ECC ciphersuite support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)

1 files changed, 22 insertions, 0 deletions

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 8864366f59..a5588360e5 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -108,6 +108,11 @@
  * Hudson (tjh@cryptsoft.com).
  *
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #include <limits.h>
 #include <string.h>
@@ -520,6 +525,23 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 			else ret= -1;
 			}
 		}
+#ifndef OPENSSL_NO_EC
+	/* XXX: Structurally, there is no distinction between 
+	 * ECDSA and ECDH public keys (both are ECPoints).
+	 * So EVP_PKEY_ECDSA should really be renamed EVP_PKEY_ECC
+	 * (or similar). As for ECC certificates, additional
+	 * information (e.g. in the optional key usage X509v3 
+	 * extension) could be used when available to distinguish
+	 * between ECDH and ECDSA certificates. For now, we do not
+	 * make that distinction here. Instead, we shift the burden
+	 * of checking for appropriate key usage to the SSL code
+	 * responsible for sending/processing ECC certificates.
+	 */
+	else if (i == EVP_PKEY_ECDSA)
+		{
+		ret = SSL_PKEY_ECC;
+		}
+#endif
 	else
 		ret= -1;