wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove fixed DH ciphersuites.

Browse source 
Remove all fixed DH ciphersuites and associated logic.

Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-12-15 23:57:18 +00:00
parent 74a62e9629
commit bc71f91064
10 changed files with 64 additions and 656 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

400
ssl/s3_lib.c
View file

@ -261,38 +261,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
168,
},
/* Cipher 0D */
{
1,
SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
SSL_kDHd,
SSL_aDH,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 10 */
{
1,
SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
SSL_kDHr,
SSL_aDH,
SSL_3DES,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
112,
168,
},
/* Cipher 13 */
{
1,
@ -420,36 +388,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
/* Cipher 30 */
{
1,
TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
TLS1_CK_DH_DSS_WITH_AES_128_SHA,
SSL_kDHd,
SSL_aDH,
SSL_AES128,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 31 */
{
1,
TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
TLS1_CK_DH_RSA_WITH_AES_128_SHA,
SSL_kDHr,
SSL_aDH,
SSL_AES128,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 32 */
{
1,
@ -511,37 +449,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
/* Cipher 36 */
{
1,
TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
TLS1_CK_DH_DSS_WITH_AES_256_SHA,
SSL_kDHd,
SSL_aDH,
SSL_AES256,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* Cipher 37 */
{
1,
TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
TLS1_CK_DH_RSA_WITH_AES_256_SHA,
SSL_kDHr,
SSL_aDH,
SSL_AES256,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* Cipher 38 */
{
@ -640,38 +547,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
/* Cipher 3E */
{
1,
TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
SSL_kDHd,
SSL_aDH,
SSL_AES128,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 3F */
{
1,
TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
SSL_kDHr,
SSL_aDH,
SSL_AES128,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 40 */
{
1,
@ -707,38 +582,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
128,
},
/* Cipher 42 */
{
1,
TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHd,
SSL_aDH,
SSL_CAMELLIA128,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 43 */
{
1,
TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_kDHr,
SSL_aDH,
SSL_CAMELLIA128,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 44 */
{
1,
@ -805,38 +648,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
128,
},
/* Cipher 68 */
{
1,
TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
SSL_kDHd,
SSL_aDH,
SSL_AES256,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* Cipher 69 */
{
1,
TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
SSL_kDHr,
SSL_aDH,
SSL_AES256,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* Cipher 6A */
{
1,
@ -950,37 +761,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
/* Cipher 85 */
{
1,
TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHd,
SSL_aDH,
SSL_CAMELLIA256,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* Cipher 86 */
{
1,
TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
SSL_kDHr,
SSL_aDH,
SSL_CAMELLIA256,
SSL_SHA1,
SSL_SSLV3,
SSL_HIGH,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
256,
256,
},
/* Cipher 87 */
{
@ -1245,38 +1025,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
128,
},
/* Cipher 97 */
{
1,
TLS1_TXT_DH_DSS_WITH_SEED_SHA,
TLS1_CK_DH_DSS_WITH_SEED_SHA,
SSL_kDHd,
SSL_aDH,
SSL_SEED,
SSL_SHA1,
SSL_SSLV3,
SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 98 */
{
1,
TLS1_TXT_DH_RSA_WITH_SEED_SHA,
TLS1_CK_DH_RSA_WITH_SEED_SHA,
SSL_kDHr,
SSL_aDH,
SSL_SEED,
SSL_SHA1,
SSL_SSLV3,
SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
128,
128,
},
/* Cipher 99 */
{
1,
@ -1393,38 +1141,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
/* Cipher A0 */
{
1,
TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
SSL_kDHr,
SSL_aDH,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher A1 */
{
1,
TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
SSL_kDHr,
SSL_aDH,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
/* Cipher A2 */
{
1,
@ -1457,38 +1173,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
/* Cipher A4 */
{
1,
TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
SSL_kDHd,
SSL_aDH,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher A5 */
{
1,
TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
SSL_kDHd,
SSL_aDH,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256,
},
/* Cipher A6 */
{
1,
@ -1831,38 +1515,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
128,
},
/* Cipher BB */
{
1,
TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kDHd,
SSL_aDH,
SSL_CAMELLIA128,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher BC */
{
1,
TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
SSL_kDHr,
SSL_aDH,
SSL_CAMELLIA128,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
128,
128,
},
/* Cipher BD */
{
1,
@ -1927,38 +1579,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
256,
},
/* Cipher C1 */
{
1,
TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kDHd,
SSL_aDH,
SSL_CAMELLIA256,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C2 */
{
1,
TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256,
SSL_kDHr,
SSL_aDH,
SSL_CAMELLIA256,
SSL_SHA256,
SSL_TLSV1_2,
SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
256,
256,
},
/* Cipher C3 */
{
1,
@ -4665,7 +4285,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
{
int ret = 0;
int nostrict = 1;
uint32_t alg_k, alg_a = 0;
/* If we have custom certificate types set, use them */
@ -4675,8 +4294,6 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
}
/* Get mask of algorithms disabled by signature list */
ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
nostrict = 0;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
@ -4691,23 +4308,8 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
}
#endif
if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kDHr | SSL_kDHE)) {
# ifndef OPENSSL_NO_RSA
/*
* Since this refers to a certificate signed with an RSA algorithm,
* only check for rsa signing in strict mode.
*/
if (nostrict || !(alg_a & SSL_aRSA))
p[ret++] = SSL3_CT_RSA_FIXED_DH;
# endif
# ifndef OPENSSL_NO_DSA
if (nostrict || !(alg_a & SSL_aDSS))
p[ret++] = SSL3_CT_DSS_FIXED_DH;
# endif
}
if ((s->version == SSL3_VERSION) &&
(alg_k & (SSL_kDHE | SSL_kDHd | SSL_kDHr))) {
# ifndef OPENSSL_NO_RSA
p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
# endif

23
ssl/ssl_ciph.c
View file

@ -306,12 +306,9 @@ static const SSL_CIPHER cipher_aliases[] = {
*/
{0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kEDH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kDHE, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kDHE, 0, 0, 0, 0, 0, 0, 0,
{0, SSL_TXT_DH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0,
0},
{0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
@ -334,8 +331,6 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
/* no such ciphersuites supported! */
{0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
@ -506,8 +501,7 @@ void ssl_load_ciphers(void)
disabled_auth_mask |= SSL_aDSS;
#endif
#ifdef OPENSSL_NO_DH
disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE | SSL_kDHEPSK;
disabled_auth_mask |= SSL_aDH;
disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK;
#endif
#ifdef OPENSSL_NO_EC
disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr | SSL_kECDHEPSK;
@ -1614,12 +1608,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kRSA:
kx = "RSA";
break;
case SSL_kDHr:
kx = "DH/RSA";
break;
case SSL_kDHd:
kx = "DH/DSS";
break;
case SSL_kDHE:
kx = "DH";
break;
@ -1661,9 +1649,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_aDSS:
au = "DSS";
break;
case SSL_aDH:
au = "DH";
break;
case SSL_aECDH:
au = "ECDH";
break;
@ -1980,10 +1965,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
return SSL_PKEY_ECC;
} else if (alg_a & SSL_aECDSA)
return SSL_PKEY_ECC;
else if (alg_k & SSL_kDHr)
return SSL_PKEY_DH_RSA;
else if (alg_k & SSL_kDHd)
return SSL_PKEY_DH_DSA;
else if (alg_a & SSL_aDSS)
return SSL_PKEY_DSA_SIGN;
else if (alg_a & SSL_aRSA)

13
ssl/ssl_lib.c
View file

@ -2006,7 +2006,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
#endif
CERT *c = s->cert;
uint32_t *pvalid = s->s3->tmp.valid_flags;
int rsa_enc, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
unsigned long mask_k, mask_a;
#ifndef OPENSSL_NO_EC
int have_ecc_cert, ecdsa_ok;
@ -2026,8 +2026,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID;
rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN;
dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN;
dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID;
dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID;
#ifndef OPENSSL_NO_EC
have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
#endif
@ -2064,15 +2062,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher)
if (dh_tmp)
mask_k |= SSL_kDHE;
if (dh_rsa)
mask_k |= SSL_kDHr;
if (dh_dsa)
mask_k |= SSL_kDHd;
if (mask_k & (SSL_kDHr | SSL_kDHd))
mask_a |= SSL_aDH;
if (rsa_enc || rsa_sign) {
mask_a |= SSL_aRSA;
}

50
ssl/ssl_locl.h
View file

@ -295,32 +295,28 @@
/* Bits for algorithm_mkey (key exchange algorithm) */
/* RSA key exchange */
# define SSL_kRSA 0x00000001U
/* DH cert, RSA CA cert */
# define SSL_kDHr 0x00000002U
/* DH cert, DSA CA cert */
# define SSL_kDHd 0x00000004U
/* tmp DH key no DH cert */
# define SSL_kDHE 0x00000008U
# define SSL_kDHE 0x00000002U
/* synonym */
# define SSL_kEDH SSL_kDHE
/* ECDH cert, RSA CA cert */
# define SSL_kECDHr 0x00000020U
# define SSL_kECDHr 0x00000004U
/* ECDH cert, ECDSA CA cert */
# define SSL_kECDHe 0x00000040U
# define SSL_kECDHe 0x00000008U
/* ephemeral ECDH */
# define SSL_kECDHE 0x00000080U
# define SSL_kECDHE 0x00000010U
/* synonym */
# define SSL_kEECDH SSL_kECDHE
/* PSK */
# define SSL_kPSK 0x00000100U
# define SSL_kPSK 0x00000020U
/* GOST key exchange */
# define SSL_kGOST 0x00000200U
# define SSL_kGOST 0x00000040U
/* SRP */
# define SSL_kSRP 0x00000400U
# define SSL_kSRP 0x00000080U
# define SSL_kRSAPSK 0x00000800U
# define SSL_kECDHEPSK 0x00001000U
# define SSL_kDHEPSK 0x00002000U
# define SSL_kRSAPSK 0x00000100U
# define SSL_kECDHEPSK 0x00000200U
# define SSL_kDHEPSK 0x00000400U
/* all PSK */
@ -333,20 +329,18 @@
# define SSL_aDSS 0x00000002U
/* no auth (i.e. use ADH or AECDH) */
# define SSL_aNULL 0x00000004U
/* Fixed DH auth (kDHd or kDHr) */
# define SSL_aDH 0x00000008U
/* Fixed ECDH auth (kECDHe or kECDHr) */
# define SSL_aECDH 0x00000010U
# define SSL_aECDH 0x00000008U
/* ECDSA auth*/
# define SSL_aECDSA 0x00000040U
# define SSL_aECDSA 0x00000010U
/* PSK auth */
# define SSL_aPSK 0x00000080U
# define SSL_aPSK 0x00000020U
/* GOST R 34.10-2001 signature auth */
# define SSL_aGOST01 0x00000200U
# define SSL_aGOST01 0x00000040U
/* SRP auth */
# define SSL_aSRP 0x00000400U
# define SSL_aSRP 0x00000080U
/* GOST R 34.10-2012 signature auth */
# define SSL_aGOST12 0x00000800U
# define SSL_aGOST12 0x00000100U
/* Bits for algorithm_enc (symmetric encryption) */
# define SSL_DES 0x00000001U
@ -485,13 +479,11 @@
# define SSL_PKEY_RSA_ENC 0
# define SSL_PKEY_RSA_SIGN 1
# define SSL_PKEY_DSA_SIGN 2
# define SSL_PKEY_DH_RSA 3
# define SSL_PKEY_DH_DSA 4
# define SSL_PKEY_ECC 5
# define SSL_PKEY_GOST01 7
# define SSL_PKEY_GOST12_256 8
# define SSL_PKEY_GOST12_512 9
# define SSL_PKEY_NUM 10
# define SSL_PKEY_ECC 3
# define SSL_PKEY_GOST01 4
# define SSL_PKEY_GOST12_256 5
# define SSL_PKEY_GOST12_512 6
# define SSL_PKEY_NUM 7
/*
* Pseudo-constant. GOST cipher suites can use different certs for 1
* SSL_CIPHER. So let's see which one we have in fact.

17
ssl/ssl_rsa.c
View file

@ -171,22 +171,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
{
int i;
/*
* Special case for DH: check two DH certificate types for a match. This
* means for DH certificates we must set the certificate first.
*/
if (pkey->type == EVP_PKEY_DH) {
X509 *x;
i = -1;
x = c->pkeys[SSL_PKEY_DH_RSA].x509;
if (x && X509_check_private_key(x, pkey))
i = SSL_PKEY_DH_RSA;
x = c->pkeys[SSL_PKEY_DH_DSA].x509;
if (i == -1 && x && X509_check_private_key(x, pkey))
i = SSL_PKEY_DH_DSA;
ERR_clear_error();
} else
i = ssl_cert_type(NULL, pkey);
i = ssl_cert_type(NULL, pkey);
if (i < 0) {
SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return (0);

102
ssl/statem/statem_clnt.c
View file

@ -2390,47 +2390,23 @@ psk_err:
}
#endif
#ifndef OPENSSL_NO_DH
else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) {
else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
DH *dh_srvr, *dh_clnt;
if (s->s3->peer_dh_tmp != NULL)
dh_srvr = s->s3->peer_dh_tmp;
else {
/* we get them from the cert */
EVP_PKEY *spkey = NULL;
dh_srvr = NULL;
spkey = X509_get_pubkey(s->session->peer);
if (spkey) {
dh_srvr = EVP_PKEY_get1_DH(spkey);
EVP_PKEY_free(spkey);
}
if (dh_srvr == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
if (s->s3->peer_dh_tmp == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
/* Use client certificate key */
EVP_PKEY *clkey = s->cert->key->privatekey;
dh_clnt = NULL;
if (clkey)
dh_clnt = EVP_PKEY_get1_DH(clkey);
if (dh_clnt == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto err;
}
} else {
/* generate a new random key */
if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
goto err;
}
if (!DH_generate_key(dh_clnt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
DH_free(dh_clnt);
goto err;
}
dh_srvr = s->s3->peer_dh_tmp;
/* generate a new random key */
if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
goto err;
}
if (!DH_generate_key(dh_clnt)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
DH_free(dh_clnt);
goto err;
}
pmslen = DH_size(dh_clnt);
@ -2454,15 +2430,11 @@ psk_err:
}
pmslen = n;
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
n = 0;
else {
/* send off the data */
n = BN_num_bytes(dh_clnt->pub_key);
s2n(n, p);
BN_bn2bin(dh_clnt->pub_key, p);
n += 2;
}
/* send off the data */
n = BN_num_bytes(dh_clnt->pub_key);
s2n(n, p);
BN_bn2bin(dh_clnt->pub_key, p);
n += 2;
DH_free(dh_clnt);
}
@ -2841,7 +2813,6 @@ int tls_construct_client_verify(SSL *s)
*/
static int ssl3_check_client_certificate(SSL *s)
{
unsigned long alg_k;
if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)
return 0;
/* If no suitable signature algorithm can't use certificate */
@ -2854,26 +2825,6 @@ static int ssl3_check_client_certificate(SSL *s)
if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&
!tls1_check_chain(s, NULL, NULL, NULL, -2))
return 0;
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
/* See if we can use client certificate for fixed DH */
if (alg_k & (SSL_kDHr | SSL_kDHd)) {
int i = s->session->peer_type;
EVP_PKEY *clkey = NULL, *spkey = NULL;
clkey = s->cert->key->privatekey;
/* If client key not DH assume it can be used */
if (EVP_PKEY_id(clkey) != EVP_PKEY_DH)
return 1;
if (i >= 0)
spkey = X509_get_pubkey(s->session->peer);
if (spkey) {
/* Compare server and client parameters */
i = EVP_PKEY_cmp_parameters(clkey, spkey);
EVP_PKEY_free(spkey);
if (i != 1)
return 0;
}
s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
}
return 1;
}
@ -3042,20 +2993,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
goto f_err;
} else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) &&
!has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_DH_RSA_CERT);
goto f_err;
}
# ifndef OPENSSL_NO_DSA
else if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) &&
!has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_DH_DSA_CERT);
goto f_err;
}
# endif
#endif
return (1);

11
ssl/statem/statem_lib.c
View file

@ -632,17 +632,6 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
ret = SSL_PKEY_GOST12_512;
}
#endif
else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) {
/*
* For DH two cases: DH certificate signed with RSA and DH
* certificate signed with DSA.
*/
i = X509_certificate_type(x, pk);
if (i & EVP_PKS_RSA)
ret = SSL_PKEY_DH_RSA;
else if (i & EVP_PKS_DSA)
ret = SSL_PKEY_DH_DSA;
}
err:
if (!pkey)

69
ssl/statem/statem_srvr.c
View file

@ -322,8 +322,7 @@ static int send_server_key_exchange(SSL *s)
* the server certificate contains the server's public key for
* key exchange.
*/
if ( (alg_k & SSL_kDHE)
|| (alg_k & SSL_kECDHE)
if (alg_k & (SSL_kDHE|SSL_kECDHE)
/*
* PSK: send ServerKeyExchange if PSK identity hint if
* provided
@ -2121,7 +2120,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
#endif
#ifndef OPENSSL_NO_DH
BIGNUM *pub = NULL;
DH *dh_srvr, *dh_clnt = NULL;
DH *dh_srvr;
#endif
#ifndef OPENSSL_NO_EC
EVP_PKEY *ckey = NULL;
@ -2351,9 +2350,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
} else
#endif
#ifndef OPENSSL_NO_DH
if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) {
int idx = -1;
EVP_PKEY *skey = NULL;
if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
unsigned char shared[(OPENSSL_DH_MAX_MODULUS_BITS + 7) / 8];
if (!PACKET_get_net_2(pkt, &i)) {
@ -2370,21 +2367,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
goto err;
}
if (alg_k & SSL_kDHr)
idx = SSL_PKEY_DH_RSA;
else if (alg_k & SSL_kDHd)
idx = SSL_PKEY_DH_DSA;
if (idx >= 0) {
skey = s->cert->pkeys[idx].privatekey;
if ((skey == NULL) ||
(skey->type != EVP_PKEY_DH) || (skey->pkey.dh == NULL)) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_RSA_CERTIFICATE);
goto f_err;
}
dh_srvr = skey->pkey.dh;
} else if (s->s3->tmp.dh == NULL) {
if (s->s3->tmp.dh == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_TMP_DH_KEY);
@ -2393,30 +2376,19 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
dh_srvr = s->s3->tmp.dh;
if (PACKET_remaining(pkt) == 0L) {
/* Get pubkey from cert */
EVP_PKEY *clkey = X509_get_pubkey(s->session->peer);
if (clkey) {
if (EVP_PKEY_cmp_parameters(clkey, skey) == 1)
dh_clnt = EVP_PKEY_get1_DH(clkey);
}
if (dh_clnt == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
}
EVP_PKEY_free(clkey);
pub = dh_clnt->pub_key;
} else {
if (!PACKET_get_bytes(pkt, &data, i)) {
/* We already checked we have enough data */
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto f_err;
}
pub = BN_bin2bn(data, i, NULL);
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_TMP_DH_KEY);
goto f_err;
}
if (!PACKET_get_bytes(pkt, &data, i)) {
/* We already checked we have enough data */
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
goto f_err;
}
pub = BN_bin2bn(data, i, NULL);
if (pub == NULL) {
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
goto err;
@ -2432,20 +2404,13 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
if (dh_clnt)
DH_free(dh_clnt);
else
BN_clear_free(pub);
BN_clear_free(pub);
pub = NULL;
if (!ssl_generate_master_secret(s, shared, i, 0)) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto f_err;
}
if (dh_clnt) {
s->statem.no_cert_verify = 1;
return MSG_PROCESS_CONTINUE_PROCESSING;
}
} else
#endif

17
ssl/t1_lib.c
View file

@ -1078,9 +1078,7 @@ void ssl_set_client_disabled(SSL *s)
* algorithms.
*/
if (s->s3->tmp.mask_a & SSL_aRSA)
s->s3->tmp.mask_k |= SSL_kDHr | SSL_kECDHr;
if (s->s3->tmp.mask_a & SSL_aDSS)
s->s3->tmp.mask_k |= SSL_kDHd;
s->s3->tmp.mask_k |= SSL_kECDHr;
if (s->s3->tmp.mask_a & SSL_aECDSA)
s->s3->tmp.mask_k |= SSL_kECDHe;
# ifndef OPENSSL_NO_PSK
@ -4031,13 +4029,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
switch (idx) {
case SSL_PKEY_RSA_ENC:
case SSL_PKEY_RSA_SIGN:
case SSL_PKEY_DH_RSA:
rsign = TLSEXT_signature_rsa;
default_nid = NID_sha1WithRSAEncryption;
break;
case SSL_PKEY_DSA_SIGN:
case SSL_PKEY_DH_DSA:
rsign = TLSEXT_signature_dsa;
default_nid = NID_dsaWithSHA1;
break;
@ -4140,15 +4136,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
case EVP_PKEY_EC:
check_type = TLS_CT_ECDSA_SIGN;
break;
case EVP_PKEY_DH:
case EVP_PKEY_DHX:
{
int cert_type = X509_certificate_type(x, pk);
if (cert_type & EVP_PKS_RSA)
check_type = TLS_CT_RSA_FIXED_DH;
if (cert_type & EVP_PKS_DSA)
check_type = TLS_CT_DSS_FIXED_DH;
}
}
if (check_type) {
const unsigned char *ctypes;
@ -4229,8 +4216,6 @@ void tls1_set_cert_validity(SSL *s)
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);

18
ssl/t1_trce.c
View file

@ -913,14 +913,6 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
*pname = "rsa";
return SSL_kRSA;
}
if (alg_k & SSL_kDHr) {
*pname = "dh_rsa";
return SSL_kDHr;
}
if (alg_k & SSL_kDHd) {
*pname = "dh_dss";
return SSL_kDHd;
}
if (alg_k & SSL_kDHE) {
*pname = "DHE";
return SSL_kDHE;
@ -993,14 +985,6 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
}
break;
/* Implicit parameters only allowed for static DH */
case SSL_kDHd:
case SSL_kDHr:
if (msglen == 0) {
BIO_indent(bio, indent + 2, 80);
BIO_puts(bio, "implicit\n");
break;
}
case SSL_kDHE:
case SSL_kDHEPSK:
if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen))
@ -1040,8 +1024,6 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
}
switch (id) {
/* Should never happen */
case SSL_kDHd:
case SSL_kDHr:
case SSL_kECDHr:
case SSL_kECDHe:
BIO_indent(bio, indent + 2, 80);