Add support for Camellia HMAC-Based cipher suites from RFC6367

While RFC6367 focuses on Camellia-GCM cipher suites, it also adds a few
cipher suites that use SHA-2 based HMAC that can be very easily
added.

Tested against gnutls 3.3.5

PR#3443
Reviewed-by: NTim Hudson <tjh@openssl.org>

doc/apps/ciphers.pod

@@ -587,6 +587,17 @@ Note: these ciphers can also be used in SSL v3.
  TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
  TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
 
+=head2 Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2
+
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  ECDH-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  ECDH-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
+ TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    ECDH-RSA-CAMELLIA128-SHA256
+ TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    ECDH-RSA-CAMELLIA256-SHA384
+
 =head2 Pre shared keying (PSK) cipheruites
 
  TLS_PSK_WITH_RC4_128_SHA                  PSK-RC4-SHA

ssl/s3_lib.c

@@ -3033,6 +3033,127 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[]={
 	256,
 	},
 
+#ifndef OPENSSL_NO_CAMELLIA
+	{ /* Cipher C072 */
+	1,
+	TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHE,
+	SSL_aECDSA,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C073 */
+	1,
+	TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHE,
+	SSL_aECDSA,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+
+	{ /* Cipher C074 */
+	1,
+	TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHe,
+	SSL_aECDH,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C075 */
+	1,
+	TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHe,
+	SSL_aECDH,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+
+	{ /* Cipher C076 */
+	1,
+	TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHE,
+	SSL_aRSA,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C077 */
+	1,
+	TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHE,
+	SSL_aRSA,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+
+	{ /* Cipher C078 */
+	1,
+	TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	SSL_kECDHr,
+	SSL_aECDH,
+	SSL_CAMELLIA128,
+	SSL_SHA256,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+	128,
+	128
+	},
+
+	{ /* Cipher C079 */
+	1,
+	TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	SSL_kECDHr,
+	SSL_aECDH,
+	SSL_CAMELLIA256,
+	SSL_SHA384,
+	SSL_TLSV1_2,
+	SSL_NOT_EXP|SSL_HIGH,
+	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+	256,
+	256
+	},
+#endif  /* OPENSSL_NO_CAMELLIA */
 #endif /* OPENSSL_NO_ECDH */
 
 

ssl/tls1.h

@@ -575,6 +575,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
 #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
 
+/* Camellia-CBC ciphersuites from RFC6367 */
+#define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072
+#define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073
+#define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0x0300C074
+#define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0x0300C075
+#define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0x0300C076
+#define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0x0300C077
+#define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0x0300C078
+#define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0x0300C079
+
 /* XXX
  * Backward compatibility alert:
  * Older versions of OpenSSL gave some DHE ciphers names with "EDH"
@@ -741,6 +751,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
 #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
 
+/* Camellia-CBC ciphersuites from RFC6367 */
+#define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384"
+#define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  "ECDH-ECDSA-CAMELLIA128-SHA256"
+#define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  "ECDH-ECDSA-CAMELLIA256-SHA384"
+#define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "ECDHE-RSA-CAMELLIA128-SHA256"
+#define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   "ECDHE-RSA-CAMELLIA256-SHA384"
+#define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    "ECDH-RSA-CAMELLIA128-SHA256"
+#define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    "ECDH-RSA-CAMELLIA256-SHA384"
+
 #define TLS_CT_RSA_SIGN			1
 #define TLS_CT_DSS_SIGN			2
 #define TLS_CT_RSA_FIXED_DH		3