diff options
| author |   jsing <jsing@openbsd.org> | 2014-10-31 14:51:01 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-10-31 14:51:01 +0000 |
| commit | 85bda7b83ce5c9f5db97200efe9d057e175bb7a7 (patch) | |
| tree | 1ab42d89f73039708d653700c7c44eaddea67170 /lib/libssl/src/ssl/d1_srvr.c | |
| parent | sync (diff) | |
| download | wireguard-openbsd-85bda7b83ce5c9f5db97200efe9d057e175bb7a7.tar.xz wireguard-openbsd-85bda7b83ce5c9f5db97200efe9d057e175bb7a7.zip | |
Remove support for ephemeral/temporary RSA private keys.
The only use for these is via SSL_OP_EPHEMERAL_RSA (which is effectively
a standards violation) and for RSA sign-only, should only be possible if
you are using an export cipher and have an RSA private key that is more
than 512 bits in size (however we no longer support export ciphers).
ok bcook@ miod@
Diffstat (limited to 'lib/libssl/src/ssl/d1_srvr.c')
| -rw-r--r-- | lib/libssl/src/ssl/d1_srvr.c | 58 |
1 files changed, 8 insertions, 50 deletions
diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c index a85715753ca..d2f642f8773 100644 --- a/lib/libssl/src/ssl/d1_srvr.c +++ b/lib/libssl/src/ssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.40 2014/10/18 16:13:16 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.41 2014/10/31 14:51:01 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -446,27 +446,8 @@ dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp = 1; - else - s->s3->tmp.use_rsa_tmp = 0; - - /* only send if a DH key exchange or - * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp - || (alg_k & (SSL_kDHE|SSL_kECDHE)) - || ((alg_k & SSL_kRSA) - && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - ) - ) - ) { + /* Only send if using a DH key exchange. */ + if (alg_k & (SSL_kDHE|SSL_kECDHE)) { dtls1_start_timer(s); ret = dtls1_send_server_key_exchange(s); if (ret <= 0) @@ -994,7 +975,6 @@ dtls1_send_server_key_exchange(SSL *s) { unsigned char *q; int j, num; - RSA *rsa; unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; unsigned int u; DH *dh = NULL, *dhp; @@ -1024,28 +1004,7 @@ dtls1_send_server_key_exchange(SSL *s) r[0] = r[1] = r[2] = r[3] = NULL; n = 0; - if (type & SSL_kRSA) { - rsa = cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, 0, - SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp = rsa; - } - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0] = rsa->n; - r[1] = rsa->e; - s->s3->tmp.use_rsa_tmp = 1; - } else + if (type & SSL_kDHE) { dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) @@ -1087,8 +1046,7 @@ dtls1_send_server_key_exchange(SSL *s) r[0] = dh->p; r[1] = dh->g; r[2] = dh->pub_key; - } else - if (type & SSL_kECDHE) { + } else if (type & SSL_kECDHE) { const EC_GROUP *group; ecdhp = cert->ecdh_tmp; @@ -1185,10 +1143,10 @@ dtls1_send_server_key_exchange(SSL *s) r[1] = NULL; r[2] = NULL; r[3] = NULL; - } else - { + } else { al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); + SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, + SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); goto f_err; } for (i = 0; r[i] != NULL; i++) { |