enable support for ECC keys and ECDH ciphers. Tested against

OpenSSL 1.0.0b3.  [Vipul Gupta vipul.gupta sun.com, Sander Temme]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@834378 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_kernel.c

@@ -1244,6 +1244,33 @@ DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
     return (DH *)mc->pTmpKeys[idx];
 }
 
+#ifndef OPENSSL_NO_EC
+EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)
+{
+    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
+    SSLModConfigRec *mc = myModConfig(c->base_server);
+    int idx;
+    static EC_KEY *ecdh = NULL;
+    static init = 0;
+
+    /* XXX Uses 256-bit key for now. TODO: support other sizes. */
+    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+                  "handing out temporary 256 bit ECC key");
+
+    if (init == 0) {
+        ecdh = EC_KEY_new();
+        if (ecdh != NULL) {
+            /* ecdh->group = EC_GROUP_new_by_nid(NID_secp160r2); */
+            EC_KEY_set_group(ecdh, 
+              EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+        }
+        init = 1;
+    }
+    
+    return ecdh;
+}
+#endif
+
 /*
  * This OpenSSL callback function is called when OpenSSL
  * does client authentication and verifies the certificate chain.