From 911a534951a7133a0e7f2314d3a57682c584c2f7 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Fri, 31 Oct 2014 14:51:01 +0000 Subject: Remove support for ephemeral/temporary RSA private keys. The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively a standards violation) and for RSA sign-only, should only be possible if you are using an export cipher and have an RSA private key that is more than 512 bits in size (however we no longer support export ciphers). ok bcook@ miod@ --- src/lib/libssl/d1_srvr.c | 58 +++------------------ src/lib/libssl/s3_lib.c | 103 ++++++-------------------------------- src/lib/libssl/s3_srvr.c | 94 ++++++---------------------------- src/lib/libssl/src/ssl/d1_srvr.c | 58 +++------------------ src/lib/libssl/src/ssl/s3_lib.c | 103 ++++++-------------------------------- src/lib/libssl/src/ssl/s3_srvr.c | 94 ++++++---------------------------- src/lib/libssl/src/ssl/ssl3.h | 4 +- src/lib/libssl/src/ssl/ssl_cert.c | 10 +--- src/lib/libssl/src/ssl/ssl_lib.c | 7 ++- src/lib/libssl/src/ssl/ssl_locl.h | 5 +- src/lib/libssl/ssl3.h | 4 +- src/lib/libssl/ssl_cert.c | 10 +--- src/lib/libssl/ssl_lib.c | 7 ++- src/lib/libssl/ssl_locl.h | 5 +- 14 files changed, 88 insertions(+), 474 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index a85715753c..d2f642f877 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.40 2014/10/18 16:13:16 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.41 2014/10/31 14:51:01 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -446,27 +446,8 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp = 1; - else - s->s3->tmp.use_rsa_tmp = 0; - - /* only send if a DH key exchange or - * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp - || (alg_k & (SSL_kDHE|SSL_kECDHE)) - || ((alg_k & SSL_kRSA) - && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - ) - ) - ) { + /* Only send if using a DH key exchange. */ + if (alg_k & (SSL_kDHE|SSL_kECDHE)) { dtls1_start_timer(s); ret = dtls1_send_server_key_exchange(s); if (ret <= 0) @@ -994,7 +975,6 @@ dtls1_send_server_key_exchange(SSL *s) { unsigned char *q; int j, num; - RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; DH *dh = NULL, *dhp; @@ -1024,28 +1004,7 @@ dtls1_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; - if (type & SSL_kRSA) { - rsa = cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp = rsa; - } - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0] = rsa->n; - r[1] = rsa->e; - s->s3->tmp.use_rsa_tmp = 1; - } else + if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) @@ -1087,8 +1046,7 @@ dtls1_send_server_key_exchange(SSL *s) r[0] = dh->p; r[1] = dh->g; r[2] = dh->pub_key; - } else - if (type & SSL_kECDHE) { + } else if (type & SSL_kECDHE) { const EC_GROUP *group; ecdhp = cert->ecdh_tmp; @@ -1185,10 +1143,10 @@ dtls1_send_server_key_exchange(SSL *s) r[1] = NULL; r[2] = NULL; r[3] = NULL; - } else - { + } else { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); + SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, + SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto f_err; } for (i = 0; r[i] != NULL; i++) { diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 42f8074f8c..08c5111129 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.82 2014/10/03 13:58:17 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.83 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1934,8 +1934,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret = 0; - if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || - cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { + if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); @@ -1963,36 +1962,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = (int)(s->s3->flags); break; case SSL_CTRL_NEED_TMP_RSA: - if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && - ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) - > (512 / 8)))) - ret = 1; + ret = 0; break; case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa = (RSA *)parg; - if (rsa == NULL) { - SSLerr(SSL_F_SSL3_CTRL, - ERR_R_PASSED_NULL_PARAMETER); - return (ret); - } - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, - ERR_R_RSA_LIB); - return (ret); - } - RSA_free(s->cert->rsa_tmp); - s->cert->rsa_tmp = rsa; - ret = 1; - } - break; case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTRL, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (ret); - } + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; case SSL_CTRL_SET_TMP_DH: { @@ -2144,7 +2118,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { int ret = 0; - if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { + if (cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); @@ -2154,20 +2128,13 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) switch (cmd) { case SSL_CTRL_SET_TMP_RSA_CB: - { - s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; case SSL_CTRL_SET_TMP_DH_CB: - { - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } + s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; break; case SSL_CTRL_SET_TMP_ECDH_CB: - { - s->cert->ecdh_tmp_cb = - (EC_KEY *(*)(SSL *, int, int))fp; - } + s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; break; case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->tlsext_debug_cb = (void (*)(SSL *, int , int, @@ -2188,45 +2155,11 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) switch (cmd) { case SSL_CTRL_NEED_TMP_RSA: - if ((cert->rsa_tmp == NULL) && - ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > - (512 / 8)))) - return (1); - else - return (0); - /* break; */ + return (0); case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa; - int i; - - rsa = (RSA *)parg; - i = 1; - if (rsa == NULL) - i = 0; - else { - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) - i = 0; - } - if (!i) { - SSLerr(SSL_F_SSL3_CTX_CTRL, - ERR_R_RSA_LIB); - return (0); - } else { - RSA_free(cert->rsa_tmp); - cert->rsa_tmp = rsa; - return (1); - } - } - /* break; */ case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); - } - break; + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); case SSL_CTRL_SET_TMP_DH: { DH *new = NULL, *dh; @@ -2366,19 +2299,13 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) switch (cmd) { case SSL_CTRL_SET_TMP_RSA_CB: - { - cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } - break; + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); case SSL_CTRL_SET_TMP_DH_CB: - { - cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } + cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; break; case SSL_CTRL_SET_TMP_ECDH_CB: - { - cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; - } + cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; break; case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->tlsext_servername_callback = diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 719b4c56c1..1b97895f76 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.88 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -392,37 +392,14 @@ ssl3_accept(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; /* - * Clear this, it may get reset by - * send_server_key_exchange. - */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) - ) - /* - * option SSL_OP_EPHEMERAL_RSA sends temporary - * RSA key even when forbidden by protocol - * specs (handshake may fail as clients are - * not required to be able to handle this) - */ - s->s3->tmp.use_rsa_tmp = 1; - else - s->s3->tmp.use_rsa_tmp = 0; - - - /* - * Only send if a DH key exchange, fortezza or - * RSA but we have a sign only certificate. + * Only send if using a DH key exchange. * - * For ECC ciphersuites, we send a serverKeyExchange - * message only if the cipher suite is either - * ECDH-anon or ECDHE. In other cases, the - * server certificate contains the server's + * For ECC ciphersuites, we send a ServerKeyExchange + * message only if the cipher suite is ECDHE. In other + * cases, the server certificate contains the server's * public key for key exchange. */ - if (s->s3->tmp.use_rsa_tmp || - (alg_k & (SSL_kDHE|SSL_kECDHE)) || - ((alg_k & SSL_kRSA) && - (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == - NULL))) { + if (alg_k & (SSL_kDHE|SSL_kECDHE)) { ret = ssl3_send_server_key_exchange(s); if (ret <= 0) goto end; @@ -1352,7 +1329,6 @@ ssl3_send_server_key_exchange(SSL *s) { unsigned char *q; int j, num; - RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; DH *dh = NULL, *dhp; @@ -1383,31 +1359,6 @@ ssl3_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; - if (type & SSL_kRSA) { - rsa = cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr( - SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp = rsa; - } - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0] = rsa->n; - r[1] = rsa->e; - s->s3->tmp.use_rsa_tmp = 1; - } else if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) @@ -1855,32 +1806,15 @@ ssl3_get_client_key_exchange(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { - /* FIX THIS UP EAY EAY EAY EAY */ - if (s->s3->tmp.use_rsa_tmp) { - if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL)) - rsa = s->cert->rsa_tmp; - /* - * Don't do a callback because rsa_tmp should - * be sent already - */ - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_TMP_RSA_PKEY); - goto f_err; - - } - } else { - pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; - if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_RSA_CERTIFICATE); - goto f_err; - } - rsa = pkey->pkey.rsa; + pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; + if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || + (pkey->pkey.rsa == NULL)) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_MISSING_RSA_CERTIFICATE); + goto f_err; } + rsa = pkey->pkey.rsa; /* TLS and [incidentally] DTLS{0xFEFF} */ if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) { diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index a85715753c..d2f642f877 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.40 2014/10/18 16:13:16 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.41 2014/10/31 14:51:01 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -446,27 +446,8 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp = 1; - else - s->s3->tmp.use_rsa_tmp = 0; - - /* only send if a DH key exchange or - * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp - || (alg_k & (SSL_kDHE|SSL_kECDHE)) - || ((alg_k & SSL_kRSA) - && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - ) - ) - ) { + /* Only send if using a DH key exchange. */ + if (alg_k & (SSL_kDHE|SSL_kECDHE)) { dtls1_start_timer(s); ret = dtls1_send_server_key_exchange(s); if (ret <= 0) @@ -994,7 +975,6 @@ dtls1_send_server_key_exchange(SSL *s) { unsigned char *q; int j, num; - RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; DH *dh = NULL, *dhp; @@ -1024,28 +1004,7 @@ dtls1_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; - if (type & SSL_kRSA) { - rsa = cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp = rsa; - } - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0] = rsa->n; - r[1] = rsa->e; - s->s3->tmp.use_rsa_tmp = 1; - } else + if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) @@ -1087,8 +1046,7 @@ dtls1_send_server_key_exchange(SSL *s) r[0] = dh->p; r[1] = dh->g; r[2] = dh->pub_key; - } else - if (type & SSL_kECDHE) { + } else if (type & SSL_kECDHE) { const EC_GROUP *group; ecdhp = cert->ecdh_tmp; @@ -1185,10 +1143,10 @@ dtls1_send_server_key_exchange(SSL *s) r[1] = NULL; r[2] = NULL; r[3] = NULL; - } else - { + } else { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); + SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, + SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto f_err; } for (i = 0; r[i] != NULL; i++) { diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index 42f8074f8c..08c5111129 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.82 2014/10/03 13:58:17 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.83 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1934,8 +1934,7 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret = 0; - if (cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || - cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { + if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); @@ -1963,36 +1962,11 @@ ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = (int)(s->s3->flags); break; case SSL_CTRL_NEED_TMP_RSA: - if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && - ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) - > (512 / 8)))) - ret = 1; + ret = 0; break; case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa = (RSA *)parg; - if (rsa == NULL) { - SSLerr(SSL_F_SSL3_CTRL, - ERR_R_PASSED_NULL_PARAMETER); - return (ret); - } - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, - ERR_R_RSA_LIB); - return (ret); - } - RSA_free(s->cert->rsa_tmp); - s->cert->rsa_tmp = rsa; - ret = 1; - } - break; case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTRL, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (ret); - } + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; case SSL_CTRL_SET_TMP_DH: { @@ -2144,7 +2118,7 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) { int ret = 0; - if (cmd == SSL_CTRL_SET_TMP_RSA_CB || cmd == SSL_CTRL_SET_TMP_DH_CB) { + if (cmd == SSL_CTRL_SET_TMP_DH_CB) { if (!ssl_cert_inst(&s->cert)) { SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); @@ -2154,20 +2128,13 @@ ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) switch (cmd) { case SSL_CTRL_SET_TMP_RSA_CB: - { - s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } + SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); break; case SSL_CTRL_SET_TMP_DH_CB: - { - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } + s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; break; case SSL_CTRL_SET_TMP_ECDH_CB: - { - s->cert->ecdh_tmp_cb = - (EC_KEY *(*)(SSL *, int, int))fp; - } + s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; break; case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->tlsext_debug_cb = (void (*)(SSL *, int , int, @@ -2188,45 +2155,11 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) switch (cmd) { case SSL_CTRL_NEED_TMP_RSA: - if ((cert->rsa_tmp == NULL) && - ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > - (512 / 8)))) - return (1); - else - return (0); - /* break; */ + return (0); case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa; - int i; - - rsa = (RSA *)parg; - i = 1; - if (rsa == NULL) - i = 0; - else { - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) - i = 0; - } - if (!i) { - SSLerr(SSL_F_SSL3_CTX_CTRL, - ERR_R_RSA_LIB); - return (0); - } else { - RSA_free(cert->rsa_tmp); - cert->rsa_tmp = rsa; - return (1); - } - } - /* break; */ case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); - } - break; + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); case SSL_CTRL_SET_TMP_DH: { DH *new = NULL, *dh; @@ -2366,19 +2299,13 @@ ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) switch (cmd) { case SSL_CTRL_SET_TMP_RSA_CB: - { - cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } - break; + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return (0); case SSL_CTRL_SET_TMP_DH_CB: - { - cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } + cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; break; case SSL_CTRL_SET_TMP_ECDH_CB: - { - cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; - } + cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; break; case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->tlsext_servername_callback = diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 719b4c56c1..1b97895f76 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.88 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -392,37 +392,14 @@ ssl3_accept(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; /* - * Clear this, it may get reset by - * send_server_key_exchange. - */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) - ) - /* - * option SSL_OP_EPHEMERAL_RSA sends temporary - * RSA key even when forbidden by protocol - * specs (handshake may fail as clients are - * not required to be able to handle this) - */ - s->s3->tmp.use_rsa_tmp = 1; - else - s->s3->tmp.use_rsa_tmp = 0; - - - /* - * Only send if a DH key exchange, fortezza or - * RSA but we have a sign only certificate. + * Only send if using a DH key exchange. * - * For ECC ciphersuites, we send a serverKeyExchange - * message only if the cipher suite is either - * ECDH-anon or ECDHE. In other cases, the - * server certificate contains the server's + * For ECC ciphersuites, we send a ServerKeyExchange + * message only if the cipher suite is ECDHE. In other + * cases, the server certificate contains the server's * public key for key exchange. */ - if (s->s3->tmp.use_rsa_tmp || - (alg_k & (SSL_kDHE|SSL_kECDHE)) || - ((alg_k & SSL_kRSA) && - (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == - NULL))) { + if (alg_k & (SSL_kDHE|SSL_kECDHE)) { ret = ssl3_send_server_key_exchange(s); if (ret <= 0) goto end; @@ -1352,7 +1329,6 @@ ssl3_send_server_key_exchange(SSL *s) { unsigned char *q; int j, num; - RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; DH *dh = NULL, *dhp; @@ -1383,31 +1359,6 @@ ssl3_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; - if (type & SSL_kRSA) { - rsa = cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr( - SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp = rsa; - } - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0] = rsa->n; - r[1] = rsa->e; - s->s3->tmp.use_rsa_tmp = 1; - } else if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) @@ -1855,32 +1806,15 @@ ssl3_get_client_key_exchange(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { - /* FIX THIS UP EAY EAY EAY EAY */ - if (s->s3->tmp.use_rsa_tmp) { - if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL)) - rsa = s->cert->rsa_tmp; - /* - * Don't do a callback because rsa_tmp should - * be sent already - */ - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_TMP_RSA_PKEY); - goto f_err; - - } - } else { - pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; - if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_RSA_CERTIFICATE); - goto f_err; - } - rsa = pkey->pkey.rsa; + pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; + if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || + (pkey->pkey.rsa == NULL)) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_MISSING_RSA_CERTIFICATE); + goto f_err; } + rsa = pkey->pkey.rsa; /* TLS and [incidentally] DTLS{0xFEFF} */ if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) { diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h index 9a28b4701f..18afa304c9 100644 --- a/src/lib/libssl/src/ssl/ssl3.h +++ b/src/lib/libssl/src/ssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.26 2014/08/11 01:10:42 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.27 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -473,7 +473,7 @@ typedef struct ssl3_state_st { char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; - int use_rsa_tmp; + int use_rsa_tmp; /* XXX - remove at next bump. */ int key_block_length; unsigned char *key_block; diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c index 6f1815067b..beea31c64b 100644 --- a/src/lib/libssl/src/ssl/ssl_cert.c +++ b/src/lib/libssl/src/ssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.42 2014/10/03 13:58:18 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.43 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -205,12 +205,6 @@ ssl_cert_dup(CERT *cert) ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; - if (cert->rsa_tmp != NULL) { - RSA_up_ref(cert->rsa_tmp); - ret->rsa_tmp = cert->rsa_tmp; - } - ret->rsa_tmp_cb = cert->rsa_tmp_cb; - if (cert->dh_tmp != NULL) { ret->dh_tmp = DHparams_dup(cert->dh_tmp); if (ret->dh_tmp == NULL) { @@ -305,7 +299,6 @@ ssl_cert_dup(CERT *cert) return (ret); err: - RSA_free(ret->rsa_tmp); DH_free(ret->dh_tmp); EC_KEY_free(ret->ecdh_tmp); @@ -331,7 +324,6 @@ ssl_cert_free(CERT *c) if (i > 0) return; - RSA_free(c->rsa_tmp); DH_free(c->dh_tmp); EC_KEY_free(c->ecdh_tmp); diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 3fa8f5039f..579c005cc3 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.88 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1931,7 +1931,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) { CERT_PKEY *cpk; - int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dsa_sign; + int rsa_enc, rsa_sign, dh_tmp, dsa_sign; unsigned long mask_k, mask_a; int have_ecc_cert, ecdh_ok, ecdsa_ok; int have_ecdh_tmp; @@ -1942,7 +1942,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (c == NULL) return; - rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL || @@ -1970,7 +1969,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_a |= SSL_aGOST94; } - if (rsa_enc || (rsa_tmp && rsa_sign)) + if (rsa_enc) mask_k|=SSL_kRSA; if (dh_tmp) diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 976f835c92..955c169244 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.71 2014/10/03 13:58:18 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.72 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -440,9 +440,6 @@ typedef struct cert_st { unsigned long mask_k; unsigned long mask_a; - RSA *rsa_tmp; - RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize); - DH *dh_tmp; DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 9a28b4701f..18afa304c9 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.26 2014/08/11 01:10:42 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.27 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -473,7 +473,7 @@ typedef struct ssl3_state_st { char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; - int use_rsa_tmp; + int use_rsa_tmp; /* XXX - remove at next bump. */ int key_block_length; unsigned char *key_block; diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 6f1815067b..beea31c64b 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.42 2014/10/03 13:58:18 jsing Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.43 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -205,12 +205,6 @@ ssl_cert_dup(CERT *cert) ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; - if (cert->rsa_tmp != NULL) { - RSA_up_ref(cert->rsa_tmp); - ret->rsa_tmp = cert->rsa_tmp; - } - ret->rsa_tmp_cb = cert->rsa_tmp_cb; - if (cert->dh_tmp != NULL) { ret->dh_tmp = DHparams_dup(cert->dh_tmp); if (ret->dh_tmp == NULL) { @@ -305,7 +299,6 @@ ssl_cert_dup(CERT *cert) return (ret); err: - RSA_free(ret->rsa_tmp); DH_free(ret->dh_tmp); EC_KEY_free(ret->ecdh_tmp); @@ -331,7 +324,6 @@ ssl_cert_free(CERT *c) if (i > 0) return; - RSA_free(c->rsa_tmp); DH_free(c->dh_tmp); EC_KEY_free(c->ecdh_tmp); diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 3fa8f5039f..579c005cc3 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.88 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1931,7 +1931,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) { CERT_PKEY *cpk; - int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dsa_sign; + int rsa_enc, rsa_sign, dh_tmp, dsa_sign; unsigned long mask_k, mask_a; int have_ecc_cert, ecdh_ok, ecdsa_ok; int have_ecdh_tmp; @@ -1942,7 +1942,6 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (c == NULL) return; - rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL || @@ -1970,7 +1969,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_a |= SSL_aGOST94; } - if (rsa_enc || (rsa_tmp && rsa_sign)) + if (rsa_enc) mask_k|=SSL_kRSA; if (dh_tmp) diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 976f835c92..955c169244 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.71 2014/10/03 13:58:18 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.72 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -440,9 +440,6 @@ typedef struct cert_st { unsigned long mask_k; unsigned long mask_a; - RSA *rsa_tmp; - RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize); - DH *dh_tmp; DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); -- cgit v1.2.3-55-g6feb