Suite B support for DTLS 1.2
authorDr. Stephen Henson <steve@openssl.org>
Tue, 9 Apr 2013 14:57:39 +0000 (15:57 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 18 Sep 2013 12:46:03 +0000 (13:46 +0100)
Check for Suite B support using method flags instead of version numbers:
anything supporting TLS 1.2 cipher suites will also support Suite B.

Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
(cherry picked from commit 4544f0a69161a37ee3edce3cc1bc34c3678a4d64)

ssl/d1_srvr.c
ssl/s3_clnt.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_ciph.c
ssl/ssl_err.c
ssl/ssl_locl.h

index d6d71b929fd1b11e6e8602ab9fed4c0b90bfc1a0..d3afec993db3a7a59eff53556682c1c4d962b943 100644 (file)
@@ -668,7 +668,7 @@ int dtls1_accept(SSL *s)
                                 */
                                if (!s->s3->handshake_buffer)
                                        {
-                                       SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
+                                       SSLerr(SSL_F_DTLS1_ACCEPT,ERR_R_INTERNAL_ERROR);
                                        return -1;
                                        }
                                s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
index 88785bf652410384f6b27b55be849c1fd324dec1..1bad477f044447897997c1045bccbd9cb18bee91 100644 (file)
@@ -701,6 +701,11 @@ int ssl3_client_hello(SSL *s)
                        /* If DTLS 1.2 disabled correct the version number */
                        if (options & SSL_OP_NO_DTLSv1_2)
                                {
+                               if (tls1_suiteb(s))
+                                       {
+                                       SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
+                                       goto err;
+                                       }
                                /* Disabling all versions is silly: return an
                                 * error.
                                 */
@@ -954,11 +959,23 @@ int ssl3_get_server_hello(SSL *s)
                if (hversion == DTLS1_2_VERSION
                        && !(options & SSL_OP_NO_DTLSv1_2))
                        s->method = DTLSv1_2_client_method();
+               else if (tls1_suiteb(s))
+                       {
+                       SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
+                       s->version = hversion;
+                       al = SSL_AD_PROTOCOL_VERSION;
+                       goto f_err;
+                       }
                else if (hversion == DTLS1_VERSION
                        && !(options & SSL_OP_NO_DTLSv1))
                        s->method = DTLSv1_client_method();
                else
+                       {
                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
+                       s->version = hversion;
+                       al = SSL_AD_PROTOCOL_VERSION;
+                       goto f_err;
+                       }
                s->version = s->client_version = s->method->version;
                }
 
index 8546c09ca25f46e865a1d97b572ca6d658a794b6..09af9ae1cf4c044cfc2b8377c29560c49505bc30 100644 (file)
@@ -1097,6 +1097,13 @@ int ssl3_get_client_hello(SSL *s)
                                s->version = DTLS1_2_VERSION;
                                s->method = DTLSv1_2_server_method();
                                }
+                       else if (tls1_suiteb(s))
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
+                               s->version = s->client_version;
+                               al = SSL_AD_PROTOCOL_VERSION;
+                               goto f_err;
+                               }
                        else if (s->client_version <= DTLS1_VERSION &&
                                !(s->options & SSL_OP_NO_DTLSv1))
                                {
index 450f951150028211edfee8c2516ef6c5659fafe4..1e7c238622337df4002305e41797516779293e50 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2818,6 +2818,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NULL_SSL_METHOD_PASSED                    196
 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED           197
 #define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
+#define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE      387
 #define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE       379
 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE             297
 #define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG                         327
index 7c649109ec75ae13e5b4aab6edaa1d1216f5f648..22047c3e4191893687e7cd80377762637dcdb212 100644 (file)
@@ -1377,11 +1377,15 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
 
        if (!suiteb_flags)
                return 1;
-       /* Check version */
+       /* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
 
-       if (meth->version != TLS1_2_VERSION)
+       if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS))
                {
-               SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+               if (meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+                       SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+                               SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
+               else
+                       SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
                                SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
                return 0;
                }
index fc13c362112961b737fcd05418e09504081ba96a..ef0a032e9392a60c5a22ad6039bc718caeae5c41 100644 (file)
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2012 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2013 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -483,6 +483,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
 {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
+{ERR_REASON(SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE),"only DTLS 1.2 allowed in Suite B mode"},
 {ERR_REASON(SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE),"only TLS 1.2 allowed in Suite B mode"},
 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
 {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
index a19f98569ebbb0e46242ef4c5cd078fba2219441..0fedf4d56d37e55b34bd3efb23ad186d95108bcb 100644 (file)
@@ -881,7 +881,7 @@ const SSL_METHOD *func_name(void)  \
        ssl23_get_cipher, \
        s_get_meth, \
        ssl23_default_timeout, \
-       &ssl3_undef_enc_method, \
+       &TLSv1_2_enc_data, \
        ssl_undefined_void_function, \
        ssl3_callback_ctrl, \
        ssl3_ctx_callback_ctrl, \