Add three Suite B modes to TLS code, supporting RFC6460.

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 5adbb50485b435f91b24099afbea91c321cdd8b4..721c3ba3cb4a513b66bf9f2306c1961fe568701a 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3154,8 +3154,9 @@ err:
        }
 
 /* Check a certificate can be used for client authentication. Currently
- * check cert exists, if we have a suitable digest for TLS 1.2  and if
- * static DH client certificates can be used.
+ * check cert exists, if we have a suitable digest for TLS 1.2 if
+ * static DH client certificates can be used and optionally checks
+ * suitability for Suite B.
  */
 static int ssl3_check_client_certificate(SSL *s)
        {
@@ -3165,6 +3166,12 @@ static int ssl3_check_client_certificate(SSL *s)
        /* If no suitable signature algorithm can't use certificate */
        if (TLS1_get_version(s) >= TLS1_2_VERSION && !s->cert->key->digest)
                return 0;
+       /* If strict mode check suitability of chain before using it.
+        * This also adjusts suite B digest if necessary.
+        */
+       if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&
+               !tls1_check_chain(s, NULL, NULL, NULL, -2))
+               return 0;
        alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
        /* See if we can use client certificate for fixed DH */
        if (alg_k & (SSL_kDHr|SSL_kDHd))