Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -73,6 +73,10 @@ Changes between 0.9.8a and 0.9.8b [XX xxx XXXX] *) Update support for ECC-based TLS ciphersuites according to draft-ietf-tls-ecc-12.txt with proposed changes. [Douglas Stebila] *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support opaque EVP_CIPHER_CTX handling. [Steve Henson] Loading demos/ssltest-ecc/ssltest.sh +10 −7 Original line number Diff line number Diff line Loading @@ -20,23 +20,23 @@ SSLTEST=$OPENSSL_DIR/test/ssltest SSLVERSION= # These don't really require any certificates AECDH_CIPHER_LIST="EXP-AECDH-RC4-40-SHA EXP-AECDH-DES-40-CBC-SHA AECDH-DES-CBC3-SHA AECDH-DES-CBC-SHA AECDH-RC4-SHA AECDH-NULL-SHA" AECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA" # These require ECC certificates signed with ECDSA # The EC public key must be authorized for key agreement. ECDH_ECDSA_CIPHER_LIST="EXP-ECDH-ECDSA-RC4-56-SHA EXP-ECDH-ECDSA-RC4-40-SHA ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-DES-CBC-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA" ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA" # These require ECC certificates. # The EC public key must be authorized for digital signature. ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES128-SHA" ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA" # These require ECC certificates signed with RSA. # The EC public key must be authorized for key agreement. ECDH_RSA_CIPHER_LIST="EXP-ECDH-RSA-RC4-56-SHA EXP-ECDH-RSA-RC4-40-SHA ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-DES-CBC-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA" ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA" # These require RSA certificates. # The RSA public key must be authorized for digital signature. ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES128-SHA" ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA" # List of Elliptic curves over which we wish to test generation of # ephemeral ECDH keys when using AECDH or ECDHE ciphers Loading Loading @@ -78,9 +78,9 @@ done for curve in $ELLIPTIC_CURVE_LIST do echo "Testing EXP-AECDH-RC4-40-SHA (with $curve)" echo "Testing AECDH-RC4-SHA (with $curve)" $SSLTEST $SSL_VERSION -cert $SERVER_PEM \ -named_curve $curve -cipher EXP-AECDH-RC4-40-SHA -named_curve $curve -cipher AECDH-RC4-SHA done fi Loading Loading @@ -167,6 +167,9 @@ if [ "$1" = "ecdhe-rsa" ]; then for cipher in $ECDHE_RSA_CIPHER_LIST do echo "Testing $cipher (with server authentication)" echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ -cert $SERVER_PEM -server_auth \ -cipher $cipher -named_curve $DEFAULT_CURVE $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ -cert $SERVER_PEM -server_auth \ -cipher $cipher -named_curve $DEFAULT_CURVE Loading ssl/s3_clnt.c +5 −28 Original line number Diff line number Diff line Loading @@ -1213,12 +1213,12 @@ int ssl3_get_key_exchange(SSL *s) */ /* XXX: For now we only support named (not generic) curves * and the ECParameters in this case is just two bytes. * and the ECParameters in this case is just three bytes. */ param_len=2; param_len=3; if ((param_len > n) || (*p != NAMED_CURVE_TYPE) || ((curve_nid = curve_id2nid(*(p + 1))) == 0)) ((curve_nid = curve_id2nid(*(p + 2))) == 0)) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); Loading Loading @@ -1248,7 +1248,7 @@ int ssl3_get_key_exchange(SSL *s) goto f_err; } p+=2; p+=3; /* Next, get the encoded ECPoint */ if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || Loading Loading @@ -1616,22 +1616,6 @@ int ssl3_get_server_done(SSL *s) } #ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; else *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; #endif /* OPENSSL_NO_SHA */ } #endif /* OPENSSL_NO_ECDH */ int ssl3_send_client_key_exchange(SSL *s) { unsigned char *p,*d; Loading Loading @@ -2029,13 +2013,6 @@ int ssl3_send_client_key_exchange(SSL *s) ERR_R_ECDH_LIB); goto err; } /* If field size is not more than 24 octets, then use SHA-1 hash of result; * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; * this is new with this version of the Internet Draft). */ if (field_size <= 24 * 8) n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); else n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0) { Loading ssl/s3_lib.c +149 −147 Original line number Diff line number Diff line Loading @@ -900,8 +900,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #ifndef OPENSSL_NO_ECDH /* Cipher 47 */ /* Cipher C001 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, Loading @@ -915,7 +916,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 48 */ /* Cipher C002 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, Loading @@ -929,21 +930,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 49 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA, TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA, SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 4A */ /* Cipher C003 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, Loading @@ -957,7 +944,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4B */ /* Cipher C004 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, Loading @@ -971,7 +958,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4C */ /* Cipher C005 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Loading @@ -985,12 +972,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4D */ /* Cipher C006 */ { 1, TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, TLS1_CK_ECDH_RSA_WITH_NULL_SHA, SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, Loading @@ -999,12 +986,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4E */ /* Cipher C007 */ { 1, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, Loading @@ -1013,21 +1000,77 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4F */ /* Cipher C008 */ { 1, TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA, TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA, SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_LOW, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 56, 56, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C009 */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00A */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00B */ { 1, TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, TLS1_CK_ECDH_RSA_WITH_NULL_SHA, SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00C */ { 1, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 50 */ /* Cipher C00D */ { 1, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, Loading @@ -1041,7 +1084,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 51 */ /* Cipher C00E */ { 1, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, Loading @@ -1055,7 +1098,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 52 */ /* Cipher C00F */ { 1, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, Loading @@ -1069,55 +1112,55 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 53 */ /* Cipher C010 */ { 1, TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP40, TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 54 */ /* Cipher C011 */ { 1, TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 56, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 55 */ /* Cipher C012 */ { 1, TLS1_TXT_ECDH_anon_WITH_NULL_SHA, TLS1_CK_ECDH_anon_WITH_NULL_SHA, SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 56 */ /* Cipher C013 */ { 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, Loading @@ -1125,91 +1168,89 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 57 */ /* Cipher C014 */ { 1, TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA, TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_LOW, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 56, 56, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 58 */ /* Cipher C015 */ { 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, TLS1_TXT_ECDH_anon_WITH_NULL_SHA, TLS1_CK_ECDH_anon_WITH_NULL_SHA, SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 59 */ /* Cipher C016 */ { 1, TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP40, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 40, 56, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 5A */ /* Cipher C017 */ { 1, TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA, TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA, SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP40, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 40, 128, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 5B */ /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */ /* Cipher C018 */ { 1, TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP40, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 40, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 5C */ /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */ /* Cipher C019 */ { 1, TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 56, 128, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* OPENSSL_NO_ECDH */ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES Loading Loading @@ -1309,45 +1350,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, #endif #ifndef OPENSSL_NO_ECDH /* Cipher 77 XXX: ECC ciphersuites offering forward secrecy * are not yet specified in the ECC/TLS draft but our code * allows them to be implemented very easily. To add such * a cipher suite, one needs to add two constant definitions * to tls1.h and a new structure in this file as shown below. We * illustrate the process for the made-up cipher * ECDHE-ECDSA-AES128-SHA. */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 78 XXX: Another made-up ECC cipher suite that * offers forward secrecy (ECDHE-RSA-AES128-SHA). */ { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* !OPENSSL_NO_ECDH */ /* end of list */ }; Loading ssl/s3_srvr.c +7 −28 Original line number Diff line number Diff line Loading @@ -1366,11 +1366,11 @@ int ssl3_send_server_key_exchange(SSL *s) /* XXX: For now, we only support named (not * generic) curves in ECDH ephemeral key exchanges. * In this situation, we need three additional bytes * In this situation, we need four additional bytes * to encode the entire ServerECDHParams * structure. */ n = 3 + encodedlen; n = 4 + encodedlen; /* We'll generate the serverKeyExchange message * explicitly so we can set these to NULLs Loading @@ -1378,6 +1378,7 @@ int ssl3_send_server_key_exchange(SSL *s) r[0]=NULL; r[1]=NULL; r[2]=NULL; r[3]=NULL; } else #endif /* !OPENSSL_NO_ECDH */ Loading Loading @@ -1428,12 +1429,14 @@ int ssl3_send_server_key_exchange(SSL *s) { /* XXX: For now, we only support named (not generic) curves. * In this situation, the serverKeyExchange message has: * [1 byte CurveType], [1 byte CurveName] * [1 byte CurveType], [2 byte CurveName] * [1 byte length of encoded point], followed by * the actual encoded point itself */ *p = NAMED_CURVE_TYPE; p += 1; *p = 0; p += 1; *p = curve_id; p += 1; *p = encodedlen; Loading Loading @@ -1637,23 +1640,6 @@ err: return(-1); } #ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; else *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; #endif /* OPENSSL_NO_SHA */ } #endif /* OPENSSL_NO_ECDH */ int ssl3_get_client_key_exchange(SSL *s) { int i,al,ok; Loading Loading @@ -2156,13 +2142,6 @@ int ssl3_get_client_key_exchange(SSL *s) ERR_R_ECDH_LIB); goto err; } /* If field size is not more than 24 octets, then use SHA-1 hash of result; * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; * this is new with this version of the Internet Draft). */ if (field_size <= 24 * 8) i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); else i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); if (i <= 0) { Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -73,6 +73,10 @@ Changes between 0.9.8a and 0.9.8b [XX xxx XXXX] *) Update support for ECC-based TLS ciphersuites according to draft-ietf-tls-ecc-12.txt with proposed changes. [Douglas Stebila] *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support opaque EVP_CIPHER_CTX handling. [Steve Henson] Loading
demos/ssltest-ecc/ssltest.sh +10 −7 Original line number Diff line number Diff line Loading @@ -20,23 +20,23 @@ SSLTEST=$OPENSSL_DIR/test/ssltest SSLVERSION= # These don't really require any certificates AECDH_CIPHER_LIST="EXP-AECDH-RC4-40-SHA EXP-AECDH-DES-40-CBC-SHA AECDH-DES-CBC3-SHA AECDH-DES-CBC-SHA AECDH-RC4-SHA AECDH-NULL-SHA" AECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA" # These require ECC certificates signed with ECDSA # The EC public key must be authorized for key agreement. ECDH_ECDSA_CIPHER_LIST="EXP-ECDH-ECDSA-RC4-56-SHA EXP-ECDH-ECDSA-RC4-40-SHA ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-DES-CBC-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA" ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA" # These require ECC certificates. # The EC public key must be authorized for digital signature. ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES128-SHA" ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA" # These require ECC certificates signed with RSA. # The EC public key must be authorized for key agreement. ECDH_RSA_CIPHER_LIST="EXP-ECDH-RSA-RC4-56-SHA EXP-ECDH-RSA-RC4-40-SHA ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-DES-CBC-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA" ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA" # These require RSA certificates. # The RSA public key must be authorized for digital signature. ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES128-SHA" ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA" # List of Elliptic curves over which we wish to test generation of # ephemeral ECDH keys when using AECDH or ECDHE ciphers Loading Loading @@ -78,9 +78,9 @@ done for curve in $ELLIPTIC_CURVE_LIST do echo "Testing EXP-AECDH-RC4-40-SHA (with $curve)" echo "Testing AECDH-RC4-SHA (with $curve)" $SSLTEST $SSL_VERSION -cert $SERVER_PEM \ -named_curve $curve -cipher EXP-AECDH-RC4-40-SHA -named_curve $curve -cipher AECDH-RC4-SHA done fi Loading Loading @@ -167,6 +167,9 @@ if [ "$1" = "ecdhe-rsa" ]; then for cipher in $ECDHE_RSA_CIPHER_LIST do echo "Testing $cipher (with server authentication)" echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ -cert $SERVER_PEM -server_auth \ -cipher $cipher -named_curve $DEFAULT_CURVE $SSLTEST $SSL_VERSION -CAfile $CA_PEM \ -cert $SERVER_PEM -server_auth \ -cipher $cipher -named_curve $DEFAULT_CURVE Loading
ssl/s3_clnt.c +5 −28 Original line number Diff line number Diff line Loading @@ -1213,12 +1213,12 @@ int ssl3_get_key_exchange(SSL *s) */ /* XXX: For now we only support named (not generic) curves * and the ECParameters in this case is just two bytes. * and the ECParameters in this case is just three bytes. */ param_len=2; param_len=3; if ((param_len > n) || (*p != NAMED_CURVE_TYPE) || ((curve_nid = curve_id2nid(*(p + 1))) == 0)) ((curve_nid = curve_id2nid(*(p + 2))) == 0)) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); Loading Loading @@ -1248,7 +1248,7 @@ int ssl3_get_key_exchange(SSL *s) goto f_err; } p+=2; p+=3; /* Next, get the encoded ECPoint */ if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || Loading Loading @@ -1616,22 +1616,6 @@ int ssl3_get_server_done(SSL *s) } #ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; else *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; #endif /* OPENSSL_NO_SHA */ } #endif /* OPENSSL_NO_ECDH */ int ssl3_send_client_key_exchange(SSL *s) { unsigned char *p,*d; Loading Loading @@ -2029,13 +2013,6 @@ int ssl3_send_client_key_exchange(SSL *s) ERR_R_ECDH_LIB); goto err; } /* If field size is not more than 24 octets, then use SHA-1 hash of result; * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; * this is new with this version of the Internet Draft). */ if (field_size <= 24 * 8) n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); else n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0) { Loading
ssl/s3_lib.c +149 −147 Original line number Diff line number Diff line Loading @@ -900,8 +900,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #ifndef OPENSSL_NO_ECDH /* Cipher 47 */ /* Cipher C001 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, Loading @@ -915,7 +916,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 48 */ /* Cipher C002 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, Loading @@ -929,21 +930,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 49 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA, TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA, SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_LOW, 0, 56, 56, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 4A */ /* Cipher C003 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, Loading @@ -957,7 +944,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4B */ /* Cipher C004 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, Loading @@ -971,7 +958,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4C */ /* Cipher C005 */ { 1, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Loading @@ -985,12 +972,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4D */ /* Cipher C006 */ { 1, TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, TLS1_CK_ECDH_RSA_WITH_NULL_SHA, SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, Loading @@ -999,12 +986,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4E */ /* Cipher C007 */ { 1, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, Loading @@ -1013,21 +1000,77 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 4F */ /* Cipher C008 */ { 1, TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA, TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA, SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_LOW, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 56, 56, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C009 */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00A */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00B */ { 1, TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, TLS1_CK_ECDH_RSA_WITH_NULL_SHA, SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher C00C */ { 1, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 50 */ /* Cipher C00D */ { 1, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, Loading @@ -1041,7 +1084,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 51 */ /* Cipher C00E */ { 1, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, Loading @@ -1055,7 +1098,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 52 */ /* Cipher C00F */ { 1, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, Loading @@ -1069,55 +1112,55 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 53 */ /* Cipher C010 */ { 1, TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP40, TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, 40, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 54 */ /* Cipher C011 */ { 1, TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 56, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 55 */ /* Cipher C012 */ { 1, TLS1_TXT_ECDH_anon_WITH_NULL_SHA, TLS1_CK_ECDH_anon_WITH_NULL_SHA, SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 56 */ /* Cipher C013 */ { 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, Loading @@ -1125,91 +1168,89 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL_ALL_STRENGTHS, }, /* Cipher 57 */ /* Cipher C014 */ { 1, TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA, TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_LOW, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 56, 56, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 58 */ /* Cipher C015 */ { 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, TLS1_TXT_ECDH_anon_WITH_NULL_SHA, TLS1_CK_ECDH_anon_WITH_NULL_SHA, SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 0, 0, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 59 */ /* Cipher C016 */ { 1, TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP40, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP, 0, 40, 56, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 5A */ /* Cipher C017 */ { 1, TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA, TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA, SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP40, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 40, 128, 168, 168, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 5B */ /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */ /* Cipher C018 */ { 1, TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA, SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP40, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 40, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 5C */ /* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */ /* Cipher C019 */ { 1, TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_EXPORT|SSL_EXP56, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 56, 128, 256, 256, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* OPENSSL_NO_ECDH */ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES Loading Loading @@ -1309,45 +1350,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ }, #endif #ifndef OPENSSL_NO_ECDH /* Cipher 77 XXX: ECC ciphersuites offering forward secrecy * are not yet specified in the ECC/TLS draft but our code * allows them to be implemented very easily. To add such * a cipher suite, one needs to add two constant definitions * to tls1.h and a new structure in this file as shown below. We * illustrate the process for the made-up cipher * ECDHE-ECDSA-AES128-SHA. */ { 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, /* Cipher 78 XXX: Another made-up ECC cipher suite that * offers forward secrecy (ECDHE-RSA-AES128-SHA). */ { 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, SSL_NOT_EXP|SSL_HIGH, 0, 128, 128, SSL_ALL_CIPHERS, SSL_ALL_STRENGTHS, }, #endif /* !OPENSSL_NO_ECDH */ /* end of list */ }; Loading
ssl/s3_srvr.c +7 −28 Original line number Diff line number Diff line Loading @@ -1366,11 +1366,11 @@ int ssl3_send_server_key_exchange(SSL *s) /* XXX: For now, we only support named (not * generic) curves in ECDH ephemeral key exchanges. * In this situation, we need three additional bytes * In this situation, we need four additional bytes * to encode the entire ServerECDHParams * structure. */ n = 3 + encodedlen; n = 4 + encodedlen; /* We'll generate the serverKeyExchange message * explicitly so we can set these to NULLs Loading @@ -1378,6 +1378,7 @@ int ssl3_send_server_key_exchange(SSL *s) r[0]=NULL; r[1]=NULL; r[2]=NULL; r[3]=NULL; } else #endif /* !OPENSSL_NO_ECDH */ Loading Loading @@ -1428,12 +1429,14 @@ int ssl3_send_server_key_exchange(SSL *s) { /* XXX: For now, we only support named (not generic) curves. * In this situation, the serverKeyExchange message has: * [1 byte CurveType], [1 byte CurveName] * [1 byte CurveType], [2 byte CurveName] * [1 byte length of encoded point], followed by * the actual encoded point itself */ *p = NAMED_CURVE_TYPE; p += 1; *p = 0; p += 1; *p = curve_id; p += 1; *p = encodedlen; Loading Loading @@ -1637,23 +1640,6 @@ err: return(-1); } #ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; else *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; #endif /* OPENSSL_NO_SHA */ } #endif /* OPENSSL_NO_ECDH */ int ssl3_get_client_key_exchange(SSL *s) { int i,al,ok; Loading Loading @@ -2156,13 +2142,6 @@ int ssl3_get_client_key_exchange(SSL *s) ERR_R_ECDH_LIB); goto err; } /* If field size is not more than 24 octets, then use SHA-1 hash of result; * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; * this is new with this version of the Internet Draft). */ if (field_size <= 24 * 8) i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); else i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); if (i <= 0) { Loading
