ECC ciphersuite support

[openssl.git] / ssl / s3_both.c

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 8864366f59228a97789c79fd3e0f6a3f368d6e59..a5588360e53686d43ba28751650e689d8373670b 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -108,6 +108,11 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #include <limits.h>
 #include <string.h>
@@ -520,6 +525,23 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
                        else ret= -1;
                        }
                }
+#ifndef OPENSSL_NO_EC
+       /* XXX: Structurally, there is no distinction between 
+        * ECDSA and ECDH public keys (both are ECPoints).
+        * So EVP_PKEY_ECDSA should really be renamed EVP_PKEY_ECC
+        * (or similar). As for ECC certificates, additional
+        * information (e.g. in the optional key usage X509v3 
+        * extension) could be used when available to distinguish
+        * between ECDH and ECDSA certificates. For now, we do not
+        * make that distinction here. Instead, we shift the burden
+        * of checking for appropriate key usage to the SSL code
+        * responsible for sending/processing ECC certificates.
+        */
+       else if (i == EVP_PKEY_ECDSA)
+               {
+               ret = SSL_PKEY_ECC;
+               }
+#endif
        else
                ret= -1;