summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-10-31 16:59:00 +0000
committerjsing <>2014-10-31 16:59:00 +0000
commit091d9d6b6aad74a74a64e6dc04ee512e29e01a86 (patch)
tree3e43662ef20c0e96e66542c91dd2600d604e01c2
parent91797946595dabe15bdde44eb8543d1bf3398e67 (diff)
downloadopenbsd-091d9d6b6aad74a74a64e6dc04ee512e29e01a86.tar.gz
openbsd-091d9d6b6aad74a74a64e6dc04ee512e29e01a86.tar.bz2
openbsd-091d9d6b6aad74a74a64e6dc04ee512e29e01a86.zip
Remove ephemeral RSA key handling.
Diffstat
-rw-r--r--src/usr.bin/openssl/s_server.c47
1 files changed, 4 insertions, 43 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 5987f76e1c..30a926c411 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.4 2014/10/31 16:56:00 jsing Exp $ */ 1/* $OpenBSD: s_server.c,v 1.5 2014/10/31 16:59:00 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -178,7 +178,6 @@
178#include "s_apps.h" 178#include "s_apps.h"
179#include "timeouts.h" 179#include "timeouts.h"
180 180
181static RSA *tmp_rsa_cb(SSL * s, int is_export, int keylength);
182static int sv_body(char *hostname, int s, unsigned char *context); 181static int sv_body(char *hostname, int s, unsigned char *context);
183static int www_body(char *hostname, int s, unsigned char *context); 182static int www_body(char *hostname, int s, unsigned char *context);
184static void close_accept_socket(void); 183static void close_accept_socket(void);
@@ -325,7 +324,6 @@ sv_usage(void)
325 BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); 324 BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n");
326 BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n"); 325 BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n");
327 BIO_printf(bio_err, " -quiet - Inhibit printing of session and certificate information\n"); 326 BIO_printf(bio_err, " -quiet - Inhibit printing of session and certificate information\n");
328 BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n");
329 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n"); 327 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
330 BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); 328 BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
331 BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n"); 329 BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n");
@@ -581,7 +579,7 @@ s_server_main(int argc, char *argv[])
581 int badop = 0, bugs = 0; 579 int badop = 0, bugs = 0;
582 int ret = 1; 580 int ret = 1;
583 int off = 0; 581 int off = 0;
584 int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0; 582 int no_dhe = 0, no_ecdhe = 0, nocert = 0;
585 int state = 0; 583 int state = 0;
586 const SSL_METHOD *meth = NULL; 584 const SSL_METHOD *meth = NULL;
587 int socket_type = SOCK_STREAM; 585 int socket_type = SOCK_STREAM;
@@ -773,13 +771,12 @@ s_server_main(int argc, char *argv[])
773 } else if (strcmp(*argv, "-bugs") == 0) { 771 } else if (strcmp(*argv, "-bugs") == 0) {
774 bugs = 1; 772 bugs = 1;
775 } else if (strcmp(*argv, "-no_tmp_rsa") == 0) { 773 } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
776 no_tmp_rsa = 1; 774 /* No-op. */
777 } else if (strcmp(*argv, "-no_dhe") == 0) { 775 } else if (strcmp(*argv, "-no_dhe") == 0) {
778 no_dhe = 1; 776 no_dhe = 1;
779 } else if (strcmp(*argv, "-no_ecdhe") == 0) { 777 } else if (strcmp(*argv, "-no_ecdhe") == 0) {
780 no_ecdhe = 1; 778 no_ecdhe = 1;
781 } 779 } else if (strcmp(*argv, "-www") == 0) {
782 else if (strcmp(*argv, "-www") == 0) {
783 www = 1; 780 www = 1;
784 } else if (strcmp(*argv, "-WWW") == 0) { 781 } else if (strcmp(*argv, "-WWW") == 0) {
785 www = 2; 782 www = 2;
@@ -1210,14 +1207,6 @@ bad:
1210 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) 1207 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
1211 goto end; 1208 goto end;
1212 } 1209 }
1213 if (!no_tmp_rsa) {
1214 SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
1215#ifndef OPENSSL_NO_TLSEXT
1216 if (ctx2)
1217 SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
1218#endif
1219 }
1220
1221 1210
1222 if (cipher != NULL) { 1211 if (cipher != NULL) {
1223 if (!SSL_CTX_set_cipher_list(ctx, cipher)) { 1212 if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
@@ -2079,34 +2068,6 @@ err:
2079 return (ret); 2068 return (ret);
2080} 2069}
2081 2070
2082static RSA *
2083tmp_rsa_cb(SSL * s, int is_export, int keylength)
2084{
2085 BIGNUM *bn = NULL;
2086 static RSA *rsa_tmp = NULL;
2087
2088 if (!rsa_tmp && ((bn = BN_new()) == NULL))
2089 BIO_printf(bio_err, "Allocation error in generating RSA key\n");
2090 if (!rsa_tmp && bn) {
2091 if (!s_quiet) {
2092 BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
2093 (void) BIO_flush(bio_err);
2094 }
2095 if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
2096 !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
2097 if (rsa_tmp)
2098 RSA_free(rsa_tmp);
2099 rsa_tmp = NULL;
2100 }
2101 if (!s_quiet) {
2102 BIO_printf(bio_err, "\n");
2103 (void) BIO_flush(bio_err);
2104 }
2105 BN_free(bn);
2106 }
2107 return (rsa_tmp);
2108}
2109
2110#define MAX_SESSION_ID_ATTEMPTS 10 2071#define MAX_SESSION_ID_ATTEMPTS 10
2111static int 2072static int
2112generate_session_id(const SSL * ssl, unsigned char *id, 2073generate_session_id(const SSL * ssl, unsigned char *id,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 01:05:54 +0000