diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-31 14:51:02 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-31 14:51:02 +0000 |
| commit | 843a58363f6190cdd0e68eb0d367c010e0017e7c (patch) | |
| tree | 628e2fe92ce675e6371110896ba6e3994a0bd1e7 /lib/libssl/s3_srvr.c | |
| parent | 57324904c35ba4c9690cb0f0b7e96590ab50fb2d (diff) | |
Remove support for ephemeral/temporary RSA private keys.
The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively
a standards violation) and for RSA sign-only, should only be possible if
you are using an export cipher and have an RSA private key that is more
than 512 bits in size (however we no longer support export ciphers).
ok bcook@ miod@
Diffstat (limited to 'lib/libssl/s3_srvr.c')
| -rw-r--r-- | lib/libssl/s3_srvr.c | 94 |
1 files changed, 14 insertions, 80 deletions
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 719b4c56c1d..1b97895f76f 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.88 2014/10/31 14:51:01 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -392,37 +392,14 @@ ssl3_accept(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; /* - * Clear this, it may get reset by - * send_server_key_exchange. - */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) - ) - /* - * option SSL_OP_EPHEMERAL_RSA sends temporary - * RSA key even when forbidden by protocol - * specs (handshake may fail as clients are - * not required to be able to handle this) - */ - s->s3->tmp.use_rsa_tmp = 1; - else - s->s3->tmp.use_rsa_tmp = 0; - - - /* - * Only send if a DH key exchange, fortezza or - * RSA but we have a sign only certificate. + * Only send if using a DH key exchange. * - * For ECC ciphersuites, we send a serverKeyExchange - * message only if the cipher suite is either - * ECDH-anon or ECDHE. In other cases, the - * server certificate contains the server's + * For ECC ciphersuites, we send a ServerKeyExchange + * message only if the cipher suite is ECDHE. In other + * cases, the server certificate contains the server's * public key for key exchange. */ - if (s->s3->tmp.use_rsa_tmp || - (alg_k & (SSL_kDHE|SSL_kECDHE)) || - ((alg_k & SSL_kRSA) && - (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == - NULL))) { + if (alg_k & (SSL_kDHE|SSL_kECDHE)) { ret = ssl3_send_server_key_exchange(s); if (ret <= 0) goto end; @@ -1352,7 +1329,6 @@ ssl3_send_server_key_exchange(SSL *s) { unsigned char *q; int j, num; - RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; DH *dh = NULL, *dhp; @@ -1383,31 +1359,6 @@ ssl3_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; - if (type & SSL_kRSA) { - rsa = cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr( - SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp = rsa; - } - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0] = rsa->n; - r[1] = rsa->e; - s->s3->tmp.use_rsa_tmp = 1; - } else if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) @@ -1855,32 +1806,15 @@ ssl3_get_client_key_exchange(SSL *s) alg_k = s->s3->tmp.new_cipher->algorithm_mkey; if (alg_k & SSL_kRSA) { - /* FIX THIS UP EAY EAY EAY EAY */ - if (s->s3->tmp.use_rsa_tmp) { - if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL)) - rsa = s->cert->rsa_tmp; - /* - * Don't do a callback because rsa_tmp should - * be sent already - */ - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_TMP_RSA_PKEY); - goto f_err; - - } - } else { - pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; - if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_RSA_CERTIFICATE); - goto f_err; - } - rsa = pkey->pkey.rsa; + pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; + if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || + (pkey->pkey.rsa == NULL)) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_MISSING_RSA_CERTIFICATE); + goto f_err; } + rsa = pkey->pkey.rsa; /* TLS and [incidentally] DTLS{0xFEFF} */ if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) { |