1 files changed, 14 insertions, 80 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 719b4c56c1..1b97895f76 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.88 2014/10/31 14:51:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -392,37 +392,14 @@ ssl3_accept(SSL *s)
                        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
                        /*
-                         * Clear this, it may get reset by
+                         * Only send if using a DH key exchange.
-                         * send_server_key_exchange.
-                         */
-                        if ((s->options & SSL_OP_EPHEMERAL_RSA)
-                            )
-                                /*
-                                 * option SSL_OP_EPHEMERAL_RSA sends temporary
-                                 * RSA key even when forbidden by protocol
-                                 * specs (handshake may fail as clients are
-                                 * not required to be able to handle this)
-                                 */
-                                s->s3->tmp.use_rsa_tmp = 1;
-                        else
-                                s->s3->tmp.use_rsa_tmp = 0;
-                        /*
-                         * Only send if a DH key exchange, fortezza or
-                         * RSA but we have a sign only certificate.
                         *
-                         * For ECC ciphersuites, we send a serverKeyExchange
+                         * For ECC ciphersuites, we send a ServerKeyExchange
-                         * message only if the cipher suite is either
+                         * message only if the cipher suite is ECDHE. In other
-                         * ECDH-anon or ECDHE. In other cases, the
+                         * cases, the server certificate contains the server's
-                         * server certificate contains the server's
                         * public key for key exchange.
                         */
-                        if (s->s3->tmp.use_rsa_tmp ||
+                        if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
-                            (alg_k & (SSL_kDHE|SSL_kECDHE)) ||
-                            ((alg_k & SSL_kRSA) &&
-                             (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey ==
-                             NULL))) {
                                ret = ssl3_send_server_key_exchange(s);
                                if (ret <= 0)
                                        goto end;
@@ -1352,7 +1329,6 @@ ssl3_send_server_key_exchange(SSL *s)
 {
        unsigned char *q;
        int j, num;
-        RSA *rsa;
        unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
        unsigned int u;
        DH *dh = NULL, *dhp;
@@ -1383,31 +1359,6 @@ ssl3_send_server_key_exchange(SSL *s)
                r[0] = r[1] = r[2] = r[3] = NULL;
                n = 0;
-                if (type & SSL_kRSA) {
-                        rsa = cert->rsa_tmp;
-                        if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
-                                rsa = s->cert->rsa_tmp_cb(s, 0,
-                                    SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
-                                if (rsa == NULL) {
-                                        al = SSL_AD_HANDSHAKE_FAILURE;
-                                        SSLerr(
-                                            SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                            SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
-                                        goto f_err;
-                                }
-                                RSA_up_ref(rsa);
-                                cert->rsa_tmp = rsa;
-                        }
-                        if (rsa == NULL) {
-                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                                    SSL_R_MISSING_TMP_RSA_KEY);
-                                goto f_err;
-                        }
-                        r[0] = rsa->n;
-                        r[1] = rsa->e;
-                        s->s3->tmp.use_rsa_tmp = 1;
-                } else
                if (type & SSL_kDHE) {
                        dhp = cert->dh_tmp;
                        if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
@@ -1855,32 +1806,15 @@ ssl3_get_client_key_exchange(SSL *s)
        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
        if (alg_k & SSL_kRSA) {
-                /* FIX THIS UP EAY EAY EAY EAY */
+                pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
-                if (s->s3->tmp.use_rsa_tmp) {
+                if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
-                        if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
+                    (pkey->pkey.rsa == NULL)) {
-                                rsa = s->cert->rsa_tmp;
+                        al = SSL_AD_HANDSHAKE_FAILURE;
-                        /*
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                         * Don't do a callback because rsa_tmp should
+                            SSL_R_MISSING_RSA_CERTIFICATE);
-                         * be sent already
+                        goto f_err;
-                         */
-                        if (rsa == NULL) {
-                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                    SSL_R_MISSING_TMP_RSA_PKEY);
-                                goto f_err;
-                        }
-                } else {
-                        pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
-                        if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
-                            (pkey->pkey.rsa == NULL)) {
-                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                                    SSL_R_MISSING_RSA_CERTIFICATE);
-                                goto f_err;
-                        }
-                        rsa = pkey->pkey.rsa;
                }
+                rsa = pkey->pkey.rsa;
                /* TLS and [incidentally] DTLS{0xFEFF} */
                if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 719b4c56c1..1b97895f76 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.88 2014/10/31 14:51:01 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -392,37 +392,14 @@ ssl3_accept(SSL *s)
392	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;	392	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
393		393
394	/*	394	/*
395	* Clear this, it may get reset by	395	* Only send if using a DH key exchange.
396	* send_server_key_exchange.
397	*/
398	if ((s->options & SSL_OP_EPHEMERAL_RSA)
399	)
400	/*
401	* option SSL_OP_EPHEMERAL_RSA sends temporary
402	* RSA key even when forbidden by protocol
403	* specs (handshake may fail as clients are
404	* not required to be able to handle this)
405	*/
406	s->s3->tmp.use_rsa_tmp = 1;
407	else
408	s->s3->tmp.use_rsa_tmp = 0;
409
410
411	/*
412	* Only send if a DH key exchange, fortezza or
413	* RSA but we have a sign only certificate.
414	*	396	*
415	* For ECC ciphersuites, we send a serverKeyExchange	397	* For ECC ciphersuites, we send a ServerKeyExchange
416	* message only if the cipher suite is either	398	* message only if the cipher suite is ECDHE. In other
417	* ECDH-anon or ECDHE. In other cases, the	399	* cases, the server certificate contains the server's
418	* server certificate contains the server's
419	* public key for key exchange.	400	* public key for key exchange.
420	*/	401	*/
421	if (s->s3->tmp.use_rsa_tmp \|\|	402	if (alg_k & (SSL_kDHE\|SSL_kECDHE)) {
422	(alg_k & (SSL_kDHE\|SSL_kECDHE)) \|\|
423	((alg_k & SSL_kRSA) &&
424	(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey ==
425	NULL))) {
426	ret = ssl3_send_server_key_exchange(s);	403	ret = ssl3_send_server_key_exchange(s);
427	if (ret <= 0)	404	if (ret <= 0)
428	goto end;	405	goto end;
@@ -1352,7 +1329,6 @@ ssl3_send_server_key_exchange(SSL *s)
1352	{	1329	{
1353	unsigned char *q;	1330	unsigned char *q;
1354	int j, num;	1331	int j, num;
1355	RSA *rsa;
1356	unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];	1332	unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1357	unsigned int u;	1333	unsigned int u;
1358	DH dh = NULL, dhp;	1334	DH dh = NULL, dhp;
@@ -1383,31 +1359,6 @@ ssl3_send_server_key_exchange(SSL *s)
1383		1359
1384	r[0] = r[1] = r[2] = r[3] = NULL;	1360	r[0] = r[1] = r[2] = r[3] = NULL;
1385	n = 0;	1361	n = 0;
1386	if (type & SSL_kRSA) {
1387	rsa = cert->rsa_tmp;
1388	if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
1389	rsa = s->cert->rsa_tmp_cb(s, 0,
1390	SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
1391	if (rsa == NULL) {
1392	al = SSL_AD_HANDSHAKE_FAILURE;
1393	SSLerr(
1394	SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1395	SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1396	goto f_err;
1397	}
1398	RSA_up_ref(rsa);
1399	cert->rsa_tmp = rsa;
1400	}
1401	if (rsa == NULL) {
1402	al = SSL_AD_HANDSHAKE_FAILURE;
1403	SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1404	SSL_R_MISSING_TMP_RSA_KEY);
1405	goto f_err;
1406	}
1407	r[0] = rsa->n;
1408	r[1] = rsa->e;
1409	s->s3->tmp.use_rsa_tmp = 1;
1410	} else
1411	if (type & SSL_kDHE) {	1362	if (type & SSL_kDHE) {
1412	dhp = cert->dh_tmp;	1363	dhp = cert->dh_tmp;
1413	if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))	1364	if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
@@ -1855,32 +1806,15 @@ ssl3_get_client_key_exchange(SSL *s)
1855	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;	1806	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1856		1807
1857	if (alg_k & SSL_kRSA) {	1808	if (alg_k & SSL_kRSA) {
1858	/* FIX THIS UP EAY EAY EAY EAY */	1809	pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
1859	if (s->s3->tmp.use_rsa_tmp) {	1810	if ((pkey == NULL) \|\| (pkey->type != EVP_PKEY_RSA) \|\|
1860	if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))	1811	(pkey->pkey.rsa == NULL)) {
1861	rsa = s->cert->rsa_tmp;	1812	al = SSL_AD_HANDSHAKE_FAILURE;
1862	/*	1813	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1863	* Don't do a callback because rsa_tmp should	1814	SSL_R_MISSING_RSA_CERTIFICATE);
1864	* be sent already	1815	goto f_err;
1865	*/
1866	if (rsa == NULL) {
1867	al = SSL_AD_HANDSHAKE_FAILURE;
1868	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1869	SSL_R_MISSING_TMP_RSA_PKEY);
1870	goto f_err;
1871
1872	}
1873	} else {
1874	pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
1875	if ((pkey == NULL) \|\| (pkey->type != EVP_PKEY_RSA) \|\|
1876	(pkey->pkey.rsa == NULL)) {
1877	al = SSL_AD_HANDSHAKE_FAILURE;
1878	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1879	SSL_R_MISSING_RSA_CERTIFICATE);
1880	goto f_err;
1881	}
1882	rsa = pkey->pkey.rsa;
1883	}	1816	}
		1817	rsa = pkey->pkey.rsa;
1884		1818
1885	/* TLS and [incidentally] DTLS{0xFEFF} */	1819	/* TLS and [incidentally] DTLS{0xFEFF} */
1886	if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {	1820	if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {