diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-08-03 13:51:43 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-08-03 13:51:43 +0000 |
| commit | 3ad344a5171c55511adddb96c805e037f2c061be (patch) | |
| tree | b5799e38c260f3f7851369a3d8666b953658c0c2 /crypto/x509/x509_vfy.h | |
| parent | 6dbb6219e7a6a5f94c9e7b0a25f0ce7c733f5060 (diff) | |
| download | openssl-3ad344a5171c55511adddb96c805e037f2c061be.tar.gz | |
add suite B chain validation flags and associated verify errors
Diffstat (limited to 'crypto/x509/x509_vfy.h')
| -rw-r--r-- | crypto/x509/x509_vfy.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 34f2f113d5..2ac99c16a8 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -355,6 +355,13 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 /* Another issuer check debug option */ #define X509_V_ERR_PATH_LOOP 55 +/* Suite B mode algorithm violation */ +#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 /* The application is not happy */ #define X509_V_ERR_APPLICATION_VERIFICATION 50 @@ -393,6 +400,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 /* Use trusted store first */ #define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Suite B 128 bit only mode: not normally used */ +#define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 +/* Suite B 192 bit only mode */ +#define X509_V_FLAG_SUITEB_192_LOS 0x20000 +/* Suite B 128 bit mode allowing 192 bit algorithms */ +#define X509_V_FLAG_SUITEB_128_LOS 0x30000 #define X509_VP_FLAG_DEFAULT 0x1 |