AES cipher suite support in kernel SSL [PSARC/2008/330 Self Review]

[Krishna Yenduri]

I am self-sponsoring this case and have marked it closed
approved automatic as it just adds new legal values to an
existing CLI option. The interface is committed
and the release binding is micro/patch.


Template Version: @(#)sac_nextcase 1.66 04/17/08 SMI
This information is Copyright 2008 Sun Microsystems
1. Introduction
    1.1. Project/Component Working Name:
	 AES cipher suite support in kernel SSL
    1.2. Name of Document Author/Supplier:
	 Author:  Krishna Yenduri
    1.3  Date of This Document:
	16 May, 2008
4. Technical Description

This project adds support for the AES cipher suites -
TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA
in kernel SSL. These suites are defined in RFC 3268.
Note that there is no AES_192 variant defined in this RFC.

The ksslcfg(1) CLI has a -c option to limit the set of
cipher suites. We add two additional cipher suite values -
 rsa_aes_256_cbc_sha
 rsa_aes_128_cbc_sha

The man page diffs are in the case directory.


Interfaces Exported
-------------------
New values for
/usr/sbin/ksslcfg -c                    Committed


References:
1. Chown, P., "Advanced Encryption Standard (AES) Ciphersuites
for Transport Layer Security (TLS)", RFC 3268, June 2002.

2.  PSARC 2005/625, Greyhound (Kernel SSL proxy) amendment
 (Supersedes PSARC 2002/557)


6. Resources and Schedule
    6.4. Steering Committee requested information
   	6.4.1. Consolidation C-team Name:
		ON
    6.5. ARC review type: Automatic
    6.6. ARC Exposure: open