Remove support for all 40 and 56 bit ciphers.
Reviewed-by: Rich Salz <rsalz@openssl.org> MR: #364
This commit is contained in:
parent
fe6ef2472d
commit
361a119127
24 changed files with 293 additions and 1419 deletions
5
CHANGES
5
CHANGES
|
@ -4,6 +4,11 @@
|
|||
|
||||
Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
|
||||
|
||||
*) Remove support for all 40 and 56 bit ciphers. This includes all the export
|
||||
ciphers who are no longer supported and drops support the ephemeral RSA key
|
||||
exchange. The LOW ciphers currently doesn't have any ciphers in it.
|
||||
[Kurt Roeckx]
|
||||
|
||||
*) Added ASYNC support. Libcrypto now includes the async sub-library to enable
|
||||
cryptographic operations to be performed asynchronously as long as an
|
||||
asynchronous capable engine is used. See the ASYNC_start_job() man page for
|
||||
|
|
|
@ -190,9 +190,6 @@ typedef unsigned int u_int;
|
|||
# undef FIONBIO
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
|
||||
#endif
|
||||
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
|
||||
static int sv_body(char *hostname, int s, int stype, unsigned char *context);
|
||||
static int www_body(char *hostname, int s, int stype, unsigned char *context);
|
||||
|
@ -807,7 +804,7 @@ typedef enum OPTION_choice {
|
|||
OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE,
|
||||
OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE,
|
||||
OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF,
|
||||
OPT_QUIET, OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
|
||||
OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, OPT_NO_ECDHE,
|
||||
OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
|
||||
OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
|
||||
OPT_SSL3,
|
||||
|
@ -866,7 +863,6 @@ OPTIONS s_server_options[] = {
|
|||
"Do not load certificates from the default certificates directory"},
|
||||
{"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
|
||||
{"quiet", OPT_QUIET, '-', "No server output"},
|
||||
{"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"},
|
||||
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
|
||||
{"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
|
||||
{"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
|
||||
|
@ -1004,7 +1000,7 @@ int s_server_main(int argc, char *argv[])
|
|||
#ifndef OPENSSL_NO_DH
|
||||
int no_dhe = 0;
|
||||
#endif
|
||||
int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0, ret = 1;
|
||||
int no_ecdhe = 0, nocert = 0, ret = 1;
|
||||
int noCApath = 0, noCAfile = 0;
|
||||
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
|
||||
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
|
||||
|
@ -1295,9 +1291,6 @@ int s_server_main(int argc, char *argv[])
|
|||
case OPT_BRIEF:
|
||||
s_quiet = s_brief = verify_quiet = 1;
|
||||
break;
|
||||
case OPT_NO_TMP_RSA:
|
||||
no_tmp_rsa = 1;
|
||||
break;
|
||||
case OPT_NO_DHE:
|
||||
#ifndef OPENSSL_NO_DH
|
||||
no_dhe = 1;
|
||||
|
@ -1824,13 +1817,6 @@ int s_server_main(int argc, char *argv[])
|
|||
if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain))
|
||||
goto end;
|
||||
}
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (!no_tmp_rsa) {
|
||||
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
|
||||
if (ctx2)
|
||||
SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (no_resume_ephemeral) {
|
||||
SSL_CTX_set_not_resumable_session_callback(ctx,
|
||||
|
@ -3135,35 +3121,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
|
|||
return (ret);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
|
||||
{
|
||||
BIGNUM *bn = NULL;
|
||||
static RSA *rsa_tmp = NULL;
|
||||
|
||||
if (!rsa_tmp && ((bn = BN_new()) == NULL))
|
||||
BIO_printf(bio_err, "Allocation error in generating RSA key\n");
|
||||
if (!rsa_tmp && bn) {
|
||||
if (!s_quiet) {
|
||||
BIO_printf(bio_err, "Generating temp (%d bit) RSA key...",
|
||||
keylength);
|
||||
(void)BIO_flush(bio_err);
|
||||
}
|
||||
if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
|
||||
!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
|
||||
RSA_free(rsa_tmp);
|
||||
rsa_tmp = NULL;
|
||||
}
|
||||
if (!s_quiet) {
|
||||
BIO_printf(bio_err, "\n");
|
||||
(void)BIO_flush(bio_err);
|
||||
}
|
||||
BN_free(bn);
|
||||
}
|
||||
return (rsa_tmp);
|
||||
}
|
||||
#endif
|
||||
|
||||
#define MAX_SESSION_ID_ATTEMPTS 10
|
||||
static int generate_session_id(const SSL *ssl, unsigned char *id,
|
||||
unsigned int *id_len)
|
||||
|
|
|
@ -651,7 +651,6 @@ struct tls_create_ctx_args tls_create_ctx_defaultargs(void)
|
|||
ret.ca_file = NULL;
|
||||
ret.verify_depth = -1;
|
||||
ret.fail_unless_verified = 0;
|
||||
ret.export_p = 0;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@ -781,20 +780,6 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
|
|||
/* avoid small subgroup attacks: */
|
||||
SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
|
||||
}
|
||||
#ifndef NO_RSA
|
||||
if (!a.client_p && a.export_p) {
|
||||
RSA *tmpkey;
|
||||
|
||||
tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
|
||||
if (tmpkey == NULL)
|
||||
goto err;
|
||||
if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
|
||||
RSA_free(tmpkey);
|
||||
goto err;
|
||||
}
|
||||
RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */
|
||||
}
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
|
||||
|
|
|
@ -34,7 +34,6 @@ struct tls_create_ctx_args {
|
|||
const char *ca_file;
|
||||
int verify_depth;
|
||||
int fail_unless_verified;
|
||||
int export_p;
|
||||
};
|
||||
struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
|
||||
/*
|
||||
|
|
|
@ -168,18 +168,6 @@ encryption.
|
|||
"low" encryption cipher suites, currently those using 64 or 56 bit encryption
|
||||
algorithms but excluding export cipher suites.
|
||||
|
||||
=item B<EXP>, B<EXPORT>
|
||||
|
||||
export encryption algorithms. Including 40 and 56 bits algorithms.
|
||||
|
||||
=item B<EXPORT40>
|
||||
|
||||
40 bit export encryption algorithms
|
||||
|
||||
=item B<EXPORT56>
|
||||
|
||||
56 bit export encryption algorithms. This list is empty.
|
||||
|
||||
=item B<eNULL>, B<NULL>
|
||||
|
||||
the "NULL" ciphers that is those offering no encryption. Because these offer no
|
||||
|
@ -387,12 +375,9 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
|
|||
|
||||
SSL_RSA_WITH_NULL_MD5 NULL-MD5
|
||||
SSL_RSA_WITH_NULL_SHA NULL-SHA
|
||||
SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
|
||||
SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
|
||||
SSL_RSA_WITH_RC4_128_SHA RC4-SHA
|
||||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
|
||||
SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
|
||||
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
|
||||
SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
|
||||
|
||||
|
@ -400,16 +385,12 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
|
|||
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA
|
||||
SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA
|
||||
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA
|
||||
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA
|
||||
SSL_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA
|
||||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
|
||||
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA
|
||||
SSL_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA
|
||||
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
|
||||
|
||||
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
|
||||
SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
|
||||
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
|
||||
SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
|
||||
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
|
||||
|
||||
|
@ -421,31 +402,22 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
|
|||
|
||||
TLS_RSA_WITH_NULL_MD5 NULL-MD5
|
||||
TLS_RSA_WITH_NULL_SHA NULL-SHA
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
|
||||
TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
|
||||
TLS_RSA_WITH_RC4_128_SHA RC4-SHA
|
||||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
|
||||
TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
|
||||
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
|
||||
TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
|
||||
|
||||
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
|
||||
TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
|
||||
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
|
||||
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
|
||||
TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
|
||||
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
|
||||
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA
|
||||
TLS_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA
|
||||
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
|
||||
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
|
||||
|
||||
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
|
||||
TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
|
||||
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
|
||||
TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
|
||||
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
|
||||
|
||||
|
@ -511,10 +483,6 @@ algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
|
|||
|
||||
Note: these ciphers can also be used in SSL v3.
|
||||
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
|
||||
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
|
||||
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
|
||||
|
||||
=head2 Elliptic curve cipher suites.
|
||||
|
|
|
@ -66,7 +66,6 @@ B<openssl> B<s_server>
|
|||
[B<-cipher cipherlist>]
|
||||
[B<-serverpref>]
|
||||
[B<-quiet>]
|
||||
[B<-no_tmp_rsa>]
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
[B<-dtls>]
|
||||
|
@ -186,11 +185,6 @@ disabling the ephemeral DH cipher suites.
|
|||
if this option is set then no ECDH parameters will be loaded effectively
|
||||
disabling the ephemeral ECDH cipher suites.
|
||||
|
||||
=item B<-no_tmp_rsa>
|
||||
|
||||
certain export cipher suites sometimes use a temporary RSA key, this option
|
||||
disables temporary RSA key generation.
|
||||
|
||||
=item B<-crl_check>, B<-crl_check_all>
|
||||
|
||||
Check the peer certificate has not been revoked by its CA.
|
||||
|
|
|
@ -37,10 +37,6 @@ ADH ciphers don't need a certificate, but DH-parameters must have been set.
|
|||
All other ciphers need a corresponding certificate and key.
|
||||
|
||||
A RSA cipher can only be chosen, when a RSA certificate is available.
|
||||
RSA export ciphers with a keylength of 512 bits for the RSA key require
|
||||
a temporary 512 bit RSA key, as typically the supplied key has a length
|
||||
of 1024 bit (see
|
||||
L<SSL_CTX_set_tmp_rsa_callback(3)>).
|
||||
RSA ciphers using DHE need a certificate and key and additional DH-parameters
|
||||
(see L<SSL_CTX_set_tmp_dh_callback(3)>).
|
||||
|
||||
|
@ -63,7 +59,6 @@ could be selected and 0 on complete failure.
|
|||
|
||||
L<ssl(3)>, L<SSL_get_ciphers(3)>,
|
||||
L<SSL_CTX_use_certificate(3)>,
|
||||
L<SSL_CTX_set_tmp_rsa_callback(3)>,
|
||||
L<SSL_CTX_set_tmp_dh_callback(3)>,
|
||||
L<ciphers(1)>
|
||||
|
||||
|
|
|
@ -269,7 +269,6 @@ secure renegotiation and 0 if it does not.
|
|||
|
||||
L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>,
|
||||
L<SSL_CTX_set_tmp_dh_callback(3)>,
|
||||
L<SSL_CTX_set_tmp_rsa_callback(3)>,
|
||||
L<dhparam(1)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
|
|
@ -1,159 +0,0 @@
|
|||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
|
||||
RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
|
||||
long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
|
||||
long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
|
||||
|
||||
void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
|
||||
RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
|
||||
long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
|
||||
long SSL_need_tmp_rsa(SSL *ssl)
|
||||
|
||||
RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
|
||||
used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
|
||||
The callback is inherited by all SSL objects newly created from B<ctx>
|
||||
with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
|
||||
|
||||
SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
|
||||
B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
|
||||
with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
|
||||
|
||||
SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
|
||||
for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
|
||||
with a keysize larger than 512 bits is installed.
|
||||
|
||||
SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
|
||||
|
||||
SSL_set_tmp_rsa() sets the key only for B<ssl>.
|
||||
|
||||
SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
|
||||
for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
|
||||
with a keysize larger than 512 bits is installed.
|
||||
|
||||
These functions apply to SSL/TLS servers only.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
When using a cipher with RSA authentication, an ephemeral RSA key exchange
|
||||
can take place. In this case the session data are negotiated using the
|
||||
ephemeral/temporary RSA key and the RSA key supplied and certified
|
||||
by the certificate chain is only used for signing.
|
||||
|
||||
Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
|
||||
than the usual key length of 1024 bits were created. To use these ciphers
|
||||
with RSA keys of usual length, an ephemeral key exchange must be performed,
|
||||
as the normal (certified) key cannot be directly used.
|
||||
|
||||
Using ephemeral RSA key exchange yields forward secrecy, as the connection
|
||||
can only be decrypted, when the RSA key is known. By generating a temporary
|
||||
RSA key inside the server application that is lost when the application
|
||||
is left, it becomes impossible for an attacker to decrypt past sessions,
|
||||
even if he gets hold of the normal (certified) RSA key, as this key was
|
||||
used for signing only. The downside is that creating a RSA key is
|
||||
computationally expensive.
|
||||
|
||||
Additionally, the use of ephemeral RSA key exchange is only allowed in
|
||||
the TLS standard, when the RSA key can be used for signing only, that is
|
||||
for export ciphers. Using ephemeral RSA key exchange for other purposes
|
||||
violates the standard and can break interoperability with clients.
|
||||
It is therefore strongly recommended to not use ephemeral RSA key
|
||||
exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead
|
||||
in order to achieve forward secrecy (see
|
||||
L<SSL_CTX_set_tmp_dh_callback(3)>).
|
||||
|
||||
An application may either directly specify the key or can supply the key via a
|
||||
callback function. The callback approach has the advantage, that the callback
|
||||
may generate the key only in case it is actually needed. As the generation of a
|
||||
RSA key is however costly, it will lead to a significant delay in the handshake
|
||||
procedure. Another advantage of the callback function is that it can supply
|
||||
keys of different size while the explicit setting of the key is only useful for
|
||||
key size of 512 bits to satisfy the export restricted ciphers and does give
|
||||
away key length if a longer key would be allowed.
|
||||
|
||||
The B<tmp_rsa_callback> is called with the B<keylength> needed and
|
||||
the B<is_export> information. The B<is_export> flag is set, when the
|
||||
ephemeral RSA key exchange is performed with an export cipher.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
|
||||
generation of a RSA key costs a lot of computer time, they saved for later
|
||||
reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
|
||||
respectively are generated.
|
||||
|
||||
...
|
||||
/* Set up ephemeral RSA stuff */
|
||||
RSA *rsa_512 = NULL;
|
||||
RSA *rsa_1024 = NULL;
|
||||
|
||||
rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
|
||||
if (rsa_512 == NULL)
|
||||
evaluate_error_queue();
|
||||
|
||||
rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
|
||||
if (rsa_1024 == NULL)
|
||||
evaluate_error_queue();
|
||||
|
||||
...
|
||||
|
||||
RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
|
||||
{
|
||||
RSA *rsa_tmp=NULL;
|
||||
|
||||
switch (keylength) {
|
||||
case 512:
|
||||
if (rsa_512)
|
||||
rsa_tmp = rsa_512;
|
||||
else { /* generate on the fly, should not happen in this example */
|
||||
rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
|
||||
rsa_512 = rsa_tmp; /* Remember for later reuse */
|
||||
}
|
||||
break;
|
||||
case 1024:
|
||||
if (rsa_1024)
|
||||
rsa_tmp=rsa_1024;
|
||||
else
|
||||
should_not_happen_in_this_example();
|
||||
break;
|
||||
default:
|
||||
/* Generating a key on the fly is very costly, so use what is there */
|
||||
if (rsa_1024)
|
||||
rsa_tmp=rsa_1024;
|
||||
else
|
||||
rsa_tmp=rsa_512; /* Use at least a shorter key */
|
||||
}
|
||||
return(rsa_tmp);
|
||||
}
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
|
||||
diagnostic output.
|
||||
|
||||
SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
|
||||
on failure. Check the error queue to find out the reason of failure.
|
||||
|
||||
SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
|
||||
RSA key is needed and 0 otherwise.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>,
|
||||
L<SSL_CTX_set_options(3)>,
|
||||
L<SSL_CTX_set_tmp_dh_callback(3)>,
|
||||
L<SSL_new(3)>, L<ciphers(1)>
|
||||
|
||||
=cut
|
|
@ -331,25 +331,6 @@ Use the file path to locate trusted CA certficates.
|
|||
|
||||
=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
|
||||
|
||||
=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
|
||||
|
||||
=item SSL_CTX_set_tmp_rsa_callback
|
||||
|
||||
C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
|
||||
|
||||
Sets the callback which will be called when a temporary private key is
|
||||
required. The B<C<export>> flag will be set if the reason for needing
|
||||
a temp key is that an export ciphersuite is in use, in which case,
|
||||
B<C<keylength>> will contain the required keylength in bits. Generate a key of
|
||||
appropriate size (using ???) and return it.
|
||||
|
||||
=item SSL_set_tmp_rsa_callback
|
||||
|
||||
long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
|
||||
|
||||
The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
|
||||
session instead of a context.
|
||||
|
||||
=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
|
||||
|
||||
=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
|
||||
|
@ -713,7 +694,6 @@ L<SSL_CTX_set_session_cache_mode(3)>,
|
|||
L<SSL_CTX_set_session_id_context(3)>,
|
||||
L<SSL_CTX_set_ssl_version(3)>,
|
||||
L<SSL_CTX_set_timeout(3)>,
|
||||
L<SSL_CTX_set_tmp_rsa_callback(3)>,
|
||||
L<SSL_CTX_set_tmp_dh_callback(3)>,
|
||||
L<SSL_CTX_set_verify(3)>,
|
||||
L<SSL_CTX_use_certificate(3)>,
|
||||
|
|
|
@ -181,8 +181,6 @@ extern "C" {
|
|||
|
||||
/* These are used to specify which ciphers to use and not to use */
|
||||
|
||||
# define SSL_TXT_EXP40 "EXPORT40"
|
||||
# define SSL_TXT_EXP56 "EXPORT56"
|
||||
# define SSL_TXT_LOW "LOW"
|
||||
# define SSL_TXT_MEDIUM "MEDIUM"
|
||||
# define SSL_TXT_HIGH "HIGH"
|
||||
|
@ -268,9 +266,6 @@ extern "C" {
|
|||
# define SSL_TXT_TLSV1_1 "TLSv1.1"
|
||||
# define SSL_TXT_TLSV1_2 "TLSv1.2"
|
||||
|
||||
# define SSL_TXT_EXP "EXP"
|
||||
# define SSL_TXT_EXPORT "EXPORT"
|
||||
|
||||
# define SSL_TXT_ALL "ALL"
|
||||
|
||||
/*-
|
||||
|
@ -1113,11 +1108,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
|||
# define SSL_ERROR_WANT_CONNECT 7
|
||||
# define SSL_ERROR_WANT_ACCEPT 8
|
||||
# define SSL_ERROR_WANT_ASYNC 9
|
||||
# define SSL_CTRL_NEED_TMP_RSA 1
|
||||
# define SSL_CTRL_SET_TMP_RSA 2
|
||||
# define SSL_CTRL_SET_TMP_DH 3
|
||||
# define SSL_CTRL_SET_TMP_ECDH 4
|
||||
# define SSL_CTRL_SET_TMP_RSA_CB 5
|
||||
# define SSL_CTRL_SET_TMP_DH_CB 6
|
||||
# define SSL_CTRL_GET_SESSION_REUSED 8
|
||||
# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
|
||||
|
@ -1242,10 +1234,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
|||
SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
|
||||
# define SSL_total_renegotiations(ssl) \
|
||||
SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
|
||||
# define SSL_CTX_need_tmp_RSA(ctx) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
|
||||
# define SSL_CTX_set_tmp_rsa(ctx,rsa) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
|
||||
# define SSL_CTX_set_tmp_dh(ctx,dh) \
|
||||
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
|
||||
# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
|
||||
|
@ -1254,10 +1242,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
|||
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
|
||||
# define SSL_set_dh_auto(s, onoff) \
|
||||
SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
|
||||
# define SSL_need_tmp_RSA(ssl) \
|
||||
SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
|
||||
# define SSL_set_tmp_rsa(ssl,rsa) \
|
||||
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
|
||||
# define SSL_set_tmp_dh(ssl,dh) \
|
||||
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
|
||||
# define SSL_set_tmp_ecdh(ssl,ecdh) \
|
||||
|
@ -1749,15 +1733,6 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
|
|||
SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
|
||||
|
||||
/* NB: the keylength is only applicable when is_export is true */
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
|
||||
RSA *(*cb) (SSL *ssl, int is_export,
|
||||
int keylength));
|
||||
|
||||
void SSL_set_tmp_rsa_callback(SSL *ssl,
|
||||
RSA *(*cb) (SSL *ssl, int is_export,
|
||||
int keylength));
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_DH
|
||||
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
|
||||
DH *(*dh) (SSL *ssl, int is_export,
|
||||
|
@ -2259,7 +2234,6 @@ void ERR_load_SSL_strings(void);
|
|||
# define SSL_R_EE_KEY_TOO_SMALL 399
|
||||
# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
|
||||
# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
|
||||
# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
|
||||
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
|
||||
# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
|
||||
# define SSL_R_EXTRA_DATA_IN_MESSAGE 153
|
||||
|
@ -2294,16 +2268,12 @@ void ERR_load_SSL_strings(void);
|
|||
# define SSL_R_MISSING_DSA_SIGNING_CERT 165
|
||||
# define SSL_R_MISSING_ECDH_CERT 382
|
||||
# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
|
||||
# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
|
||||
# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
|
||||
# define SSL_R_MISSING_RSA_CERTIFICATE 168
|
||||
# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
|
||||
# define SSL_R_MISSING_RSA_SIGNING_CERT 170
|
||||
# define SSL_R_MISSING_SRP_PARAM 358
|
||||
# define SSL_R_MISSING_TMP_DH_KEY 171
|
||||
# define SSL_R_MISSING_TMP_ECDH_KEY 311
|
||||
# define SSL_R_MISSING_TMP_RSA_KEY 172
|
||||
# define SSL_R_MISSING_TMP_RSA_PKEY 173
|
||||
# define SSL_R_MISSING_VERIFY_MESSAGE 174
|
||||
# define SSL_R_MULTIPLE_SGC_RESTARTS 346
|
||||
# define SSL_R_NO_CERTIFICATES_RETURNED 176
|
||||
|
@ -2395,7 +2365,6 @@ void ERR_load_SSL_strings(void);
|
|||
# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
|
||||
# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
|
||||
# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
|
||||
# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
|
||||
# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
|
||||
# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
|
||||
# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
|
||||
|
|
|
@ -658,12 +658,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
|
|||
* using DHE everywhere, though we may indefinitely maintain aliases for
|
||||
* users or configurations that used "EDH"
|
||||
*/
|
||||
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
|
||||
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
|
||||
# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
|
||||
# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
|
||||
# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
|
||||
# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
|
||||
# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
|
||||
|
||||
# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA"
|
||||
|
|
36
ssl/s3_enc.c
36
ssl/s3_enc.c
|
@ -197,18 +197,16 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||
unsigned char *p, *mac_secret;
|
||||
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
|
||||
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
|
||||
unsigned char *ms, *key, *iv, *er1, *er2;
|
||||
unsigned char *ms, *key, *iv;
|
||||
EVP_CIPHER_CTX *dd;
|
||||
const EVP_CIPHER *c;
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
COMP_METHOD *comp;
|
||||
#endif
|
||||
const EVP_MD *m;
|
||||
EVP_MD_CTX md;
|
||||
int is_exp, n, i, j, k, cl;
|
||||
int n, i, j, k, cl;
|
||||
int reuse_dd = 0;
|
||||
|
||||
is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
||||
c = s->s3->tmp.new_sym_enc;
|
||||
m = s->s3->tmp.new_hash;
|
||||
/* m == NULL will lead to a crash later */
|
||||
|
@ -295,9 +293,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||
if (i < 0)
|
||||
goto err2;
|
||||
cl = EVP_CIPHER_key_length(c);
|
||||
j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
||||
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
||||
/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
|
||||
j = cl;
|
||||
k = EVP_CIPHER_iv_length(c);
|
||||
if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
|
||||
(which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
|
||||
|
@ -307,8 +303,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||
n += j + j;
|
||||
iv = &(p[n]);
|
||||
n += k + k;
|
||||
er1 = &(s->s3->client_random[0]);
|
||||
er2 = &(s->s3->server_random[0]);
|
||||
} else {
|
||||
n = i;
|
||||
ms = &(p[n]);
|
||||
|
@ -317,8 +311,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||
n += j + k;
|
||||
iv = &(p[n]);
|
||||
n += k;
|
||||
er1 = &(s->s3->server_random[0]);
|
||||
er2 = &(s->s3->client_random[0]);
|
||||
}
|
||||
|
||||
if (n > s->s3->tmp.key_block_length) {
|
||||
|
@ -326,28 +318,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||
goto err2;
|
||||
}
|
||||
|
||||
EVP_MD_CTX_init(&md);
|
||||
memcpy(mac_secret, ms, i);
|
||||
if (is_exp) {
|
||||
/*
|
||||
* In here I set both the read and write key/iv to the same value
|
||||
* since only the correct one will be used :-).
|
||||
*/
|
||||
EVP_DigestInit_ex(&md, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&md, key, j);
|
||||
EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
|
||||
EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
|
||||
EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL);
|
||||
key = &(exp_key[0]);
|
||||
|
||||
if (k > 0) {
|
||||
EVP_DigestInit_ex(&md, EVP_md5(), NULL);
|
||||
EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
|
||||
EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
|
||||
EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL);
|
||||
iv = &(exp_iv[0]);
|
||||
}
|
||||
}
|
||||
|
||||
EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
|
||||
|
||||
|
@ -370,7 +341,6 @@ int ssl3_change_cipher_state(SSL *s, int which)
|
|||
|
||||
OPENSSL_cleanse(exp_key, sizeof(exp_key));
|
||||
OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
|
||||
EVP_MD_CTX_cleanup(&md);
|
||||
return (1);
|
||||
err:
|
||||
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
|
||||
|
|
700
ssl/s3_lib.c
700
ssl/s3_lib.c
File diff suppressed because it is too large
Load diff
|
@ -195,14 +195,6 @@ CERT *ssl_cert_dup(CERT *cert)
|
|||
ret->references = 1;
|
||||
ret->key = &ret->pkeys[cert->key - cert->pkeys];
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (cert->rsa_tmp != NULL) {
|
||||
RSA_up_ref(cert->rsa_tmp);
|
||||
ret->rsa_tmp = cert->rsa_tmp;
|
||||
}
|
||||
ret->rsa_tmp_cb = cert->rsa_tmp_cb;
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
if (cert->dh_tmp != NULL) {
|
||||
ret->dh_tmp = DHparams_dup(cert->dh_tmp);
|
||||
|
@ -377,9 +369,6 @@ void ssl_cert_free(CERT *c)
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
RSA_free(c->rsa_tmp);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
DH_free(c->dh_tmp);
|
||||
#endif
|
||||
|
|
|
@ -399,13 +399,7 @@ static const SSL_CIPHER cipher_aliases[] = {
|
|||
{0, "TLSv1.0", 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0},
|
||||
{0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0},
|
||||
|
||||
/* export flag */
|
||||
{0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
|
||||
{0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
|
||||
|
||||
/* strength classes */
|
||||
{0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0},
|
||||
{0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0},
|
||||
{0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0},
|
||||
{0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},
|
||||
{0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0},
|
||||
|
@ -413,24 +407,12 @@ static const SSL_CIPHER cipher_aliases[] = {
|
|||
{0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0},
|
||||
|
||||
/* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
|
||||
{0, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 0,
|
||||
SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_EXPORT | SSL_EXP40,
|
||||
0, 0, 0,},
|
||||
{0, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 0,
|
||||
SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP | SSL_LOW,
|
||||
0, 0, 0,},
|
||||
{0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0,
|
||||
SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,},
|
||||
{0, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 0,
|
||||
SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_EXPORT | SSL_EXP40,
|
||||
0, 0, 0,},
|
||||
{0, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 0,
|
||||
SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP | SSL_LOW,
|
||||
0, 0, 0,},
|
||||
SSL_HIGH | SSL_FIPS, 0, 0, 0,},
|
||||
{0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0,
|
||||
SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,},
|
||||
SSL_HIGH | SSL_FIPS, 0, 0, 0,},
|
||||
|
||||
};
|
||||
|
||||
|
@ -982,11 +964,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
|
|||
continue;
|
||||
if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
|
||||
continue;
|
||||
if ((algo_strength & SSL_EXP_MASK)
|
||||
&& !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
|
||||
continue;
|
||||
if ((algo_strength & SSL_STRONG_MASK)
|
||||
&& !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
|
||||
if (algo_strength && !(algo_strength & cp->algo_strength))
|
||||
continue;
|
||||
if ((algo_strength & SSL_DEFAULT_MASK)
|
||||
&& !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
|
||||
|
@ -1249,31 +1227,15 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
|||
alg_mac = ca_list[j]->algorithm_mac;
|
||||
}
|
||||
|
||||
if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
|
||||
if (algo_strength & SSL_EXP_MASK) {
|
||||
algo_strength &=
|
||||
(ca_list[j]->algo_strength & SSL_EXP_MASK) |
|
||||
~SSL_EXP_MASK;
|
||||
if (!(algo_strength & SSL_EXP_MASK)) {
|
||||
if (ca_list[j]->algo_strength) {
|
||||
if (algo_strength) {
|
||||
algo_strength &= ca_list[j]->algo_strength;
|
||||
if (!algo_strength) {
|
||||
found = 0;
|
||||
break;
|
||||
}
|
||||
} else
|
||||
algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
|
||||
}
|
||||
|
||||
if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
|
||||
if (algo_strength & SSL_STRONG_MASK) {
|
||||
algo_strength &=
|
||||
(ca_list[j]->algo_strength & SSL_STRONG_MASK) |
|
||||
~SSL_STRONG_MASK;
|
||||
if (!(algo_strength & SSL_STRONG_MASK)) {
|
||||
found = 0;
|
||||
break;
|
||||
}
|
||||
} else
|
||||
algo_strength |=
|
||||
ca_list[j]->algo_strength & SSL_STRONG_MASK;
|
||||
algo_strength = ca_list[j]->algo_strength;
|
||||
}
|
||||
|
||||
if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
|
||||
|
@ -1625,12 +1587,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
|
|||
|
||||
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
{
|
||||
int is_export, pkl, kl;
|
||||
const char *ver, *exp_str;
|
||||
const char *ver;
|
||||
const char *kx, *au, *enc, *mac;
|
||||
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
|
||||
static const char *format =
|
||||
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
|
||||
"%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
|
||||
|
||||
alg_mkey = cipher->algorithm_mkey;
|
||||
alg_auth = cipher->algorithm_auth;
|
||||
|
@ -1638,11 +1599,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
|||
alg_mac = cipher->algorithm_mac;
|
||||
alg_ssl = cipher->algorithm_ssl;
|
||||
|
||||
is_export = SSL_C_IS_EXPORT(cipher);
|
||||
pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
|
||||
kl = SSL_C_EXPORT_KEYLENGTH(cipher);
|
||||
exp_str = is_export ? " export" : "";
|
||||
|
||||
if (alg_ssl & SSL_SSLV3)
|
||||
ver = "SSLv3";
|
||||
else if (alg_ssl & SSL_TLSV1)
|
||||
|
@ -1654,7 +1610,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
|||
|
||||
switch (alg_mkey) {
|
||||
case SSL_kRSA:
|
||||
kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA";
|
||||
kx = "RSA";
|
||||
break;
|
||||
case SSL_kDHr:
|
||||
kx = "DH/RSA";
|
||||
|
@ -1663,7 +1619,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
|||
kx = "DH/DSS";
|
||||
break;
|
||||
case SSL_kDHE:
|
||||
kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH";
|
||||
kx = "DH";
|
||||
break;
|
||||
case SSL_kECDHr:
|
||||
kx = "ECDH/RSA";
|
||||
|
@ -1735,16 +1691,16 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
|||
|
||||
switch (alg_enc) {
|
||||
case SSL_DES:
|
||||
enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)";
|
||||
enc = "DES(56)";
|
||||
break;
|
||||
case SSL_3DES:
|
||||
enc = "3DES(168)";
|
||||
break;
|
||||
case SSL_RC4:
|
||||
enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)") : "RC4(128)";
|
||||
enc = "RC4(128)";
|
||||
break;
|
||||
case SSL_RC2:
|
||||
enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)";
|
||||
enc = "RC2(128)";
|
||||
break;
|
||||
case SSL_IDEA:
|
||||
enc = "IDEA(128)";
|
||||
|
@ -1834,8 +1790,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
|||
} else if (len < 128)
|
||||
return ("Buffer too small");
|
||||
|
||||
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
|
||||
exp_str);
|
||||
BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
|
||||
|
||||
return (buf);
|
||||
}
|
||||
|
|
|
@ -517,8 +517,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||
"empty srtp protection profile list"},
|
||||
{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
|
||||
"encrypted length too long"},
|
||||
{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),
|
||||
"error generating tmp rsa key"},
|
||||
{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
|
||||
"error in received cipher list"},
|
||||
{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
|
||||
|
@ -559,10 +557,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||
{ERR_REASON(SSL_R_MISSING_ECDH_CERT), "missing ecdh cert"},
|
||||
{ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT),
|
||||
"missing ecdsa signing cert"},
|
||||
{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),
|
||||
"missing export tmp dh key"},
|
||||
{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),
|
||||
"missing export tmp rsa key"},
|
||||
{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
|
||||
{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),
|
||||
"missing rsa encrypting cert"},
|
||||
|
@ -570,8 +564,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||
{ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
|
||||
{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
|
||||
{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
|
||||
{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY), "missing tmp rsa key"},
|
||||
{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY), "missing tmp rsa pkey"},
|
||||
{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"},
|
||||
{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS), "multiple sgc restarts"},
|
||||
{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
|
||||
|
@ -705,8 +697,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
|
|||
"tlsv1 alert decryption failed"},
|
||||
{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
|
||||
"tlsv1 alert decrypt error"},
|
||||
{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
|
||||
"tlsv1 alert export restriction"},
|
||||
{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
|
||||
"tlsv1 alert inappropriate fallback"},
|
||||
{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
|
||||
|
|
115
ssl/ssl_lib.c
115
ssl/ssl_lib.c
|
@ -2004,65 +2004,44 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
|
|||
CERT_PKEY *cpk;
|
||||
CERT *c = s->cert;
|
||||
uint32_t *pvalid = s->s3->tmp.valid_flags;
|
||||
int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
|
||||
int rsa_enc_export, dh_rsa_export, dh_dsa_export;
|
||||
int rsa_tmp_export, dh_tmp_export, kl;
|
||||
unsigned long mask_k, mask_a, emask_k, emask_a;
|
||||
int rsa_enc, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
|
||||
unsigned long mask_k, mask_a;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
|
||||
int have_ecc_cert, ecdsa_ok;
|
||||
int ecdh_ok;
|
||||
X509 *x = NULL;
|
||||
EVP_PKEY *ecc_pkey = NULL;
|
||||
int pk_nid = 0, md_nid = 0;
|
||||
#endif
|
||||
if (c == NULL)
|
||||
return;
|
||||
|
||||
kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
|
||||
rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
|
||||
(rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl));
|
||||
#else
|
||||
rsa_tmp = rsa_tmp_export = 0;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
|
||||
dh_tmp_export = !c->dh_tmp_auto && (c->dh_tmp_cb != NULL ||
|
||||
(dh_tmp
|
||||
&& DH_size(c->dh_tmp) * 8 <= kl));
|
||||
#else
|
||||
dh_tmp = dh_tmp_export = 0;
|
||||
dh_tmp = 0;
|
||||
#endif
|
||||
|
||||
cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
|
||||
rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID;
|
||||
rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
|
||||
cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
|
||||
rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN;
|
||||
cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
|
||||
dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN;
|
||||
cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
|
||||
dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID;
|
||||
dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
|
||||
cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
|
||||
dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID;
|
||||
dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
|
||||
cpk = &(c->pkeys[SSL_PKEY_ECC]);
|
||||
#ifndef OPENSSL_NO_EC
|
||||
have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
|
||||
#endif
|
||||
mask_k = 0;
|
||||
mask_a = 0;
|
||||
emask_k = 0;
|
||||
emask_a = 0;
|
||||
|
||||
#ifdef CIPHER_DEBUG
|
||||
fprintf(stderr,
|
||||
"rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
|
||||
rsa_tmp, rsa_tmp_export, dh_tmp, rsa_enc,
|
||||
rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
|
||||
"dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n",
|
||||
dh_tmp, rsa_enc, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_GOST
|
||||
|
@ -2083,42 +2062,30 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
|
|||
}
|
||||
#endif
|
||||
|
||||
if (rsa_enc || (rsa_tmp && rsa_sign))
|
||||
if (rsa_enc)
|
||||
mask_k |= SSL_kRSA;
|
||||
if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
|
||||
emask_k |= SSL_kRSA;
|
||||
|
||||
if (dh_tmp_export)
|
||||
emask_k |= SSL_kDHE;
|
||||
|
||||
if (dh_tmp)
|
||||
mask_k |= SSL_kDHE;
|
||||
|
||||
if (dh_rsa)
|
||||
mask_k |= SSL_kDHr;
|
||||
if (dh_rsa_export)
|
||||
emask_k |= SSL_kDHr;
|
||||
|
||||
if (dh_dsa)
|
||||
mask_k |= SSL_kDHd;
|
||||
if (dh_dsa_export)
|
||||
emask_k |= SSL_kDHd;
|
||||
|
||||
if (mask_k & (SSL_kDHr | SSL_kDHd))
|
||||
mask_a |= SSL_aDH;
|
||||
|
||||
if (rsa_enc || rsa_sign) {
|
||||
mask_a |= SSL_aRSA;
|
||||
emask_a |= SSL_aRSA;
|
||||
}
|
||||
|
||||
if (dsa_sign) {
|
||||
mask_a |= SSL_aDSS;
|
||||
emask_a |= SSL_aDSS;
|
||||
}
|
||||
|
||||
mask_a |= SSL_aNULL;
|
||||
emask_a |= SSL_aNULL;
|
||||
|
||||
/*
|
||||
* An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
|
||||
|
@ -2134,47 +2101,32 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
|
|||
ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
|
||||
if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
|
||||
ecdsa_ok = 0;
|
||||
ecc_pkey = X509_get_pubkey(x);
|
||||
ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0;
|
||||
EVP_PKEY_free(ecc_pkey);
|
||||
OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);
|
||||
if (ecdh_ok) {
|
||||
|
||||
if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
|
||||
mask_k |= SSL_kECDHr;
|
||||
mask_a |= SSL_aECDH;
|
||||
if (ecc_pkey_size <= 163) {
|
||||
emask_k |= SSL_kECDHr;
|
||||
emask_a |= SSL_aECDH;
|
||||
}
|
||||
}
|
||||
|
||||
if (pk_nid == NID_X9_62_id_ecPublicKey) {
|
||||
mask_k |= SSL_kECDHe;
|
||||
mask_a |= SSL_aECDH;
|
||||
if (ecc_pkey_size <= 163) {
|
||||
emask_k |= SSL_kECDHe;
|
||||
emask_a |= SSL_aECDH;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (ecdsa_ok) {
|
||||
mask_a |= SSL_aECDSA;
|
||||
emask_a |= SSL_aECDSA;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
mask_k |= SSL_kECDHE;
|
||||
emask_k |= SSL_kECDHE;
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
mask_k |= SSL_kPSK;
|
||||
mask_a |= SSL_aPSK;
|
||||
emask_k |= SSL_kPSK;
|
||||
emask_a |= SSL_aPSK;
|
||||
if (mask_k & SSL_kRSA)
|
||||
mask_k |= SSL_kRSAPSK;
|
||||
if (mask_k & SSL_kDHE)
|
||||
|
@ -2185,8 +2137,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
|
|||
|
||||
s->s3->tmp.mask_k = mask_k;
|
||||
s->s3->tmp.mask_a = mask_a;
|
||||
s->s3->tmp.export_mask_k = emask_k;
|
||||
s->s3->tmp.export_mask_a = emask_a;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
|
@ -2194,8 +2144,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
|
|||
int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
||||
{
|
||||
unsigned long alg_k, alg_a;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
int keysize = 0;
|
||||
int md_nid = 0, pk_nid = 0;
|
||||
const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
|
||||
uint32_t ex_kusage = X509_get_key_usage(x);
|
||||
|
@ -2203,17 +2151,6 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
|
|||
alg_k = cs->algorithm_mkey;
|
||||
alg_a = cs->algorithm_auth;
|
||||
|
||||
if (SSL_C_IS_EXPORT(cs)) {
|
||||
/* ECDH key length in export ciphers must be <= 163 bits */
|
||||
pkey = X509_get_pubkey(x);
|
||||
if (pkey == NULL)
|
||||
return 0;
|
||||
keysize = EVP_PKEY_bits(pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (keysize > 163)
|
||||
return 0;
|
||||
}
|
||||
|
||||
OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid);
|
||||
|
||||
if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
|
||||
|
@ -3078,44 +3015,6 @@ int SSL_want(const SSL *s)
|
|||
return (s->rwstate);
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Set the callback for generating temporary RSA keys.
|
||||
* \param ctx the SSL context.
|
||||
* \param cb the callback
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl,
|
||||
int is_export,
|
||||
int keylength))
|
||||
{
|
||||
SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
|
||||
}
|
||||
|
||||
void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl,
|
||||
int is_export,
|
||||
int keylength))
|
||||
{
|
||||
SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef DOXYGEN
|
||||
/**
|
||||
* \brief The RSA temporary key callback function.
|
||||
* \param ssl the SSL session.
|
||||
* \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
|
||||
* \param keylength if \c is_export is \c TRUE, then \c keylength is the size
|
||||
* of the required key in bits.
|
||||
* \return the temporary RSA key.
|
||||
* \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
|
||||
*/
|
||||
|
||||
RSA *cb(SSL *ssl, int is_export, int keylength)
|
||||
{
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Set the callback for generating temporary DH keys.
|
||||
* \param ctx the SSL context.
|
||||
|
|
|
@ -438,68 +438,16 @@
|
|||
*/
|
||||
# define TLS1_STREAM_MAC 0x10000
|
||||
|
||||
/*
|
||||
* Export and cipher strength information. For each cipher we have to decide
|
||||
* whether it is exportable or not. This information is likely to change
|
||||
* over time, since the export control rules are no static technical issue.
|
||||
*
|
||||
* Independent of the export flag the cipher strength is sorted into classes.
|
||||
* SSL_EXP40 was denoting the 40bit US export limit of past times, which now
|
||||
* is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
|
||||
* again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
|
||||
* since SSL_EXP64 could be similar to SSL_LOW.
|
||||
* For this reason SSL_MICRO and SSL_MINI macros are included to widen the
|
||||
* namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
|
||||
* and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
|
||||
* be possible.
|
||||
*/
|
||||
# define SSL_EXP_MASK 0x00000003U
|
||||
# define SSL_STRONG_MASK 0x000001fcU
|
||||
# define SSL_DEFAULT_MASK 0X00000200U
|
||||
# define SSL_DEFAULT_MASK 0X00000020U
|
||||
|
||||
# define SSL_NOT_EXP 0x00000001U
|
||||
# define SSL_EXPORT 0x00000002U
|
||||
# define SSL_STRONG_NONE 0x00000001U
|
||||
# define SSL_LOW 0x00000002U
|
||||
# define SSL_MEDIUM 0x00000004U
|
||||
# define SSL_HIGH 0x00000008U
|
||||
# define SSL_FIPS 0x00000010U
|
||||
# define SSL_NOT_DEFAULT 0x00000020U
|
||||
|
||||
# define SSL_STRONG_NONE 0x00000004U
|
||||
# define SSL_EXP40 0x00000008U
|
||||
# define SSL_MICRO (SSL_EXP40)
|
||||
# define SSL_EXP56 0x00000010U
|
||||
# define SSL_MINI (SSL_EXP56)
|
||||
# define SSL_LOW 0x00000020U
|
||||
# define SSL_MEDIUM 0x00000040U
|
||||
# define SSL_HIGH 0x00000080U
|
||||
# define SSL_FIPS 0x00000100U
|
||||
|
||||
# define SSL_NOT_DEFAULT 0x00000200U
|
||||
|
||||
/* we have used 000003ff - 22 bits left to go */
|
||||
|
||||
/*-
|
||||
* Macros to check the export status and cipher strength for export ciphers.
|
||||
* Even though the macros for EXPORT and EXPORT40/56 have similar names,
|
||||
* their meaning is different:
|
||||
* *_EXPORT macros check the 'exportable' status.
|
||||
* *_EXPORT40/56 macros are used to check whether a certain cipher strength
|
||||
* is given.
|
||||
* Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
|
||||
* algorithm structure element to be passed (algorithms, algo_strength) and no
|
||||
* typechecking can be done as they are all of type unsigned long, their
|
||||
* direct usage is discouraged.
|
||||
* Use the SSL_C_* macros instead.
|
||||
*/
|
||||
# define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
|
||||
# define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
|
||||
# define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
|
||||
# define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
|
||||
# define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
|
||||
# define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
|
||||
|
||||
# define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
|
||||
(a) == SSL_DES ? 8 : 7)
|
||||
# define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
|
||||
# define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
|
||||
(c)->algo_strength)
|
||||
# define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
|
||||
/* we have used 0000003f - 26 bits left to go */
|
||||
|
||||
/* Check if an SSL structure is using DTLS */
|
||||
# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
|
||||
|
@ -550,8 +498,7 @@
|
|||
# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1
|
||||
|
||||
/*-
|
||||
* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
|
||||
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
|
||||
* SSL_kRSA <- RSA_ENC
|
||||
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
|
||||
* SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
|
||||
* SSL_aRSA <- RSA_ENC | RSA_SIGN
|
||||
|
@ -1300,7 +1247,6 @@ typedef struct ssl3_state_st {
|
|||
int ctype_num;
|
||||
char ctype[SSL3_CT_NUMBER];
|
||||
STACK_OF(X509_NAME) *ca_names;
|
||||
int use_rsa_tmp;
|
||||
int key_block_length;
|
||||
unsigned char *key_block;
|
||||
const EVP_CIPHER *new_sym_enc;
|
||||
|
@ -1349,8 +1295,6 @@ typedef struct ssl3_state_st {
|
|||
*/
|
||||
uint32_t mask_k;
|
||||
uint32_t mask_a;
|
||||
uint32_t export_mask_k;
|
||||
uint32_t export_mask_a;
|
||||
/* Client only */
|
||||
uint32_t mask_ssl;
|
||||
} tmp;
|
||||
|
@ -1392,9 +1336,6 @@ typedef struct ssl3_state_st {
|
|||
# endif /* !OPENSSL_NO_EC */
|
||||
|
||||
/* For clients: peer temporary key */
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
RSA *peer_rsa_tmp;
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_DH
|
||||
DH *peer_dh_tmp;
|
||||
# endif
|
||||
|
@ -1559,10 +1500,6 @@ typedef struct cert_st {
|
|||
* an index, not a pointer.
|
||||
*/
|
||||
CERT_PKEY *key;
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
RSA *rsa_tmp;
|
||||
RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize);
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_DH
|
||||
DH *dh_tmp;
|
||||
DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
|
||||
|
|
|
@ -211,30 +211,6 @@ static int key_exchange_expected(SSL *s)
|
|||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Export ciphersuites may have temporary RSA keys if the public key in the
|
||||
* server certificate is longer than the maximum export strength
|
||||
*/
|
||||
if ((alg_k & SSL_kRSA) && SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
pkey = X509_get_pubkey(s->session->peer);
|
||||
if (pkey == NULL)
|
||||
return -1;
|
||||
|
||||
/*
|
||||
* If the public key in the certificate is shorter than or equal to the
|
||||
* maximum export strength then a temporary RSA key is not allowed
|
||||
*/
|
||||
if (EVP_PKEY_bits(pkey)
|
||||
<= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|
||||
return 0;
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1622,10 +1598,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
|
|||
|
||||
save_param_start = *pkt;
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
RSA_free(s->s3->peer_rsa_tmp);
|
||||
s->s3->peer_rsa_tmp = NULL;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
DH_free(s->s3->peer_dh_tmp);
|
||||
s->s3->peer_dh_tmp = NULL;
|
||||
|
@ -1709,51 +1681,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
|
|||
/* We must check if there is a certificate */
|
||||
if (alg_a & (SSL_aRSA|SSL_aDSS))
|
||||
pkey = X509_get_pubkey(s->session->peer);
|
||||
} else
|
||||
#endif /* !OPENSSL_NO_SRP */
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (alg_k & SSL_kRSA) {
|
||||
PACKET mod, exp;
|
||||
/* Temporary RSA keys only allowed in export ciphersuites */
|
||||
if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
|
||||
al = SSL_AD_UNEXPECTED_MESSAGE;
|
||||
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
if (!PACKET_get_length_prefixed_2(pkt, &mod)
|
||||
|| !PACKET_get_length_prefixed_2(pkt, &exp)) {
|
||||
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
if ((rsa = RSA_new()) == NULL) {
|
||||
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((rsa->n = BN_bin2bn(PACKET_data(&mod), PACKET_remaining(&mod),
|
||||
rsa->n)) == NULL
|
||||
|| (rsa->e = BN_bin2bn(PACKET_data(&exp), PACKET_remaining(&exp),
|
||||
rsa->e)) == NULL) {
|
||||
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* this should be because we are using an export cipher */
|
||||
if (alg_a & SSL_aRSA)
|
||||
pkey = X509_get_pubkey(s->session->peer);
|
||||
else {
|
||||
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
s->s3->peer_rsa_tmp = rsa;
|
||||
rsa = NULL;
|
||||
}
|
||||
#else /* OPENSSL_NO_RSA */
|
||||
if (0) ;
|
||||
#endif
|
||||
#endif /* !OPENSSL_NO_SRP */
|
||||
#ifndef OPENSSL_NO_DH
|
||||
else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
|
||||
PACKET prime, generator, pub_key;
|
||||
|
@ -1850,14 +1779,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
|
|||
|
||||
group = EC_KEY_get0_group(ecdh);
|
||||
|
||||
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
|
||||
(EC_GROUP_get_degree(group) > 163)) {
|
||||
al = SSL_AD_EXPORT_RESTRICTION;
|
||||
SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE,
|
||||
SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
/* Next, get the encoded ECPoint */
|
||||
if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
|
||||
((bn_ctx = BN_CTX_new()) == NULL)) {
|
||||
|
@ -2445,20 +2366,16 @@ psk_err:
|
|||
goto err;
|
||||
}
|
||||
|
||||
if (s->s3->peer_rsa_tmp != NULL)
|
||||
rsa = s->s3->peer_rsa_tmp;
|
||||
else {
|
||||
pkey = X509_get_pubkey(s->session->peer);
|
||||
if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
|
||||
|| (pkey->pkey.rsa == NULL)) {
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
EVP_PKEY_free(pkey);
|
||||
goto err;
|
||||
}
|
||||
rsa = pkey->pkey.rsa;
|
||||
pkey = X509_get_pubkey(s->session->peer);
|
||||
if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
|
||||
|| (pkey->pkey.rsa == NULL)) {
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
EVP_PKEY_free(pkey);
|
||||
goto err;
|
||||
}
|
||||
rsa = pkey->pkey.rsa;
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
pms[0] = s->client_version >> 8;
|
||||
pms[1] = s->client_version & 0xff;
|
||||
|
@ -3178,10 +3095,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
|
|||
int i, idx;
|
||||
long alg_k, alg_a;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
int pkey_bits;
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
RSA *rsa;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
DH *dh;
|
||||
#endif
|
||||
|
@ -3193,9 +3106,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
|
|||
/* we don't have a certificate */
|
||||
if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK))
|
||||
return (1);
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
rsa = s->s3->peer_rsa_tmp;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
dh = s->s3->peer_dh_tmp;
|
||||
#endif
|
||||
|
@ -3222,7 +3132,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
|
|||
}
|
||||
#endif
|
||||
pkey = X509_get_pubkey(s->session->peer);
|
||||
pkey_bits = EVP_PKEY_bits(pkey);
|
||||
i = X509_certificate_type(s->session->peer, pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
|
@ -3240,27 +3149,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
|
|||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
|
||||
if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
|
||||
!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
|
||||
SSL_R_MISSING_RSA_ENCRYPTING_CERT);
|
||||
goto f_err;
|
||||
} else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
|
||||
if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
|
||||
if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
|
||||
SSL_R_MISSING_RSA_ENCRYPTING_CERT);
|
||||
goto f_err;
|
||||
}
|
||||
if (rsa != NULL) {
|
||||
/* server key exchange is not allowed. */
|
||||
al = SSL_AD_INTERNAL_ERROR;
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
|
||||
goto f_err;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (alg_k & (SSL_kRSA | SSL_kRSAPSK) &&
|
||||
!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
|
||||
SSL_R_MISSING_RSA_ENCRYPTING_CERT);
|
||||
goto f_err;
|
||||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
|
@ -3284,48 +3177,6 @@ int ssl3_check_cert_and_algorithm(SSL *s)
|
|||
# endif
|
||||
#endif
|
||||
|
||||
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
|
||||
pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (alg_k & SSL_kRSA) {
|
||||
if (rsa == NULL) {
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
|
||||
SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
|
||||
goto f_err;
|
||||
} else if (RSA_bits(rsa) >
|
||||
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
|
||||
/* We have a temporary RSA key but it's too large. */
|
||||
al = SSL_AD_EXPORT_RESTRICTION;
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
|
||||
SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
|
||||
goto f_err;
|
||||
}
|
||||
} else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
if (alg_k & SSL_kDHE) {
|
||||
if (DH_bits(dh) >
|
||||
SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
|
||||
/* We have a temporary DH key but it's too large. */
|
||||
al = SSL_AD_EXPORT_RESTRICTION;
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
|
||||
SSL_R_MISSING_EXPORT_TMP_DH_KEY);
|
||||
goto f_err;
|
||||
}
|
||||
} else if (alg_k & (SSL_kDHr | SSL_kDHd)) {
|
||||
/* The cert should have had an export DH key. */
|
||||
al = SSL_AD_EXPORT_RESTRICTION;
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
|
||||
SSL_R_MISSING_EXPORT_TMP_DH_KEY);
|
||||
goto f_err;
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
|
||||
SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
|
||||
goto f_err;
|
||||
}
|
||||
}
|
||||
return (1);
|
||||
f_err:
|
||||
ssl3_send_alert(s, SSL3_AL_FATAL, al);
|
||||
|
|
|
@ -315,7 +315,7 @@ static int send_server_key_exchange(SSL *s)
|
|||
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
|
||||
|
||||
/*
|
||||
* only send a ServerKeyExchange if DH, fortezza or RSA but we have a
|
||||
* only send a ServerKeyExchange if DH or fortezza but we have a
|
||||
* sign only certificate PSK: may send PSK identity hints For
|
||||
* ECC ciphersuites, we send a serverKeyExchange message only if
|
||||
* the cipher suite is either ECDH-anon or ECDHE. In other cases,
|
||||
|
@ -324,15 +324,6 @@ static int send_server_key_exchange(SSL *s)
|
|||
*/
|
||||
if ( (alg_k & SSL_kDHE)
|
||||
|| (alg_k & SSL_kECDHE)
|
||||
|| ((alg_k & SSL_kRSA)
|
||||
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|
||||
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
|
||||
&& EVP_PKEY_size(s->cert->pkeys
|
||||
[SSL_PKEY_RSA_ENC].privatekey) *
|
||||
8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
|
||||
)
|
||||
)
|
||||
)
|
||||
/*
|
||||
* PSK: send ServerKeyExchange if PSK identity hint if
|
||||
* provided
|
||||
|
@ -1723,9 +1714,6 @@ int tls_construct_server_done(SSL *s)
|
|||
|
||||
int tls_construct_server_key_exchange(SSL *s)
|
||||
{
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
RSA *rsa;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
DH *dh = NULL, *dhp;
|
||||
#endif
|
||||
|
@ -1769,35 +1757,6 @@ int tls_construct_server_key_exchange(SSL *s)
|
|||
if (type & (SSL_kPSK | SSL_kRSAPSK)) {
|
||||
} else
|
||||
#endif /* !OPENSSL_NO_PSK */
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (type & SSL_kRSA) {
|
||||
rsa = cert->rsa_tmp;
|
||||
if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
|
||||
rsa = s->cert->rsa_tmp_cb(s,
|
||||
SSL_C_IS_EXPORT(s->s3->
|
||||
tmp.new_cipher),
|
||||
SSL_C_EXPORT_PKEYLENGTH(s->s3->
|
||||
tmp.new_cipher));
|
||||
if (rsa == NULL) {
|
||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
|
||||
SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
|
||||
goto f_err;
|
||||
}
|
||||
RSA_up_ref(rsa);
|
||||
cert->rsa_tmp = rsa;
|
||||
}
|
||||
if (rsa == NULL) {
|
||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
|
||||
SSL_R_MISSING_TMP_RSA_KEY);
|
||||
goto f_err;
|
||||
}
|
||||
r[0] = rsa->n;
|
||||
r[1] = rsa->e;
|
||||
s->s3->tmp.use_rsa_tmp = 1;
|
||||
} else
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
if (type & (SSL_kDHE | SSL_kDHEPSK)) {
|
||||
if (s->cert->dh_tmp_auto) {
|
||||
|
@ -1811,11 +1770,7 @@ int tls_construct_server_key_exchange(SSL *s)
|
|||
} else
|
||||
dhp = cert->dh_tmp;
|
||||
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
|
||||
dhp = s->cert->dh_tmp_cb(s,
|
||||
SSL_C_IS_EXPORT(s->s3->
|
||||
tmp.new_cipher),
|
||||
SSL_C_EXPORT_PKEYLENGTH(s->s3->
|
||||
tmp.new_cipher));
|
||||
dhp = s->cert->dh_tmp_cb(s, 0, 1024);
|
||||
if (dhp == NULL) {
|
||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
|
||||
|
@ -1903,13 +1858,6 @@ int tls_construct_server_key_exchange(SSL *s)
|
|||
goto err;
|
||||
}
|
||||
|
||||
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
|
||||
(EC_GROUP_get_degree(group) > 163)) {
|
||||
SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
|
||||
SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
* XXX: For now, we only support ephemeral ECDH keys over named
|
||||
* (not generic) curves. For supported named curves, curve_id is
|
||||
|
@ -2316,30 +2264,15 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
|
|||
size_t j;
|
||||
|
||||
/* FIX THIS UP EAY EAY EAY EAY */
|
||||
if (s->s3->tmp.use_rsa_tmp) {
|
||||
if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
|
||||
rsa = s->cert->rsa_tmp;
|
||||
/*
|
||||
* Don't do a callback because rsa_tmp should be sent already
|
||||
*/
|
||||
if (rsa == NULL) {
|
||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
|
||||
SSL_R_MISSING_TMP_RSA_PKEY);
|
||||
goto f_err;
|
||||
|
||||
}
|
||||
} else {
|
||||
pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
|
||||
if ((pkey == NULL) ||
|
||||
(pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
|
||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
|
||||
SSL_R_MISSING_RSA_CERTIFICATE);
|
||||
goto f_err;
|
||||
}
|
||||
rsa = pkey->pkey.rsa;
|
||||
pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
|
||||
if ((pkey == NULL) ||
|
||||
(pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
|
||||
al = SSL_AD_HANDSHAKE_FAILURE;
|
||||
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
|
||||
SSL_R_MISSING_RSA_CERTIFICATE);
|
||||
goto f_err;
|
||||
}
|
||||
rsa = pkey->pkey.rsa;
|
||||
|
||||
/* SSLv3 and pre-standard DTLS omit the length bytes. */
|
||||
if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
|
||||
|
|
42
ssl/t1_enc.c
42
ssl/t1_enc.c
|
@ -294,15 +294,12 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km,
|
|||
|
||||
int tls1_change_cipher_state(SSL *s, int which)
|
||||
{
|
||||
static const unsigned char empty[] = "";
|
||||
unsigned char *p, *mac_secret;
|
||||
unsigned char *exp_label;
|
||||
unsigned char tmp1[EVP_MAX_KEY_LENGTH];
|
||||
unsigned char tmp2[EVP_MAX_KEY_LENGTH];
|
||||
unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
|
||||
unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
|
||||
unsigned char *ms, *key, *iv;
|
||||
int client_write;
|
||||
EVP_CIPHER_CTX *dd;
|
||||
const EVP_CIPHER *c;
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
|
@ -313,10 +310,9 @@ int tls1_change_cipher_state(SSL *s, int which)
|
|||
int *mac_secret_size;
|
||||
EVP_MD_CTX *mac_ctx;
|
||||
EVP_PKEY *mac_key;
|
||||
int is_export, n, i, j, k, exp_label_len, cl;
|
||||
int n, i, j, k, cl;
|
||||
int reuse_dd = 0;
|
||||
|
||||
is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
|
||||
c = s->s3->tmp.new_sym_enc;
|
||||
m = s->s3->tmp.new_hash;
|
||||
mac_type = s->s3->tmp.new_mac_pkey_type;
|
||||
|
@ -413,8 +409,7 @@ int tls1_change_cipher_state(SSL *s, int which)
|
|||
i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
|
||||
|
||||
cl = EVP_CIPHER_key_length(c);
|
||||
j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
|
||||
cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
|
||||
j = cl;
|
||||
/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
|
||||
/* If GCM/CCM mode only part of IV comes from PRF */
|
||||
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
|
||||
|
@ -431,9 +426,6 @@ int tls1_change_cipher_state(SSL *s, int which)
|
|||
n += j + j;
|
||||
iv = &(p[n]);
|
||||
n += k + k;
|
||||
exp_label = (unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
|
||||
exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
|
||||
client_write = 1;
|
||||
} else {
|
||||
n = i;
|
||||
ms = &(p[n]);
|
||||
|
@ -442,9 +434,6 @@ int tls1_change_cipher_state(SSL *s, int which)
|
|||
n += j + k;
|
||||
iv = &(p[n]);
|
||||
n += k;
|
||||
exp_label = (unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
|
||||
exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
|
||||
client_write = 0;
|
||||
}
|
||||
|
||||
if (n > s->s3->tmp.key_block_length) {
|
||||
|
@ -473,33 +462,6 @@ int tls1_change_cipher_state(SSL *s, int which)
|
|||
printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
|
||||
}
|
||||
#endif
|
||||
if (is_export) {
|
||||
/*
|
||||
* In here I set both the read and write key/iv to the same value
|
||||
* since only the correct one will be used :-).
|
||||
*/
|
||||
if (!tls1_PRF(s,
|
||||
exp_label, exp_label_len,
|
||||
s->s3->client_random, SSL3_RANDOM_SIZE,
|
||||
s->s3->server_random, SSL3_RANDOM_SIZE,
|
||||
NULL, 0, NULL, 0,
|
||||
key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
|
||||
goto err2;
|
||||
key = tmp1;
|
||||
|
||||
if (k > 0) {
|
||||
if (!tls1_PRF(s,
|
||||
TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
|
||||
s->s3->client_random, SSL3_RANDOM_SIZE,
|
||||
s->s3->server_random, SSL3_RANDOM_SIZE,
|
||||
NULL, 0, NULL, 0, empty, 0, iv1, iv2, k * 2))
|
||||
goto err2;
|
||||
if (client_write)
|
||||
iv = iv1;
|
||||
else
|
||||
iv = &(iv1[k]);
|
||||
}
|
||||
}
|
||||
|
||||
if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
|
||||
if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
|
||||
|
|
|
@ -212,10 +212,6 @@
|
|||
#define COMP_ZLIB 1
|
||||
|
||||
static int verify_callback(int ok, X509_STORE_CTX *ctx);
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
|
||||
static void free_tmp_rsa(void);
|
||||
#endif
|
||||
static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
|
||||
#define APP_CALLBACK_STRING "Test Callback Argument"
|
||||
struct app_verify_arg {
|
||||
|
@ -1483,10 +1479,6 @@ int main(int argc, char *argv[])
|
|||
(void)no_ecdhe;
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
|
||||
#endif
|
||||
|
||||
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
|
||||
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
|
||||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
|
||||
|
@ -1716,9 +1708,6 @@ int main(int argc, char *argv[])
|
|||
|
||||
BIO_free(bio_stdout);
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
free_tmp_rsa();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE_cleanup();
|
||||
#endif
|
||||
|
@ -2834,39 +2823,6 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
|
|||
return (ok);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static RSA *rsa_tmp = NULL;
|
||||
|
||||
static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
|
||||
{
|
||||
BIGNUM *bn = NULL;
|
||||
if (rsa_tmp == NULL) {
|
||||
bn = BN_new();
|
||||
rsa_tmp = RSA_new();
|
||||
if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
|
||||
BIO_printf(bio_err, "Memory error...");
|
||||
goto end;
|
||||
}
|
||||
printf("Generating temp (%d bit) RSA key...", keylength);
|
||||
if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
|
||||
BIO_printf(bio_err, "Error generating key.");
|
||||
RSA_free(rsa_tmp);
|
||||
rsa_tmp = NULL;
|
||||
}
|
||||
end:
|
||||
printf("\n");
|
||||
}
|
||||
BN_free(bn);
|
||||
return (rsa_tmp);
|
||||
}
|
||||
|
||||
static void free_tmp_rsa(void)
|
||||
{
|
||||
RSA_free(rsa_tmp);
|
||||
rsa_tmp = NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
/*-
|
||||
* These DH parameters have been generated as follows:
|
||||
|
|
|
@ -157,7 +157,7 @@ BIO_new_ssl_connect 174 EXIST::FUNCTION:
|
|||
SSL_get_ex_data_X509_STORE_CTX_idx 175 EXIST:!VMS:FUNCTION:
|
||||
SSL_get_ex_d_X509_STORE_CTX_idx 175 EXIST:VMS:FUNCTION:
|
||||
SSL_CTX_set_tmp_dh_callback 176 EXIST::FUNCTION:DH
|
||||
SSL_CTX_set_tmp_rsa_callback 177 EXIST::FUNCTION:RSA
|
||||
SSL_CTX_set_tmp_rsa_callback 177 NOEXIST::FUNCTION:
|
||||
SSL_CTX_set_timeout 178 EXIST::FUNCTION:
|
||||
SSL_CTX_get_timeout 179 EXIST::FUNCTION:
|
||||
SSL_CTX_get_cert_store 180 EXIST::FUNCTION:
|
||||
|
@ -167,7 +167,7 @@ SSL_library_init 183 EXIST::FUNCTION:
|
|||
SSL_COMP_add_compression_method 184 EXIST::FUNCTION:
|
||||
SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:
|
||||
SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:
|
||||
SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA
|
||||
SSL_set_tmp_rsa_callback 186 NOEXIST::FUNCTION:
|
||||
SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH
|
||||
SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:
|
||||
SSL_add_dir_cert_subjs_to_stk 188 EXIST:VMS:FUNCTION:
|
||||
|
|
Loading…
Reference in a new issue