From a63238a908c7339f2847ad8ec606486c57f77c58 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Tue, 16 Dec 2014 05:47:28 +0000
Subject: Now that we have Camellia support in libcrypto, bring in the SHA256
 flavour of the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From
 OpenSSL HEAD.

---
 src/lib/libssl/s3_lib.c | 134 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 133 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/s3_lib.c')

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index f372b6523c..98eff97131 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.90 2014/12/14 16:07:26 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.91 2014/12/16 05:47:28 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -996,6 +996,138 @@ SSL_CIPHER ssl3_ciphers[] = {
 		.alg_bits = 256,
 	},
 
+#ifndef OPENSSL_NO_CAMELLIA
+	/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+
+	/* Cipher BA */
+	{
+		.valid = 1,
+		.name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+		.id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+		.algorithm_mkey = SSL_kRSA,
+		.algorithm_auth = SSL_aRSA,
+		.algorithm_enc = SSL_CAMELLIA128,
+		.algorithm_mac = SSL_SHA256,
+		.algorithm_ssl = SSL_TLSV1_2,
+		.algo_strength = SSL_HIGH,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+		.strength_bits = 128,
+		.alg_bits = 128,
+	},
+
+	/* Cipher BD */
+	{
+		.valid = 1,
+		.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+		.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+		.algorithm_mkey = SSL_kDHE,
+		.algorithm_auth = SSL_aDSS,
+		.algorithm_enc = SSL_CAMELLIA128,
+		.algorithm_mac = SSL_SHA256,
+		.algorithm_ssl = SSL_TLSV1_2,
+		.algo_strength = SSL_HIGH,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+		.strength_bits = 128,
+		.alg_bits = 128,
+	},
+
+	/* Cipher BE */
+	{
+		.valid = 1,
+		.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+		.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+		.algorithm_mkey = SSL_kDHE,
+		.algorithm_auth = SSL_aRSA,
+		.algorithm_enc = SSL_CAMELLIA128,
+		.algorithm_mac = SSL_SHA256,
+		.algorithm_ssl = SSL_TLSV1_2,
+		.algo_strength = SSL_HIGH,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+		.strength_bits = 128,
+		.alg_bits = 128,
+	},
+
+	/* Cipher BF */
+	{
+		.valid = 1,
+		.name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+		.id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+		.algorithm_mkey = SSL_kDHE,
+		.algorithm_auth = SSL_aNULL,
+		.algorithm_enc = SSL_CAMELLIA128,
+		.algorithm_mac = SSL_SHA256,
+		.algorithm_ssl = SSL_TLSV1_2,
+		.algo_strength = SSL_HIGH,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+		.strength_bits = 128,
+		.alg_bits = 128,
+	},
+
+	/* Cipher C0 */
+	{
+		.valid = 1,
+		.name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+		.id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+		.algorithm_mkey = SSL_kRSA,
+		.algorithm_auth = SSL_aRSA,
+		.algorithm_enc = SSL_CAMELLIA256,
+		.algorithm_mac = SSL_SHA256,
+		.algorithm_ssl = SSL_TLSV1_2,
+		.algo_strength = SSL_HIGH,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+		.strength_bits = 256,
+		.alg_bits = 256,
+	},
+
+	/* Cipher C3 */
+	{
+		.valid = 1,
+		.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+		.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+		.algorithm_mkey = SSL_kDHE,
+		.algorithm_auth = SSL_aDSS,
+		.algorithm_enc = SSL_CAMELLIA256,
+		.algorithm_mac = SSL_SHA256,
+		.algorithm_ssl = SSL_TLSV1_2,
+		.algo_strength = SSL_HIGH,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+		.strength_bits = 256,
+		.alg_bits = 256,
+	},
+
+	/* Cipher C4 */
+	{
+		.valid = 1,
+		.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+		.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+		.algorithm_mkey = SSL_kDHE,
+		.algorithm_auth = SSL_aRSA,
+		.algorithm_enc = SSL_CAMELLIA256,
+		.algorithm_mac = SSL_SHA256,
+		.algorithm_ssl = SSL_TLSV1_2,
+		.algo_strength = SSL_HIGH,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+		.strength_bits = 256,
+		.alg_bits = 256,
+	},
+
+	/* Cipher C5 */
+	{
+		.valid = 1,
+		.name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+		.id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+		.algorithm_mkey = SSL_kDHE,
+		.algorithm_auth = SSL_aNULL,
+		.algorithm_enc = SSL_CAMELLIA256,
+		.algorithm_mac = SSL_SHA256,
+		.algorithm_ssl = SSL_TLSV1_2,
+		.algo_strength = SSL_HIGH,
+		.algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+		.strength_bits = 256,
+		.alg_bits = 256,
+	},
+#endif /* OPENSSL_NO_CAMELLIA */
+
 	/* Cipher C001 */
 	{
 		.valid = 1,
-- 
cgit v1.2.3-55-g6feb