diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2015-06-18 22:51:06 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2015-06-18 22:51:06 +0000 |
| commit | b1301b3c17b87991a986c68104bfc416a715f523 (patch) | |
| tree | bf56b75f5e19352eaec6461ea16a2aad840c2454 | |
| parent | e5e56cf2cf8d060db486e643a5461ea75d4c1486 (diff) | |
Remove Microsoft Server Gated Crypto.
Another relic due to the old US crypto policy.
From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and
95275599399e277e71d064790a1f828a99fc661a.
ok jsing@ miod@
| -rw-r--r-- | lib/libssl/d1_srvr.c | 23 | ||||
| -rw-r--r-- | lib/libssl/doc/BIO_f_ssl.3 | 6 | ||||
| -rw-r--r-- | lib/libssl/doc/SSL_accept.3 | 16 | ||||
| -rw-r--r-- | lib/libssl/doc/SSL_do_handshake.3 | 18 | ||||
| -rw-r--r-- | lib/libssl/s3_both.c | 16 | ||||
| -rw-r--r-- | lib/libssl/s3_srvr.c | 63 | ||||
| -rw-r--r-- | lib/libssl/ssl3.h | 13 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 3 |
8 files changed, 26 insertions, 132 deletions
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index f3972ae9d07..698292f33fc 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.54 2015/06/18 22:30:47 doug Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.55 2015/06/18 22:51:05 doug Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -468,22 +468,13 @@ dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) { - dtls1_stop_timer(s); - s->state = SSL3_ST_SR_CLNT_HELLO_C; - } else { - if (s->s3->tmp.cert_request) { - ret = ssl3_get_client_certificate(s); - if (ret <= 0) - goto end; - } - s->init_num = 0; - s->state = SSL3_ST_SR_KEY_EXCH_A; + if (s->s3->tmp.cert_request) { + ret = ssl3_get_client_certificate(s); + if (ret <= 0) + goto end; } + s->init_num = 0; + s->state = SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: diff --git a/lib/libssl/doc/BIO_f_ssl.3 b/lib/libssl/doc/BIO_f_ssl.3 index 851e4f08ca4..876018a8399 100644 --- a/lib/libssl/doc/BIO_f_ssl.3 +++ b/lib/libssl/doc/BIO_f_ssl.3 @@ -1,7 +1,7 @@ .\" -.\" $OpenBSD: BIO_f_ssl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ +.\" $OpenBSD: BIO_f_ssl.3,v 1.3 2015/06/18 22:51:05 doug Exp $ .\" -.Dd $Mdocdate: December 2 2014 $ +.Dd $Mdocdate: June 18 2015 $ .Dt BIO_F_SSL 3 .Os .Sh NAME @@ -240,7 +240,7 @@ still request a retry in exceptional circumstances. Specifically this will happen if a session renegotiation takes place during a .Xr BIO_read 3 operation. -One case where this happens is when SGC or step up occurs. +One case where this happens is when step up occurs. .Pp In OpenSSL 0.9.6 and later the SSL flag .Dv SSL_AUTO_RETRY diff --git a/lib/libssl/doc/SSL_accept.3 b/lib/libssl/doc/SSL_accept.3 index 06465d19558..8c7409d04f3 100644 --- a/lib/libssl/doc/SSL_accept.3 +++ b/lib/libssl/doc/SSL_accept.3 @@ -1,7 +1,7 @@ .\" -.\" $OpenBSD: SSL_accept.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ +.\" $OpenBSD: SSL_accept.3,v 1.3 2015/06/18 22:51:05 doug Exp $ .\" -.Dd $Mdocdate: December 2 2014 $ +.Dd $Mdocdate: June 18 2015 $ .Dt SSL_ACCEPT 3 .Os .Sh NAME @@ -29,17 +29,7 @@ If the underlying is .Em blocking , .Fn SSL_accept -will only return once the handshake has been finished or an error occurred, -except for SGC (Server Gated Cryptography). -For SGC, -.Fn SSL_accept -may return with \(mi1, but -.Fn SSL_get_error -will yield -.Dv SSL_ERROR_WANT_READ/WRITE -and -.Fn SSL_accept -should be called again. +will only return once the handshake has been finished or an error occurred. .Pp If the underlying .Vt BIO diff --git a/lib/libssl/doc/SSL_do_handshake.3 b/lib/libssl/doc/SSL_do_handshake.3 index cc29df25837..78a37b08c94 100644 --- a/lib/libssl/doc/SSL_do_handshake.3 +++ b/lib/libssl/doc/SSL_do_handshake.3 @@ -1,7 +1,7 @@ .\" -.\" $OpenBSD: SSL_do_handshake.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ +.\" $OpenBSD: SSL_do_handshake.3,v 1.3 2015/06/18 22:51:05 doug Exp $ .\" -.Dd $Mdocdate: December 2 2014 $ +.Dd $Mdocdate: June 18 2015 $ .Dt SSL_DO_HANDSHAKE 3 .Os .Sh NAME @@ -30,19 +30,7 @@ If the underlying is .Em blocking , .Fn SSL_do_handshake -will only return once the handshake has been finished or an error occurred, -except for SGC (Server Gated Cryptography). -For SGC, -.Fn SSL_do_handshake -may return with \(mi1, but -.Xr SSL_get_error 3 -will yield -.Dv SSL_ERROR_WANT_READ -or -.Dv SSL_ERROR_WANT_WRITE -and -.Fn SSL_do_handshake -should be called again. +will only return once the handshake has been finished or an error occurred. .Pp If the underlying .Vt BIO diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 633bf5bb7b9..d9484d77d86 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.38 2015/03/27 12:29:54 jsing Exp $ */ +/* $OpenBSD: s3_both.c,v 1.39 2015/06/18 22:51:05 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -450,20 +450,6 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; } - if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && - (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) { - /* At this point we have got an MS SGC second client - * hello (maybe we should always allow the client to - * start a new handshake?). We need to restart the mac. - * Don't increment {num,total}_renegotiations because - * we have not completed the handshake. */ - if (!ssl3_init_finished_mac(s)) { - SSLerr(SSL_F_SSL3_GET_MESSAGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - } - s->s3->tmp.message_type= *(p++); n2l3(p, l); diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 867e796529c..c595fa31cc1 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.107 2015/06/17 07:29:33 doug Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.108 2015/06/18 22:51:05 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -273,7 +273,6 @@ ssl3_accept(SSL *s) } s->init_num = 0; - s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; if (s->state != SSL_ST_RENEGOTIATE) { /* @@ -487,21 +486,13 @@ ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) - s->state = SSL3_ST_SR_CLNT_HELLO_C; - else { - if (s->s3->tmp.cert_request) { - ret = ssl3_get_client_certificate(s); - if (ret <= 0) - goto end; - } - s->init_num = 0; - s->state = SSL3_ST_SR_KEY_EXCH_A; + if (s->s3->tmp.cert_request) { + ret = ssl3_get_client_certificate(s); + if (ret <= 0) + goto end; } + s->init_num = 0; + s->state = SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -765,46 +756,6 @@ ssl3_send_hello_request(SSL *s) } int -ssl3_check_client_hello(SSL *s) -{ - int ok; - long n; - - /* - * This function is called when we really expect a Certificate message, - * so permit appropriate message length - */ - n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, - SSL3_ST_SR_CERT_B, -1, s->max_cert_list, &ok); - if (!ok) - return ((int)n); - s->s3->tmp.reuse_message = 1; - if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) { - /* - * We only allow the client to restart the handshake once per - * negotiation. - */ - if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) { - SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, - SSL_R_MULTIPLE_SGC_RESTARTS); - return (-1); - } - /* - * Throw away what we have done so far in the current handshake, - * which will now be aborted. (A full SSL_clear would be too - * much.) - */ - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh = NULL; - EC_KEY_free(s->s3->tmp.ecdh); - s->s3->tmp.ecdh = NULL; - s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; - return (2); - } - return (1); -} - -int ssl3_get_client_hello(SSL *s) { int i, j, ok, al, ret = -1; diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 61f600c55d0..265d18810e4 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.36 2015/02/22 15:54:27 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.37 2015/06/18 22:51:05 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -356,17 +356,6 @@ typedef struct ssl3_buffer_st { #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 #define SSL3_FLAGS_CCS_OK 0x0080 -/* SSL3_FLAGS_SGC_RESTART_DONE is set when we - * restart a handshake because of MS SGC and so prevents us - * from restarting the handshake in a loop. It's reset on a - * renegotiation, so effectively limits the client to one restart - * per negotiation. This limits the possibility of a DDoS - * attack where the client handshakes in a loop using SGC to - * restart. Servers which permit renegotiation can still be - * effected, but we can't prevent that. - */ -#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 - #ifndef OPENSSL_NO_SSL_INTERN typedef struct ssl3_state_st { diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 7b3ecdf6654..794769b79cc 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.90 2015/04/15 16:25:43 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.91 2015/06/18 22:51:05 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -741,7 +741,6 @@ int ssl3_send_hello_request(SSL *s); int ssl3_send_server_key_exchange(SSL *s); int ssl3_send_certificate_request(SSL *s); int ssl3_send_server_done(SSL *s); -int ssl3_check_client_hello(SSL *s); int ssl3_get_client_certificate(SSL *s); int ssl3_get_client_key_exchange(SSL *s); int ssl3_get_cert_verify(SSL *s); |