Add three Suite B modes to TLS code, supporting RFC6460.

(backport from HEAD)

ssl/ssl.h

@@ -654,7 +654,16 @@ struct ssl_session_st
 /* Many implementations ignore some aspects of the TLS standards such as
  * enforcing certifcate chain algorithms. When this is set we enforce them.
  */
-#define SSL_CERT_FLAG_TLS_STRICT	0x00000001L
+#define SSL_CERT_FLAG_TLS_STRICT		0x00000001L
+
+/* Suite B modes, takes same values as certificate verify flags */
+#define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY	0x10000
+/* Suite B 192 bit only mode */
+#define SSL_CERT_FLAG_SUITEB_192_LOS		0x20000
+/* Suite B 128 bit mode allowing 192 bit algorithms */
+#define SSL_CERT_FLAG_SUITEB_128_LOS		0x30000
+
+
 
 /* Flags for building certificate chains */
 /* Treat any existing certificates as untrusted CAs */
@@ -681,6 +690,8 @@ struct ssl_session_st
 #define CERT_PKEY_ISSUER_NAME	0x200
 /* Cert type matches client types (always set for server cert) */
 #define CERT_PKEY_CERT_TYPE	0x400
+/* Cert chain suitable to Suite B */
+#define CERT_PKEY_SUITEB	0x800
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */
@@ -2560,6 +2571,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_HTTPS_PROXY_REQUEST			 155
 #define SSL_R_HTTP_REQUEST				 156
 #define SSL_R_ILLEGAL_PADDING				 283
+#define SSL_R_ILLEGAL_SUITEB_DIGEST			 380
 #define SSL_R_INCONSISTENT_COMPRESSION			 340
 #define SSL_R_INVALID_AUDIT_PROOF			 371
 #define SSL_R_INVALID_AUTHZ_DATA			 374
@@ -2634,6 +2646,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NULL_SSL_METHOD_PASSED			 196
 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
 #define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
+#define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE	 379
 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 297
 #define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG			 327
 #define SSL_R_PACKET_LENGTH_TOO_LONG			 198