* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
-
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
#include <stdio.h>
#include <openssl/objects.h>
#include <openssl/comp.h>
#define SSL_ENC_IDEA_IDX 4
#define SSL_ENC_eFZA_IDX 5
#define SSL_ENC_NULL_IDX 6
-#define SSL_ENC_NUM_IDX 7
+#define SSL_ENC_AES128_IDX 7
+#define SSL_ENC_AES256_IDX 8
+#define SSL_ENC_NUM_IDX 9
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
NULL,NULL,NULL,NULL,NULL,NULL,
} CIPHER_ORDER;
static const SSL_CIPHER cipher_aliases[]={
- /* Don't include eNULL unless specifically enabled */
- {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
- {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
+ /* Don't include eNULL unless specifically enabled. */
+ /* Don't include ECC in ALL because these ciphers are not yet official. */
+ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+ /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
+ {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */
+ {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
+ {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
{0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
+ {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
{0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
-
{0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */
{0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
{0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
+ {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
{0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
EVP_get_cipherbyname(SN_rc2_cbc);
ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
EVP_get_cipherbyname(SN_idea_cbc);
+ ssl_cipher_methods[SSL_ENC_AES128_IDX]=
+ EVP_get_cipherbyname(SN_aes_128_cbc);
+ ssl_cipher_methods[SSL_ENC_AES256_IDX]=
+ EVP_get_cipherbyname(SN_aes_256_cbc);
ssl_digest_methods[SSL_MD_MD5_IDX]=
EVP_get_digestbyname(SN_md5);
case SSL_eNULL:
i=SSL_ENC_NULL_IDX;
break;
+ case SSL_AES:
+ switch(c->alg_bits)
+ {
+ case 128: i=SSL_ENC_AES128_IDX; break;
+ case 256: i=SSL_ENC_AES256_IDX; break;
+ default: i=-1; break;
+ }
+ break;
default:
i= -1;
break;
unsigned long mask;
mask = SSL_kFZA;
-#ifdef NO_RSA
+#ifdef OPENSSL_NO_RSA
mask |= SSL_aRSA|SSL_kRSA;
#endif
-#ifdef NO_DSA
+#ifdef OPENSSL_NO_DSA
mask |= SSL_aDSS;
#endif
-#ifdef NO_DH
+#ifdef OPENSSL_NO_DH
mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
#endif
-#ifdef NO_KRB5
+#ifdef OPENSSL_NO_KRB5
mask |= SSL_kKRB5|SSL_aKRB5;
#endif
-
+#ifdef OPENSSL_NO_ECDH
+ mask |= SSL_kECDH|SSL_kECDHE;
+#endif
#ifdef SSL_FORBID_ENULL
mask |= SSL_eNULL;
#endif
mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
+ mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
exp=is_export?" export":"";
-
+
if (alg & SSL_SSLV2)
ver="SSLv2";
else if (alg & SSL_SSLV3)
case SSL_kEDH:
kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
break;
+ case SSL_kECDH:
+ case SSL_kECDHE:
+ kx=is_export?"ECDH(<=163)":"ECDH";
+ break;
default:
kx="unknown";
}
case SSL_aNULL:
au="None";
break;
+ case SSL_aECDSA:
+ au="ECDSA";
+ break;
default:
au="unknown";
break;
case SSL_eNULL:
enc="None";
break;
+ case SSL_AES:
+ switch(cipher->strength_bits)
+ {
+ case 128: enc="AES(128)"; break;
+ case 192: enc="AES(192)"; break;
+ case 256: enc="AES(256)"; break;
+ default: enc="AES(?""?""?)"; break;
+ }
+ break;
default:
enc="unknown";
break;
SSL_COMP *comp;
STACK_OF(SSL_COMP) *sk;
+ if (cm == NULL || cm->type == NID_undef)
+ return 1;
+
MemCheck_off();
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
comp->id=id;