}
else if (strcmp(*argv, "-cert_strict") == 0)
cert_flags |= SSL_CERT_FLAG_TLS_STRICT;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ else if (strcmp(*argv, "-debug_broken_protocol") == 0)
+ cert_flags |= SSL_CERT_FLAG_BROKEN_PROTCOL;
+#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
}
else if (strcmp(*argv, "-cert_strict") == 0)
cert_flags |= SSL_CERT_FLAG_TLS_STRICT;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ else if (strcmp(*argv, "-debug_broken_protocol") == 0)
+ cert_flags |= SSL_CERT_FLAG_BROKEN_PROTCOL;
+#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
/* Suite B 128 bit mode allowing 192 bit algorithms */
#define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000
-
+/* Perform all sorts of protocol violations for testing purposes */
+#define SSL_CERT_FLAG_BROKEN_PROTCOL 0x10000000
/* Flags for building certificate chains */
/* Treat any existing certificates as untrusted CAs */
c = s->cert;
ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ /* Broken protocol test: return last used certificate: which may
+ * mismatch the one expected.
+ */
+ if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ return c->key;
+#endif
+
i = ssl_get_server_cert_index(s);
/* This may or may not be an error. */
alg_a = cipher->algorithm_auth;
c=s->cert;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ /* Broken protocol test: use last key: which may
+ * mismatch the one expected.
+ */
+ if (c->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ idx = c->key - c->pkeys;
+ else
+#endif
+
if ((alg_a & SSL_aDSS) &&
(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
idx = SSL_PKEY_DSA_SIGN;
{
unsigned char curve_id[2];
EC_KEY *ec = s->cert->ecdh_tmp;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ /* Allow any curve: not just those peer supports */
+ if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ return 1;
+#endif
/* If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384,
* no other curves permitted.
*/
if (!tls1_set_ec_id(curve_id, &comp_id, pkey->pkey.ec))
return 0;
if (!s->server && !tls1_check_ec_key(s, curve_id, &comp_id))
+ {
+ SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG,SSL_R_WRONG_CURVE);
return 0;
+ }
/* If Suite B only P-384+SHA384 or P-256+SHA-256 allowed */
if (tls1_suiteb(s))
{
tls1_set_shared_sigalgs(s);
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ {
+ /* Use first set signature preference to force message
+ * digest, ignoring any peer preferences.
+ */
+ const unsigned char *sigs = NULL;
+ if (s->server)
+ sigs = c->conf_sigalgs;
+ else
+ sigs = c->client_sigalgs;
+ if (sigs)
+ {
+ idx = tls12_get_pkey_idx(sigs[1]);
+ md = tls12_get_hash(sigs[0]);
+ c->pkeys[idx].digest = md;
+ c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
+ if (idx == SSL_PKEY_RSA_SIGN)
+ {
+ c->pkeys[SSL_PKEY_RSA_ENC].valid_flags = CERT_PKEY_EXPLICIT_SIGN;
+ c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
+ }
+ }
+ }
+#endif
+
for (i = 0, sigptr = c->shared_sigalgs;
i < c->shared_sigalgslen; i++, sigptr++)
{
/* If no cert or key, forget it */
if (!x || !pk)
goto end;
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
+ /* Allow any certificate to pass test */
+ if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTCOL)
+ {
+ rv = CERT_PKEY_STRICT_FLAGS|CERT_PKEY_EXPLICIT_SIGN|CERT_PKEY_VALID|CERT_PKEY_SIGN;
+ cpk->valid_flags = rv;
+ return rv;
+ }
+#endif
}
else
{