Commit 1c16fd1f authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

add Suite B 128 bit mode offering only combination 2

parent a5afc0a8

ssl/ssl_ciph.c

+10 −2
Original line number Diff line number Diff line
@@ -1354,11 +1354,16 @@ static int ssl_cipher_process_rulestr(const char *rule_str, 
static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,

					const char **prule_str)

	{

	unsigned int suiteb_flags = 0;

	unsigned int suiteb_flags = 0, suiteb_comb2 = 0;

	if (!strcmp(*prule_str, "SUITEB128"))

		suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;

	else if (!strcmp(*prule_str, "SUITEB128ONLY"))

		suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;

	else if (!strcmp(*prule_str, "SUITEB128C2"))

		{

		suiteb_comb2 = 1;

		suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;

		}

	else if (!strcmp(*prule_str, "SUITEB192"))

		suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
@@ -1377,6 +1382,9 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, 
	switch(suiteb_flags)

		{

	case SSL_CERT_FLAG_SUITEB_128_LOS:

		if (suiteb_comb2)

			*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";

		else

			*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";

		break;

	case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: