Skip to content

Instantly share code, notes, and snippets.

@h-yamamo
Last active May 23, 2024 23:49
Show Gist options
  • Save h-yamamo/157804dc9011a33afb99a3324114ee23 to your computer and use it in GitHub Desktop.
Save h-yamamo/157804dc9011a33afb99a3324114ee23 to your computer and use it in GitHub Desktop.
Support Camellia-GCM for debian/ubuntu openssl 1.1 and later version package

Support Camellia-GCM for debian/ubuntu openssl (v1.1 series and v3 series) package

Implement camellia-gcm functions into libcrypto and camellia-gcm ciphersuites from RFC 6367 into libssl. And TLS 1.3 camellia-gcm ciphersuites are supported for private use in OpenSSL 1.1.1 and later version.

Reference: openssl/openssl#374

How to build

  • Required packages: packaging-dev, lzip / Preparation: sudo apt-get build-dep openssl

Debian 9 (stretch) (not maintained)

Only the Camellia-GCM

(# in some directory)
git clone -b camellia --depth 1 https://gist.github.com/h-yamamo/157804dc9011a33afb99a3324114ee23
apt-get -d source openssl
tar xf openssl_1.1.0l.orig.tar.gz
cd openssl-1.1.0l
tar xf ../openssl_1.1.0l-1~deb9u6.debian.tar.xz
tar xvf ../157804dc9011a33afb99a3324114ee23/debian.tlz
(# you may edit debian/changelog and/or something others)
debuild -uc -us

Camellia-GCM and EVP_AEAD APIs

(# in some directory)
git clone -b evp-aead-camellia --depth 1 https://gist.github.com/h-yamamo/157804dc9011a33afb99a3324114ee23
apt-get -d source openssl
tar xf openssl_1.1.0l.orig.tar.gz
cd openssl-1.1.0l
tar xf ../openssl_1.1.0l-1~deb9u6.debian.tar.xz
tar xvf ../157804dc9011a33afb99a3324114ee23/debian.tlz
(# you may edit debian/changelog and/or something others)
debuild -uc -us

Debian 10 (buster)

Camellia-GCM and EVP_AEAD APIs

(# in some directory)
git clone -b buster --depth 1 https://gist.github.com/h-yamamo/157804dc9011a33afb99a3324114ee23
apt-get -d source openssl
tar xf openssl_1.1.1n.orig.tar.gz
cd openssl-1.1.1n
tar xf ../openssl_1.1.1n-0+deb10u6.debian.tar.xz
tar xvf ../157804dc9011a33afb99a3324114ee23/debian.tlz
(# you may edit debian/changelog and/or something others)
debuild -uc -us

Debian 11 (bullseye)

Camellia-GCM and EVP_AEAD APIs

(# in some directory)
git clone -b bullseye --depth 1 https://gist.github.com/h-yamamo/157804dc9011a33afb99a3324114ee23
apt-get -d source openssl
tar xf openssl_1.1.1w.orig.tar.gz
cd openssl-1.1.1w
tar xf ../openssl_1.1.1w-0+deb11u1.debian.tar.xz
tar xvf ../157804dc9011a33afb99a3324114ee23/debian.tlz
(# you may edit debian/changelog and/or something others)
debuild -uc -us

Debian 12 (bookworm)

Camellia-GCM and EVP_AEAD APIs

(# in some directory)
git clone -b bookworm --depth 1 https://gist.github.com/h-yamamo/157804dc9011a33afb99a3324114ee23
apt-get -d source openssl
tar xf openssl_3.0.13.orig.tar.gz
cd openssl-3.0.13
tar xf ../openssl_3.0.13-1~deb12u1.debian.tar.xz
tar xvf ../157804dc9011a33afb99a3324114ee23/debian.tlz
(# you may edit debian/changelog, debian/patches/series and/or something others)
debuild -uc -us
(# DEB_BUILD_PROFILES=noudeb debuild -uc -us ;# without udeb)

Ubuntu 18.04 LTS (bionic) (not maintained)

Camellia-GCM and EVP_AEAD APIs

(# in some directory)
git clone -b bionic_e1 --depth 1 https://gist.github.com/h-yamamo/157804dc9011a33afb99a3324114ee23
apt-get -d source openssl
tar xf openssl_1.1.1.orig.tar.gz
cd openssl-1.1.1
tar xf ../openssl_1.1.1-1ubuntu2.1~18.04.23.debian.tar.xz
tar xvf ../157804dc9011a33afb99a3324114ee23/debian.tlz
(# you may edit debian/changelog and/or something others)
debuild -uc -us

Ubuntu 20.04 LTS (focal)

Camellia-GCM and EVP_AEAD APIs

(# in some directory)
git clone -b focal --depth 1 https://gist.github.com/h-yamamo/157804dc9011a33afb99a3324114ee23
apt-get -d source openssl
tar xf openssl_1.1.1f.orig.tar.gz
cd openssl-1.1.1f
tar xf ../openssl_1.1.1f-1ubuntu2.22.debian.tar.xz
tar xvf ../157804dc9011a33afb99a3324114ee23/debian.tlz
(# you may edit debian/changelog and/or something others)
debuild -uc -us

Ubuntu 22.04 LTS (jammy)

Camellia-GCM and EVP_AEAD APIs

(# in some directory)
git clone -b jammy --depth 1 https://gist.github.com/h-yamamo/157804dc9011a33afb99a3324114ee23
apt-get -d source openssl
tar xf openssl_3.0.2.orig.tar.gz
cd openssl-3.0.2
tar xf ../openssl_3.0.2-0ubuntu1.15.debian.tar.xz
tar xvf ../157804dc9011a33afb99a3324114ee23/debian.tlz
(# you may edit debian/changelog, debian/patches/series and/or something others)
debuild -uc -us

Ubuntu 24.04 LTS (noble)

Camellia-GCM and EVP_AEAD APIs

(# in some directory)
git clone -b noble --depth 1 https://gist.github.com/h-yamamo/157804dc9011a33afb99a3324114ee23
apt-get -d source openssl
tar xf openssl_3.0.13.orig.tar.gz
cd openssl-3.0.13
tar xf ../openssl_3.0.13-0ubuntu3.1.debian.tar.xz
tar xvf ../157804dc9011a33afb99a3324114ee23/debian.tlz
(# you may edit debian/changelog, debian/patches/series and/or something others)
debuild -uc -us
(# DEB_BUILD_PROFILES=noudeb debuild -uc -us ;# without udeb)
@h-yamamo
Copy link
Author

2017-10-20 Update evp-aead-camellia branch.

  • Export X25519 functions.

See /usr/include/openssl/curve25519.h in libssl-dev package for more information.

@h-yamamo
Copy link
Author

h-yamamo commented Dec 24, 2018

On Debian 10 (buster) / Ubuntu 18.04 LTS (bionic), support Camellia-GCM of TLS 1.3 ciphersuites.
It's assigned the following definitions for Camellia-GCM.

TLS_CAMELLIA_128_GCM_SHA256  0xFFCA
TLS_CAMELLIA_256_GCM_SHA384  0xFFCB

To enable Camellia-GCM of TLS 1.3, specify option to argument or configuration file.

For openssl command:

openssl s_client (or s_server ...) -ciphersuites TLS_CAMELLIA_128_GCM_SHA256:TLS_AES_128_GCM_SHA256:... other options

For apache2, add the following directive to ssl.conf file:

 SSLOpenSSLConfCmd Ciphersuites TLS_CAMELLIA_128_GCM_SHA256:TLS_AES_128_GCM_SHA256:...

@roytam1
Copy link

roytam1 commented Apr 10, 2020

cross-reference: openssl/openssl#11061

@roytam1
Copy link

roytam1 commented Jul 5, 2023

@h-yamamo openssl/openssl#11061 tagged "help wanted", I wonder if you may help to get this merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment