diff options
| author | Bodo Möller <bodo@openssl.org> | 2002-08-09 08:56:08 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2002-08-09 08:56:08 +0000 |
| commit | ea262260469e49149cb10b25a87dfd6ad3fbb4ba (patch) | |
| tree | 7032110f80ba1888d7b3047cfbacd2d46e4fb67c /ssl/ssl_ciph.c | |
| parent | 17f627931780f000b8dd47fe030c52cc0fa93ef5 (diff) | |
ECC ciphersuite support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
Diffstat (limited to 'ssl/ssl_ciph.c')
| -rw-r--r-- | ssl/ssl_ciph.c | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 37f58886a6..0660275422 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -55,7 +55,11 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ - +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include <stdio.h> #include <openssl/objects.h> #include <openssl/comp.h> @@ -101,18 +105,20 @@ typedef struct cipher_order_st static const SSL_CIPHER cipher_aliases[]={ /* Don't include eNULL unless specifically enabled. */ - {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ - {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ + /* Don't include ECC in ALL because these ciphers are not yet official. */ + {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ + /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ + {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, - {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ + {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, + {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, - {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, @@ -314,7 +320,9 @@ static unsigned long ssl_cipher_get_disabled(void) #ifdef OPENSSL_NO_KRB5 mask |= SSL_kKRB5|SSL_aKRB5; #endif - +#ifdef OPENSSL_NO_ECDH + mask |= SSL_kECDH|SSL_kECDHE; +#endif #ifdef SSL_FORBID_ENULL mask |= SSL_eNULL; #endif @@ -916,7 +924,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); kl=SSL_C_EXPORT_KEYLENGTH(cipher); exp=is_export?" export":""; - + if (alg & SSL_SSLV2) ver="SSLv2"; else if (alg & SSL_SSLV3) @@ -945,6 +953,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_kEDH: kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; break; + case SSL_kECDH: + case SSL_kECDHE: + kx=is_export?"ECDH(<=163)":"ECDH"; + break; default: kx="unknown"; } @@ -968,6 +980,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_aNULL: au="None"; break; + case SSL_aECDSA: + au="ECDSA"; + break; default: au="unknown"; break; |