 1,
		1037	.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		1038	.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
		1039	.algorithm_mkey = SSL_kDHE,
		1040	.algorithm_auth = SSL_aRSA,
		1041	.algorithm_enc = SSL_CAMELLIA128,
		1042	.algorithm_mac = SSL_SHA256,
		1043	.algorithm_ssl = SSL_TLSV1_2,
		1044	.algo_strength = SSL_HIGH,
		1045	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		1046	.strength_bits = 128,
		1047	.alg_bits = 128,
		1048	},
		1049
		1050	/* Cipher BF */
		1051	{
		1052	.valid = 1,
		1053	.name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
		1054	.id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
		1055	.algorithm_mkey = SSL_kDHE,
		1056	.algorithm_auth = SSL_aNULL,
		1057	.algorithm_enc = SSL_CAMELLIA128,
		1058	.algorithm_mac = SSL_SHA256,
		1059	.algorithm_ssl = SSL_TLSV1_2,
		1060	.algo_strength = SSL_HIGH,
		1061	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		1062	.strength_bits = 128,
		1063	.alg_bits = 128,
		1064	},
		1065
		1066	/* Cipher C0 */
		1067	{
		1068	.valid = 1,
		1069	.name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
		1070	.id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
		1071	.algorithm_mkey = SSL_kRSA,
		1072	.algorithm_auth = SSL_aRSA,
		1073	.algorithm_enc = SSL_CAMELLIA256,
		1074	.algorithm_mac = SSL_SHA256,
		1075	.algorithm_ssl = SSL_TLSV1_2,
		1076	.algo_strength = SSL_HIGH,
		1077	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		1078	.strength_bits = 256,
		1079	.alg_bits = 256,
		1080	},
		1081
		1082	/* Cipher C3 */
		1083	{
		1084	.valid = 1,
		1085	.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
		1086	.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
		1087	.algorithm_mkey = SSL_kDHE,
		1088	.algorithm_auth = SSL_aDSS,
		1089	.algorithm_enc = SSL_CAMELLIA256,
		1090	.algorithm_mac = SSL_SHA256,
		1091	.algorithm_ssl = SSL_TLSV1_2,
		1092	.algo_strength = SSL_HIGH,
		1093	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		1094	.strength_bits = 256,
		1095	.alg_bits = 256,
		1096	},
		1097
		1098	/* Cipher C4 */
		1099	{
		1100	.valid = 1,
		1101	.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
		1102	.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
		1103	.algorithm_mkey = SSL_kDHE,
		1104	.algorithm_auth = SSL_aRSA,
		1105	.algorithm_enc = SSL_CAMELLIA256,
		1106	.algorithm_mac = SSL_SHA256,
		1107	.algorithm_ssl = SSL_TLSV1_2,
		1108	.algo_strength = SSL_HIGH,
		1109	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		1110	.strength_bits = 256,
		1111	.alg_bits = 256,
		1112	},
		1113
		1114	/* Cipher C5 */
		1115	{
		1116	.valid = 1,
		1117	.name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
		1118	.id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
		1119	.algorithm_mkey = SSL_kDHE,
		1120	.algorithm_auth = SSL_aNULL,
		1121	.algorithm_enc = SSL_CAMELLIA256,
		1122	.algorithm_mac = SSL_SHA256,
		1123	.algorithm_ssl = SSL_TLSV1_2,
		1124	.algo_strength = SSL_HIGH,
		1125	.algorithm2 = SSL_HANDSHAKE_MAC_SHA256\|TLS1_PRF_SHA256,
		1126	.strength_bits = 256,
		1127	.alg_bits = 256,
		1128	},
		1129	#endif /* OPENSSL_NO_CAMELLIA */
		1130
999	/* Cipher C001 */	1131	/* Cipher C001 */
1000	{	1132	{
1001	.valid = 1,	1133	.valid = 1,