Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
9 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 d56349a2 编写于 作者: B Bodo Möller
浏览文件
操作

update TLS-ECC code 

Submitted by: Douglas Stebila
上级 67c03ff1
隐藏空白更改
内联 并排
Showing with 218 addition and 270 deletion
CHANGES
浏览文件 @ d56349a2
...@@ -73,6 +73,10 @@ ...@@ -73,6 +73,10 @@
Changes between 0.9.8a and 0.9.8b [XX xxx XXXX] Changes between 0.9.8a and 0.9.8b [XX xxx XXXX]
*) Update support for ECC-based TLS ciphersuites according to
draft-ietf-tls-ecc-12.txt with proposed changes.
[Douglas Stebila]
*) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
opaque EVP_CIPHER_CTX handling. opaque EVP_CIPHER_CTX handling.
[Steve Henson] [Steve Henson]
......
demos/ssltest-ecc/ssltest.sh
浏览文件 @ d56349a2
...@@ -20,23 +20,23 @@ SSLTEST=$OPENSSL_DIR/test/ssltest ...@@ -20,23 +20,23 @@ SSLTEST=$OPENSSL_DIR/test/ssltest
SSLVERSION= SSLVERSION=
# These don't really require any certificates # These don't really require any certificates
AECDH_CIPHER_LIST="EXP-AECDH-RC4-40-SHA EXP-AECDH-DES-40-CBC-SHA AECDH-DES-CBC3-SHA AECDH-DES-CBC-SHA AECDH-RC4-SHA AECDH-NULL-SHA" AECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA"
# These require ECC certificates signed with ECDSA # These require ECC certificates signed with ECDSA
# The EC public key must be authorized for key agreement. # The EC public key must be authorized for key agreement.
ECDH_ECDSA_CIPHER_LIST="EXP-ECDH-ECDSA-RC4-56-SHA EXP-ECDH-ECDSA-RC4-40-SHA ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-DES-CBC-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA" ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA"
# These require ECC certificates. # These require ECC certificates.
# The EC public key must be authorized for digital signature. # The EC public key must be authorized for digital signature.
ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES128-SHA" ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA"
# These require ECC certificates signed with RSA. # These require ECC certificates signed with RSA.
# The EC public key must be authorized for key agreement. # The EC public key must be authorized for key agreement.
ECDH_RSA_CIPHER_LIST="EXP-ECDH-RSA-RC4-56-SHA EXP-ECDH-RSA-RC4-40-SHA ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-DES-CBC-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA" ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA"
# These require RSA certificates. # These require RSA certificates.
# The RSA public key must be authorized for digital signature. # The RSA public key must be authorized for digital signature.
ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES128-SHA" ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA"
# List of Elliptic curves over which we wish to test generation of # List of Elliptic curves over which we wish to test generation of
# ephemeral ECDH keys when using AECDH or ECDHE ciphers # ephemeral ECDH keys when using AECDH or ECDHE ciphers
...@@ -78,9 +78,9 @@ done ...@@ -78,9 +78,9 @@ done
for curve in $ELLIPTIC_CURVE_LIST for curve in $ELLIPTIC_CURVE_LIST
do do
echo "Testing EXP-AECDH-RC4-40-SHA (with $curve)" echo "Testing AECDH-RC4-SHA (with $curve)"
$SSLTEST $SSL_VERSION -cert $SERVER_PEM \ $SSLTEST $SSL_VERSION -cert $SERVER_PEM \
-named_curve $curve -cipher EXP-AECDH-RC4-40-SHA -named_curve $curve -cipher AECDH-RC4-SHA
done done
fi fi
...@@ -167,6 +167,9 @@ if [ "$1" = "ecdhe-rsa" ]; then ...@@ -167,6 +167,9 @@ if [ "$1" = "ecdhe-rsa" ]; then
for cipher in $ECDHE_RSA_CIPHER_LIST for cipher in $ECDHE_RSA_CIPHER_LIST
do do
echo "Testing $cipher (with server authentication)" echo "Testing $cipher (with server authentication)"
echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \
-cipher $cipher -named_curve $DEFAULT_CURVE
$SSLTEST $SSL_VERSION -CAfile $CA_PEM \ $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
-cert $SERVER_PEM -server_auth \ -cert $SERVER_PEM -server_auth \
-cipher $cipher -named_curve $DEFAULT_CURVE -cipher $cipher -named_curve $DEFAULT_CURVE
......
ssl/s3_clnt.c
浏览文件 @ d56349a2
...@@ -1213,12 +1213,12 @@ int ssl3_get_key_exchange(SSL *s) ...@@ -1213,12 +1213,12 @@ int ssl3_get_key_exchange(SSL *s)
*/ */
/* XXX: For now we only support named (not generic) curves /* XXX: For now we only support named (not generic) curves
* and the ECParameters in this case is just two bytes. * and the ECParameters in this case is just three bytes.
*/ */
param_len=2; param_len=3;
if ((param_len > n) || if ((param_len > n) ||
(*p != NAMED_CURVE_TYPE) || (*p != NAMED_CURVE_TYPE) ||
((curve_nid = curve_id2nid(*(p + 1))) == 0)) ((curve_nid = curve_id2nid(*(p + 2))) == 0))
{ {
al=SSL_AD_INTERNAL_ERROR; al=SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
...@@ -1248,7 +1248,7 @@ int ssl3_get_key_exchange(SSL *s) ...@@ -1248,7 +1248,7 @@ int ssl3_get_key_exchange(SSL *s)
goto f_err; goto f_err;
} }
p+=2; p+=3;
/* Next, get the encoded ECPoint */ /* Next, get the encoded ECPoint */
if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
...@@ -1616,22 +1616,6 @@ int ssl3_get_server_done(SSL *s) ...@@ -1616,22 +1616,6 @@ int ssl3_get_server_done(SSL *s)
} }
#ifndef OPENSSL_NO_ECDH
static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
{
#ifndef OPENSSL_NO_SHA
if (*outlen < SHA_DIGEST_LENGTH)
return NULL;
else
*outlen = SHA_DIGEST_LENGTH;
return SHA1(in, inlen, out);
#else
return NULL;
#endif /* OPENSSL_NO_SHA */
}
#endif /* OPENSSL_NO_ECDH */
int ssl3_send_client_key_exchange(SSL *s) int ssl3_send_client_key_exchange(SSL *s)
{ {
unsigned char *p,*d; unsigned char *p,*d;
...@@ -2029,14 +2013,7 @@ int ssl3_send_client_key_exchange(SSL *s) ...@@ -2029,14 +2013,7 @@ int ssl3_send_client_key_exchange(SSL *s)
ERR_R_ECDH_LIB); ERR_R_ECDH_LIB);
goto err; goto err;
} }
/* If field size is not more than 24 octets, then use SHA-1 hash of result; n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
* otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt;
* this is new with this version of the Internet Draft).
*/
if (field_size <= 24 * 8)
n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1);
else
n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
if (n <= 0) if (n <= 0)
{ {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
......
ssl/s3_lib.c
浏览文件 @ d56349a2
...@@ -900,8 +900,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -900,8 +900,9 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
#ifndef OPENSSL_NO_ECDH #ifndef OPENSSL_NO_ECDH
/* Cipher 47 */ /* Cipher C001 */
{ {
1, 1,
TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
...@@ -915,7 +916,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -915,7 +916,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 48 */ /* Cipher C002 */
{ {
1, 1,
TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
...@@ -929,21 +930,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -929,21 +930,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 49 */ /* Cipher C003 */
{
1,
TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA,
TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA,
SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 4A */
{ {
1, 1,
TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
...@@ -957,7 +944,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -957,7 +944,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 4B */ /* Cipher C004 */
{ {
1, 1,
TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
...@@ -971,7 +958,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -971,7 +958,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 4C */ /* Cipher C005 */
{ {
1, 1,
TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
...@@ -985,12 +972,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -985,12 +972,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 4D */ /* Cipher C006 */
{ {
1, 1,
TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
TLS1_CK_ECDH_RSA_WITH_NULL_SHA, TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP, SSL_NOT_EXP,
0, 0,
0, 0,
...@@ -999,12 +986,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -999,12 +986,12 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 4E */ /* Cipher C007 */
{ {
1, 1,
TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP, SSL_NOT_EXP,
0, 0,
128, 128,
...@@ -1013,21 +1000,77 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -1013,21 +1000,77 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 4F */ /* Cipher C008 */
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher C009 */
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher C00A */
{ {
1, 1,
TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_LOW, SSL_NOT_EXP|SSL_HIGH,
0, 0,
56, 256,
56, 256,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 50 */ /* Cipher C00B */
{
1,
TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP,
0,
0,
0,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher C00C */
{
1,
TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher C00D */
{ {
1, 1,
TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
...@@ -1041,7 +1084,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -1041,7 +1084,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 51 */ /* Cipher C00E */
{ {
1, 1,
TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
...@@ -1055,7 +1098,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -1055,7 +1098,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 52 */ /* Cipher C00F */
{ {
1, 1,
TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
...@@ -1069,35 +1112,77 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -1069,35 +1112,77 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 53 */ /* Cipher C010 */
{ {
1, 1,
TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA, TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP40, SSL_NOT_EXP,
0,
0,
0,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher C011 */
{
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP,
0, 0,
40, 128,
128, 128,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 54 */ /* Cipher C012 */
{ {
1, 1,
TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56, SSL_NOT_EXP|SSL_HIGH,
0,
168,
168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher C013 */
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0, 0,
56,
128, 128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher C014 */
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
256,
256,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 55 */ /* Cipher C015 */
{ {
1, 1,
TLS1_TXT_ECDH_anon_WITH_NULL_SHA, TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
...@@ -1111,7 +1196,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -1111,7 +1196,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 56 */ /* Cipher C016 */
{ {
1, 1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
...@@ -1125,21 +1210,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -1125,21 +1210,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 57 */ /* Cipher C017 */
{
1,
TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA,
SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_LOW,
0,
56,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 58 */
{ {
1, 1,
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
...@@ -1153,63 +1224,33 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -1153,63 +1224,33 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 59 */ /* Cipher C018 */
{ {
1, 1,
TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1, SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP40, SSL_NOT_EXP|SSL_HIGH,
0,
40,
56,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 5A */
{
1,
TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP40,
0, 0,
40,
128, 128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 5B */
/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
{
1,
TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP40,
0,
40,
128, 128,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
/* Cipher 5C */ /* Cipher C019 */
/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
{ {
1, 1,
TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA, TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_EXPORT|SSL_EXP56, SSL_NOT_EXP|SSL_HIGH,
0, 0,
56, 256,
128, 256,
SSL_ALL_CIPHERS, SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS, SSL_ALL_STRENGTHS,
}, },
#endif /* OPENSSL_NO_ECDH */ #endif /* OPENSSL_NO_ECDH */
#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
...@@ -1309,45 +1350,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ ...@@ -1309,45 +1350,6 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
}, },
#endif #endif
#ifndef OPENSSL_NO_ECDH
/* Cipher 77 XXX: ECC ciphersuites offering forward secrecy
* are not yet specified in the ECC/TLS draft but our code
* allows them to be implemented very easily. To add such
* a cipher suite, one needs to add two constant definitions
* to tls1.h and a new structure in this file as shown below. We
* illustrate the process for the made-up cipher
* ECDHE-ECDSA-AES128-SHA.
*/
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
/* Cipher 78 XXX: Another made-up ECC cipher suite that
* offers forward secrecy (ECDHE-RSA-AES128-SHA).
*/
{
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH,
0,
128,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
},
#endif /* !OPENSSL_NO_ECDH */
/* end of list */ /* end of list */
}; };
......
ssl/s3_srvr.c
浏览文件 @ d56349a2
...@@ -1366,11 +1366,11 @@ int ssl3_send_server_key_exchange(SSL *s) ...@@ -1366,11 +1366,11 @@ int ssl3_send_server_key_exchange(SSL *s)
/* XXX: For now, we only support named (not /* XXX: For now, we only support named (not
* generic) curves in ECDH ephemeral key exchanges. * generic) curves in ECDH ephemeral key exchanges.
* In this situation, we need three additional bytes * In this situation, we need four additional bytes
* to encode the entire ServerECDHParams * to encode the entire ServerECDHParams
* structure. * structure.
*/ */
n = 3 + encodedlen; n = 4 + encodedlen;
/* We'll generate the serverKeyExchange message /* We'll generate the serverKeyExchange message
* explicitly so we can set these to NULLs * explicitly so we can set these to NULLs
...@@ -1378,6 +1378,7 @@ int ssl3_send_server_key_exchange(SSL *s) ...@@ -1378,6 +1378,7 @@ int ssl3_send_server_key_exchange(SSL *s)
r[0]=NULL; r[0]=NULL;
r[1]=NULL; r[1]=NULL;
r[2]=NULL; r[2]=NULL;
r[3]=NULL;
} }
else else
#endif /* !OPENSSL_NO_ECDH */ #endif /* !OPENSSL_NO_ECDH */
...@@ -1428,12 +1429,14 @@ int ssl3_send_server_key_exchange(SSL *s) ...@@ -1428,12 +1429,14 @@ int ssl3_send_server_key_exchange(SSL *s)
{ {
/* XXX: For now, we only support named (not generic) curves. /* XXX: For now, we only support named (not generic) curves.
* In this situation, the serverKeyExchange message has: * In this situation, the serverKeyExchange message has:
* [1 byte CurveType], [1 byte CurveName] * [1 byte CurveType], [2 byte CurveName]
* [1 byte length of encoded point], followed by * [1 byte length of encoded point], followed by
* the actual encoded point itself * the actual encoded point itself
*/ */
*p = NAMED_CURVE_TYPE; *p = NAMED_CURVE_TYPE;
p += 1; p += 1;
*p = 0;
p += 1;
*p = curve_id; *p = curve_id;
p += 1; p += 1;
*p = encodedlen; *p = encodedlen;
...@@ -1637,23 +1640,6 @@ err: ...@@ -1637,23 +1640,6 @@ err:
return(-1); return(-1);
} }
#ifndef OPENSSL_NO_ECDH
static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
{
#ifndef OPENSSL_NO_SHA
if (*outlen < SHA_DIGEST_LENGTH)
return NULL;
else
*outlen = SHA_DIGEST_LENGTH;
return SHA1(in, inlen, out);
#else
return NULL;
#endif /* OPENSSL_NO_SHA */
}
#endif /* OPENSSL_NO_ECDH */
int ssl3_get_client_key_exchange(SSL *s) int ssl3_get_client_key_exchange(SSL *s)
{ {
int i,al,ok; int i,al,ok;
...@@ -2156,14 +2142,7 @@ int ssl3_get_client_key_exchange(SSL *s) ...@@ -2156,14 +2142,7 @@ int ssl3_get_client_key_exchange(SSL *s)
ERR_R_ECDH_LIB); ERR_R_ECDH_LIB);
goto err; goto err;
} }
/* If field size is not more than 24 octets, then use SHA-1 hash of result; i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
* otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt;
* this is new with this version of the Internet Draft).
*/
if (field_size <= 24 * 8)
i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1);
else
i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
if (i <= 0) if (i <= 0)
{ {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
......
ssl/tls1.h
浏览文件 @ d56349a2
...@@ -126,51 +126,36 @@ extern "C" { ...@@ -126,51 +126,36 @@ extern "C" {
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001). /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
* XXX NOTE: There is a bug in the draft, cipher numbers 4B, and 4C #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
* are defined twice so we define ECDH_ECDSA_EXPORT cipher #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
* suites to use 5B and 5C instead (this may change with future #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
* updates to the IETF draft). #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
*/ #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of
* ciphersuites, but does not define numbers for all of them
* because of possible conflicts with other Internet Drafts;
* most numbers are still subject to change. */
#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047
#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048
#define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049
#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300004A
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300004B
#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300004C
#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA 0x0300005B
#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA 0x0300005C
#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300004D #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300004E #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
#define TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA 0x0300004F #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x03000050 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x03000051 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x03000052
#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA 0x03000053
#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA 0x03000054
#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x03000055 #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x03000056 #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
#define TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA 0x03000057 #define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x03000058 #define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
#define TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA 0x03000059 #define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
#define TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA 0x0300005A
/* XXX: ECC ciphersuites offering forward secrecy are not yet specified #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
* in the ECC/TLS draft but our code allows them to be implemented #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
* very easily. To add such a cipher suite, one needs to add two constant #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
* definitions to this file and a new structure in s3_lib.c. We illustrate #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
* the process for the made-up ciphers ECDHE-ECDSA-AES128-SHA and #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
* ECDHE-RSA-AES128-SHA.
*/
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x03000077
#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x03000078
#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
/* XXX /* XXX
* Inconsistency alert: * Inconsistency alert:
...@@ -205,43 +190,41 @@ extern "C" { ...@@ -205,43 +190,41 @@ extern "C" {
/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA "ECDH-ECDSA-DES-CBC-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-ECDSA-RC4-40-SHA"
#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-ECDSA-RC4-56-SHA" #define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA "ECDH-RSA-DES-CBC-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA "EXP-ECDH-RSA-RC4-40-SHA"
#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA "EXP-ECDH-RSA-RC4-56-SHA" #define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
#define TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA "AECDH-DES-CBC-SHA"
#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
#define TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA "EXP-AECDH-DES-40-CBC-SHA" #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
#define TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA "EXP-AECDH-RC4-40-SHA" #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
/* XXX: Made-up ECC cipher suites offering forward secrecy. This is for
* illustration only.
*/
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
#define TLS_CT_RSA_SIGN 1 #define TLS_CT_RSA_SIGN 1
#define TLS_CT_DSS_SIGN 2 #define TLS_CT_DSS_SIGN 2
#define TLS_CT_RSA_FIXED_DH 3 #define TLS_CT_RSA_FIXED_DH 3
#define TLS_CT_DSS_FIXED_DH 4 #define TLS_CT_DSS_FIXED_DH 4
#define TLS_CT_ECDSA_SIGN 5 #define TLS_CT_ECDSA_SIGN 64
#define TLS_CT_RSA_FIXED_ECDH 6 #define TLS_CT_RSA_FIXED_ECDH 65
#define TLS_CT_ECDSA_FIXED_ECDH 7 #define TLS_CT_ECDSA_FIXED_ECDH 66
#define TLS_CT_NUMBER 7 #define TLS_CT_NUMBER 7
#define TLS1_FINISH_MAC_LENGTH 12 #define TLS1_FINISH_MAC_LENGTH 12
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册