From 2ed70c7586326507896022926b35f9b28ff6d8b9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Sun, 17 Sep 2017 21:31:01 +0300
Subject: [PATCH] OpenSSL: Add option to disable ECDHE with Suite B RSA

The hostapd.conf tls_flags=[SUITEB-NO-ECDH] and wpa_supplicant network
profile phase1="tls_suiteb_no_ecdh=1" can now be used to configure Suite
B RSA constraints with ECDHE disabled. This is mainly to allow
the DHE TLS cipher suite to be tested.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 hostapd/config_file.c         |  2 ++
 src/crypto/tls.h              |  1 +
 src/crypto/tls_openssl.c      | 24 +++++++++++++++++-------
 src/eap_peer/eap_tls_common.c |  4 ++++
 4 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 41612cb9a..880998bed 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2077,6 +2077,8 @@ static unsigned int parse_tls_flags(const char *val)
 		flags |= TLS_CONN_DISABLE_TLSv1_2;
 	if (os_strstr(val, "[SUITEB]"))
 		flags |= TLS_CONN_SUITEB;
+	if (os_strstr(val, "[SUITEB-NO-ECDH]"))
+		flags |= TLS_CONN_SUITEB_NO_ECDH | TLS_CONN_SUITEB;
 
 	return flags;
 }
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index e60efc8cd..dc4117c38 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -100,6 +100,7 @@ struct tls_config {
 #define TLS_CONN_EXT_CERT_CHECK BIT(9)
 #define TLS_CONN_REQUIRE_OCSP_ALL BIT(10)
 #define TLS_CONN_SUITEB BIT(11)
+#define TLS_CONN_SUITEB_NO_ECDH BIT(12)
 
 /**
  * struct tls_connection_params - Parameters for TLS connection
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 84321eedb..685e863ee 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2325,7 +2325,15 @@ static int tls_set_conn_flags(SSL *ssl, unsigned int flags)
 		SSL_clear_options(ssl, SSL_OP_NO_TLSv1_2);
 #endif /* SSL_OP_NO_TLSv1_2 */
 #ifdef CONFIG_SUITEB
-	if (flags & TLS_CONN_SUITEB) {
+	if (flags & TLS_CONN_SUITEB_NO_ECDH) {
+		const char *ciphers = "DHE-RSA-AES256-GCM-SHA384";
+
+		if (SSL_set_cipher_list(ssl, ciphers) != 1) {
+			wpa_printf(MSG_INFO,
+				   "OpenSSL: Failed to set Suite B ciphers");
+			return -1;
+		}
+	} else if (flags & TLS_CONN_SUITEB) {
 		EC_KEY *ecdh;
 		const char *ciphers =
 			"ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384";
@@ -2341,12 +2349,6 @@ static int tls_set_conn_flags(SSL *ssl, unsigned int flags)
 				   "OpenSSL: Failed to set Suite B curves");
 			return -1;
 		}
-		/* ECDSA+SHA384 if need to add EC support here */
-		if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
-			wpa_printf(MSG_INFO,
-				   "OpenSSL: Failed to set Suite B sigalgs");
-			return -1;
-		}
 
 		ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
 		if (!ecdh || SSL_set_tmp_ecdh(ssl, ecdh) != 1) {
@@ -2356,6 +2358,14 @@ static int tls_set_conn_flags(SSL *ssl, unsigned int flags)
 			return -1;
 		}
 		EC_KEY_free(ecdh);
+	}
+	if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) {
+		/* ECDSA+SHA384 if need to add EC support here */
+		if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
+			wpa_printf(MSG_INFO,
+				   "OpenSSL: Failed to set Suite B sigalgs");
+			return -1;
+		}
 
 		SSL_set_options(ssl, SSL_OP_NO_TLSv1);
 		SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index b387dea50..b3d4aba04 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -88,6 +88,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
 		params->flags |= TLS_CONN_SUITEB;
 	if (os_strstr(txt, "tls_suiteb=0"))
 		params->flags &= ~TLS_CONN_SUITEB;
+	if (os_strstr(txt, "tls_suiteb_no_ecdh=1"))
+		params->flags |= TLS_CONN_SUITEB_NO_ECDH;
+	if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
+		params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
 }