Loading CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) New Suite B modes for TLS code. These use and enforce the requirements of RFC6460: restrict ciphersuites, only permit Suite B algorithms and only use Suite B curves. The Suite B modes can be set by using the strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring. [Steve Henson] *) New chain verification flags for Suite B levels of security. Check algorithms are acceptable when flags are set in X509_verify_cert. [Steve Henson] Loading apps/s_server.c +2 −2 Original line number Diff line number Diff line Loading @@ -2623,7 +2623,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_err,"verify error:%s\n", X509_verify_cert_error_string(verify_error)); } else /* Always print any error messages */ ERR_print_errors(bio_err); return(0); } Loading ssl/s23_clnt.c +6 −0 Original line number Diff line number Diff line Loading @@ -367,6 +367,12 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_2_VERSION_MAJOR; version_minor = TLS1_2_VERSION_MINOR; } else if (tls1_suiteb(s)) { SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); return -1; } else if (version == TLS1_1_VERSION) { version_major = TLS1_1_VERSION_MAJOR; Loading ssl/s23_srvr.c +7 −0 Original line number Diff line number Diff line Loading @@ -425,6 +425,13 @@ int ssl23_get_client_hello(SSL *s) } } if (s->version < TLS1_2_VERSION && tls1_suiteb(s)) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); goto err; } #ifdef OPENSSL_FIPS if (FIPS_mode() && (s->version < TLS1_VERSION)) { Loading ssl/s3_clnt.c +9 −2 Original line number Diff line number Diff line Loading @@ -3154,8 +3154,9 @@ err: } /* Check a certificate can be used for client authentication. Currently * check cert exists, if we have a suitable digest for TLS 1.2 and if * static DH client certificates can be used. * check cert exists, if we have a suitable digest for TLS 1.2 if * static DH client certificates can be used and optionally checks * suitability for Suite B. */ static int ssl3_check_client_certificate(SSL *s) { Loading @@ -3165,6 +3166,12 @@ static int ssl3_check_client_certificate(SSL *s) /* If no suitable signature algorithm can't use certificate */ if (TLS1_get_version(s) >= TLS1_2_VERSION && !s->cert->key->digest) return 0; /* If strict mode check suitability of chain before using it. * This also adjusts suite B digest if necessary. */ if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT && !tls1_check_chain(s, NULL, NULL, NULL, -2)) return 0; alg_k=s->s3->tmp.new_cipher->algorithm_mkey; /* See if we can use client certificate for fixed DH */ if (alg_k & (SSL_kDHr|SSL_kDHd)) Loading Loading
CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,12 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) New Suite B modes for TLS code. These use and enforce the requirements of RFC6460: restrict ciphersuites, only permit Suite B algorithms and only use Suite B curves. The Suite B modes can be set by using the strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring. [Steve Henson] *) New chain verification flags for Suite B levels of security. Check algorithms are acceptable when flags are set in X509_verify_cert. [Steve Henson] Loading
apps/s_server.c +2 −2 Original line number Diff line number Diff line Loading @@ -2623,7 +2623,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_err,"verify error:%s\n", X509_verify_cert_error_string(verify_error)); } else /* Always print any error messages */ ERR_print_errors(bio_err); return(0); } Loading
ssl/s23_clnt.c +6 −0 Original line number Diff line number Diff line Loading @@ -367,6 +367,12 @@ static int ssl23_client_hello(SSL *s) version_major = TLS1_2_VERSION_MAJOR; version_minor = TLS1_2_VERSION_MINOR; } else if (tls1_suiteb(s)) { SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); return -1; } else if (version == TLS1_1_VERSION) { version_major = TLS1_1_VERSION_MAJOR; Loading
ssl/s23_srvr.c +7 −0 Original line number Diff line number Diff line Loading @@ -425,6 +425,13 @@ int ssl23_get_client_hello(SSL *s) } } if (s->version < TLS1_2_VERSION && tls1_suiteb(s)) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); goto err; } #ifdef OPENSSL_FIPS if (FIPS_mode() && (s->version < TLS1_VERSION)) { Loading
ssl/s3_clnt.c +9 −2 Original line number Diff line number Diff line Loading @@ -3154,8 +3154,9 @@ err: } /* Check a certificate can be used for client authentication. Currently * check cert exists, if we have a suitable digest for TLS 1.2 and if * static DH client certificates can be used. * check cert exists, if we have a suitable digest for TLS 1.2 if * static DH client certificates can be used and optionally checks * suitability for Suite B. */ static int ssl3_check_client_certificate(SSL *s) { Loading @@ -3165,6 +3166,12 @@ static int ssl3_check_client_certificate(SSL *s) /* If no suitable signature algorithm can't use certificate */ if (TLS1_get_version(s) >= TLS1_2_VERSION && !s->cert->key->digest) return 0; /* If strict mode check suitability of chain before using it. * This also adjusts suite B digest if necessary. */ if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT && !tls1_check_chain(s, NULL, NULL, NULL, -2)) return 0; alg_k=s->s3->tmp.new_cipher->algorithm_mkey; /* See if we can use client certificate for fixed DH */ if (alg_k & (SSL_kDHr|SSL_kDHd)) Loading
