generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add Suite B 128 bit mode offering only combination 2

Browse Source
This commit is contained in:
Dr. Stephen Henson 2012-11-24 00:59:51 +00:00
parent a5afc0a8f4
commit 1c16fd1f03
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ssl/ssl_ciph.c
View File

@ -1354,11 +1354,16 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
const char **prule_str) const char **prule_str)
{ {
unsigned int suiteb_flags = 0; unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
if (!strcmp(*prule_str, "SUITEB128")) if (!strcmp(*prule_str, "SUITEB128"))
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
else if (!strcmp(*prule_str, "SUITEB128ONLY")) else if (!strcmp(*prule_str, "SUITEB128ONLY"))
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
else if (!strcmp(*prule_str, "SUITEB128C2"))
{
suiteb_comb2 = 1;
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
}
else if (!strcmp(*prule_str, "SUITEB192")) else if (!strcmp(*prule_str, "SUITEB192"))
suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
@ -1377,7 +1382,10 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
switch(suiteb_flags) switch(suiteb_flags)
{ {
case SSL_CERT_FLAG_SUITEB_128_LOS: case SSL_CERT_FLAG_SUITEB_128_LOS:
*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"; if (suiteb_comb2)
*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
else
*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
break; break;
case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256"; *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256";