From bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 15 Dec 2015 23:57:18 +0000 Subject: Remove fixed DH ciphersuites. Remove all fixed DH ciphersuites and associated logic. Reviewed-by: Matt Caswell --- ssl/s3_lib.c | 400 +---------------------------------------------- ssl/ssl_ciph.c | 23 +-- ssl/ssl_lib.c | 13 +- ssl/ssl_locl.h | 50 +++--- ssl/ssl_rsa.c | 17 +- ssl/statem/statem_clnt.c | 102 +++--------- ssl/statem/statem_lib.c | 11 -- ssl/statem/statem_srvr.c | 69 ++------ ssl/t1_lib.c | 17 +- ssl/t1_trce.c | 18 --- 10 files changed, 64 insertions(+), 656 deletions(-) (limited to 'ssl') diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 54ba298394..c02b5455b4 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -261,38 +261,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 168, }, -/* Cipher 0D */ - { - 1, - SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, - SSL3_CK_DH_DSS_DES_192_CBC3_SHA, - SSL_kDHd, - SSL_aDH, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - -/* Cipher 10 */ - { - 1, - SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, - SSL3_CK_DH_RSA_DES_192_CBC3_SHA, - SSL_kDHr, - SSL_aDH, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - /* Cipher 13 */ { 1, @@ -420,36 +388,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 128, 128, }, -/* Cipher 30 */ - { - 1, - TLS1_TXT_DH_DSS_WITH_AES_128_SHA, - TLS1_CK_DH_DSS_WITH_AES_128_SHA, - SSL_kDHd, - SSL_aDH, - SSL_AES128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -/* Cipher 31 */ - { - 1, - TLS1_TXT_DH_RSA_WITH_AES_128_SHA, - TLS1_CK_DH_RSA_WITH_AES_128_SHA, - SSL_kDHr, - SSL_aDH, - SSL_AES128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, /* Cipher 32 */ { 1, @@ -511,37 +449,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -/* Cipher 36 */ - { - 1, - TLS1_TXT_DH_DSS_WITH_AES_256_SHA, - TLS1_CK_DH_DSS_WITH_AES_256_SHA, - SSL_kDHd, - SSL_aDH, - SSL_AES256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - -/* Cipher 37 */ - { - 1, - TLS1_TXT_DH_RSA_WITH_AES_256_SHA, - TLS1_CK_DH_RSA_WITH_AES_256_SHA, - SSL_kDHr, - SSL_aDH, - SSL_AES256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, /* Cipher 38 */ { @@ -640,38 +547,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, }, - /* Cipher 3E */ - { - 1, - TLS1_TXT_DH_DSS_WITH_AES_128_SHA256, - TLS1_CK_DH_DSS_WITH_AES_128_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 3F */ - { - 1, - TLS1_TXT_DH_RSA_WITH_AES_128_SHA256, - TLS1_CK_DH_RSA_WITH_AES_128_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - /* Cipher 40 */ { 1, @@ -707,38 +582,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 128, }, - /* Cipher 42 */ - { - 1, - TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 43 */ - { - 1, - TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - /* Cipher 44 */ { 1, @@ -805,38 +648,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 128, }, - /* Cipher 68 */ - { - 1, - TLS1_TXT_DH_DSS_WITH_AES_256_SHA256, - TLS1_CK_DH_DSS_WITH_AES_256_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - - /* Cipher 69 */ - { - 1, - TLS1_TXT_DH_RSA_WITH_AES_256_SHA256, - TLS1_CK_DH_RSA_WITH_AES_256_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - /* Cipher 6A */ { 1, @@ -950,37 +761,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, - /* Cipher 85 */ - { - 1, - TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, - - /* Cipher 86 */ - { - 1, - TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA1, - SSL_SSLV3, - SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 256, - 256, - }, /* Cipher 87 */ { @@ -1245,38 +1025,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 128, }, - /* Cipher 97 */ - { - 1, - TLS1_TXT_DH_DSS_WITH_SEED_SHA, - TLS1_CK_DH_DSS_WITH_SEED_SHA, - SSL_kDHd, - SSL_aDH, - SSL_SEED, - SSL_SHA1, - SSL_SSLV3, - SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - - /* Cipher 98 */ - { - 1, - TLS1_TXT_DH_RSA_WITH_SEED_SHA, - TLS1_CK_DH_RSA_WITH_SEED_SHA, - SSL_kDHr, - SSL_aDH, - SSL_SEED, - SSL_SHA1, - SSL_SSLV3, - SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - /* Cipher 99 */ { 1, @@ -1393,38 +1141,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, }, - /* Cipher A0 */ - { - 1, - TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher A1 */ - { - 1, - TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384, - SSL_kDHr, - SSL_aDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - /* Cipher A2 */ { 1, @@ -1457,38 +1173,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, }, - /* Cipher A4 */ - { - 1, - TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256, - TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_AES128GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher A5 */ - { - 1, - TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384, - TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384, - SSL_kDHd, - SSL_aDH, - SSL_AES256GCM, - SSL_AEAD, - SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, - 256, - 256, - }, - /* Cipher A6 */ { 1, @@ -1831,38 +1515,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 128, }, - /* Cipher BB */ - { - 1, - TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - - /* Cipher BC */ - { - 1, - TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA128, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 128, - 128, - }, - /* Cipher BD */ { 1, @@ -1927,38 +1579,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, }, - /* Cipher C1 */ - { - 1, - TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kDHd, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - - /* Cipher C2 */ - { - 1, - TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kDHr, - SSL_aDH, - SSL_CAMELLIA256, - SSL_SHA256, - SSL_TLSV1_2, - SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, - 256, - 256, - }, - /* Cipher C3 */ { 1, @@ -4665,7 +4285,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, int ssl3_get_req_cert_type(SSL *s, unsigned char *p) { int ret = 0; - int nostrict = 1; uint32_t alg_k, alg_a = 0; /* If we have custom certificate types set, use them */ @@ -4675,8 +4294,6 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) } /* Get mask of algorithms disabled by signature list */ ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK); - if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) - nostrict = 0; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; @@ -4691,23 +4308,8 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) } #endif + if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kDHr | SSL_kDHE)) { -# ifndef OPENSSL_NO_RSA - /* - * Since this refers to a certificate signed with an RSA algorithm, - * only check for rsa signing in strict mode. - */ - if (nostrict || !(alg_a & SSL_aRSA)) - p[ret++] = SSL3_CT_RSA_FIXED_DH; -# endif -# ifndef OPENSSL_NO_DSA - if (nostrict || !(alg_a & SSL_aDSS)) - p[ret++] = SSL3_CT_DSS_FIXED_DH; -# endif - } - if ((s->version == SSL3_VERSION) && - (alg_k & (SSL_kDHE | SSL_kDHd | SSL_kDHr))) { # ifndef OPENSSL_NO_RSA p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; # endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 3939010515..65a5bb6c96 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -306,12 +306,9 @@ static const SSL_CIPHER cipher_aliases[] = { */ {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kEDH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kDHE, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, + {0, SSL_TXT_DH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, @@ -334,8 +331,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, - /* no such ciphersuites supported! */ - {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, @@ -506,8 +501,7 @@ void ssl_load_ciphers(void) disabled_auth_mask |= SSL_aDSS; #endif #ifdef OPENSSL_NO_DH - disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE | SSL_kDHEPSK; - disabled_auth_mask |= SSL_aDH; + disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK; #endif #ifdef OPENSSL_NO_EC disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr | SSL_kECDHEPSK; @@ -1614,12 +1608,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kRSA: kx = "RSA"; break; - case SSL_kDHr: - kx = "DH/RSA"; - break; - case SSL_kDHd: - kx = "DH/DSS"; - break; case SSL_kDHE: kx = "DH"; break; @@ -1661,9 +1649,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aDSS: au = "DSS"; break; - case SSL_aDH: - au = "DH"; - break; case SSL_aECDH: au = "ECDH"; break; @@ -1980,10 +1965,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) return SSL_PKEY_ECC; } else if (alg_a & SSL_aECDSA) return SSL_PKEY_ECC; - else if (alg_k & SSL_kDHr) - return SSL_PKEY_DH_RSA; - else if (alg_k & SSL_kDHd) - return SSL_PKEY_DH_DSA; else if (alg_a & SSL_aDSS) return SSL_PKEY_DSA_SIGN; else if (alg_a & SSL_aRSA) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 909b23ef6f..7f4bca058b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2006,7 +2006,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) #endif CERT *c = s->cert; uint32_t *pvalid = s->s3->tmp.valid_flags; - int rsa_enc, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; + int rsa_enc, rsa_sign, dh_tmp, dsa_sign; unsigned long mask_k, mask_a; #ifndef OPENSSL_NO_EC int have_ecc_cert, ecdsa_ok; @@ -2026,8 +2026,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID; rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN; dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN; - dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID; - dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID; #ifndef OPENSSL_NO_EC have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; #endif @@ -2064,15 +2062,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) if (dh_tmp) mask_k |= SSL_kDHE; - if (dh_rsa) - mask_k |= SSL_kDHr; - - if (dh_dsa) - mask_k |= SSL_kDHd; - - if (mask_k & (SSL_kDHr | SSL_kDHd)) - mask_a |= SSL_aDH; - if (rsa_enc || rsa_sign) { mask_a |= SSL_aRSA; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 7a16f004d6..6261a66b2d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -295,32 +295,28 @@ /* Bits for algorithm_mkey (key exchange algorithm) */ /* RSA key exchange */ # define SSL_kRSA 0x00000001U -/* DH cert, RSA CA cert */ -# define SSL_kDHr 0x00000002U -/* DH cert, DSA CA cert */ -# define SSL_kDHd 0x00000004U /* tmp DH key no DH cert */ -# define SSL_kDHE 0x00000008U +# define SSL_kDHE 0x00000002U /* synonym */ # define SSL_kEDH SSL_kDHE /* ECDH cert, RSA CA cert */ -# define SSL_kECDHr 0x00000020U +# define SSL_kECDHr 0x00000004U /* ECDH cert, ECDSA CA cert */ -# define SSL_kECDHe 0x00000040U +# define SSL_kECDHe 0x00000008U /* ephemeral ECDH */ -# define SSL_kECDHE 0x00000080U +# define SSL_kECDHE 0x00000010U /* synonym */ # define SSL_kEECDH SSL_kECDHE /* PSK */ -# define SSL_kPSK 0x00000100U +# define SSL_kPSK 0x00000020U /* GOST key exchange */ -# define SSL_kGOST 0x00000200U +# define SSL_kGOST 0x00000040U /* SRP */ -# define SSL_kSRP 0x00000400U +# define SSL_kSRP 0x00000080U -# define SSL_kRSAPSK 0x00000800U -# define SSL_kECDHEPSK 0x00001000U -# define SSL_kDHEPSK 0x00002000U +# define SSL_kRSAPSK 0x00000100U +# define SSL_kECDHEPSK 0x00000200U +# define SSL_kDHEPSK 0x00000400U /* all PSK */ @@ -333,20 +329,18 @@ # define SSL_aDSS 0x00000002U /* no auth (i.e. use ADH or AECDH) */ # define SSL_aNULL 0x00000004U -/* Fixed DH auth (kDHd or kDHr) */ -# define SSL_aDH 0x00000008U /* Fixed ECDH auth (kECDHe or kECDHr) */ -# define SSL_aECDH 0x00000010U +# define SSL_aECDH 0x00000008U /* ECDSA auth*/ -# define SSL_aECDSA 0x00000040U +# define SSL_aECDSA 0x00000010U /* PSK auth */ -# define SSL_aPSK 0x00000080U +# define SSL_aPSK 0x00000020U /* GOST R 34.10-2001 signature auth */ -# define SSL_aGOST01 0x00000200U +# define SSL_aGOST01 0x00000040U /* SRP auth */ -# define SSL_aSRP 0x00000400U +# define SSL_aSRP 0x00000080U /* GOST R 34.10-2012 signature auth */ -# define SSL_aGOST12 0x00000800U +# define SSL_aGOST12 0x00000100U /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001U @@ -485,13 +479,11 @@ # define SSL_PKEY_RSA_ENC 0 # define SSL_PKEY_RSA_SIGN 1 # define SSL_PKEY_DSA_SIGN 2 -# define SSL_PKEY_DH_RSA 3 -# define SSL_PKEY_DH_DSA 4 -# define SSL_PKEY_ECC 5 -# define SSL_PKEY_GOST01 7 -# define SSL_PKEY_GOST12_256 8 -# define SSL_PKEY_GOST12_512 9 -# define SSL_PKEY_NUM 10 +# define SSL_PKEY_ECC 3 +# define SSL_PKEY_GOST01 4 +# define SSL_PKEY_GOST12_256 5 +# define SSL_PKEY_GOST12_512 6 +# define SSL_PKEY_NUM 7 /* * Pseudo-constant. GOST cipher suites can use different certs for 1 * SSL_CIPHER. So let's see which one we have in fact. diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 96353c18bc..a23b28e76c 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -171,22 +171,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) { int i; - /* - * Special case for DH: check two DH certificate types for a match. This - * means for DH certificates we must set the certificate first. - */ - if (pkey->type == EVP_PKEY_DH) { - X509 *x; - i = -1; - x = c->pkeys[SSL_PKEY_DH_RSA].x509; - if (x && X509_check_private_key(x, pkey)) - i = SSL_PKEY_DH_RSA; - x = c->pkeys[SSL_PKEY_DH_DSA].x509; - if (i == -1 && x && X509_check_private_key(x, pkey)) - i = SSL_PKEY_DH_DSA; - ERR_clear_error(); - } else - i = ssl_cert_type(NULL, pkey); + i = ssl_cert_type(NULL, pkey); if (i < 0) { SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); return (0); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 56f6eaf8c5..733a683672 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2390,47 +2390,23 @@ psk_err: } #endif #ifndef OPENSSL_NO_DH - else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) { + else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { DH *dh_srvr, *dh_clnt; - if (s->s3->peer_dh_tmp != NULL) - dh_srvr = s->s3->peer_dh_tmp; - else { - /* we get them from the cert */ - EVP_PKEY *spkey = NULL; - dh_srvr = NULL; - spkey = X509_get_pubkey(s->session->peer); - if (spkey) { - dh_srvr = EVP_PKEY_get1_DH(spkey); - EVP_PKEY_free(spkey); - } - if (dh_srvr == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } + if (s->s3->peer_dh_tmp == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; } - if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - /* Use client certificate key */ - EVP_PKEY *clkey = s->cert->key->privatekey; - dh_clnt = NULL; - if (clkey) - dh_clnt = EVP_PKEY_get1_DH(clkey); - if (dh_clnt == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - } else { - /* generate a new random key */ - if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); - goto err; - } - if (!DH_generate_key(dh_clnt)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); - DH_free(dh_clnt); - goto err; - } + dh_srvr = s->s3->peer_dh_tmp; + /* generate a new random key */ + if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + goto err; + } + if (!DH_generate_key(dh_clnt)) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB); + DH_free(dh_clnt); + goto err; } pmslen = DH_size(dh_clnt); @@ -2454,15 +2430,11 @@ psk_err: } pmslen = n; - if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) - n = 0; - else { - /* send off the data */ - n = BN_num_bytes(dh_clnt->pub_key); - s2n(n, p); - BN_bn2bin(dh_clnt->pub_key, p); - n += 2; - } + /* send off the data */ + n = BN_num_bytes(dh_clnt->pub_key); + s2n(n, p); + BN_bn2bin(dh_clnt->pub_key, p); + n += 2; DH_free(dh_clnt); } @@ -2841,7 +2813,6 @@ int tls_construct_client_verify(SSL *s) */ static int ssl3_check_client_certificate(SSL *s) { - unsigned long alg_k; if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey) return 0; /* If no suitable signature algorithm can't use certificate */ @@ -2854,26 +2825,6 @@ static int ssl3_check_client_certificate(SSL *s) if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT && !tls1_check_chain(s, NULL, NULL, NULL, -2)) return 0; - alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* See if we can use client certificate for fixed DH */ - if (alg_k & (SSL_kDHr | SSL_kDHd)) { - int i = s->session->peer_type; - EVP_PKEY *clkey = NULL, *spkey = NULL; - clkey = s->cert->key->privatekey; - /* If client key not DH assume it can be used */ - if (EVP_PKEY_id(clkey) != EVP_PKEY_DH) - return 1; - if (i >= 0) - spkey = X509_get_pubkey(s->session->peer); - if (spkey) { - /* Compare server and client parameters */ - i = EVP_PKEY_cmp_parameters(clkey, spkey); - EVP_PKEY_free(spkey); - if (i != 1) - return 0; - } - s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; - } return 1; } @@ -3042,20 +2993,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto f_err; - } else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) && - !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_DH_RSA_CERT); - goto f_err; } -# ifndef OPENSSL_NO_DSA - else if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) && - !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_DH_DSA_CERT); - goto f_err; - } -# endif #endif return (1); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index ab860f6146..86d200f0b2 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -632,17 +632,6 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey) ret = SSL_PKEY_GOST12_512; } #endif - else if (x && (i == EVP_PKEY_DH || i == EVP_PKEY_DHX)) { - /* - * For DH two cases: DH certificate signed with RSA and DH - * certificate signed with DSA. - */ - i = X509_certificate_type(x, pk); - if (i & EVP_PKS_RSA) - ret = SSL_PKEY_DH_RSA; - else if (i & EVP_PKS_DSA) - ret = SSL_PKEY_DH_DSA; - } err: if (!pkey) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 014f211dc4..0e6f0d03dd 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -322,8 +322,7 @@ static int send_server_key_exchange(SSL *s) * the server certificate contains the server's public key for * key exchange. */ - if ( (alg_k & SSL_kDHE) - || (alg_k & SSL_kECDHE) + if (alg_k & (SSL_kDHE|SSL_kECDHE) /* * PSK: send ServerKeyExchange if PSK identity hint if * provided @@ -2121,7 +2120,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) #endif #ifndef OPENSSL_NO_DH BIGNUM *pub = NULL; - DH *dh_srvr, *dh_clnt = NULL; + DH *dh_srvr; #endif #ifndef OPENSSL_NO_EC EVP_PKEY *ckey = NULL; @@ -2351,9 +2350,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) } else #endif #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd | SSL_kDHEPSK)) { - int idx = -1; - EVP_PKEY *skey = NULL; + if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { unsigned char shared[(OPENSSL_DH_MAX_MODULUS_BITS + 7) / 8]; if (!PACKET_get_net_2(pkt, &i)) { @@ -2370,21 +2367,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); goto err; } - if (alg_k & SSL_kDHr) - idx = SSL_PKEY_DH_RSA; - else if (alg_k & SSL_kDHd) - idx = SSL_PKEY_DH_DSA; - if (idx >= 0) { - skey = s->cert->pkeys[idx].privatekey; - if ((skey == NULL) || - (skey->type != EVP_PKEY_DH) || (skey->pkey.dh == NULL)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_RSA_CERTIFICATE); - goto f_err; - } - dh_srvr = skey->pkey.dh; - } else if (s->s3->tmp.dh == NULL) { + if (s->s3->tmp.dh == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY); @@ -2393,30 +2376,19 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) dh_srvr = s->s3->tmp.dh; if (PACKET_remaining(pkt) == 0L) { - /* Get pubkey from cert */ - EVP_PKEY *clkey = X509_get_pubkey(s->session->peer); - if (clkey) { - if (EVP_PKEY_cmp_parameters(clkey, skey) == 1) - dh_clnt = EVP_PKEY_get1_DH(clkey); - } - if (dh_clnt == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_TMP_DH_KEY); - goto f_err; - } - EVP_PKEY_free(clkey); - pub = dh_clnt->pub_key; - } else { - if (!PACKET_get_bytes(pkt, &data, i)) { - /* We already checked we have enough data */ - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto f_err; - } - pub = BN_bin2bn(data, i, NULL); + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + SSL_R_MISSING_TMP_DH_KEY); + goto f_err; + } + if (!PACKET_get_bytes(pkt, &data, i)) { + /* We already checked we have enough data */ + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto f_err; } + pub = BN_bin2bn(data, i, NULL); if (pub == NULL) { SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB); goto err; @@ -2432,20 +2404,13 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; - if (dh_clnt) - DH_free(dh_clnt); - else - BN_clear_free(pub); + BN_clear_free(pub); pub = NULL; if (!ssl_generate_master_secret(s, shared, i, 0)) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; } - if (dh_clnt) { - s->statem.no_cert_verify = 1; - return MSG_PROCESS_CONTINUE_PROCESSING; - } } else #endif diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index efa04410f2..d9cfe27295 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1078,9 +1078,7 @@ void ssl_set_client_disabled(SSL *s) * algorithms. */ if (s->s3->tmp.mask_a & SSL_aRSA) - s->s3->tmp.mask_k |= SSL_kDHr | SSL_kECDHr; - if (s->s3->tmp.mask_a & SSL_aDSS) - s->s3->tmp.mask_k |= SSL_kDHd; + s->s3->tmp.mask_k |= SSL_kECDHr; if (s->s3->tmp.mask_a & SSL_aECDSA) s->s3->tmp.mask_k |= SSL_kECDHe; # ifndef OPENSSL_NO_PSK @@ -4031,13 +4029,11 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, switch (idx) { case SSL_PKEY_RSA_ENC: case SSL_PKEY_RSA_SIGN: - case SSL_PKEY_DH_RSA: rsign = TLSEXT_signature_rsa; default_nid = NID_sha1WithRSAEncryption; break; case SSL_PKEY_DSA_SIGN: - case SSL_PKEY_DH_DSA: rsign = TLSEXT_signature_dsa; default_nid = NID_dsaWithSHA1; break; @@ -4140,15 +4136,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, case EVP_PKEY_EC: check_type = TLS_CT_ECDSA_SIGN; break; - case EVP_PKEY_DH: - case EVP_PKEY_DHX: - { - int cert_type = X509_certificate_type(x, pk); - if (cert_type & EVP_PKS_RSA) - check_type = TLS_CT_RSA_FIXED_DH; - if (cert_type & EVP_PKS_DSA) - check_type = TLS_CT_DSS_FIXED_DH; - } } if (check_type) { const unsigned char *ctypes; @@ -4229,8 +4216,6 @@ void tls1_set_cert_validity(SSL *s) tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_ENC); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_SIGN); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN); - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_RSA); - tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DH_DSA); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256); diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 80d0bf80b3..dc718edda8 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -913,14 +913,6 @@ static int ssl_get_keyex(const char **pname, SSL *ssl) *pname = "rsa"; return SSL_kRSA; } - if (alg_k & SSL_kDHr) { - *pname = "dh_rsa"; - return SSL_kDHr; - } - if (alg_k & SSL_kDHd) { - *pname = "dh_dss"; - return SSL_kDHd; - } if (alg_k & SSL_kDHE) { *pname = "DHE"; return SSL_kDHE; @@ -993,14 +985,6 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, } break; - /* Implicit parameters only allowed for static DH */ - case SSL_kDHd: - case SSL_kDHr: - if (msglen == 0) { - BIO_indent(bio, indent + 2, 80); - BIO_puts(bio, "implicit\n"); - break; - } case SSL_kDHE: case SSL_kDHEPSK: if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen)) @@ -1040,8 +1024,6 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, } switch (id) { /* Should never happen */ - case SSL_kDHd: - case SSL_kDHr: case SSL_kECDHr: case SSL_kECDHe: BIO_indent(bio, indent + 2, 80); -- cgit v1.2.3