add Suite B 128 bit mode offering only combination 2

1c16fd1f · Dr. Stephen Henson · a5afc0a8 · 1c16fd1f
显示空白变更内容
内联并排

Showing with 10 addition and 2 deletion

ssl/ssl_ciph.c ssl/ssl_ciph.c +10 -2

未找到文件。
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1354,11 +1354,16 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
 					const char **prule_str)
 	{
-	unsigned int suiteb_flags = 0;
+	unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
 	if (!strcmp(*prule_str, "SUITEB128"))
 		suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
 	else if (!strcmp(*prule_str, "SUITEB128ONLY"))
 		suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
+	else if (!strcmp(*prule_str, "SUITEB128C2"))
+		{
+		suiteb_comb2 = 1;
+		suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+		}
 	else if (!strcmp(*prule_str, "SUITEB192"))
 		suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;

@@ -1377,6 +1382,9 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
 	switch(suiteb_flags)
 		{
 	case SSL_CERT_FLAG_SUITEB_128_LOS:
+		if (suiteb_comb2)
+			*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+		else
 			*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
 		break;
 	case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY: