Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and

prohibit use of these ciphersuites for TLS < 1.2
author: Dr. Stephen Henson <steve@openssl.org> 2011-07-25 22:41:32 +0200
committer: Dr. Stephen Henson <steve@openssl.org> 2011-07-25 22:41:32 +0200
commit: d09677ac4525d107669447c07f4fa2fe58a13fc8 (patch)
tree: b9051252ace2ec617683abdde694fa7ed6145986 /ssl/tls1.h
parent: cryptlib.c: OPENSSL_ia32cap environment variable to interpret ~ as cpuid mask. (diff)
download: openssl-d09677ac4525d107669447c07f4fa2fe58a13fc8.tar.xz
openssl-d09677ac4525d107669447c07f4fa2fe58a13fc8.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/ssl/tls1.h b/ssl/tls1.h
index f8d2fdaff6..152bcc6562 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -441,6 +441,17 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	0x0300C021
 #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	0x0300C022
 
+/* ECDH HMAC based ciphersuites from RFC5289 */
+
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
+
 /* XXX
  * Inconsistency alert:
  * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -557,6 +568,17 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_ADH_WITH_AES_128_SHA256		"ADH-AES128-SHA256"
 #define TLS1_TXT_ADH_WITH_AES_256_SHA256		"ADH-AES256-SHA256"
 
+/* ECDH HMAC based ciphersuites from RFC5289 */
+
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
+
 #define TLS_CT_RSA_SIGN			1
 #define TLS_CT_DSS_SIGN			2
 #define TLS_CT_RSA_FIXED_DH		3
author	Dr. Stephen Henson <steve@openssl.org>	2011-07-25 22:41:32 +0200
committer	Dr. Stephen Henson <steve@openssl.org>	2011-07-25 22:41:32 +0200
commit	d09677ac4525d107669447c07f4fa2fe58a13fc8 (patch)
tree	b9051252ace2ec617683abdde694fa7ed6145986 /ssl/tls1.h
parent	cryptlib.c: OPENSSL_ia32cap environment variable to interpret ~ as cpuid mask. (diff)
download	openssl-d09677ac4525d107669447c07f4fa2fe58a13fc8.tar.xz openssl-d09677ac4525d107669447c07f4fa2fe58a13fc8.zip