From 7ea04f6c90f64c2f4050f0e4fbddfaf6019d95d1 Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Mon, 5 May 2014 15:03:23 +0000 Subject: Remove SRP and Kerberos support from libssl. These are complex protocols all on their own and we can't effectively maintain them without using them, which we don't. If the need arises, the code can be resurrected. --- lib/libssl/s3_srvr.c | 317 --------------------------------------------------- 1 file changed, 317 deletions(-) (limited to 'lib/libssl/s3_srvr.c') diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 6d8ccd66b7e..081aebf1f5d 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -164,9 +164,6 @@ #include #endif #include -#ifndef OPENSSL_NO_KRB5 -#include -#endif #include static const SSL_METHOD *ssl3_get_server_method(int ver); @@ -179,30 +176,6 @@ ssl3_get_server_method(int ver) return (NULL); } -#ifndef OPENSSL_NO_SRP -static int -ssl_check_srp_ext_ClientHello(SSL *s, int *al) -{ - int ret = SSL_ERROR_NONE; - - *al = SSL_AD_UNRECOGNIZED_NAME; - - if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) && - (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) { - if (s->srp_ctx.login == NULL) { - /* - * RFC 5054 says SHOULD reject, - * we do so if There is no srp login name - */ - ret = SSL3_AL_FATAL; - *al = SSL_AD_UNKNOWN_PSK_IDENTITY; - } else { - ret = SSL_srp_server_param_with_username(s, al); - } - } - return (ret); -} -#endif IMPLEMENT_ssl3_meth_func(SSLv3_server_method, ssl3_accept, ssl_undefined_function, ssl3_get_server_method) @@ -342,39 +315,6 @@ ssl3_accept(SSL *s) if (ret <= 0) goto end; } -#ifndef OPENSSL_NO_SRP - { - int al; - if ((ret = - ssl_check_srp_ext_ClientHello(s, &al)) - < 0) { - /* - * Callback indicates further work to - * be done. - */ - s->rwstate = SSL_X509_LOOKUP; - goto end; - } - if (ret != SSL_ERROR_NONE) { - ssl3_send_alert(s, SSL3_AL_FATAL, al); - - /* - * This is not really an error but the - * only means for a client to detect - * whether srp is supported. - */ - if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) - SSLerr(SSL_F_SSL3_ACCEPT, - SSL_R_CLIENTHELLO_TLSEXT); - - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - - ret = -1; - goto end; - - } - } -#endif s->renegotiate = 2; s->state = SSL3_ST_SW_SRVR_HELLO_A; @@ -441,9 +381,6 @@ ssl3_accept(SSL *s) * send_server_key_exchange. */ if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ ) /* * option SSL_OP_EPHEMERAL_RSA sends temporary @@ -472,10 +409,6 @@ ssl3_accept(SSL *s) * hint if provided */ #ifndef OPENSSL_NO_PSK || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) -#endif -#ifndef OPENSSL_NO_SRP - /* SRP: send ServerKeyExchange */ - || (alg_k & SSL_kSRP) #endif || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) || (alg_k & SSL_kEECDH) @@ -1796,20 +1729,6 @@ ssl3_send_server_key_exchange(SSL *s) n += 2 + pskhintlen; } else #endif /* !OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_SRP - if (type & SSL_kSRP) { - if ((s->srp_ctx.N == NULL) || (s->srp_ctx.g == NULL) || - (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - SSL_R_MISSING_SRP_PARAM); - goto err; - } - r[0] = s->srp_ctx.N; - r[1] = s->srp_ctx.g; - r[2] = s->srp_ctx.s; - r[3] = s->srp_ctx.B; - } else -#endif { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, @@ -1818,11 +1737,6 @@ ssl3_send_server_key_exchange(SSL *s) } for (i = 0; i < 4 && r[i] != NULL; i++) { nr[i] = BN_num_bytes(r[i]); -#ifndef OPENSSL_NO_SRP - if ((i == 2) && (type & SSL_kSRP)) - n += 1 + nr[i]; - else -#endif n += 2 + nr[i]; } @@ -1848,12 +1762,6 @@ ssl3_send_server_key_exchange(SSL *s) p = &(d[4]); for (i = 0; i < 4 && r[i] != NULL; i++) { -#ifndef OPENSSL_NO_SRP - if ((i == 2) && (type & SSL_kSRP)) { - *p = nr[i]; - p++; - } else -#endif s2n(nr[i], p); BN_bn2bin(r[i], p); p += nr[i]; @@ -2112,9 +2020,6 @@ ssl3_get_client_key_exchange(SSL *s) BIGNUM *pub = NULL; DH *dh_srvr; #endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_ECDH EC_KEY *srvr_ecdh = NULL; @@ -2299,191 +2204,6 @@ ssl3_get_client_key_exchange(SSL *s) OPENSSL_cleanse(p, i); } else #endif -#ifndef OPENSSL_NO_KRB5 - if (alg_k & SSL_kKRB5) { - krb5_error_code krb5rc; - krb5_data enc_ticket; - krb5_data authenticator; - krb5_data enc_pms; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_BLOCK_LENGTH]; - int padl, outl; - krb5_timestamp authtime = 0; - krb5_ticket_times ttimes; - - EVP_CIPHER_CTX_init(&ciph_ctx); - - if (!kssl_ctx) - kssl_ctx = kssl_ctx_new(); - - n2s(p, i); - enc_ticket.length = i; - - if (n < (long)(enc_ticket.length + 6)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - enc_ticket.data = (char *)p; - p += enc_ticket.length; - - n2s(p, i); - authenticator.length = i; - - if (n < (long)(enc_ticket.length + authenticator.length + 6)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - authenticator.data = (char *)p; - p += authenticator.length; - - n2s(p, i); - enc_pms.length = i; - enc_pms.data = (char *)p; - p += enc_pms.length; - - /* - * Note that the length is checked again below, - * after decryption - */ - if (enc_pms.length > sizeof pms) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if (n != (long)(enc_ticket.length + authenticator.length + - enc_pms.length + 6)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes, - &kssl_err)) != 0) { -#ifdef KSSL_DEBUG - printf("kssl_sget_tkt rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - printf("kssl_err text= %s\n", kssl_err.text); -#endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - kssl_err.reason); - goto err; - } - - /* Note: no authenticator is not considered an error, - ** but will return authtime == 0. - */ - if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator, - &authtime, &kssl_err)) != 0) { -#ifdef KSSL_DEBUG - printf("kssl_check_authent rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - printf("kssl_err text= %s\n", kssl_err.text); -#endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - kssl_err.reason); - goto err; - } - - if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - krb5rc); - goto err; - } - -#ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -#endif /* KSSL_DEBUG */ - - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; - - memset(iv, 0, sizeof iv); /* per RFC 1510 */ - - if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, - kssl_ctx->key, iv)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl, - (unsigned char *)enc_pms.data, enc_pms.length)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (outl > SSL_MAX_MASTER_KEY_LENGTH) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - outl += padl; - if (outl > SSL_MAX_MASTER_KEY_LENGTH) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) { - /* - * The premaster secret must contain the same version - * number as the ClientHello to detect version rollback - * attacks (strangely, the protocol does not offer such - * protection for DH ciphersuites). - * However, buggy clients exist that send random bytes - * instead of the protocol version. - * - * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such - * clients. - * (Perhaps we should have a separate BUG value for - * the Kerberos cipher) - */ - if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_AD_DECODE_ERROR); - goto err; - } - } - - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, pms, outl); - - if (kssl_ctx->client_princ) { - size_t len = strlen(kssl_ctx->client_princ); - if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) { - s->session->krb5_client_princ_len = len; - memcpy(s->session->krb5_client_princ, - kssl_ctx->client_princ, len); - } - } - - - /* - * Was doing kssl_ctx_free() here, but it caused problems for - * apache. - * kssl_ctx = kssl_ctx_free(kssl_ctx); - * if (s->kssl_ctx) s->kssl_ctx = NULL; - */ - } else -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_ECDH if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) { @@ -2717,43 +2437,6 @@ ssl3_get_client_key_exchange(SSL *s) goto f_err; } else #endif -#ifndef OPENSSL_NO_SRP - if (alg_k & SSL_kSRP) { - int param_len; - - n2s(p, i); - param_len = i + 2; - if (param_len > n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_BAD_SRP_A_LENGTH); - goto f_err; - } - if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_BN_LIB); - goto err; - } - if (s->session->srp_username != NULL) - free(s->session->srp_username); - s->session->srp_username = BUF_strdup(s->srp_ctx.login); - if (s->session->srp_username == NULL) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_MALLOC_FAILURE); - goto err; - } - - if ((s->session->master_key_length = - SRP_generate_server_master_secret(s, - s->session->master_key)) < 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - - p += i; - } else -#endif /* OPENSSL_NO_SRP */ if (alg_k & SSL_kGOST) { int ret = 0; EVP_PKEY_CTX *pkey_ctx; -- cgit v1.2.3