return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 3c9ba9c..0aa675e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2309,6 +2309,7 @@
/* Function codes. */
#define SSL_F_AUTHZ_FIND_DATA 330
#define SSL_F_AUTHZ_VALIDATE 323
+#define SSL_F_CHECK_SUITEB_CIPHER_LIST 335
#define SSL_F_CLIENT_CERTIFICATE 100
#define SSL_F_CLIENT_FINISHED 167
#define SSL_F_CLIENT_HELLO 101
@@ -2445,7 +2446,7 @@
#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
#define SSL_F_SSL_CLEAR 164
#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
-#define SSL_F_SSL_CONF_CTX_CMD 334
+#define SSL_F_SSL_CONF_CMD 334
#define SSL_F_SSL_CREATE_CIPHER_LIST 166
#define SSL_F_SSL_CTRL 232
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 7f3e160..4d87d2d 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1379,6 +1379,13 @@
return 1;
/* Check version */
+ if (meth->version != TLS1_2_VERSION)
+ {
+ SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+ SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
+ return 0;
+ }
+
switch(suiteb_flags)
{
case SSL_CERT_FLAG_SUITEB_128_LOS:
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 0de97f8..2375473 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -385,7 +385,7 @@
size_t i;
if (cmd == NULL)
{
- SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_INVALID_NULL_CMD_NAME);
+ SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME);
return 0;
}
/* If a prefix is set, check and skip */
@@ -442,7 +442,7 @@
return -2;
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
{
- SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_BAD_VALUE);
+ SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_BAD_VALUE);
ERR_add_error_data(4, "cmd=", cmd, ", value=", value);
}
return 0;
@@ -456,7 +456,7 @@
if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
{
- SSLerr(SSL_F_SSL_CONF_CTX_CMD, SSL_R_UNKNOWN_CMD_NAME);
+ SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME);
ERR_add_error_data(2, "cmd=", cmd);
}
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 5654def..b978177 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -72,6 +72,7 @@
{
{ERR_FUNC(SSL_F_AUTHZ_FIND_DATA), "AUTHZ_FIND_DATA"},
{ERR_FUNC(SSL_F_AUTHZ_VALIDATE), "AUTHZ_VALIDATE"},
+{ERR_FUNC(SSL_F_CHECK_SUITEB_CIPHER_LIST), "CHECK_SUITEB_CIPHER_LIST"},
{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
@@ -208,7 +209,7 @@
{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
-{ERR_FUNC(SSL_F_SSL_CONF_CTX_CMD), "SSL_CONF_CTX_cmd"},
+{ERR_FUNC(SSL_F_SSL_CONF_CMD), "SSL_CONF_cmd"},
{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "ssl_create_cipher_list"},
{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
