X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_ciph.c;h=a5c417a9ed55ac713ffec5144e7f23087095d6e8;hp=a96a5daaf5d2b9c3404b78eea04f9f3bb96b8679;hb=7b6b246fd393cbe07bc1f0d456140efdff59f971;hpb=a20152bdaf7a99b006ff5a0eef081502e0e11553

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index a96a5daaf5..a5c417a9ed 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -312,6 +312,7 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
 	{0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
 	{0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
+	{0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
 
 	/* export flag */
 	{0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
@@ -484,7 +485,7 @@ static void load_builtin_compressions(void)
 #endif
 
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-	     const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
+	     const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp, int use_etm)
 	{
 	int i;
 	const SSL_CIPHER *c;
@@ -616,10 +617,18 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		{
 		const EVP_CIPHER *evp;
 
+		if (use_etm)
+			return 1;
+
 		if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
 		    s->ssl_version < TLS1_VERSION)
 			return 1;
 
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			return 1;
+#endif
+
 		if	(c->algorithm_enc == SSL_RC4 &&
 			 c->algorithm_mac == SSL_MD5 &&
 			 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
@@ -632,6 +641,14 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 			 c->algorithm_mac == SSL_SHA1 &&
 			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
 			*enc = evp, *md = NULL;
+		else if (c->algorithm_enc == SSL_AES128 &&
+			 c->algorithm_mac == SSL_SHA256 &&
+			 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA256")))
+			*enc = evp, *md = NULL;
+		else if (c->algorithm_enc == SSL_AES256 &&
+			 c->algorithm_mac == SSL_SHA256 &&
+			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+			*enc = evp, *md = NULL;
 		return(1);
 		}
 	else
@@ -966,7 +983,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
 #ifdef CIPHER_DEBUG
 			printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
 #endif
-
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+			if (cipher_id && cipher_id != cp->id)
+				continue;
+#endif
 			if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
 				continue;
 			if (alg_auth && !(alg_auth & cp->algorithm_auth))
@@ -1143,9 +1163,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			while (	((ch >= 'A') && (ch <= 'Z')) ||
 				((ch >= '0') && (ch <= '9')) ||
 				((ch >= 'a') && (ch <= 'z')) ||
-				 (ch == '-'))
+				 (ch == '-') || (ch == '.'))
 #else
-			while (	isalnum(ch) || (ch == '-'))
+			while (	isalnum(ch) || (ch == '-') || (ch == '.'))
 #endif
 				 {
 				 ch = *(++l);
@@ -1341,11 +1361,72 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 
 	return(retval);
 	}
+#ifndef OPENSSL_NO_EC
+static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
+					const char **prule_str)
+	{
+	unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
+	if (!strcmp(*prule_str, "SUITEB128"))
+		suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+	else if (!strcmp(*prule_str, "SUITEB128ONLY"))
+		suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
+	else if (!strcmp(*prule_str, "SUITEB128C2"))
+		{
+		suiteb_comb2 = 1;
+		suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+		}
+	else if (!strcmp(*prule_str, "SUITEB192"))
+		suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
+
+	if (suiteb_flags)
+		{
+		c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
+		c->cert_flags |= suiteb_flags;
+		}
+	else
+		suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+
+	if (!suiteb_flags)
+		return 1;
+	/* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
+
+	if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS))
+		{
+		if (meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+			SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+				SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE);
+		else
+			SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+				SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE);
+		return 0;
+		}
+
+	switch(suiteb_flags)
+		{
+	case SSL_CERT_FLAG_SUITEB_128_LOS:
+		if (suiteb_comb2)
+			*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+		else
+			*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
+		break;
+	case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+		*prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256";
+		break;
+	case SSL_CERT_FLAG_SUITEB_192_LOS:
+		*prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+		break;
+		}
+	/* Set auto ECDH parameter determination */
+	c->ecdh_tmp_auto = 1;
+	return 1;
+	}
+#endif
+
 
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 		STACK_OF(SSL_CIPHER) **cipher_list,
 		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
-		const char *rule_str)
+		const char *rule_str, CERT *c)
 	{
 	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
 	unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
@@ -1359,6 +1440,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 */
 	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
 		return NULL;
+#ifndef OPENSSL_NO_EC
+	if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
+		return NULL;
+#endif
 
 	/*
 	 * To reduce the work to do we only want to process the compiled
@@ -1841,5 +1926,60 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
 		return comp->name;
 	return NULL;
 	}
-
 #endif
+/* For a cipher return the index corresponding to the certificate type */
+int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
+	{
+ 	unsigned long alg_k, alg_a;
+
+	alg_k = c->algorithm_mkey;
+	alg_a = c->algorithm_auth;
+
+	if (alg_k & (SSL_kECDHr|SSL_kECDHe))
+		{
+		/* we don't need to look at SSL_kEECDH
+		 * since no certificate is needed for
+		 * anon ECDH and for authenticated
+		 * EECDH, the check for the auth
+		 * algorithm will set i correctly
+		 * NOTE: For ECDH-RSA, we need an ECC
+		 * not an RSA cert but for EECDH-RSA
+		 * we need an RSA cert. Placing the
+		 * checks for SSL_kECDH before RSA
+		 * checks ensures the correct cert is chosen.
+		 */
+		return SSL_PKEY_ECC;
+		}
+	else if (alg_a & SSL_aECDSA)
+		return SSL_PKEY_ECC;
+	else if (alg_k & SSL_kDHr)
+		return SSL_PKEY_DH_RSA;
+	else if (alg_k & SSL_kDHd)
+		return SSL_PKEY_DH_DSA;
+	else if (alg_a & SSL_aDSS)
+		return SSL_PKEY_DSA_SIGN;
+	else if (alg_a & SSL_aRSA)
+		return SSL_PKEY_RSA_ENC;
+	else if (alg_a & SSL_aKRB5)
+		/* VRS something else here? */
+		return -1;
+	else if (alg_a & SSL_aGOST94) 
+		return SSL_PKEY_GOST94;
+	else if (alg_a & SSL_aGOST01)
+		return SSL_PKEY_GOST01;
+	return -1;
+	}
+
+const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr)
+	{
+	const SSL_CIPHER *c;
+	c = ssl->method->get_cipher_by_char(ptr);
+	if (c == NULL || c->valid == 0)
+		return NULL;
+	return c;
+	}
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
+	{
+	return ssl->method->get_cipher_by_char(ptr);
+	}