diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-04-09 15:57:39 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-09-18 13:46:03 +0100 |
| commit | d3071769317911c2a68c81007c657695d3988258 (patch) | |
| tree | 3362f3b00777d2a2f4d9c9079b488b392b5c66ca /ssl | |
| parent | c391a74266f70d2be4c2dd8d1e02cbd6f6e72605 (diff) | |
Suite B support for DTLS 1.2
Check for Suite B support using method flags instead of version numbers:
anything supporting TLS 1.2 cipher suites will also support Suite B.
Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
(cherry picked from commit 4544f0a69161a37ee3edce3cc1bc34c3678a4d64)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/d1_srvr.c | 2 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 17 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 7 | ||||
| -rw-r--r-- | ssl/ssl.h | 1 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 10 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 3 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 2 |
7 files changed, 36 insertions, 6 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index d6d71b929f..d3afec993d 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -668,7 +668,7 @@ int dtls1_accept(SSL *s) */ if (!s->s3->handshake_buffer) { - SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR); + SSLerr(SSL_F_DTLS1_ACCEPT,ERR_R_INTERNAL_ERROR); return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 88785bf652..1bad477f04 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -701,6 +701,11 @@ int ssl3_client_hello(SSL *s) /* If DTLS 1.2 disabled correct the version number */ if (options & SSL_OP_NO_DTLSv1_2) { + if (tls1_suiteb(s)) + { + SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); + goto err; + } /* Disabling all versions is silly: return an * error. */ @@ -954,11 +959,23 @@ int ssl3_get_server_hello(SSL *s) if (hversion == DTLS1_2_VERSION && !(options & SSL_OP_NO_DTLSv1_2)) s->method = DTLSv1_2_client_method(); + else if (tls1_suiteb(s)) + { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); + s->version = hversion; + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } else if (hversion == DTLS1_VERSION && !(options & SSL_OP_NO_DTLSv1)) s->method = DTLSv1_client_method(); else + { SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION); + s->version = hversion; + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } s->version = s->client_version = s->method->version; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8546c09ca2..09af9ae1cf 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1097,6 +1097,13 @@ int ssl3_get_client_hello(SSL *s) s->version = DTLS1_2_VERSION; s->method = DTLSv1_2_server_method(); } + else if (tls1_suiteb(s)) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); + s->version = s->client_version; + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } else if (s->client_version <= DTLS1_VERSION && !(s->options & SSL_OP_NO_DTLSv1)) { @@ -2818,6 +2818,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NULL_SSL_METHOD_PASSED 196 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 #define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +#define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387 #define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 #define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 7c649109ec..22047c3e41 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1377,11 +1377,15 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, if (!suiteb_flags) return 1; - /* Check version */ + /* Check version: if TLS 1.2 ciphers allowed we can use Suite B */ - if (meth->version != TLS1_2_VERSION) + if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)) { - SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, + if (meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) + SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, + SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); + else + SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); return 0; } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index fc13c36211..ef0a032e93 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2012 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -483,6 +483,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, +{ERR_REASON(SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE),"only DTLS 1.2 allowed in Suite B mode"}, {ERR_REASON(SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE),"only TLS 1.2 allowed in Suite B mode"}, {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a19f98569e..0fedf4d56d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -881,7 +881,7 @@ const SSL_METHOD *func_name(void) \ ssl23_get_cipher, \ s_get_meth, \ ssl23_default_timeout, \ - &ssl3_undef_enc_method, \ + &TLSv1_2_enc_data, \ ssl_undefined_void_function, \ ssl3_callback_ctrl, \ ssl3_ctx_callback_ctrl, \ |