diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2015-12-05 02:04:41 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2015-12-05 17:45:59 +0100 |
commit | 361a1191279d5a801fa6cfe22d51ef17d6ab38ea (patch) | |
tree | e530e75d67f1de7d0b4aa4a42050f435937ad104 | |
parent | fe6ef2472db933f01b59cad82aa925736935984b (diff) |
Remove support for all 40 and 56 bit ciphers.
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #364
-rw-r--r-- | CHANGES | 5 | ||||
-rw-r--r-- | apps/s_server.c | 47 | ||||
-rw-r--r-- | demos/easy_tls/easy-tls.c | 15 | ||||
-rw-r--r-- | demos/easy_tls/easy-tls.h | 1 | ||||
-rw-r--r-- | doc/apps/ciphers.pod | 32 | ||||
-rw-r--r-- | doc/apps/s_server.pod | 6 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_cipher_list.pod | 5 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_options.pod | 1 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 159 | ||||
-rw-r--r-- | doc/ssl/ssl.pod | 20 | ||||
-rw-r--r-- | include/openssl/ssl.h | 31 | ||||
-rw-r--r-- | include/openssl/tls1.h | 6 | ||||
-rw-r--r-- | ssl/s3_enc.c | 36 | ||||
-rw-r--r-- | ssl/s3_lib.c | 700 | ||||
-rw-r--r-- | ssl/ssl_cert.c | 11 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 77 | ||||
-rw-r--r-- | ssl/ssl_err.c | 10 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 115 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 81 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 177 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 87 | ||||
-rw-r--r-- | ssl/t1_enc.c | 42 | ||||
-rw-r--r-- | test/ssltest.c | 44 | ||||
-rwxr-xr-x | util/ssleay.num | 4 |
24 files changed, 293 insertions, 1419 deletions
@@ -4,6 +4,11 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Remove support for all 40 and 56 bit ciphers. This includes all the export + ciphers who are no longer supported and drops support the ephemeral RSA key + exchange. The LOW ciphers currently doesn't have any ciphers in it. + [Kurt Roeckx] + *) Added ASYNC support. Libcrypto now includes the async sub-library to enable cryptographic operations to be performed asynchronously as long as an asynchronous capable engine is used. See the ASYNC_start_job() man page for diff --git a/apps/s_server.c b/apps/s_server.c index fd8035de99..4c3ca792e2 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -190,9 +190,6 @@ typedef unsigned int u_int; # undef FIONBIO #endif -#ifndef OPENSSL_NO_RSA -static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); -#endif static int not_resumable_sess_cb(SSL *s, int is_forward_secure); static int sv_body(char *hostname, int s, int stype, unsigned char *context); static int www_body(char *hostname, int s, int stype, unsigned char *context); @@ -807,7 +804,7 @@ typedef enum OPTION_choice { OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF, - OPT_QUIET, OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE, + OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, OPT_NO_ECDHE, OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL3, @@ -866,7 +863,6 @@ OPTIONS s_server_options[] = { "Do not load certificates from the default certificates directory"}, {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, {"quiet", OPT_QUIET, '-', "No server output"}, - {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"}, {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, @@ -1004,7 +1000,7 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_DH int no_dhe = 0; #endif - int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0, ret = 1; + int no_ecdhe = 0, nocert = 0, ret = 1; int noCApath = 0, noCAfile = 0; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; @@ -1295,9 +1291,6 @@ int s_server_main(int argc, char *argv[]) case OPT_BRIEF: s_quiet = s_brief = verify_quiet = 1; break; - case OPT_NO_TMP_RSA: - no_tmp_rsa = 1; - break; case OPT_NO_DHE: #ifndef OPENSSL_NO_DH no_dhe = 1; @@ -1824,13 +1817,6 @@ int s_server_main(int argc, char *argv[]) if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain)) goto end; } -#ifndef OPENSSL_NO_RSA - if (!no_tmp_rsa) { - SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); - if (ctx2) - SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb); - } -#endif if (no_resume_ephemeral) { SSL_CTX_set_not_resumable_session_callback(ctx, @@ -3135,35 +3121,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) return (ret); } -#ifndef OPENSSL_NO_RSA -static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) -{ - BIGNUM *bn = NULL; - static RSA *rsa_tmp = NULL; - - if (!rsa_tmp && ((bn = BN_new()) == NULL)) - BIO_printf(bio_err, "Allocation error in generating RSA key\n"); - if (!rsa_tmp && bn) { - if (!s_quiet) { - BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", - keylength); - (void)BIO_flush(bio_err); - } - if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || - !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) { - RSA_free(rsa_tmp); - rsa_tmp = NULL; - } - if (!s_quiet) { - BIO_printf(bio_err, "\n"); - (void)BIO_flush(bio_err); - } - BN_free(bn); - } - return (rsa_tmp); -} -#endif - #define MAX_SESSION_ID_ATTEMPTS 10 static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len) diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index e42d28a8c1..00407dd165 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -651,7 +651,6 @@ struct tls_create_ctx_args tls_create_ctx_defaultargs(void) ret.ca_file = NULL; ret.verify_depth = -1; ret.fail_unless_verified = 0; - ret.export_p = 0; return ret; } @@ -781,20 +780,6 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) /* avoid small subgroup attacks: */ SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE); } -#ifndef NO_RSA - if (!a.client_p && a.export_p) { - RSA *tmpkey; - - tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL); - if (tmpkey == NULL) - goto err; - if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) { - RSA_free(tmpkey); - goto err; - } - RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */ - } -#endif return ret; diff --git a/demos/easy_tls/easy-tls.h b/demos/easy_tls/easy-tls.h index 1c587b861c..b1a7b304e4 100644 --- a/demos/easy_tls/easy-tls.h +++ b/demos/easy_tls/easy-tls.h @@ -34,7 +34,6 @@ struct tls_create_ctx_args { const char *ca_file; int verify_depth; int fail_unless_verified; - int export_p; }; struct tls_create_ctx_args tls_create_ctx_defaultargs(void); /* diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 963339a9ce..8db0ea5006 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -168,18 +168,6 @@ encryption. "low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms but excluding export cipher suites. -=item B<EXP>, B<EXPORT> - -export encryption algorithms. Including 40 and 56 bits algorithms. - -=item B<EXPORT40> - -40 bit export encryption algorithms - -=item B<EXPORT56> - -56 bit export encryption algorithms. This list is empty. - =item B<eNULL>, B<NULL> the "NULL" ciphers that is those offering no encryption. Because these offer no @@ -387,12 +375,9 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. SSL_RSA_WITH_NULL_MD5 NULL-MD5 SSL_RSA_WITH_NULL_SHA NULL-SHA - SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 SSL_RSA_WITH_RC4_128_SHA RC4-SHA - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA @@ -400,16 +385,12 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA - SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA SSL_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA SSL_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA - SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA @@ -421,31 +402,22 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_RSA_WITH_NULL_MD5 NULL-MD5 TLS_RSA_WITH_NULL_SHA NULL-SHA - TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 TLS_RSA_WITH_RC4_128_SHA RC4-SHA - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA TLS_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA TLS_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA - TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA @@ -511,10 +483,6 @@ algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution. Note: these ciphers can also be used in SSL v3. - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA =head2 Elliptic curve cipher suites. diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 706e039b5a..c1a1d1a022 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -66,7 +66,6 @@ B<openssl> B<s_server> [B<-cipher cipherlist>] [B<-serverpref>] [B<-quiet>] -[B<-no_tmp_rsa>] [B<-ssl3>] [B<-tls1>] [B<-dtls>] @@ -186,11 +185,6 @@ disabling the ephemeral DH cipher suites. if this option is set then no ECDH parameters will be loaded effectively disabling the ephemeral ECDH cipher suites. -=item B<-no_tmp_rsa> - -certain export cipher suites sometimes use a temporary RSA key, this option -disables temporary RSA key generation. - =item B<-crl_check>, B<-crl_check_all> Check the peer certificate has not been revoked by its CA. diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod index ccd10c820a..338323290e 100644 --- a/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/doc/ssl/SSL_CTX_set_cipher_list.pod @@ -37,10 +37,6 @@ ADH ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key. A RSA cipher can only be chosen, when a RSA certificate is available. -RSA export ciphers with a keylength of 512 bits for the RSA key require -a temporary 512 bit RSA key, as typically the supplied key has a length -of 1024 bit (see -L<SSL_CTX_set_tmp_rsa_callback(3)>). RSA ciphers using DHE need a certificate and key and additional DH-parameters (see L<SSL_CTX_set_tmp_dh_callback(3)>). @@ -63,7 +59,6 @@ could be selected and 0 on complete failure. L<ssl(3)>, L<SSL_get_ciphers(3)>, L<SSL_CTX_use_certificate(3)>, -L<SSL_CTX_set_tmp_rsa_callback(3)>, L<SSL_CTX_set_tmp_dh_callback(3)>, L<ciphers(1)> diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 7754e75bfb..cf137a5ed4 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -269,7 +269,6 @@ secure renegotiation and 0 if it does not. L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>, L<SSL_CTX_set_tmp_dh_callback(3)>, -L<SSL_CTX_set_tmp_rsa_callback(3)>, L<dhparam(1)> =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod deleted file mode 100644 index 296699d8f0..0000000000 --- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ /dev/null @@ -1,159 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); - long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); - - void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) - long SSL_need_tmp_rsa(SSL *ssl) - - RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength); - -=head1 DESCRIPTION - -SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be -used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>. -The callback is inherited by all SSL objects newly created from B<ctx> -with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected. - -SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be -B<rsa>. The key is inherited by all SSL objects newly created from B<ctx> -with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected. - -SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed -for RSA-based strength-limited 'exportable' ciphersuites because a RSA key -with a keysize larger than 512 bits is installed. - -SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>. - -SSL_set_tmp_rsa() sets the key only for B<ssl>. - -SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed, -for RSA-based strength-limited 'exportable' ciphersuites because a RSA key -with a keysize larger than 512 bits is installed. - -These functions apply to SSL/TLS servers only. - -=head1 NOTES - -When using a cipher with RSA authentication, an ephemeral RSA key exchange -can take place. In this case the session data are negotiated using the -ephemeral/temporary RSA key and the RSA key supplied and certified -by the certificate chain is only used for signing. - -Under previous export restrictions, ciphers with RSA keys shorter (512 bits) -than the usual key length of 1024 bits were created. To use these ciphers -with RSA keys of usual length, an ephemeral key exchange must be performed, -as the normal (certified) key cannot be directly used. - -Using ephemeral RSA key exchange yields forward secrecy, as the connection -can only be decrypted, when the RSA key is known. By generating a temporary -RSA key inside the server application that is lost when the application -is left, it becomes impossible for an attacker to decrypt past sessions, -even if he gets hold of the normal (certified) RSA key, as this key was -used for signing only. The downside is that creating a RSA key is -computationally expensive. - -Additionally, the use of ephemeral RSA key exchange is only allowed in -the TLS standard, when the RSA key can be used for signing only, that is -for export ciphers. Using ephemeral RSA key exchange for other purposes -violates the standard and can break interoperability with clients. -It is therefore strongly recommended to not use ephemeral RSA key -exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead -in order to achieve forward secrecy (see -L<SSL_CTX_set_tmp_dh_callback(3)>). - -An application may either directly specify the key or can supply the key via a -callback function. The callback approach has the advantage, that the callback -may generate the key only in case it is actually needed. As the generation of a -RSA key is however costly, it will lead to a significant delay in the handshake -procedure. Another advantage of the callback function is that it can supply -keys of different size while the explicit setting of the key is only useful for -key size of 512 bits to satisfy the export restricted ciphers and does give -away key length if a longer key would be allowed. - -The B<tmp_rsa_callback> is called with the B<keylength> needed and -the B<is_export> information. The B<is_export> flag is set, when the -ephemeral RSA key exchange is performed with an export cipher. - -=head1 EXAMPLES - -Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the -generation of a RSA key costs a lot of computer time, they saved for later -reuse. For demonstration purposes, two keys for 512 bits and 1024 bits -respectively are generated. - - ... - /* Set up ephemeral RSA stuff */ - RSA *rsa_512 = NULL; - RSA *rsa_1024 = NULL; - - rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); - if (rsa_512 == NULL) - evaluate_error_queue(); - - rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); - if (rsa_1024 == NULL) - evaluate_error_queue(); - - ... - - RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) - { - RSA *rsa_tmp=NULL; - - switch (keylength) { - case 512: - if (rsa_512) - rsa_tmp = rsa_512; - else { /* generate on the fly, should not happen in this example */ - rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); - rsa_512 = rsa_tmp; /* Remember for later reuse */ - } - break; - case 1024: - if (rsa_1024) - rsa_tmp=rsa_1024; - else - should_not_happen_in_this_example(); - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - if (rsa_1024) - rsa_tmp=rsa_1024; - else - rsa_tmp=rsa_512; /* Use at least a shorter key */ - } - return(rsa_tmp); - } - -=head1 RETURN VALUES - -SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return -diagnostic output. - -SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0 -on failure. Check the error queue to find out the reason of failure. - -SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary -RSA key is needed and 0 otherwise. - -=head1 SEE ALSO - -L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>, -L<SSL_CTX_set_options(3)>, -L<SSL_CTX_set_tmp_dh_callback(3)>, -L<SSL_new(3)>, L<ciphers(1)> - -=cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 421d50066d..19819f134d 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -331,25 +331,6 @@ Use the file path to locate trusted CA certficates. =item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void)); -=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa); - -=item SSL_CTX_set_tmp_rsa_callback - -C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));> - -Sets the callback which will be called when a temporary private key is -required. The B<C<export>> flag will be set if the reason for needing -a temp key is that an export ciphersuite is in use, in which case, -B<C<keylength>> will contain the required keylength in bits. Generate a key of -appropriate size (using ???) and return it. - -=item SSL_set_tmp_rsa_callback - -long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); - -The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL -session instead of a context. - =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void)) =item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey); @@ -713,7 +694,6 @@ L<SSL_CTX_set_session_cache_mode(3)>, L<SSL_CTX_set_session_id_context(3)>, L<SSL_CTX_set_ssl_version(3)>, L<SSL_CTX_set_timeout(3)>, -L<SSL_CTX_set_tmp_rsa_callback(3)>, L<SSL_CTX_set_tmp_dh_callback(3)>, L<SSL_CTX_set_verify(3)>, L<SSL_CTX_use_certificate(3)>, diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e4a22dcfbd..1fb59481b5 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -181,8 +181,6 @@ extern "C" { /* These are used to specify which ciphers to use and not to use */ -# define SSL_TXT_EXP40 "EXPORT40" -# define SSL_TXT_EXP56 "EXPORT56" # define SSL_TXT_LOW "LOW" # define SSL_TXT_MEDIUM "MEDIUM" # define SSL_TXT_HIGH "HIGH" @@ -268,9 +266,6 @@ extern "C" { # define SSL_TXT_TLSV1_1 "TLSv1.1" # define SSL_TXT_TLSV1_2 "TLSv1.2" -# define SSL_TXT_EXP "EXP" -# define SSL_TXT_EXPORT "EXPORT" - # define SSL_TXT_ALL "ALL" /*- @@ -1113,11 +1108,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_ERROR_WANT_CONNECT 7 # define SSL_ERROR_WANT_ACCEPT 8 # define SSL_ERROR_WANT_ASYNC 9 -# define SSL_CTRL_NEED_TMP_RSA 1 -# define SSL_CTRL_SET_TMP_RSA 2 # define SSL_CTRL_SET_TMP_DH 3 # define SSL_CTRL_SET_TMP_ECDH 4 -# define SSL_CTRL_SET_TMP_RSA_CB 5 # define SSL_CTRL_SET_TMP_DH_CB 6 # define SSL_CTRL_GET_SESSION_REUSED 8 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 @@ -1242,10 +1234,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) # define SSL_total_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) -# define SSL_CTX_need_tmp_RSA(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) -# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) # define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ @@ -1254,10 +1242,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_dh_auto(s, onoff) \ SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -# define SSL_need_tmp_RSA(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) -# define SSL_set_tmp_rsa(ssl,rsa) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) # define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_set_tmp_ecdh(ssl,ecdh) \ @@ -1749,15 +1733,6 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) /* NB: the keylength is only applicable when is_export is true */ -# ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*cb) (SSL *ssl, int is_export, - int keylength)); - -void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb) (SSL *ssl, int is_export, - int keylength)); -# endif # ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh) (SSL *ssl, int is_export, @@ -2259,7 +2234,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_EE_KEY_TOO_SMALL 399 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 @@ -2294,16 +2268,12 @@ void ERR_load_SSL_strings(void); # define SSL_R_MISSING_DSA_SIGNING_CERT 165 # define SSL_R_MISSING_ECDH_CERT 382 # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 -# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 -# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 # define SSL_R_MISSING_RSA_CERTIFICATE 168 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 # define SSL_R_MISSING_RSA_SIGNING_CERT 170 # define SSL_R_MISSING_SRP_PARAM 358 # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 -# define SSL_R_MISSING_TMP_RSA_KEY 172 -# define SSL_R_MISSING_TMP_RSA_PKEY 173 # define SSL_R_MISSING_VERIFY_MESSAGE 174 # define SSL_R_MULTIPLE_SGC_RESTARTS 346 # define SSL_R_NO_CERTIFICATES_RETURNED 176 @@ -2395,7 +2365,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 # define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 # define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index cdc56c634b..3bbd1f107e 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -658,12 +658,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) * using DHE everywhere, though we may indefinitely maintain aliases for * users or configurations that used "EDH" */ -# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" -# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" -# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" -# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" -# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" -# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" # define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" # define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 850f76d12d..31c89182e7 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -197,18 +197,16 @@ int ssl3_change_cipher_state(SSL *s, int which) unsigned char *p, *mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; unsigned char exp_iv[EVP_MAX_IV_LENGTH]; - unsigned char *ms, *key, *iv, *er1, *er2; + unsigned char *ms, *key, *iv; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; #ifndef OPENSSL_NO_COMP COMP_METHOD *comp; #endif const EVP_MD *m; - EVP_MD_CTX md; - int is_exp, n, i, j, k, cl; + int n, i, j, k, cl; int reuse_dd = 0; - is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c = s->s3->tmp.new_sym_enc; m = s->s3->tmp.new_hash; /* m == NULL will lead to a crash later */ @@ -295,9 +293,7 @@ int ssl3_change_cipher_state(SSL *s, int which) if (i < 0) goto err2; cl = EVP_CIPHER_key_length(c); - j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? - cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; - /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ + j = cl; k = EVP_CIPHER_iv_length(c); if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { @@ -307,8 +303,6 @@ int ssl3_change_cipher_state(SSL *s, int which) n += j + j; iv = &(p[n]); n += k + k; - er1 = &(s->s3->client_random[0]); - er2 = &(s->s3->server_random[0]); } else { n = i; ms = &(p[n]); @@ -317,8 +311,6 @@ int ssl3_change_cipher_state(SSL *s, int which) n += j + k; iv = &(p[n]); n += k; - er1 = &(s->s3->server_random[0]); - er2 = &(s->s3->client_random[0]); } if (n > s->s3->tmp.key_block_length) { @@ -326,28 +318,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err2; } - EVP_MD_CTX_init(&md); memcpy(mac_secret, ms, i); - if (is_exp) { - /* - * In here I set both the read and write key/iv to the same value - * since only the correct one will be used :-). - */ - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, key, j); - EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL); - key = &(exp_key[0]); - - if (k > 0) { - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL |