File openssl-enable-ecdh.patch of Package compat-openssl098.703

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-enable-ecdh.patch of Package compat-openssl098.703

Index: ssl/ssl_ciph.c
===================================================================
--- ssl/ssl_ciph.c.orig	2015-04-16 14:49:47.596075527 +0200
+++ ssl/ssl_ciph.c	2015-04-16 17:30:58.710934036 +0200
@@ -169,8 +169,9 @@ typedef struct cipher_order_st
 
 static const SSL_CIPHER cipher_aliases[]={
 	/* Don't include eNULL unless specifically enabled. */
-	/* Don't include ECC in ALL because these ciphers are not yet official. */
-	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+	/* Enable ECDH, as they are official now. */
+	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+	/*{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL},*/ /* must be first */
 	/* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
 	{0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
 	{0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
@@ -179,10 +180,13 @@ static const SSL_CIPHER cipher_aliases[]
 	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},
+	{0,SSL_TXT_kECDH,0,SSL_kECDH|SSL_kECDHE,0,0,0,0,SSL_MKEY_MASK,0},
+	{0,SSL_TXT_kECDHE,0,SSL_kECDHE,0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_DH,	0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_ECC,	0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
 	{0,SSL_TXT_EDH,	0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
+	{0,SSL_TXT_ECDH,0,SSL_ECDH,  0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
 	{0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
 	{0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
 	{0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
@@ -673,22 +677,8 @@ static void ssl_cipher_apply_rule(unsign
 			{
 			if (!curr->active)
 				{
-				int add_this_cipher = 1;
-
-				if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
-					{
-					/* Make sure "ECCdraft" ciphersuites are activated only if
-					 * *explicitly* requested, but not implicitly (such as
-					 * as part of the "AES" alias). */
-
-					add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
-					}
-				
-				if (add_this_cipher)
-					{
 					ll_append_tail(&head, curr, &tail);
 					curr->active = 1;
-					}
 				}
 			}
 		/* Move the added cipher to this location */
Index: ssl/ssl.h
===================================================================
--- ssl/ssl.h.orig	2015-04-16 14:49:47.815078755 +0200
+++ ssl/ssl.h	2015-04-16 17:21:22.095076693 +0200
@@ -270,12 +270,15 @@ extern "C" {
 #define SSL_TXT_kDHr		"kDHr"
 #define SSL_TXT_kDHd		"kDHd"
 #define SSL_TXT_kEDH		"kEDH"
+#define SSL_TXT_kECDH		"kECDH"
+#define SSL_TXT_kECDHE		"kECDHE"
 #define	SSL_TXT_aRSA		"aRSA"
 #define	SSL_TXT_aDSS		"aDSS"
 #define	SSL_TXT_aDH		"aDH"
 #define	SSL_TXT_DSS		"DSS"
 #define SSL_TXT_DH		"DH"
 #define SSL_TXT_EDH		"EDH"
+#define SSL_TXT_ECDH		"ECDH"
 #define SSL_TXT_ADH		"ADH"
 #define SSL_TXT_RSA		"RSA"
 #define SSL_TXT_DES		"DES"

Places

File openssl-enable-ecdh.patch of Package compat-openssl098.703

Places