diff options
| author | jsing <> | 2014-10-31 14:51:01 +0000 |
|---|---|---|
| committer | jsing <> | 2014-10-31 14:51:01 +0000 |
| commit | 911a534951a7133a0e7f2314d3a57682c584c2f7 (patch) | |
| tree | cbc34cc64480c58a9e6b221bf4a12687fac6fd93 /src/lib/libssl/d1_srvr.c | |
| parent | 21b4fa8d2a511b2b7e7215bb18cb3836173fb390 (diff) | |
| download | openbsd-911a534951a7133a0e7f2314d3a57682c584c2f7.tar.gz openbsd-911a534951a7133a0e7f2314d3a57682c584c2f7.tar.bz2 openbsd-911a534951a7133a0e7f2314d3a57682c584c2f7.zip | |
Remove support for ephemeral/temporary RSA private keys.
The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively
a standards violation) and for RSA sign-only, should only be possible if
you are using an export cipher and have an RSA private key that is more
than 512 bits in size (however we no longer support export ciphers).
ok bcook@ miod@
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 58 |
1 files changed, 8 insertions, 50 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index a85715753c..d2f642f877 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.40 2014/10/18 16:13:16 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.41 2014/10/31 14:51:01 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -446,27 +446,8 @@ dtls1_accept(SSL *s) | |||
| 446 | case SSL3_ST_SW_KEY_EXCH_B: | 446 | case SSL3_ST_SW_KEY_EXCH_B: |
| 447 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 447 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 448 | 448 | ||
| 449 | /* clear this, it may get reset by | 449 | /* Only send if using a DH key exchange. */ |
| 450 | * send_server_key_exchange */ | 450 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { |
| 451 | if ((s->options & SSL_OP_EPHEMERAL_RSA) | ||
| 452 | ) | ||
| 453 | /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key | ||
| 454 | * even when forbidden by protocol specs | ||
| 455 | * (handshake may fail as clients are not required to | ||
| 456 | * be able to handle this) */ | ||
| 457 | s->s3->tmp.use_rsa_tmp = 1; | ||
| 458 | else | ||
| 459 | s->s3->tmp.use_rsa_tmp = 0; | ||
| 460 | |||
| 461 | /* only send if a DH key exchange or | ||
| 462 | * RSA but we have a sign only certificate */ | ||
| 463 | if (s->s3->tmp.use_rsa_tmp | ||
| 464 | || (alg_k & (SSL_kDHE|SSL_kECDHE)) | ||
| 465 | || ((alg_k & SSL_kRSA) | ||
| 466 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL | ||
| 467 | ) | ||
| 468 | ) | ||
| 469 | ) { | ||
| 470 | dtls1_start_timer(s); | 451 | dtls1_start_timer(s); |
| 471 | ret = dtls1_send_server_key_exchange(s); | 452 | ret = dtls1_send_server_key_exchange(s); |
| 472 | if (ret <= 0) | 453 | if (ret <= 0) |
| @@ -994,7 +975,6 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 994 | { | 975 | { |
| 995 | unsigned char *q; | 976 | unsigned char *q; |
| 996 | int j, num; | 977 | int j, num; |
| 997 | RSA *rsa; | ||
| 998 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | 978 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; |
| 999 | unsigned int u; | 979 | unsigned int u; |
| 1000 | DH *dh = NULL, *dhp; | 980 | DH *dh = NULL, *dhp; |
| @@ -1024,28 +1004,7 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1024 | 1004 | ||
| 1025 | r[0] = r[1] = r[2] = r[3] = NULL; | 1005 | r[0] = r[1] = r[2] = r[3] = NULL; |
| 1026 | n = 0; | 1006 | n = 0; |
| 1027 | if (type & SSL_kRSA) { | 1007 | |
| 1028 | rsa = cert->rsa_tmp; | ||
| 1029 | if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { | ||
| 1030 | rsa = s->cert->rsa_tmp_cb(s, 0, | ||
| 1031 | SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
| 1032 | if (rsa == NULL) { | ||
| 1033 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1034 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY); | ||
| 1035 | goto f_err; | ||
| 1036 | } | ||
| 1037 | RSA_up_ref(rsa); | ||
| 1038 | cert->rsa_tmp = rsa; | ||
| 1039 | } | ||
| 1040 | if (rsa == NULL) { | ||
| 1041 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1042 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_RSA_KEY); | ||
| 1043 | goto f_err; | ||
| 1044 | } | ||
| 1045 | r[0] = rsa->n; | ||
| 1046 | r[1] = rsa->e; | ||
| 1047 | s->s3->tmp.use_rsa_tmp = 1; | ||
| 1048 | } else | ||
| 1049 | if (type & SSL_kDHE) { | 1008 | if (type & SSL_kDHE) { |
| 1050 | dhp = cert->dh_tmp; | 1009 | dhp = cert->dh_tmp; |
| 1051 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | 1010 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) |
| @@ -1087,8 +1046,7 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1087 | r[0] = dh->p; | 1046 | r[0] = dh->p; |
| 1088 | r[1] = dh->g; | 1047 | r[1] = dh->g; |
| 1089 | r[2] = dh->pub_key; | 1048 | r[2] = dh->pub_key; |
| 1090 | } else | 1049 | } else if (type & SSL_kECDHE) { |
| 1091 | if (type & SSL_kECDHE) { | ||
| 1092 | const EC_GROUP *group; | 1050 | const EC_GROUP *group; |
| 1093 | 1051 | ||
| 1094 | ecdhp = cert->ecdh_tmp; | 1052 | ecdhp = cert->ecdh_tmp; |
| @@ -1185,10 +1143,10 @@ dtls1_send_server_key_exchange(SSL *s) | |||
| 1185 | r[1] = NULL; | 1143 | r[1] = NULL; |
| 1186 | r[2] = NULL; | 1144 | r[2] = NULL; |
| 1187 | r[3] = NULL; | 1145 | r[3] = NULL; |
| 1188 | } else | 1146 | } else { |
| 1189 | { | ||
| 1190 | al = SSL_AD_HANDSHAKE_FAILURE; | 1147 | al = SSL_AD_HANDSHAKE_FAILURE; |
| 1191 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | 1148 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, |
| 1149 | SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | ||
| 1192 | goto f_err; | 1150 | goto f_err; |
| 1193 | } | 1151 | } |
| 1194 | for (i = 0; r[i] != NULL; i++) { | 1152 | for (i = 0; r[i] != NULL; i++) { |