generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add three Suite B modes to TLS code, supporting RFC6460.

Browse Source 
(backport from HEAD)
This commit is contained in:
Dr. Stephen Henson
2012-12-26 16:17:40 +00:00
parent 28fbbe3b1b
commit ccf6a19e2d
15 changed files with 375 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/ssl_cert.c
View File

@@ -692,6 +692,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
return(0);
}
/* Set suite B flags if needed */
X509_STORE_CTX_set_flags(&ctx, tls1_suiteb(s));
#if 0
if (SSL_get_verify_depth(s) >= 0)
X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
@@ -1151,6 +1153,8 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB);
return 0;
}
/* Set suite B flags if needed */
X509_STORE_CTX_set_flags(&xs_ctx, c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
i = X509_verify_cert(&xs_ctx);
if (i > 0)