1 files changed, 66 insertions, 1 deletions

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 1afdfa7750..30473b5ff2 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -108,6 +108,11 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #define _XOPEN_SOURCE 600	/* Or gethostname won't be declared properly
 				   on Linux and GNU platforms. */
@@ -201,6 +206,9 @@ static void sv_usage(void)
 	fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
 	fprintf(stderr," -no_dhe       - disable DHE\n");
 #endif
+#ifndef OPENSSL_NO_ECDH
+	fprintf(stderr," -no_ecdhe     - disable ECDHE\n");
+#endif
 #ifndef OPENSSL_NO_SSL2
 	fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
@@ -221,7 +229,12 @@ static void sv_usage(void)
 	fprintf(stderr," -f            - Test even cases that can't work\n");
 	fprintf(stderr," -time         - measure processor time used by client and server\n");
 	fprintf(stderr," -zlib         - use zlib compression\n");
-	fprintf(stderr," -time         - use rle compression\n");
+	fprintf(stderr," -rle          - use rle compression\n");
+#ifndef OPENSSL_NO_ECDH
+	fprintf(stderr," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
+	               "                 Use \"openssl ecparam -list_curves\" for all names\n"  \
+	               "                 (default is sect163r2).\n");
+#endif
 	}
 
 static void print_details(SSL *c_ssl, const char *prefix)
@@ -345,6 +358,7 @@ int main(int argc, char *argv[])
 	char *server_key=NULL;
 	char *client_cert=TEST_CLIENT_CERT;
 	char *client_key=NULL;
+	char *named_curve = NULL;
 	SSL_CTX *s_ctx=NULL;
 	SSL_CTX *c_ctx=NULL;
 	SSL_METHOD *meth=NULL;
@@ -355,7 +369,11 @@ int main(int argc, char *argv[])
 	DH *dh;
 	int dhe1024 = 0, dhe1024dsa = 0;
 #endif
+#ifndef OPENSSL_NO_ECDH
+	EC_KEY *ecdh = NULL;
+#endif
 	int no_dhe = 0;
+	int no_ecdhe = 0;
 	int print_time = 0;
 	clock_t s_time = 0, c_time = 0;
 	int comp = 0;
@@ -408,6 +426,8 @@ int main(int argc, char *argv[])
 #endif
 		else if	(strcmp(*argv,"-no_dhe") == 0)
 			no_dhe=1;
+		else if	(strcmp(*argv,"-no_ecdhe") == 0)
+			no_ecdhe=1;
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			ssl2=1;
 		else if	(strcmp(*argv,"-tls1") == 0)
@@ -494,6 +514,13 @@ int main(int argc, char *argv[])
 			{
 			comp = COMP_RLE;
 			}
+#ifndef OPENSSL_NO_ECDH		
+		else if	(strcmp(*argv,"-named_curve") == 0)
+			{
+			if (--argc < 1) goto bad;
+			named_curve = *(++argv);
+			}
+#endif
 		else if	(strcmp(*argv,"-app_verify") == 0)
 			{
 			app_verify = 1;
@@ -609,6 +636,44 @@ bad:
 	(void)no_dhe;
 #endif
 
+#ifndef OPENSSL_NO_ECDH
+	if (!no_ecdhe)
+		{
+		ecdh = EC_KEY_new();
+		if (ecdh != NULL)
+			{
+			if (named_curve)
+				{
+				int nid = OBJ_sn2nid(named_curve);
+
+				if (nid == 0)
+					{
+					BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
+					EC_KEY_free(ecdh);
+					goto end;
+					}
+
+				ecdh->group = EC_GROUP_new_by_nid(nid);
+				if (ecdh->group == NULL)
+					{
+					BIO_printf(bio_err, "unable to create curve (%s)\n", named_curve);
+					EC_KEY_free(ecdh);
+					goto end;
+					}
+				}
+			
+			if (ecdh->group == NULL)
+				ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
+
+			SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
+			SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
+			EC_KEY_free(ecdh);
+			}
+		}
+#else
+	(void)no_ecdhe;
+#endif
+
 #ifndef OPENSSL_NO_RSA
 	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
 #endif